Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 4, Issue 5, September – October (2013), pp. 115-137 © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com IJCET ©IAEME DYNAMIC EXPIRATION ENABLED ROLE BASED ACCESS CONTROL MODEL ሺࡰࡱࡱࡾ࡮࡭࡯ሻ FOR CLOUD COMPUTING ENVIRONMENT Levina T1, Dr. S C Lingareddy2 and Kashyap Dhruve3 1 2 (Assistant Professor, Alpha College of Engg, Bangalore, India) (Professor & HOD Dept of CSE, Alpha College of Engg, Bangalore, India) 3 (Technical Director, Planet-i Technologies, Bangalore, India) ABSTRACT Cloud computing is one of the most emerging technique for fulfilling service demands in various forms. The key issue that is considered for its enhancement and optimization is the access control. In order to fulfill this requirement, here in this paper the author has proposed a robust system model called, “Dynamic expiration enabled role based access control ሺ‫ܥܣܤܴܧܧܦ‬ሻ system that facilitates a widespread set of temporal constraints which further provides the fine grained policies for time-based access control scheme. This paper presents a study of the key issues of expressiveness and minimality in cloud environment. The presented research work illustrates that even with nonminimalitythe presented model can provide higher flexibility with minimum complexity for presentation of constraints and efficient role assignments. This makes the proposed system functional with higher user count and the simultaneous role-permission, even without compromising with the security issues. The ‫ ܥܣܤܴܧܧܦ‬system is evaluated on the Amazon Cloud, the scalability and efficient access control mechanism is established proved by the results discussed in this paper. Keywords: Role based access control system, Cloud computing, Access Control, DEERBAC I. INTRODUCTION Cloud computing is one of the most emerging technologies of present days and a service infrastructure that facilitates service on demand for calculation, data storage and highly robust network infrastructures. In this technology, the computation of resources are considered and provided as the services over the internet. Some other technical societies also states cloud computing in different definition, like “a technology or system model that functions for providing omnipresent, expedient, on demand access of defined network to a shared collection of configurable computing resources and frameworks. In order to accomplish the efficient cloud services over internet it can 115
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME facilitate a rapid and highly efficient system with minimum resource management activities and least interaction of service providers. In cloud computing one of the predominant security issues is the access control of information and system security. In order to control the various time-sensitive activities numerous cloud applications like management of workflow and real-time operational databases, the access control specifications are required to be enhanced with the optimum temporal constraints. The presented research work has been motivated by the requirement of a highly robust and effective access control approach that could meet and can alleviatethe security concerns in cloud environment with raised trust level for numerous cloud based applications and service segments. One of the predominant and efficient approach for accomplishing cloud security requirements in organization is ܴ‫ ݈݁݋‬െ ܾܽ‫ ݈݋ݎݐ݊݋ܿ ݏݏ݁ܿܿܽ ݀݁ݏ‬ሺܴ‫ܥܣܤ‬ሻ that fulfills various security requirements [1], [2], [3], [4]. As compared to the existing traditional approaches of discretionary and mandatory access control ሺ‫ܥܣܯ ݀݊ܽ ܥܣܦ‬ሻ system [5], [2], [6], [7], [8] the ܴ‫ ܥܣܤ‬mechanism can be much fruitful and effective solution. In case of cloud environment of heterogeneous nature like Internet [9], [11], ܴ‫ ܥܣܤ‬system framework might be much effective solution for secure interpolation purposes. On the other hand the time factor plays a vital role for management of time-sensitive access controls. The user creation with role assignment and its optimization is also a key aspect of cloud computing which is required to be optimized. Meanwhile, a better example for time management could be the management of workflow which do encompasses the critical deadlines for completion of invocations. In order to meet such requirements the time-based or period oriented techniques are suggested [12] [13], [14], [15]. On the other hand in order to manage the roles and the user permission a highly effective and efficient system is required that could manage the users with their respective roles assignment and cloud security. In order to achieve these all expectations here in this paper we have proposed a ‫ ݈݁݀݋ܯ ݈݋ݎݐ݊݋ܿ ݏݏ݁ܿܿܣ ݀݁ݏܾܽ ݈݁݋ݎ ݈ܾ݀݁ܽ݊݁ ݊݋݅ݐܽݎ݅݌ݔ݁ ܿ݅݉ܽ݊ݕܦ‬ሺ‫ܥܣܤܴܧܧܦ‬ሻ model that emphasizes on the highly effective and responsible system constraints as well as time oriented user creation and role assignment system that could meet the requirement of highly efficient and productive system model for competitive cloud environment. These all considered constraints characterize themselves effective with the implementation of orthogonally with every aspects of role based Access control mechanism such as role creation, user definition, role assignment, activation of specific roles, defining roles for users, assignment of role permissions. Specifically, the proposed ‫ ܥܣܤܴܧܧܦ‬system differentiates between the activation or enabling of roles and the activation of individual roles. In this approach a specific role is defined and is activated only in the circumstance when a particular user is permitted to get it. An activated role becomes functional when the user is permitted for access in the duration of defined session. The roles could not be activated by the users in case of disabled role session. Hence, the considered or specified model does specify the roles on after enabling or disabling when it can/cannot be assumed by users. In the proposed system model we have considered three dominant kinds of hierarchy that strengthens the system model with higher efficiency and security enhancement. These are inheritance-only hierarchy ሺ‫ ܫ‬െ ݄݅݁‫ݕ݄ܿݎܽݎ‬ሻ, activation-only hierarchy ሺ‫ ܣ‬െ ݄݅݁‫ݕ݄ܿݎܽݎ‬ሻ and ݄݅݊݁‫ ݁ܿ݊ܽݐ݅ݎ‬െ ܽܿ‫ ݕ݄ܿݎܽݎ݄݁݅ ݊݋݅ݐܽݒ݅ݐ‬ሺ‫ ܣܫ‬െ ݄݅݁‫ݕ݄ܿݎܽݎ‬ሻ. The first hierarchy permits the semantics for permission-inheritance while the second refers semantics for activation of roles only and the last considered and developed hierarchy permits both the role activation as well as permission inheritance. Considering these all, here in this system model we have implemented these all three hierarchies which have been further divided into two categories called as restricted and unrestricted kind of hierarchy [16], [17]. In general issues allied with any access control model or frameworks with rich constraint language are the factor of minimality and its expressiveness where the minimality refers the 116
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME minimum status of set of constraints and it is a vital criterion that determines the effectives of the minimal model over the nonminimal models. Here in this paper we have proposed and developed a highly robust framework that addresses the existing problems of minimality, expressiveness, user creation, role generation and respective role-permission with the expected minimum expiration period in ܴ‫ ܥܣܤ‬framework. The proposed ‫ ܥܣܤܴܧܧܦ‬model has performed better in terms of highly efficient role creation and multiple role assignments per user in defined minimum time even without violating the security aspects in comparison with ‫ ܥܣܤܴܶܩ‬model [17]. Considering the power of expressiveness, here in this work we have illustrated that the numerous sets of model constraints could be used for generating a family of ‫ ܥܣܤܴܧܧܦ‬system model with similar expressive power. Even being a non-minimal set of constraints in ‫ ܥܣܤܴܧܧܦ‬cloud framework here in this work has established itself as more beneficial in terms of numerous advantages like least complexity, better manageability and the feasibility in the characterization of policies of access control management. It has illustrated that the constraints of timing for individual role assignments for users could be easily substituted by the temporal constraints for effective role enabling activities. The proposed and developed system