Leverage Data Security Policies Complexity for Users: An End-to-End Storage Service Management in the Cloud Based on ABAC Attributes

This position paper presents a method to ease the management of data security from the user point of view. Nowadays, users have many ways to access the same data: direct connection to the host, shared filesystem or web drive-like solutions. This leads to complex data access control policies. At the same time, users have more and more liberty in resource instantiation. They can benefit from various self service storage facilities from many Cloud operators in an on-premise or remote way. Moreover, interfaces with these providers are designed in a way that real locations of data are hidden to give an illusion of infinite resources availability. Obviously, Cloud providers have many ways to fine tune resource allocation but users may not be aware of it. With this growth of resource distribution, access control also evolved. Formerly, a simple access control scheme based on identity was sufficient for data security (IBAC). With the complexity increase of access control, new schemes emerged based on roles (RBAC) or attributes (ABAC). We will investigate the last one because attributes rules access control but it also gives information on a user's profile that may be used to ease the creation and configuration of data services on distributed resources such as Cloud providers.