Self-adaptive Access Control Model based on
Feedback Loop
Shunan Ma
State Key Laboratory of Information Security
Institute of Information Engineering
Chinese Academy of Sciences
Beijing, China
mashunan@iie.ac.cn
Yazhe Wang
State Key Laboratory of Information Security
Institute of Information Engineering
Chinese Academy of Sciences
Beijing, China
wangyazhe@iie.ac.cn
Abstract—Users can utilize powerful computing resources in
cloud computing, which brings users great convenience.
However, cloud computing is also facing many challenges for
data security as the users outsource their sensitive data to clouds,
which are generally beyond the same trusted domain as data
owners. To address this problem, access control, which grants
access permissions to an authorized user, is considered as one of
critical security mechanisms for data protection in cloud
computing environment. However, due to the unpredictability of
user identities and access behavior, access control in cloud
computing has become a key security problem. In this paper, we
propose a self-adaptive access control model based on feedback
loop. The feedback loop includes monitor, analyze, plan, execute
parts and knowledge base, and the knowledge base is used to
make decisions on access requests. We also propose an algorithm
of access attributes’ relation degree for knowledge base. The self-
adaptive access control model based on feedback loop we
proposed can be applied to cloud computing environment.
Keywords—access control; self-adaptation; feedback loop;
MAPE-K; knowledge base
I.
I
NTRODUCTION
Cloud computing is the ability to rent a server or a
thousand servers and run a geophysical modeling application
on the most powerful systems available anywhere[1]. Cloud
computing provides an extensible and powerful environment
for growing amounts of services and data by means of on-
demand self-service. It also relieves the client’s burden from
management and maintenance by providing a comparably low-
cost, scalable, location-independent platform [2].
Taking into account the characteristics of cloud, there are
various security issues [3,4]. For example, unpredictable
access nature brings access control issue [5]. The multi-
tenancy and virtualization features of cloud computing bring
unique security and access control challenges due to sharing of
physical resources among potential untrusted tenants[6].
Access control, which grants access permissions to an
authorized user, has become an important factor in cloud
computing environment. In cloud computing environment, due
to the unpredictability of user identities, traditional access
control mechanisms that rely on identities and roles can no
longer meet the requirement of access control. Moreover,
heterogeneity of services in cloud computing environments
demands varying degrees of granularity in access control
mechanisms [7].
For delivering service securely, cloud computing providers
are facing several security issues, including controlling access
to services and ensuring privacy. Moreover, inadequate or
unreliable access control mechanisms can significantly
increase the risk of unauthorized use of cloud resources and
services. Therefore, access control in cloud computing has
become a key security problem and thus a hot research topic.
Autonomic systems are often referred to as self-adaptive
and self-managing systems. Self-adaptation refers to the ability
of the system to automatically adapt to changes in the physical
topology of a system as well as changes in the applications that
run on the system. Self-adaptive systems respond dynamically
to changes in their environment and user requirements.
Dobson et al. [8] promoted feedback control loop as an
important design concept in engineering of self-adaptive
software systems. Feedback control loop, derive from MAPE-
K (Monitor, Analyze, Plan, Execute, Knowledge) loop in
autonomic computing. Self-adaptation is a means of providing
systems with the ability to adapt, manage, repair and update
them automatically at run-time. This is often achieved through
a feedback control loop in which the system is monitored to
obtain its current state, which is then compared to some
previously planned or expected state in order to decide whether
something needs to be adapted.
Autonomic element is composed of Monitor, Analyze, Plan
and Execute parts, which forms MAPE-K feedback loop[9].
This model identifies the core activities required for self-
adapting a system. Each autonomic element uses a MAPE-K
loop to manage several non-autonomic elements. The role of
the Monitor is to observe and record the state in the target
system. The Analyze module analyses the state for identifying
the need for adaptation. The Plan module generates plans
based on the need for adaptation, and the Effectors realize
those plans in order for adaptation to happen. The knowledge
module of MAPE-K is related to any information that enables
the provision of self-adaptation, such as: models of the target
system, goals that define what can be changed `in a system,
history information about the use of the system, and previous
successful or failed adaptive strategies.
Autonomic element is shown in Fig.1.