architecture ‫ ܥܣܤܴܧܧܦ‬can be significant for examining and investigating the performance of the model with minimality factor, expressiveness, and complexity, feasibility in user creation, highly efficient and optimum user creation, role generation and role-permission assignments for cloud environment without compromising with the security. The results obtained for various user sizes and respective role generation with role assignments in the proposed model and framework architecture establishes itself as the best system forhighly efficient user managements, role creation and role assignments system for cloud computing environment. The other sections of the manuscript have been presented as follows: Section II presents the related work of the considered technologies which is ascended by section III that states ‫ܥܣܤܴܧܧܦ‬ model and its introduction for functionalities. Section IV presents expressiveness of ‫ܥܣܤܴܧܧܦ‬ model and its modeling. This section also presents the operations on periodicity expressions algorithms, various developed algorithms and the system complexity along with its design constraints. Section V presents the results obtained and its analysis which is ascended by Section VI that discusses the conclusions of the developed system model. II. RELATED WORKS Considering the requirement of a highly robust and effective solution for access control and role management in cloud computing environment a number of researches have been induced and many of them have performed well also. In this way to research process the first scientist group Bertino et al. introduced TRBAC framework that emphasizes on the dominant constraints of RBAC system model [14]. The shortcomings of that system model were rooted with the use of temporal constraints for performing role enabling that limited its performance for multiple service requirements in cloud environments. At the next phase the predominant work was for ‫ܥܣܤܴܶܩ‬ model [17] the extended form of ܴܶ‫ ܥܣܤ‬model with the difference of inclusion of few extensive set of constraints. ܶ‫ ܥܣܤ‬modelwas introduced in [14] that mainly support the temporal authorization and key deviation principles [14] but still lacks in addressing the roles and its effective assignments. A number of other researchers have advocated for the implementation of certain significant supporting constraints in anܴ‫ ܥܣܤ‬model and few dominant works have been done in [18], [13], [5], [17], [19], [8]. Then while, those research efforts could not address the problem of time-based access restrictions and effective user creation with role assignment of multiple sizes. This shortcoming was illuminated in our work. In certain work [15] the researcher came out with a system architecture based on a logic-oriented constraint specification language that might be employed for specifying the constraints on individual roles, users and the role-assignments on the users. In [13] a temporal data 117
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME authorization model ሺܶ‫ܯܣܦ‬ሻwas proposed that could represent the access control policies on the basis of temporal behaviour of the data [13]. Considering these research gaps and requirements here in this paper we have proposed a ‫ ܥܣܤܴܧܧܦ‬model that emphasizes on the characteristic of permission by implementing the dynamic assignments of role-permission with the help of constraints of periodicity, session constraint and Event dependencies. In this research work we have tried to implement the unique and highly robust system model that considers all of the key aspects like minimality, session constraints, expressiveness, user management and allied role permission facility with optimum performance level and the usability of access control and management. III. DEERBCA MODELING AND TEMPORAL ROLE HIERARCHY 3.1 IntroducingDEERBCA Model In the highly robust and complicated systems of cloud computing the proposed dynamic expiration enabled role based access control model,‫ ܥܣܤܴܧܧܦ‬plays a significant role in cloud computing environment and its resource management. The mechanism of ‫ ܥܣܤܴܧܧܦ‬also accommodates the individual concepts of role provisioning, its activation and even the provision of environment constraints as well as the event expressions allied with it. In the proposed ‫ ܥܣܤܴܧܧܦ‬approach the system architecture characterizes a number of set of constraints. These are as follows: 1. Temporal role enable/disable constraints Temporal role enabling/disabling constraints are those constraints that permit the characteristics of intervals and that time durations in which the role of users are enabled. In case of defined duration constraints the constraint enabling event ignites or initiates the enabling or disabling of a particular role. This initiation takes place either by enabling functions or by a specific administrator initiated runtime process. 2. Provision of temporal restraints on individual user’s role and the assignment of its rolepermission Such kind of restraints permits the characteristics of function intervals and the time duration in which the role for a specific user or its permission is allotted or issued. 3. Activation constraints Activation constraints are those constraints that permit the nature of employed restrictions functional of the activation of a user’s role. These constraints encompasses, the characterization of the complete time interval for which a defined user can initiate a role or the count ofcontemporaneous activations of the role defined at a specific time. 4. Runtime proceedings A combination of runtime events permits the supervisor to vigorouslycommence the ‫ܥܣܤܴܧܧܦ‬procedures, or facilitate the period or commencementrestraints. Few others combination of runtime procedures permits the users to make certain request for activating or deactivating the roles. 5. Constraint permissible expressions The proposed ‫ ܥܣܤܴܧܧܦ‬mechanism encompasses the events which enables or disables the aforesaidtime duration and activation constraints for individual roles. 6. Event dependencies The event dependencies in the proposed ‫ܥܣܤܴܧܧܦ‬system represent the expressions of the inter-dependencies among all the encompassing events.In the development of DEERBAC system model a number of system constraints have been used. The key constraints are periodicity constraints, duration constraints, time based role activation constraints, Cardinality constraint on role 118
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME activation, Event dependencies and constraints of run time request. In expression the periodicity constraints for user role assignment is given by (‫݃ݏܣ :ܽݎܲ ,ܵ ,ܦ‬௎ /‫݃ݏܣܦ‬௎ ܴ ‫݁ ݋ݐ‬ሻ while for role enabling and role permissionሺ‫ ,)ܴ ݃ݏܣܦ/:ܽݎܲ ,ܵ ,ܦ‬ሺ‫݃ݏܣ :ܽݎܲ ,ܲ ,ܫ‬௪ /‫݃ݏܣܦ‬௪ ‫ܴ ݋ݐ‬ሻ expressions are employed respectively. For duration constraint the expressions ሺሾሺ‫ܵ ,ܦ‬ሻ|‫ܯ‬ሿ, ‫ܯ‬ோ ܲ‫ܴ ܾܦ/݊ܧ :ݎ‬ሻ and ሺሾሺ‫ܵ ,ܦ‬ሻ|‫ܯ‬ሿ, ‫ܯ‬௎ ܲ‫݃ݏܣܦ :ݎ‬௎ /‫݃ݏܣܦ‬௎ ܴ ‫݁ ݋ݐ‬ሻare used for user-role assignment (‫ܩ‬௎ோ௚ ) and rolepermission assignment‫ܩ‬௉ோ௪ respectively. The sporadic expression implemented in the expressions of the considered constraints is represented in the form of ሺ‫ܵ ,ܦ‬ሻ [20], in which the variable or entity ܵrefers the expression representing an infinite combination of periodictime moments, and the variable entity D refers ‫ ܦ‬ൌ ሾܾ݁݃݅݊, ݁݊݀ሿ is a time duration representing the lower and upper bounds which are inflicted on instants inentityܵ. On the other hand the expression ܵ‫݈݋‬ሺ‫ܵ ,ܦ‬ሻis employed for stating all the encompassed time durations in composite function ሺ‫ܵ ,ܦ‬ሻ. In this paper, we have also implemented a function ܲ ܵ‫݈݋‬ሺ‫ܵ ,ܦ‬ሻthat represents the collection of the end points present in the intervals in ሺ‫ܵ ,ܦ‬ሻthat states that in case the entity or function ሺ‫ܵ ,ܦ‬ሻ is represented in the form of a set of durations ሼሺ‫ݐ‬௨ଵ , ‫ݐ‬௧ଵ ሻ, ሺ‫ݐ‬௨ଶ , ‫ݐ‬௧ଶ ሻ, … , ‫ݐ‬௨௡ , ‫ݐ‬௧௡ ሽthen; the function can be given as follows: ܲ‫ ݈݋ݏ‬ሺ‫ܵ ,ܦ‬ሻ ൌ ሼሺ‫ݐ‬௨ଵ , ‫ݐ‬௧ଵ ሻ, ሺ‫ݐ‬௨ଶ , ‫ݐ‬௧ଶ ሻ, … , ‫ݐ‬௨௡ , ‫ݐ‬௧௡ ሽ In these mathematical modeling or expressions the variable ‫ ܦ‬denotes the time interval for a defined constraint. 3.2 Temporal Role Hierarchies The overview of the temporal hierarchies of the proposed ‫ܥܣܤܴܧܧܦ‬system model has been discussed in this section.Table-1 illustrates the predicate notations employed for representing the semantics of the considered hierarchies. The considered entities like predicate enabled, assigned have been given be presentation ‫ ݊ܧ‬ሺܴ, ‫ݐ‬ሻ, ‫ ݃ݏܣ‬ሺ݁, ܴ, ‫ݐ‬ሻ and ‫݃ݏܣ‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ. These all notations denote the status of the roles, roles of user and assignment of role permission at time t, respectively. The activation of ሺ݁, ܴ, ‫ݐ‬ሻby means of predicate signifies that the specific user ݁might activate specific role ܴ at certain time period‫ .ݐ‬And further it states that the specific user u is unconditionally or unequivocally allotted to that specific roleܴ. The other entity ‫ ݐܿܣ‬ሺ݁, ‫ݐ ,ܴ ,ݑ‬ሻstates the role ܴ is in active state in the specific user’s session or duration ܵ at time instant t, while another entity ‫ݍܿܣ‬ሺ݁, ‫ݐ ,ݑ ,ݓ‬ሻ illustrates towards the acquisition of permission by ݁ at the session‫.ݑ‬The predominant relationships among the predicates are in general considered and emphasized by the axioms as mentioned in Table 1. Even these axioms do identify the acquisition of permission and the role activation in the proposed ‫ ܥܣܤܴܧܧܦ‬system model. Predicate ‫݊ܧ‬ሺܴ, ‫ݐ‬ሻ ሺ݁_‫ ݃ݏܣ‬ሺ݁, ܴ, ‫ݐ‬ሻሻ ሺ‫ ݃ݏܣ_ݓ‬ሺ‫ݐ ,ܴ ,ݓ‬ሻሻ ܿܽ݊_‫ݐܿܣ‬ሺ݁, ܴ, ‫ݐ‬ሻ ܿܽ݊_‫ ݍܿܣ‬ሺ݁, ‫ݐ ,ݓ‬ሻ ܿܽ݊_ܾ݁_‫ ݍܿܣ‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ TABLE 1: Status Predicates Meaning Role ܴ is enable at time ‫ݐ‬ User ݁ is assigned to role ܴ at time ‫ݐ‬ Permission ‫ ݓ‬is assigned to role ܴ at time ‫ݐ‬ User ݁ can active role ‫ ݎ‬at time ‫ݐ‬ User ݁ can acquire permission ‫ ݓ‬at time ‫ݐ‬ Permission ‫ ݓ‬can be acquire through role ܴ at time ‫ݐ‬ ‫ݐܿܣ‬ሺ݁, ܴ, ‫ݐ ,ݑ‬ሻ Role ܴ is active in user ݁’‫ ݑ‬session ‫ ݑ‬at time ‫ݐ‬ ‫ݍܿܣ‬ሺ݁, ‫ݐ ,ݑ ,ݓ‬ሻ User ݁’ acquires permission ‫ ݓ‬in session ‫ ݑ‬at ‫ݐ‬ 119
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME The axiom 1"‫݃ݏܣ‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ ՜ ܿܽ݊_ܾ݁_‫ݍܿܣ‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ"indicates that in case any person is allotted to perform a specific role, then the same can be accomplished with the help of that specific role.Similarly, the second axiom 2 “‫ ݃ݏܣ‬ሺ݁, ܴ, ‫ݐ‬ሻ ՜ ܿܽ݊_‫ݐܿܣ‬ሺ݁, ܴ, ‫ݐ‬ሻ" denotes that all of the consisting users are facilitated a specific role so that they may activate that specific roles and function. Axiom 3ܿܽ݊_‫ݐܿܣ‬ሺ݁, ܴ, ‫ݐ‬ሻ ‫ ݍܿܣ_ܾ݁_݊ܽܿ ר‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ ՜ ܿܽ݊_‫ ݍܿܣ‬ሺ݁, ‫ݐ ,ݓ‬ሻ”, it is stated that in case a particular user u is provided a role ܴ then all the encompassing functionalities or roles r could be accomplished with the help of that user ‫.ݑ‬ Inthe same way, the ascending axiom 4 ‫ݐܿܣ‬ሺ݁, ܴ, ‫ݐ ,ݓ‬ሻ ‫ ݍܿܣ_ܾ݁_݊ܽܿ ר‬ሺ‫ݐ ,ܴ ,ݓ‬ሻ ՜ ‫ݍܿܣ‬ሺ݁, ‫ݐ ,ݑ ,ݓ‬ሻsay that in case a user session or duration in which one has to activate a specific roleR, in that circumstances the user ݁ accomplishes then all the permissions that could be collected through the role ܴ. It must be noted that the axioms presented in 1 and 2 illustrates towards the permission-acquisition and role-activation semantics which are in general governed by overt userrole and the person or privilege of the role assignment. In general, a particular hierarchy of role ܴ lengthens the extent of the permission-acquisition and the semantics of the role-activation further than the preciseallocations by means of hierarchical relations which are predefined among permitted or considered roles. In our proposed ‫ܥܣܤܴܧܧܦ‬ model or framework the predominant three hierarchies are considered. These are: permissioninheritance-only hierarchy which is also known as‫ ܫ‬െ ݄݅݁‫,ݕ݄ܿݎܽݎ‬ ‫ ݈݁݋ݎ‬െ ‫ ݐܿܣ‬െ ‫ݕ݄ܿݎܽݎ݄݁݅ ݕ݈݊݋‬or‫ ܣ‬െ ݄݅݁‫ ,ݕ݄ܿݎܽݎ‬and the third and the last hierarchy are referred to as ܿ‫ ݁ܿ݊ܽݐ݅ݎ݄݁݊݅ ܾ݀݁݊݅݉݋‬െ ‫ݕ݄ܿݎܽݎ݄݁݅ ݐܿܣ‬or ‫ ܣܫ‬െ ݄݅݁‫ .]71[ ,]61[ ݕ݄ܿݎܽݎ‬These all framework hierarchy might be of any kind, either of restricted or unrestricted kinds. Among these hierarchies the restricted one might be further classified into two types, weakly and strongly restricted. The hierarchy of unrestricted type ‫ ܫ‬െ ݄݅݁‫ ܽݕ݄ܿݎܽݎ‬൒௧ ߚthat states that in case there exists a ൒୲ β, then the role permission or even acquisition permission could be accomplished with the help of role ‫ݔ‬which encompasses all the approvals or acknowledgements that could be gained with the help of specific role ‫.ݕ‬In other way, the permissions of the ascenders roles are in general inherited or ascended by the roles with higher priority. Meanwhile, the condition which is in relation to the unrestricted A-hierarchy states that in case a user ݁ activates a specific role ‫ ݔ‬with the condition‫ ݔ‬൒௧ ߚ, then that user ݁might also initiate the role ߚwhether being not assigned toߚ. Furthermore, the user ݁might not get theߚ’‫ ݏ‬permissions only by initiatingܽ. On the other hand, the permission-inheritance nature is not permitted in an unrestricted A-hierarchy framework. It can be found that the ‫ ܣܫ‬െ ݄݅݁‫ݕ݄ܿݎܽݎ‬is the specific and of course alone framework that encompasses both kind of inheritance, like permission inheritance as well as role-activation kind of semantics. The weakly restricted hierarchy permits the inheritance or the activation semantics in the non-overlapping activation sessionof the systematically allied roles, on the other hand the hierarchies restricted strongly permits the inheritance and the activation semantics only in the overlapping causing sessions. As per the considered condition for ‫ ܫ‬െ ݄݅݁‫ݕ݄ܿݎܽݎ‬ሺ‫ ܽ݀݁ݐܿ݅ݎݐݏ݁ݎ ݕ݈݇ܽ݁ݓ‬൒௧ ߚሻ is presented, then only the role is required to be activated at time ‫ ݐ‬so as to implement the inheritance semantics. The roles or defined role ‫ ݕ‬might or even might not be activated at that specific time then while, in case of ‫ ܫ‬െ ݄݅݁‫ ݕ݄ܿݎܽݎ‬which is a kind of strongly restricted hierarchy framework, if ܽ ൒௨ ௧ ߚ is stated then the entities, ܽ and ߚis required to be activated at the specific time ‫ݐ‬so as to employ the inheritance semantics. The hierarchies like restricted Aand IA are defined in the same way. IV. EXPRESSIVENESS OF ࡰࡱࡱࡾ࡮࡭࡯ MODEL AND ITS MODELING The overall system has been introduced in the previous section and has been discuss that the proposed ‫ ܥܣܤܴܧܧܦ‬modelpermits the characterization of a huge set time-related constraints. Observing these factors a significant question arises that whether this kind of exhaustive set of 120
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME temporal constraints is required or is there a minimal combination of constraintswhich posses’ similar expressive capability or capability of expressiveness with all the significant constraint of the proposed model‫ .ܥܣܤܴܧܧܦ‬Here, in this presented section, it would be illustrated that all the encompassing constraints of proposed model are not minimal. Implementing or even considering the notion of activity-equivalence or a-equivalence, it has been depicted that there exists a negligible set of system constraint that could have an expressive power equivalent of the proposed ‫ܥܣܤܴܧܧܦ‬ constraint. In the proposed approach and system model we have demonstrated an analysis that in spite of minimum value, the set representing the non-minimal system constraints facilitates the better option and efficiency for representing the cloud access constraints. Specifically, this kind of options and alternatives do permit the users highly robust and convenient system mechanism with comparatively minimum complexity. Additionally, thehuge sum of access restraints present in ‫ ܥܣܤܴܧܧܦ‬system facilitates better functional feasibility along with the proper selection of a semantically apparent characteristicby implementing optimization measures for enhancing the usability of the model. The following algorithm represents the algorithm presentation for conversion of the role permission. Algorithm ܴܲ_‫ݐݎ݁ݒ݊݋ܥ‬ Input: ‫ݕܩ‬௜௡ ; ࡻ࢛࢚࢖࢛࢚ ‫ݕܩ ׷‬௢௨௧ 1. ‫ݕܩ‬௢௨௧ ൌ ሼܶ ᇱ , ܷ‫ ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ᇱ , ܲ݁‫ ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ‬ᇱ ሽ ൌ 2. ‫ݕܩ‬௜௡ ൌ ሼܶ, ܷ‫ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ݁ܲ ,ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ሽ; 3. ۴‫ ݀ ࡴ࡯࡭ࡱ܀۽‬ൌ ሼࣛ, ‫݃ݏܣ :ݎ݌‬௪ /‫݃ݏܣ‬௪ ‫ܴ ݋ݐ ݓ‬ሽ ‫ ࣛ ݁ݎ݄݁ݓ ,ܶ א‬ൌ ሼሺ‫ܷ ,ܯ‬ሻ, ሺሾ‫ܯ ,|ܷ ,ܯ‬௔ ሿ, ‫ܯ‬ሻሽ ۲‫ܗ‬ 4. Generate a speciϐic roleܴ௜ ; 5. Substitute all occurrences of ሼࣛ, ‫݃ݏܣ :ݎ݌‬௪ /‫݃ݏܣܦ‬௪ ‫ܴ ݋ݐ ݓ‬ሽ byሼࣛ, ‫݊ܧ :ݎ݌‬௪ / ܾ݀௪ ܴ௜ in T’ ஺௦௚ೢ 6. Perform (add default assignment “஽஺௦௚ ‫ܴ ݋ݐ ݓ‬௜ ” to T’ ೢ 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. ۴‫ࡴ࡯࡭ࡱ܀۽‬Event ‫ ܶ א‬ᇱ , ‫ ܴݐ ݁ݎ݄݁ݓ‬ൌ "ܲԢଵ , … , ܲԢ௠ , ‫ܩ‬Ԣଵ , … , ‫ܩ‬Ԣ௢ ՜ ‫ܲ :ݎ݌‬௠ାଵ after ∆௧ " ‫݋ܦ‬ Replace ‫ܲ"= ’ܴݐ ݕܾ ܴݐ‬Ԣଵ , … , ܲԢ௠ , ‫ܩ‬Ԣଵ , … , ‫ܩ‬Ԣ௢ ՜ ‫ܲ :ݎ݌‬Ԣ௠ାଵ after ∆௧ ”, such that, ݈ ൌ 1 ‫ ݉ ݋ݐ‬൅ 1, ݂ ൌ 1 ‫݋ ݋ݐ‬ሻ IFሺܲ௟ ൌൌ "‫݃ݏܣ‬௪ /‫݃ݏܣܦ‬௪ ‫"ܴ ݋ݐ ݓ‬ሻTHEN‫’ܩ‬௙ ൌ ‫݊ܧ‬௪ /ܾ݀௪ ܴ௟ "; ELSE update ܲ’௟ ‫’ܧ‬௟ ൌ ܲ௟ ; IFሺ‫ܩ‬௙ ൌൌ "‫"ܴ ݋ݐ ݓ ݃ݏܣܦ/݃ݏܣ‬ሻTHEN‫’ܩ‬௙ ൌ ‫ܴ ܾ݀/݊ܧ‬௟ "; ELSE update‫’ܩ‬௙ ൌ ‫ܩ‬௙ ; ENDFOR Update Roles’=Roles’ ‫ ׫‬ሼܴ௟ ሽ; FOR each role ܴ௟ ‫ ݐ݄ܽݐ ݄ܿݑݏ ݏ݈݁݋ܴ א‬ሼܴ ൒ ܴ௙ ሽDO Update ܴ‫ ܪ‬ᇱ ൌ ܴ‫ܪ‬ᇱ ‫ ׫‬൛ܴ௟ ൒ ܴ௙ ൟ; ܴ‫ ܪ‬ᇱ ൌ ܴ‫ܪ‬ᇱ െ ൛ܴ ൒଼ ܴ௙ ൟ ENDFOR Update ܴ‫ ܪ‬ᇱ ൌ ܴ‫ܪ‬ᇱ ‫ ׫‬ሼܴ ൒଼ ܴ௟ ሽ; ENDFOR Algorithm 1: ܴܲ_‫ݐݎ݁ݒ݊݋ܥ‬ 4.1 Minimality of DEERBAC With a considered ‫ ܥܣܤܴܧܧܦ‬model, all of its system constraints are referred to as Temporal Constraint and Activation base ሺܶ‫ܤܣܥ‬ሻ.this set of constraints, ܶ‫ ܤܣܥ‬can be presented as follows: ௫ ௫ ௫ ௫ ௫ ௫ ௫ ௫ ܶ ൌ ሺ‫ܩ‬௎ோೢ , ‫ܩ‬ோೢ, , ‫ܩ‬௪ோೢ , ‫ܩ‬௎ோ೒ , ‫ܩ‬ோ೒, ,‫ܩ‬௪ோ೒ , ‫ܩ‬ௗோ , ‫ܩ‬௚௘ோ , ‫ܩ‬௡ோ , , ‫ܩ‬௡௘ோ , ‫ܩ‬௠ோ , ‫ܩ‬௠௘ோ , ‫ܩ‬௠௡ோ , ‫ܩ‬௠௡௘ோ , ‫ܩ‬௧ோ , ‫ܩ‬ௗ In this manuscript and the proposed model, we have employed the name as constraint that refers towards the combination encompassing the periodicity constraint of specific kinds. For 121
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME example, ‫ܩ‬௎ோೢ represents user a periodicity constraint which states a role assignment on individual user’s role and it is expressed asሺ‫݃ݏܣ :ܽݎܲ ,ܵ ,ܦ‬௎ /‫݃ݏܣܦ‬௎ ܴ ‫݁ ݋ݐ‬ሻ. The periodicity constraints cover the user role assignments‫ܩ‬௎ோ௪ , role enabling‫ܩ‬ோ௪ and role permission assignment ‫ܩ‬௉௥௪ . In the subsequent sections, a short term like ܶ ൌ ሺ‫ܩ‬௎ோೢ , ‫ܩ‬ோೢ, ሻ has been employed in the specific case of non-empty constraints ‫ܩ‬ோೢ, ሺா௫௣௥௘௦௦௜௢௡ ሺ஽,ௌ,௉௥௔:஽஺௦௚ ோሻ୤୭୰ ୰୭୪ୣ ୣ୬ୟୠ୪୧୬୥ሻ and‫ܩ‬௎ோೢ . In fact the nature of a ‫ ܥܣܤܴܧܧܦ‬model depends on variableܶ, the clusters of users, their individual roles, the set of roles and the set of specific permissions as well as the role hierarchyܴ‫ .ܪ‬That’s why; here in this manuscript the tuple has been employed for presenting a set ofܶ, users, roles and permission as well as role hierarchy that depicts a complete ‫ ܥܣܤܴܧܧܦ‬model. ௗ௬ In this work a notation ሺ݁ ሳ ‫ݓ‬ሻ has been defined for reading ݁ ‫ .ݏݎ݁ݏݑ ݎ݋‬The considered ሰ notation achieves the permission ‫ ݓ‬at the time instant ‫ ݐ‬under the function ‫ .ݕܩ‬Nowafter defining the notations the notions of ܽ െ ݁‫ ݐ݈݊݁ܽݒ݅ݑݍ‬in between two ‫ ܥܣܤܴܧܧܦ‬frameworks or configurations are defined. Few of the dominant notations have been definedas follows: Definition 1: Activity-equivalence or ࢇ െ ࢋ࢛ࢗ࢏࢜ࢇ࢒ࢋ࢔ࢉࢋ In the defined ‫ܥܣܤܴܧܧܦ‬ framework, the two configurations ሺܶଵ , ܷ‫ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ଵ , ܲ݁‫ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ‬ଵ ሻand ‫ݕܩ‬ଶ ൌ ሺܶଶ , ܷ‫ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ଶ , ܲ݁‫ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ‬ଶ ሻሻ (‫ݕܩ‬ଵ ൌ can represents ܽܿ‫ ݈݁ܿ݊݁ܽݒ݅ݑݍ݁ ݕݐ݅ݒ݅ݐ‬only in the situation when the pairs ሺ݁, ‫ݓ‬ሻsatisfies the conditions݁ ‫ ݏݎ݁ݏܷ א‬and‫ .ݏ݊݋݅ݏݏݏ݅݉ݎ݁ܲ א ݓ‬Again, in case Gyଵ ൎ Gyୟ and Gyୟ ൎ Gyଶ the equivalence condition Gyଵ ൎ Gyଶ is accomplished which exhibits the transitivity property. In the proposed ‫ ܥܣܤܴܧܧܦ‬model ܽ െ ݁‫ ݈݁ܿ݊݁ܽݒ݅ݑݍ‬refers that a particular user could efficiently exhibit the similar combination of accesses under the two configurations.Therefore, after replacing the system configurations of ‫ݕܩ‬ଵ by another configurationGyଶ the accesses which are not permitted for a particular or even individual user, is not altered.It must be noted that in the considered case as we have takenthe similar set of users and their individual permissions therefore ܽ െ ݁‫ ݈݁ܿ݊݁ܽݒ݅ݑݍ‬is not must to be implied with that policy equivalence which states that in any case the two system configurations it is required to consider only similar rule sets. In this work we have emphasized on illustrating the dissimilar model configurations of constraints as well as roles of multiple range. This feature permits the similar set of assigned users for accomplishing the same permission sets and after that it analyzes the configurationally complexities. It makes the system to perform user role generation and role permission efficiently. In the ascending research phasewe have illustrated that the constraint sets of ‫ܥܣܤܴܧܧܦ‬is not minimal. These characteristics states that few kinds of constraints can be efficiently removed without compromising or minimizing the expressive power of ‫ ܥܣܤܴܧܧܦ‬model. Implementing the aforementioned ܽ െ ݁‫݈݁ܿ݊݁ܽݒ݅ݑݍ‬relations over a set of ‫ ܥܣܤܴܧܧܦ‬model, in this work we have to present that there exists a minimal presentations which employs only periodicity and the duration constraints. These all constraints are functional on roles and are activated on perrole basis.‫ܥܣܤܴܧܧܦ‬also considers default assignments for assigning the permissions and users to the specific roles without characterizing any temporal restrictions. In the ascending research phase we have presented certain robust algorithms that could be employed for generating a-equivalent model or framework for a certain defined model or configuration.The first algorithm ሺܴܲ_‫ݐݎ݁ݒ݊݋ܥ‬ሻgenerates a highly robust and effective ܽ െ ݁‫ݐ݈݊݁ܽݒ݅ݑݍ‬framework for a specific ‫ ܥܣܤܴܧܧܦ‬system configuration, while considering all the temporal constraints functional on assignments of role-permission displaced by those for enabling the role. Meanwhile, another algorithm called ܷܴ_‫ ݐݎ݁ݒ݊݋ܥ‬comes up with new framework tothe input arrangement‫ ݕܩ‬where all the incorporating or participating assignments of role and the 122
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME constraints ofper-user-role activation is replaced by the considered role enabling and per-role activation, respectively. Algorithm ܷܴ_‫ݐݎ݁ݒ݊݋ܥ‬ Input:‫ݕܩ‬௜௡ ; ܱ‫ݕܩ ׷ ݐݑ݌ݐݑ‬௢௨௧ 1. ‫ݕܩ‬௢௨௧ ൌ ‫ݕܩ‬௜௡ ሺ݅. ݁. , ሼܶ ᇱ , ܷ‫ ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ᇱ , ܲ݁‫ ܪܴ ,݊݋݅ݏݏ݅݉ݎ‬ᇱ ሽ ൌ ሼܶ, ܷ‫ܪܴ ,݊݋݅ݏݏ݅݉ݎ݁ܲ ,ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬ሽሻ; ܷ ൌ ‫׎‬ 2. ࡲࡻࡾࡱ࡭࡯ࡴ ݀ ൌ ሼࣛ, ‫݃ݏܣ :ݎ݌‬௎ /‫݃ݏܣ‬௎ ݁ ‫ܴ݋ݐ‬ሽ ‫ ࣛ ݁ݎ݄݁ݓ ,ܶ א‬ൌ ሼሺ‫ܷ ,ܯ‬ሻ, ሺሾ‫ܯ ,|ܷ ,ܯ‬௔ ሿ, ‫ܯ‬ሻሽࡰ࢕ 3. ܿ‫ܴ ݈݁݋ݎ ݁ݑݍ݅݊ݑ ݔ ݁ݐܽ݁ݎ‬௟ ܽ݊݀ ‫ݏݎ݁ݏݑ ݈ ݎ݋݂ ݏ݈݁݋ݎ ݂݋ ݐ݁ݏ‬ 4. Replace all occurrences of ሼࣛ, ‫݃ݏܣ :ݎ݌‬௎ /‫݃ݏܣܦ‬௎ ݁ ‫ܴ ݋ݐ‬ሽ byሼࣛ, ‫ܴ ܾ݀/݊ܧ :ݎ݌‬௟ ሽ in T’ 5. Add default assignment “‫ܴ ݋ݐ ݁ ݃ݏܣܦ/݃ݏܣ‬௟ ” to T’ 6. FOR each Event dependencies‫ ܶ א ܴݐ‬ᇱ , ‫ ܴݐ ݁ݎ݄݁ݓ‬ൌ "ܲԢଵ , … , ܲԢ௠ , ‫ܩ‬Ԣଵ , … , ‫ܩ‬Ԣ௢ ՜ ‫ܲ :ݎ݌‬௠ାଵ after ∆௧ " ‫݋ܦ‬ 7. Replace ‫ ’ܴݐ ݕܾ ܴݐ‬where tR’=ൌ "ܲԢଵ , … , ܲԢ௠ , ‫ܩ‬Ԣଵ , … , ‫ܩ‬Ԣ௞ ՜ ‫ܲ :ݎ݌‬Ԣ௠ାଵafter∆௧ ”, such that 8. IFሺܲ௟ ൌൌ "‫݃ݏܣ‬௎ /‫݊݃ݏܣܦ‬௎ ݁ ‫"ܴ ݋ݐ‬ሻ THEN upate ܲ’௟ : ൌ ‫݊ܧ‬௪ /ܾ݀௪ ܴ௟ "; 9. ELSEܲ’௟ ൌ ܲ௟ ; 10. IFሺ‫ܩ‬௙ ൌൌ "‫݃ݏܣܦ/݃ݏܣ‬௎ ݁ ‫"ܴ ݋ݐ‬ሻ THEN ‫’ܩ‬௙ : ൌ "‫ܴ ܾ݀/݊ܧ‬௟ "; 11. ELSE Update ‫’ܩ‬௙ ൌ ‫ܩ‬௙ ; 12. ENDFOR 13. Update Roles’=Roles’ ‫ ׫‬ሼܴ௟ ሽ; 14. FOR each role ܴ௟ ‫ ݐ݄ܽݐ ݄ܿݑݏ ݏ݈݁݋ܴ א‬ሼܴ ‫ܴ غ‬௙ ሽDO 15. ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ ‫ ׫‬൛ܴ௙ ‫غ‬௨ ܴ௟ ൟ; ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ െ ሼܴ ‫غ‬௨ ܴሽ; //this is strongly restricted Ahierarchy 16. ENDFOR 17. Update ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ ‫ ׫‬ሼܴ ൒଼ ܴ௟ ሽ; 18. ENDFOR 19. ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ ‫ ׫‬൛ܴ௙ ‫غ‬௨ ܴൟ; 20. ENDFOR 21. ࡲࡻࡾࡱ࡭࡯ࡴ ‫ ݎ݅ܽ݌‬ሺ݁, ܴሻ 22. ‫ݐܿܣ‬௎௏ ൌ ሼ‫ݐܿܣ‬௎ோ೟೚೟ೌ೗ , ‫ݐܿܣ‬௎ோ_௠௔௫ , ‫ݐܿܣ‬௎ோ೙ , ‫ݐܿܣ‬௎ோ_௖௢௡ ሽDO 23. IFሺܴ௟ Ԣ ൌ ݃݁‫݁ܵݐ‬௟ ሺ‫ܴ ,݁ ,ݑ‬ሻ ൌൌ ܰ‫ܮܫ‬ሻܶ‫ܴ ݈݁݋ݎ ݁ݑݍ݅݊ݑ ܽ ݁ݐܽ݁ݎܥ ܰܧܪ‬௟ , //݃݁‫݁ܵݐ‬௟ ሺ‫ܴ ,݁ ,ݑ‬ሻ ൌൌ ܰ‫ݐ݄ܽݐ ݏ݊ܽ݁݉ ܮܫ‬ 24. FOR each ݀ ൌ ሺࣛ, ࣜ௘ , ݁, ‫ݐܿܣ‬௎ࣜ ܴሻ߳ܶԢ DO 25. Replace d in T’ by d’ where ݀’ ൌ ሺࣛ, ࣜ௘ , ‫ݐܿܣ‬௎ࣜ ܴ௟ ሻ; 26. ENDFOR 27. IF (ܴ௟ ‫ )42 ݁݊݅ܮ ݊݅ݓ݁݊ ݀݁ݐܽ݁ݎܿ ݏܽݓ‬THEN 28. Role’=Role’‫ܴ{ ׫‬௟ }; 29. FOR each role ܴ௙ ‫ܴ ݐ݄ܽݐ ݄ܿݑݏ ݏ݈݁݋ܴ א‬௙ ‫ذ‬௨ ܴ௟ DO 30. ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ ‫ ׫‬൛ܴ௙ ‫ذ‬௦ ܴ௟ ൟ; ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ െ ൛ܴ௙ ‫ذ‬௨ ܴൟ; 31. ENDFOR 32. ܴ‫ ܪ‬ᇱ ൌ ܴ‫ ܪ‬ᇱ ‫ ׫‬ሼܴ௟ ‫غ‬௨ ܴሽ; 33. ܴ݁‫ ݎ݁݌ ݈݁ܿܽ݌‬െ ‫ ݕܾ ݐ݊݅ܽݎݐݏ݊݋ܿ ݊݋݅ݐܽݒ݅ݐܿܽ ݈݁݋ݎ‬൫0, ‫ݐܿܣ‬ோ೘ ܴ൯݅݊ ܶԢ 34. ENDFOR Algorithm 2: ܷܴ_‫ݐݎ݁ݒ݊݋ܥ‬ In the proposed system architecture the algorithm developed depicts that after substituting the temporal constraints on rolepermissions the minimized system model with similar expressiveness could be obtained on individual roles and constraints of per-user role. Here theminimal constraint set (MCS) has been employed for exhibiting the details and reality whether ܽ െ ݁‫ݐ݈݊݁ܽݒ݅ݑݍ‬model 123
  10. 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME framework or model configuration exists with the minimum number of kinds of constraints. The definition for the minimal constraints sets have been given in the definition 2. Definition-2: Minimal Constraint Set Consider, the factor minimum constraint set is represented by ‫ ܵܥܯ‬ሺܶሻwhich represents the set of parametric constraints in ܶ‫ ,ܶ ܤܣܥ‬and similarly the variable ‫ ܵܩ‬refers, ‫ ܵܩ‬ൌ ሼ‫ݕܥ‬ଵ , ‫ݕܥ‬ଶ , … ‫ݕܥ‬௡ ሽthe ܽ െ ݁‫ ݐ݈݊݁ܽݒ݅ݑݍ‬set of model configuration of frameworks for certain ݊ number, in such a way that,‫ݕܩ‬௟ ൌ ሺܶ௟ , ܷ‫ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ݁݌ ݏ݁ܿܿܽ ,ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬௜ ሻ, ݂‫ ݈ ݏ݈ܾ݁ܽ݅ݎܽݒ ݎ݋‬ൌ 1,2, … ݊. The minimum constraint set ‫ ܵܥܯ‬ሺܶ௟ ሻ refers the ‫ ܵܥܯ‬of constraints set in case there is no any kind of other configures as‫ݕܩ‬௙ ൌ ൫ܶ௙ , ܷ‫ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ݁݌ ݏ݁ܿܿܽ ,ݏ݈݁݋ܴ ,ݏݎ݁ݏ‬௙ ൯. In this mentioned situation ݈ ‫ ݂ ב‬and its ݈‫ܶܥܯ‬ሺܶ_݂ ሻ ‫ܶܥܯ ؿ‬ሺܶ_݈ ሻ. The derived definition states that ‫ ܵܥܯ‬is that parameter that poses at least unitary temporal constraint.It must also be noticed that the presented definition refers towards a fact that user role and its sets as well as its hierarchical assignments with its structures might be diverse for various system or model configurations. The results accomplished for minimality results in ‫ ܥܣܤܴܧܧܦ‬model for cloud environment with its allied expressions have been given in the following theorems presentation. Theorem 1: Minimality of ࡰࡱࡱࡾ࡮࡭࡯ model. In this theorem consider that ‫ݕܩ‬ଵ represents the model configuration for‫ܥܣܤܴܧܧܦ‬system ௔ architecture in such a way that൛‫ܩ‬ௗ , ‫ܩ‬ோ௪ , ‫ܩ‬ோ௚ , ‫ܩ‬௥ , ‫ܩ‬௧ோ, ‫ܩ‬ௗ ൟ ‫ܵܥܯ ؿ‬ሺܶଵ ሻ. In this state there is the probability of existence of ‫݂ܩ‬ଶ system configuration. The‫ݕܩ‬ଶ configuration posses the following characteristics: 1. ‫ݕܩ‬ଵ ൎ ‫ݕܩ‬ଶ , ௫ 2. ‫ܵܥܯ‬ሺܶଶ ሻ ൌ ൛‫ܩ‬௚ , ‫ܩ‬ோ௪ , ‫ܩ‬ோ௚ , ‫ܩ‬ோ , ‫ܩ‬௧ோ, ‫ܩ‬ௗ ൟ, ௫ ‫݊݋݅ݏݏ݁ݎ݌ݔ݁ ݀݁݊݋݅ݐ݊݁݉ ݁ݒ݋ܾܽ ݄݁ݐ ݊ܫ‬ሺ‫ܥ‬௥ ሻ ‫.ݏݐ݊݅ܽݎݐݏ݊݋ ݈݁݋ݎ ݎ݁݌ ݂݋ ݏ݀݊݅݇ ݄݁ݐ ݏݎ݂݁݁ݎ‬ 3. ‫ܵܥܯ‬ሺܶଶ ሻIs nothing else but the ‫ ܵܥܯ‬functional withሼ‫ݕܩ‬ଵ ሽ ‫ ׫‬ሼ‫ݕܩ | ݕܩ‬ଵ ൎ ‫ ݕܩ‬ሽ. The presented theorem 1 refers that the genuine set of ‫ ܥܣܤܴܧܧܦ‬modelwhich is not the minimal because of few dominant parameters or factors like default assignments, periodicity in framework, time constraints for enabling roles and assignment enabling (‫ܩ‬ோ௪ , ‫ܩ‬ோ௚ ), constraints for ௫ per role activationሺ‫ܩ‬௥ ሻ, enablesሺ‫ܩ‬௪௥ ሻ and the expression for constraint enabling ‫ܩ‬ௗ could be effectively employed for representing any policy for access control of entire ‫ ܥܣܤܴܧܧܦ‬model constraints. It can be easily found that the counts of individual roles and its hierarchical complexity increases by the implementation of the transformation algorithms which do replace the temporal constraints on assignments by temporal constraints on roles. The fundamental factor and reasonbehind such model behavior is that the algorithms "ܴܲ_‫ "ݐݎ݁ݒ݊݋ܥ‬and ܷܴ_‫ݐݎ݁ݒ݊݋ܥ‬generate a new specific role though substituting every temporal obligation. Such characteristics might not be instinctive and competentas it looks like there would be numerous new user’s roles createddue to the replacements of temporal assignments.In order to generate similar kind of temporally nonoverlapping responsibilities or roles, it is required to divide ݊ periodic expressions into a temporally non-overlapping set of periodic expressions. Once the periodic expressions have been divided then in the ascending step the formal definitions are facilitated and the algorithms are required to create this set by generating the disjoint periodicity expressions from a cluster of numerous periodicity expressions. It must be noted that in our proposed minimal model represents itself as a highly robust model with temporal parametric constraints on numerous role activations by means of creating some 124
  11. 11. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME other similar minimal model possessing the temporal constraints on the user role assignments or role permission assignments in spite of role activation. Since, the roles are the fundamentalbody of ܴ‫ܥܣܤ‬framework, here in this work we would emphasize on the minimal model.Being referred as runtime constraints the parametric constraints on the activation of rolecannot possess any correspondingillustrationemployingindividual role or permission for role assignments. Thereforethere could be certain temporal constraints on individual roles even after eliminating the temporal constraints on role activation. 4.2 Operations on Periodicity Expressions In this presented section of the manuscript, the fundamental notions ofsuppression, correspondence, overlapping, and disjunction operationsin between the pairs of periodic expressions have been discussed. Definition 3: Relations on periodic expressions. Consider that ܵܲଵ ൌ ሺ‫ܦ‬ଵ , ܵሻଵ and ܵܲଶ ൌ ሺ‫ܦ‬ଶ , ܵଶ ሻbe the periodic expression. The relations between these two expressions have been given bellow. The figure as mentioned below refers the relationship between numerous periodic expressions. It must be noticed that as mentioned in the 4th definition, it is in general referred as the disjoint in case of the similar end points of two intervals or durations.The pair wise relations could be extended for defining relationships of the periodic expressions. The set of periodic expressions are considered as similar if all the considered periodic expressions are similar.In an ideal world, generally it is expected to estimate disjoint clusters of intervallic expressions which is minimal so as to associate them with individual roles for making them temporally distinct. Definition 4: Minimal Disjoin Set Consider that ܵܲ ൌ ሼܵܲଵ , ܵܲଶ , … , ܵܲ௡ ሽ represents the se of a random periodic expression then the minimal disjoint set ሺ‫ܵܦܯ‬ሻ over periodic expression ሺܵܲሻ can be given as the minimum set of disjoint periodic expressions, ‫ܵܦܯ‬ௌ௉ or in mathematics ‫ܵܦܯ‬ௌ௉ ൌ ݉݅݊௡ ሼܵܲ௟ᇱ |1 ൑ ݅ ൑ ݊ሽ. In order to accomplish the above mentioned criteria for‫ܵܦܯ‬ௌ௉ , the following conditions are required to be fulfilled. 1. ‫ 1 ݂݋ ݁ݑ݈ܽݒ ݄ܿܽ݁ ݎ݋ܨ‬൑ ݈, ݂ ൑ ݊; ݈ ് ݂ ᇱ ᇱ 2. ܵ‫ ݈݋‬ሺܵܲଵ ሻ ‫ ݈݋ܵ ׫‬ሺܵܲଶ ሻ ‫݈݋ܵ ׫ … ׫‬ሺܵܲᇱ ሻ, That means ܵ‫ ݈݋‬ሺܵܲଵ ሻ ‫ ݈݋ܵ ׫‬ሺܵܲଶ ሻ ‫݈݋ܵ ׫ … ׫‬ሺܵܲ௠ ሻ ௡ 3. ݈ܵ݅݉݅ܽ‫ 1 ݕݎ݁ݒ݁ ݎ݋ܨ ,ݕ݈ݎ‬൑ ݈ ൑ ݉, 1 ൑ ݂ ൑ ݉, and for this it exhibit, ᇱ ܵܲ௟ᇱ ‫ܲܵ ؿ‬௙ In this definition, the conditions mentioned in 1st and 2nd terms illustrates that the minimum disjoint set encompasses set of periodic expressionswhich is disjoint in nature and even contains the time instants available in all set of periodic expressions given in ܵܲ௟ ‫. ݑ‬Again the last condition makes it sure that individual periodic expressions could be present either in or might be disjoint also from every ݂ܵܲ . 125
  12. 12. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Figure1. Temporal relations between a pair of periodic expressions Definition 5: Minimum subset (MS) presentation for ࡼࡱ in spite of ࡹࡰࡿ approach Consider ‫ܵܦܯ‬ௌ௉ ൌ ݉݅݊௡ ሼܵܲ௟ᇱ | 1 ൑ ݈ ൑ ݊ሽ refers the MDS over periodicity expression, ܵܲ ൌ ሼܵܲଵ , ܵܲଶ , … , ܵܲ ሽ, where n refers certain value.Now, the MS for the considered periodic ௡ expression with condition ܵܲ௙ ‫ ܲܵ א‬over derived ‫ܵܦܯ‬ௌ௉ can be presented is the following expressions: ᇱ ᇱ ᇱ ‫ܵܦܯ‬ௌ௉ ௙ ሺ‫ܵܦܯ‬ௌ௉ ሻ ൌ ሼܵܲగଵ , ܵܲగଶ , … , ܵܲగ௢ ሽ ‫ܵܦܯ ك‬ௌ௉ With1 ൑ ‫ ݋‬൑ ݊. This is accomplished only in the case: • ݉݅݊௞ ൛ߨ‫ 1|݋‬൑ ݈ ൑ ‫ א ݈ߨ ,݋‬ሼ1,2 … , ݊ሽൟ • for each duration ‫݈݋ܵ א ݐ‬ሺܵܲ ሻ there exists exact singular set ߚ ‫ א‬ሼߨ1, ߨ2 … , ߨ‫݋‬ሽ in such a ௔ way that it satisfies ‫݈݋ܵ א ݐ‬ሺܵܲఉ ሻ Here, it can also be noted that the minimum subset ሺ‫ܵܯ‬ሻ of ܵܲis nothing else but the MS of ‫ܵܦܯ‬ௌ௉ that encompasses all the duration instants ofܵܲܽ. . After defining the ‫ ܵܯ‬now we emphasize on the illustrations of certain formal characteristicsthat are allied with the estimation approaches of ‫ܵܦܯ‬and‫ .ܵܯ‬Since, the expression of the periodicity creates the set of time instants, therefore the consequences also comes out instantaneously. The algorithms for generating the ‫ܵܦܯ‬ௌ௉ have been given in Algorithm 3. In the presented algorithm the ‫ ݃݊݅ݎ݅ܽܲ_ܵܦܯ‬approach estimates the ‫ ܵܦܯ‬for certain pairs of ܵܲ‫ݑ‬ and here it can be noted that in case of equivalence in two expressions the generated ‫ ܵܦܯ‬encompasses only one periodic expression. Meanwhile, in case of disjoint expressions the generated ‫ܵܦܯ‬consists of both the periodic expressions. Theorem 2: Generation of ࡹࡰࡿ employing ࡯ࢇ࢒ࢉ_ࡹࡰࡿ algorithm ᇱ ᇱ With certain provided random sets of ܲ‫ݏܧ‬there is always a set ܵܲଵ , ܵܲଶ , … , ܵܲᇱ , existing in such a ௡ way that ᇱ ᇱ • ‫ܵܦܯ‬ௌ௉ ൌ ܵܲଵ , ܵܲଶ , … , ܵܲᇱ ௡ This algorithm estimates the ‫ܵܦܯ‬ௌ௉ as output after taking periodic expression as input. The next section discussesthe algorithm for creating system configuration of ܽ െ ݁‫ ݐ݈݊݁ܽݒ݅ݑݍ‬for our proposed model after eliminating the temporal constraints from per user role assignments and computation of Minimum subset and ‫ ܵܦܯ‬for periodic expressions. Once ‫ ܵܦܯ‬has been generated we have developed a robust algorithm that generates aܽ െ ݁‫ ݐ݈݊݁ܽݒ݅ݑݍ‬framework configuration for ‫ ܥܣܤܴܧܧܦ‬system model by eliminating the temporal constraints on per user role assignments which was followed by computation of ‫ ܵܯ‬and ‫ ܵܦܯ‬in ܵܲ‫.ݏ‬ 126
  13. 13. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Theorem 3: rectifications or correctness ofࡹࡰࡿ_࡯࢕࢔࢜ࢋ࢚࢘. With the provided input framework configurations ‫ݕܩ‬௜௡ possessing only the periodicity constraints for assignments of per user role, the presented algorithm‫ ,ݐݎ݁ݒ݊݋ܥ_ܣܦܯ‬generates the output configurations‫ݕܩ‬௢௨௧ : • ‫ݕܩ‬௜௡ൎ ‫ݕܩ‬௢௨௧ And in this algorithmic approach ‫ݕܩ‬௢௨௧ posses no any temporal constraints for role assignments on users. 4.3 System Complexity and Design Considerations This is matter of fact that the complexity of the ‫ ܥܣܤܴܧܧܦ‬model might have various dimensions like the uncontrolled and unmanaged counts of individual roles in the model/framework.In spite of these all, the number of temporal constraints also affects the system characteristics. In the presented scenario we do emphasize of performance and complexity factors and have proposed for ‫ܥܣܤܴܧܧܦ‬in which the user membership is required to be checked for estimating whether a specific user has been assigned certain role or not. Hence, the factor temporal assignments added up some more model complexity as compared to the existing ܴ‫ܥܣܤ‬ mechanism.Here, we implement system without introducing much constraint and especially the temporal constrains. Here in spite of verifying membership we do introduce the assurance of temporal validity for a considered membership. In order to simplify the issues and concepts, in our work we have developed a foundation hierarchy of ‫ ܥܣܤܴܧܧܦ‬model that posses the similar expressive power on the basis of the results obtained earlier and the models performance is explored on higher hierarchy. In this work we have employed the notations for presenting the complexity parameters and then the complexities for policy specifications have been analyzed.As discussed in the previous section about the minimality results, few of the dominant temporal constraints can be included for our proposed ‫ ܥܣܤܴܧܧܦ‬system model. These constraints are as follows: • Constraints of per user role-enabling or activation • Constraints for periodicity and duration • Role activation/deactivation constraints • Event dependencies (‫ܩ‬௧ோ ) expressed as ܲଵ,…, ܲ௡, ‫ܪ‬ଵ,…, ‫ܪ‬௞ ՜ ‫.ݐ∆ ݎ݁ݐ݂ܽ ܲ :ݎ݌‬ Algorithm ‫݃݊݅ݎ݅ܽܲ_ܵܦܯ‬ Input:ܵܲଵ , ܵܲଶ Output: MDS of ܵܲଵ , ܵܲଶ 1. IF (ܵܲଵ ൌ ܵܲଶ ) THEN RETURN {ܵܲଵ ,}; 2. IF (ܵܲଵ ܵܲଶ ) THEN RETURNሼܵܲଵ ൌ ܵܲଶ ሽ; 3. IF (ܵܲଵ ‫ܲܵ ؿ‬ଶ ) THEN 4. Update ܵܲ௔ ൌ ܵܲଵ ; 5. Update ܵܲఉ ൌ ܵܲଶ െ ܵܲ௔ ; 6. RETURN ሼܵܲ௔ ܵܲఉ ሽ; 7. IF (ܵܲଶ ‫ܲܵ ك‬ଵ ) THEN 8. Update ܵܲ௔ ൌ ܵܲଶ ; 9. Update ܵܲఉ ൌ ܵܲଵ െ ܵܲ௔ ; 10. RETURNሼܵܲ ܵܲ௔ ሽ; ௤ 11. IF (ܵܲଵ ۪ ܵܲଶ ) THEN 12. Update ܵܲ௔ ൌ ܵܲଵ ‫ܲܵ ת‬ଶ ; 13. Update ܵܲ௬ ൌ ܵܲଶ െ ܵܲఈ ; 14. Updateܵܲఊ ൌ ܲ‫ܧ‬ଵ െ ܵܲఈ 15. ‫ ۼ܀܃܂۳܀‬ሼܵܲ௔ , ܵܲఉ , ܵܲ ሽ ఊ 16. ࡱࡺࡰ Algorithm 3: Algorithm for MDS pairing 127
  14. 14. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Algorithm ‫ܵܦܯ_݈ܿܽܥ‬ Input:ܵܲଵ , ܵܲଶ , … , ܵܲ௡ Output: MDS of ܵܲଵ , ܵܲଶ , … , ܵܲ௡ 1. Assume that ܵܲ =ሼܵܲଵ , ܵܲଶ , … , ܵܲ௡ ሽ 2. Define ܵ ൌ ‫ ܵܦܯ ;׎‬ൌ ‫;׎‬ 3. ࡵࡲ|ܵܲ| ൌ 1THEN RETURNܵܲ; 4. IF|ܵܲ| ൌ 2THEN RETURN 5. IF|ܵܲ| ൐ 2THEN 6. Update MDS=Calc_MDS(ܵܲଵ , ܵܲଶ , … , ܵܲ௠ିଵ ); 7. Let MDS computed be ሺܵܲԢଵ , ܵܲԢଶ , … , ܵܲԢ௡ଵ ሻ; 8. FOR݈ ൌ 1 ‫1݊ ݋ݐ‬DO 9. Update ‫ ݃݊݅ݎ݅ܽܲ_ܵܦܯ‬ൌ ‫ܲܵ(݃݊݅ݎ݅ܽܲ_ܵܦܯ‬Ԣ௟ , ܵܲ , ሻ; ௠ 10. IF|ܲܽ݅‫ |ܵܦܯݎ‬ൌ 1 ‫ۼ۳۶܂‬ 11. ReturnMDS; 12. IF|ܲܽ݅‫ |ܵܦܯݎ‬ൌ 2 ‫ۼ۳۶܂‬ 13. Let ‫ ݃݊݅ݎ݅ܽܲ_ܵܦܯ‬computed be ሺܵܲԢ௔ , ܵܲԢఉ ሻ; 14. Update ܵ ൌ ܵ ‫ ׫‬ሼሺܵܲԢ௔ ሽ; 15. ۳‫ |ܵܦܯݎ݅ܽܲ|۴ۺ۳܁ۺ‬ൌ 3‫ۼ۳۶܂‬ ‫ ܾ݁ ܵܦܯݎ݅ܽܲ ݐ݁ܮ‬ሺܵܲԢ௔ , ܵܲԢఉ , ܵܲԢఊ ሻ; 16. 17. Update ܵ ൌ ܵ ‫ ׫‬൛ሺܵܲԢ௔ ܵܲԢ௭ఊ ൟ; 18. ENDFOR 19. Let S computed be ሺܵܲ"ଵ , ܵܲ"ଶ , … , ܵܲ"௡ଶ ሻ; 20. ܵܲ"௡ଶାଵ ൌ ሺܵܲ௠ െ ሺሺܵܲ"ଵ ‫"ܲܵ ׫ … ׫ "ܲܵ ׫‬௡ଶ ሻ; 21. ࡵࡲሺሺܵܲ"௡ଶାଵ ൌ ‫׎‬ሻ‫ۼ۳۶܂‬ Update ‫=ܵܦܯ‬ሺܵܲ"ଵ , ܵܲ"ଶ , … , ܵܲ"௡ଶ , ܵܲ"௡ଶାଵ ሻ; 22. 23. ۳‫۳܁ۺ‬ 24. Update MDS=ሺܵܲ"ଵ , ܵܲ"ଶ , … , ܵܲ"௡ଶ ); 25. RETURN MDS 26. END Algorithms 4: Algorithm for ‫݊݋݅ݐ݈ܽݑ݈ܿܽܿ ܵܦܯ‬ Algorithm ‫ݐݎ݁ݒ݊݋ܥ_ܵܦܯ‬ Input: ࡳ࢟࢏࢔ Output: ࡳ࢟࢕࢛࢚ 1. Define ‫ݕܩ‬௢௨௧ ൌ ሼܶ’, ܷܵ‫’ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ݁ܲ ,’ݏ݈݁݋ܴ ,ܴܵܧ‬ሽ Define ‫ݕܩ‬௜௡ ൌ ሼܶ’, ܷܵ‫’ܪܴ ,ݏ݊݋݅ݏݏ݅݉ݎ݁ܲ ݀݊ܽ ,’ݏ݈݁݋ܴ ,ܴܵܧ‬ሽ; 2. FOR each R ‫ א‬Roles DO Let ܵܲ=ሼܵܲଵ , ܵܲଶ , … , ܵܲ௡ } andܷ ൌ ሼ݁ଵ , ݁ଶ , … , ݁௡ } be such that ሺܵܲ௟ , ‫݃ݏܣ‬௎ , ܴ ‫݁ ݋ݐ‬௜ ሻ ‫א‬ ܶᇱ; 3. Compute MDS of ܵܲ; Let the computed MDS=ሼܵܲԢଵ , ܵܲԢଶ , … , ܵܲԢ௡ }; 4. FOR݈ ൌ 1 to ݊ DO 5. Compute ‫ܵܯ‬ௌ௉௟ ݂‫ܲܵݎ݋‬୪ 6. ENDFOR 7. FOR݄݁ܽܿܵܲԢ௟ ‫ א‬MDS DO 8. Create a unique roleܴԢ௟ ; 9. FOR all ݁௢ ‫ ܷ א‬such that ܵܲԢ௟ ‫ܵܯ א‬ௌ௉଴ DO 10. Add default assignment ሺ‫݃ݏܣ‬௎ , ܴ௟ ‫݁ ݋ݐ‬௢ ሻ in T’. 11. Add constraintሺܵܲԢ௟ , ‫ܴ ݊ܧ‬௟ ሻ in T’. 12. Remove constraint ሺܵܲԢ௟ ‫݃ݏܣ‬௎ , ܴ ‫݁ ݋ݐ‬௟ ሻfrom T’; 13. Update Roles’ = Roles’ ‫ ׫‬ሼܴ௟ ሽ; 14. Update RH’ = RH’ ‫ ׫‬ሼܴ௟ ‫غ‬௨ ܴሽ; // Strongly restricted A-hierarchy 15. ENDFOR 16. ENDFOR 17. ENDFOR Algorithm 5 Algorithm for MDS conversion 128
  15. 15. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Table 2 presents the complexity parameters and their respective notations. TABLE 2: Complexity Parameters and its notations Complexity parameter Notations Role ‫ܥ‬ Default (simple) assignment ‫ܫ‬ Enabling time constraints on ‫ܭ‬௨ role Temporal constraints on ‫ܭ‬௨௥ , ‫ܭ‬௥௣ assignments Activation time constraints on ‫ܤ‬௘௨ , ‫ܤ‬௥ roles Hierarchy ‫ܪ‬ Level Table 3: A family of DEERBAC models Model Constraint Set 2 ‫ܥܣܤܴܶܩ‬ଶ ܶ ൌ ܶூ,஻ ‫ܶ ڂ‬ூ,௎ ‫ܶ ڂ‬ூ,௪ 1 ‫ܥܣܤܴܶܩ‬ூ,௉ ܶூ,௉ ൌ ܶ௢ ‫ ڂ‬൛‫ܩ‬௪ோ௪ , ‫ܩ‬௪ோ௚ ൟ ‫ܥܣܤܴܶܩ‬ூ,௎ ܶூ,௎ ൌ ܶ௢ ‫ ׫‬൛‫ܩ‬௎ோ௪ , ‫ܩ‬௎ோ௚ ൟ ‫ܥܣܤܴܶܩ‬ூ,஺ ௫ ௫ ௫ ௫ ܶூ,஺ ൌ ܶ௢ ‫ ׫‬൛‫ܩ‬௚௨ோ, ‫ܩ‬௡௨ோ, ‫ܩ‬௠௨ோ, ‫ܩ‬௠௡௨ோ, ൟ ‫ܥܣܤܴܶܩ‬଴ minimal ௫ ܶ௢ ൛‫ܩ‬௚ , ‫ܩ‬ோ௪ , ‫ܩ‬ோ௚ , ‫ܩ‬ோ, ‫ܩ‬௧ோ , ‫ܩ‬௨ ൟ 0 Figure 2. Family of DEERBAC models The above mentioned figure (Figure 2) illustrates the minimality framework of the ‫ܥܣܤܴܧܧܦ‬଴ for level 0. Now coming up to the level 1, we come across through three frameworks or models that individually introducea better and highly robust kind of system constraint to‫ܥܣܤܴܧܧܦ‬଴ . the proposed ‫ܥܣܤܴܧܧܦ‬depicts the system model possessing all of its temporal constraints and the constraints of per-user constraints enabling. Meanwhile, ‫ܥܣܤܴܧܧܦ‬ଵ,௎ indicates the system model possessing all of the constraints and constraints of role enabling on the other hand the ‫ܥܣܤܴܧܧܦ‬ଵ,௉ represents the system model possessing temporal constraints as well as the 129
  16. 16. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME constraints of role permission and its assignments. Again in the 2nd level we have consideredthe ‫ܥܣܤܴܧܧܦ‬஼,ଶ model that contains all the temporal constraints. In our proposed analysis we have adopted the similar hierarchy. 4.3.1 Constraints on Role Enabling and Assignments As discussed earlier that the incorporating model constraints for role-permission assignment and role activation can be substituted by temporal constraints, then whilesuch kinds of architectural transformation might come out a huge counts of roles and/or cause the complicated access control architecture. Here, in this section we have calculated numerous options for selecting constraints for their role in role enabling or activation as well as permission. Such kind of estimation is solely based on the comparison the model or framework complexity by employing Level 1 with respect to numerous presentations employing proposed minimal framework for representing the similar set of access permissions. Considering the algorithm ܷܴ_‫ ,ݐݎ݁ݒ݊݋ܥ‬it can be easily found that the model transformations taking pace with substitution of temporal constraints for role assignments on users by the temporal constraints is same as it takes place in the transformation to be substitution of the temporal constraints for permission of roles by the temporal constraints inܷܴ_‫ .ݐݎ݁ݒ݊݋ܥ‬The transformation of factors like periodicity and duration takes place in the same approach but the incorporating constraints are replaced by a new role. Therefore, in order to perform the analysis for complexity the periodicity constraints are applied and it is used in case of duration constrains also. Therefore, in this research work we have emphasized on the issue of periodicity constraints and have explored various significant considerations allied with constraints of duration.A temporal constraint for assignments of user role refers that the specific user can enable a particular role for the specific time periods but only in the case of activated roles. In spite of using the constraintfor assignment of roles on users, here in this we have enforcedthe expected access control mechanism by implementing the temporal constraints for activation of roles. In the further phases the complexity problems related to the presentation of the set of access need employing ‫ܥܣܤܴܧܧܦ‬଴ and ‫ܥܣܤܴܧܧܦ‬ଵ,௎ system models. Representation ofࡰࡱࡱࡾ࡮࡭࡯૚ ૙ ଵ In order to represent the ‫ܥܣܤܴܧܧܦ‬଴ system model we have used ܷܴ_‫ ݐݎ݁ݒ݊݋ܥ‬algorithm with the specific ‫ܥܣܤܴܧܧܦ‬ଵ,௎ representation in the form of model input. Now, according to this presentation, a specific role is formed and the assignment of periodic constraint takes place on the newly created role. For example, for a defined constraint set, a role‫ݑ‬஻ is created and is added with a newly created constraint referred as ሺܵܲ஻ , ‫ݑ ݊ܧ‬஻ ሻ.In alternation the minimal disjoint set mechanism is implemented by employing ‫ ݐݎ݁ݒ݊݋ܥ_ܵܦܯ‬algorithm. Mathematically, ‫ܵܦܯ‬ሼௌ௉஺,ௌ௉஻,ௌ௉஼,ௌ௉஽,ௌ௉ாሽ ᇱᇱᇱ ᇱᇱᇱ ᇱᇱᇱ ᇱᇱᇱ ሽ = ሼܵܲଵ , ܵܲଶ , ܵܲଷ , ܵܲସ Now, a specific user role is generated for individual ܵܲof ‫ܵܦܯ‬ሼௌ௉஺,ௌ௉஻,ௌ௉஼,ௌ௉஽,ௌ௉ாሽ .as ห‫ܵܦܯ‬ሼௌ௉஺,ௌ௉஻,ௌ௉஼,ௌ௉஽,ௌ௉ாሽ ห Each user is allotted a set of new roles in corresponding to the ܵܲs that comprise the Minimal Subsetof ܵܲs allied with user. ᇱᇱᇱ ᇱᇱᇱ ܶ‫ܫ‬ௌ௉஼ ൫‫ܵܦܯ‬ሼௌ௉஺,ௌ௉஻,ௌ௉஼,ௌ௉஽,ௌ௉ாሽ ൯ ൌ ሼܵܲଵ , ܵܲଶ ሽ,And the user is allotted to the specific roles ᇱᇱᇱ ᇱᇱᇱ corresponding to ܵܲଵ andܵܲଶ . It happens only because the specific roles retain their originality in transformations. It should be noted that for ‫ܥܣܤܴܧܧܦ‬ଵ,௎ model presentation. The presentation or analysis of complexities which is allied with the substitutepresentation with the proposed ‫ܥܣܤܴܧܧܦ‬଴ system model has been given as follows: 130
  17. 17. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Theorem 4 Expression for complexity in ࡰࡱࡱࡾ࡮࡭࡯૚ andࡰࡱࡱࡾ࡮࡭࡯૛ . ૙ ૙ Consider݊ refers the number of users which are assigned with individual roleܴ. Let the periodic expression for the user role assignment is ܵܲ ൌ ܵܲଵ , ܵܲଶ , … , ܵܲ௡ for ‫ ݑ‬users. In general the ଵ ଶ complexity expressions for‫ܥܣܤܴܧܧܦ‬଴ and ‫ܥܣܤܴܧܧܦ‬଴ can also be presented as follows: ଵ 1. ‫ܥܣܤܴܧܧܦ‬଴ Representation: ܽ. ‫ ܦ‬൅ ܽ. ‫ܭ‬ோ ൅ ܽ. ‫ ܥ‬൅ ܽ. ‫,ܤ‬ ଶ 2. ‫ܥܣܤܴܧܧܦ‬଴ Representation: ‫ ܫ .݉ݏ‬൅ ݅݉. ‫ܭ‬ோ ൅ ݅݉. ‫ ܥ‬൅ ‫,ܤ .݊ݏ‬ ‫݁ݎ݄݁ݓ‬ ܵ௡ ൌ |‫ܵܯ‬௉ாଵ ሺ‫ܵܦܯ‬ௌ௉ଵ ሻ| ൅ |‫ܵܯ‬ௌ௉ଶ ሺ‫ܵܦܯ‬ௌ௉ ሻ| ൅ … ൅ |‫ܵܯ‬ௌ௉௡ ሺ‫ܵܦܯ‬ௌ௉ ሻ|, And ݀௡ ൌ |‫ܵܦܯ‬ௌ௉ଵ ሻ|. The representation of ‫ܿܣܤܴܧܧܦ‬ଵ,௎ refers the most optimum selection choice in terms of complexity. It is because of the minimum roles, negligible overload due to hierarchy, and no default role assignments. Additionally, such kind of presentation illustrates complexity free model architecture that ultimately becomes convenient. The dominant dissimilarity between the models ଵ ଶ ଶ ‫ܥܣܤܴܧܧܦ‬଴ and ‫ܥܣܤܴܧܧܦ‬଴ is that is that the ‫ܥܣܤܴܧܧܦ‬଴ presentation often creates individual roles that are in general disjoint in nature that are temporally disjoint. On the other hand the proposed ‫ ܥܣܤܴܧܧܦ‬framework representation is allied to single role for individual user with a constraint for temporal assignment constraint. ଶ ଵ In general the presentation of ‫ܥܣܤܴܧܧܦ‬଴ is same as that of ‫ܥܣܤܴܧܧܦ‬଴ in the first case. ଶ The representation of ‫ܥܣܤܴܧܧܦ‬଴ is better than ‫ܥܣܤܴܧܧܦ‬ଵ,௎ if theܵܲ ൌ ܵܲ௙ for all ܽ, ݂ ൌ 1 ௔ with ݊ being large. The fact behind this is that the processing costs in the temporal constraints are more than the default constraints. The original role and the new role created can be combined. If ଶ we look at the ‫ܥܣܤܴܧܧܦ‬଴ representation the worst case is represented by the third part which is ௡ሻ ܱሺ2 in terms of the new roles which are created, the number of hierarchical nodes and the temporal constraints on role, and in the default assignment the number ofܱሺ2௡ ሻ. Following design guidelines can be visualized from the above observation: ଵ 1. The ‫ܥܣܤܴܧܧܦ‬଴ representation is not preferable when compared to the ‫ܥܣܤܴܧܧܦ‬ଵ,௎ representation as of the several factor like number of hierarchical relations, temporal constraints and the number of roles are less complex. 2. Since there are some common periodic expressions in both‫ܥܣܤܴܧܧܦ‬ଵ,௎ and ଵ ‫ܥܣܤܴܧܧܦ‬଴ which may lead to the unnecessary temporal constraints. 3. If we use the representation in the cases illustrated above then it results into same periodic constraints on the different role since the algorithm which we used ሺܷܴ_‫ݐݎ݁ݒ݊݋ܥ‬ሻ is unable to minimize the number of constraints which is based upon the common periodic expression. ଶ For such complications ‫ܥܣܤܴܧܧܦ‬଴ would be a good solution. 4. In ‫ ܥܣܤܴܧܧܦ‬a small ‫ ܴܰܯ‬set is used for determining the newly created roles. But somehow if all periodic expressions are pair wise disjoint then both the representation become equivalent. 5. If we look at the access specification then the ‫ܥܣܤܴܧܧܦ‬ଵ,௎ representation is highly flexible. On the basis of user-role assignment it supports the temporal constraints also in addition with the role enabling constraints. 6. In case these all constraints are employed then the roles can be kept by enabling times fixed in a system and the individual user requirement is expressed using that periodic constraints. ଶ 7. Any advantage may not be offered by the ‫ܥܣܤܴܧܧܦ‬଴ representation if there are per-user-role activation constraints. In the developed model each user is having multiple roles, if in a case if the constraint for each user is per-user-role then during the transformed representation extra 131
  18. 18. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME steps would be required. To create a hierarchy which has strongly restricted activation between the new roles and the original roles ‫ ܵܦܯ‬conversion process is required which is fulfilled by ‫ ݐݎ݁ݒ݊݋ܥ_ܵܦܯ‬algorithm in developed ‫ ܥܣܤܴܧܧܦ‬module. Thus if in the transformed representation the per-user-role is left unaltered then the per-user-role will still be defined in original role but the new representation will still be valid as the users which are assigned to the newer role will have to activate it explicitly but such are not so effective as the users are assigned to original role. Thus in the presence of per-user-role constraints ଵ the‫ܥܣܤܴܧܧܦ‬଴ and ‫ܥܣܤܴܧܧܦ‬ଵ,௎ representations proved to be better than the 2nd level of ଶ ‫ܥܣܤܴܧܧܦ‬଴ representation. 8. If the duration constraints on user-role assignment get replaced by the duration constraints on role enabling then it makes it less flexible unlike the periodicity constraints. A duration constraint on user-role assignment may get replaced but first is should be taken into consideration that dependency semantic should not be lost. ଶ Thus ‫ܥܣܤܴܧܧܦ‬଴ has better complexity in some terms where as ‫ܥܣܤܴܧܧܦ‬ଵ,௎ provides the best representation in terms of semantic clarity, higher user creation with efficient role generation and permission, least complexity and better convenience. i. Activation Constraints On the basis of expensiveness when the same set of limitations are taken into consideration, the comparison of DEERBAC0and DEERBAC01has been made in this section. In addition to the limitations of ‫0ܥܣܤܴܧܧܦ‬it is taken into assumption that ‫ܥܣܤܴܧܧܦ‬ଵ,஺ contains total active duration constraints for the simplicity. In the complexity expressions the original role or any of the associated per-role is not included.As the per-role and the original role constraints remain same throughout so, it is not used. In terms of the minimized number of roles the ‫ܥܣܤܴܧܧܦ‬ଵ,஺ gives a better representation among the two cases illustrated above. Activation constraints among the cases illustrated above remains same and the common per-user-role values used in theabove case can provide better representation than the two cases presented before. The theorem discussed next shows how complex is the representation by using the common values. Theorem 5 (Expression forࡰࡱࡱࡾ࡮࡭࡯૙ andࡰࡱࡱࡾ࡮࡭࡯૚ ). Suppose if the number of users assigned to role ܴ be ݊ and the total active duration be ‫ ܯ‬ൌ ᇱ ᇱ ᇱ ൛݃ଵ, ݃ଶ, … , ݃௠ ⁄݃௔ ൟ and the ith user is allowed this duration over roleܴ. ‫ܯ‬௡ ൌ ൛݃ଵ, ݃ଶ, … , ݃௡, ൟ ‫ܯ ك‬is the set of distant element ‫ .ܯ‬Suppose‫ܩ‬௠ ൌ ሺ݃ሻbe the number of time d occurs in‫ .ܯ‬The complexities of the two representations can be explained as follows: Representation of ࡰࡱࡱࡾ࡮࡭࡯૚,࡭ 1. ሺ݉ఈ െ ݉ఉ ሻ. ‫ ܴܷܣ‬൅ ݊ఉ . ‫ ܴܣ‬൅ ܿ. ൫݄. ݉ఉ ൅ 1൯. ሺ‫ ܥ‬൅ ‫ܤ‬ሻ. 2. ‫ܥܣܤܴܧܧܦ‬଴ representation: ݉ఈ . ‫ ܴܣ‬൅ ݉ఈ . ‫ ܥ‬൅ ݉ఈ . ‫ܤ‬ Where • ݉ఈ ൌ |‫ܯ‬௡ | ܽ݊݀ ݉ఉ ൌ |‫ܯ‬ᇱ | such that 1ሻ ‫ܯ‬ᇱ ‫ܯ ك‬௡ and 2ሻ ݂݅ ݃ ‫ܯ א‬ᇱ , ‫ܩ ݄݊݁ݐ‬௡ ሺ݃ ሻ ൐ 1. • ݄ ൌ 1 ݂݅ ሺ݉ ൐ ݉ఈ ሻ; ݄ ൌ 0 ‫.݁ݏ݅ݓݎ݄݁ݐ݋‬ • ݀ ൌ 1 ݂݅ ሺ݉ ൐ ݉ఈ ൐ 0ሻ; ݀ ൌ 0 ‫.݁ݏ݅ݓݎ݄݁ݐ݋‬ Thus, it is clear from all the observation that the representation of ‫ܥܣܤܴܧܧܦ‬ଵ,஺ has several advantages over the representation of‫ܥܣܤܴܧܧܦ‬଴ . Considering these all mathematical development and system modeling with respect to the problem of role assignment and per-user role permission, the developed ‫ ܥܣܤܴܧܧܦ‬system model presents an optimum solution for access control system with multiple users having huge roles and even without compromising with the security aspects of the role or users in cloud environment. The results obtained for different user creation and respective role permission have been presented in the 132
  19. 19. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME following section and the respective analysis with respect to the time efficiency and robustness have been given in the next section. V. RESULTS AND ANALYSIS In this research work a dynamic expiration enabled role based access control “‫”ܥܣܤܴܧܧܦ‬ system has been proposed for cloud computing environment. The system model has been developed with C# programs and Visual Basic 2010 framework. The overall system has been developed and implemented with Amazon S3 cloud platform. The developed system has been simulated for different performance parameters like induction of roles and user creation. The relative study for these all factors has been performed. Figure 3 represents the comparative graphs for role initialization and time consumed for role assignment. Figure: 3. User initialization with 5 role assignments Figure: 4. User initialization with 50 role assignments From above mentioned figure 4 it can be visualized that the user creation time increases as per the increase in roles and even the creation time is decreasing as per increase in users from 200 counts. Comparing it with the previous results, it is clear that the ‫ ܥܣܤܴܧܧܦ‬causes higher user generation even with minimum assignment time. 133
  20. 20. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME Figure:5. User initialization with 150 role assignments Figure:6. User initialization with 250 role assignments The above mentioned figures 5, 6 illustrates that the role assignment time is lower as the cloud user counts is even increasing. In case of more users creation also the role assignment time is lower. This characteristic illustrates that the proposed system is highly robust for higher role assignments to more number of cloud users. The user count and the time of role assignments become uniform after certain role counts. These characteristics exhibits that the proposed ‫ ܥܣܤܴܧܧܦ‬system performs better for higher users count and role to be assigned in the competitive cloud environment. Analyzing the above mentioned figures it can be found that in practical with the proposed mechanism the user creation is more time consuming as compared to simultaneous role assignments for multiple users. It can be analyzed that the proposed approach can be fruitful for highly efficient role assignments even without violating the security aspects. 134
  21. 21. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME ROLE GENERATION ROLE GENERATION (s) 70 60 50 40 30 20 10 0 10 50 150 NUMBER OF ROLES 250 Figure:7. Role generation Vs Number of Roles EXECUTION TIME (s) 0.4 CLOUD USER CREATION USER INITILIZATION - 5ROLE ASSIGNMENT ROLE ASSIGNED PER USER 0.2 0 10 30 50 100 150 NUM CLOUD USERS 200 250 Figure: 8. Cloud role initialization for 5 roles per users EXECUTION TIME (s) 1.5 1 CLOUD USERUSER CREATION ROLE ASSIGNMENT INITILIZATION - 25 ROLES ASSIGNED PER USER 0.5 0 10 30 50 100 150 NUM CLOUD USERS 200 250 Figure: 9. Cloud role initialization fro 25 roles per users 135
  22. 22. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME CLOUD USERUSER CREATION INITILIZATION - 150ROLE ASSIGNMENT ROLES 3 ASSIGNED EXECUTION TIME (s) 4 2 1 0 10 30 50 100 150 NUM CLOUD USERS 200 250 Figure:10. Cloud user initialization for 150 roles EXECUTION TIME (s) 10 CLOUD USERUSER CREATION INITILIZATION - 250ROLE ASSIGNMENT ROLES ASSIGNED 5 0 10 30 50 100 150 NUM CLOUD USERS 200 250 Figure: 11. Cloud user initialization for 250 roles Considering the above mentioned figures it is clear that the proposed ‫ ܥܣܤܴܧܧܦ‬scheme facilitates the cloud environment to perform efficiently for user-role assignments even with higher user as well as role counts. VI. CONCLUSIONS In this paper a robust system model for cloud environment called “‫ ݈݋ݎݐ݊݋ܿ ݏݏ݁ܿܿܽ ݀݁ݏܾܽ ݈݁݋ݎ ݈ܾ݀݁ܽ݊݁ ݊݋݅ݐܽݎ݅݌ݔ݁ ܿ݅݉ܽ݊ݕܦ‬ሺ‫ܥܣܤܴܧܧܦ‬ሻ”has been developed that considered its optimization for few dominant issues like minimality, complexity of constraints, efficient role activation and assignments withleast threat in cloud. The developed and implemented system has exhibited system function with high flexibility and spontaneousselection for numerous constraints expressions. In this research work few guidelines have been proposed that could be efficiently employed for assisting security policies in selecting more expedient and less complex system constraintexpressions. The developed system has exhibited optimum performance for higher count of roles per users even with minimum time duration. On the other hand a dominant contribution of this work is the inclusion of security issues that aims to perform better in competitive cloud environment without compromising with the security issues related to role assignments and user creation or even user-role assignments. 136
  23. 23. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] D.F. Ferraiolo, D.M. Gilbert, and N. Lynch, “An Examination of Federal and Commercial Access Control Policy Needs,” Proc. NISTNCSC Nat’l Computer Security Conf., pp. 107-116, Sept. 1993. J.B.D. Joshi, A. Ghafoor, W. Aref, and E.H. Spafford, “Digital Government Security Infrastructure Design Challenges,” Computer, vol. 34, no. 2, pp. 66-72, Feb. 2001. M. Nyanchama and S. Osborn, “The Role Graph Model and Conflict of Interest,” ACM Trans. Information and System Security, vol. 2, no. 1, pp. 3-33, 1999. R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “RoleBased Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996. J.B.D. Joshi, W.G. Aref, A. Ghafoor, and E.H. Spafford, “Security Models for Web-Based Applications,” Comm. ACM, vol. 44, no. 2, pp. 38-72, Feb. 2001. S. Osborn, R. Sandhu, and Q. Munawer, “Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies,” ACM Trans. Information and System Security, vol. 3, no. 2, pp. 85-106, May 2000. R. Sandhu, “Separation of Duties in Computerized Information Systems,” Database Security IV: Status and Prospects, pp. 179-189, 1991. R. Simon and M.E. Zurko, “Separation of Duty in Role-Based Environments,” Proc. 10th IEEE Computer Security Foundations Workshop, June 1997. E. Ferrari and B. Thuraisingham, “Security and Privacy for Web Databases and Services,” Proc. Int’l Conf. Extending Database Technology, pp. 17-28, 2004. J.S. Park, R. Sandhu, and G.J. Ahn, “Role-Based Access Control on the Web,” ACM Trans. Information and System Security (TISSEC), vol. 4, no. 1, pp. 37-71, Feb. 2001. B.M. Thuraisingham, C. Clifton, A. Gupta, E. Bertino, and E. Ferrari, “Directions for Web and ECommerce Applications Security,” Proc. Int’l Workshops Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 200-204, 2001. J. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005. V. Atluri and A. Gal, “An Authorizaion Model for Temporal and Derived Data: Securing Information Portals,” ACM Trans. Information and System Security, vol. 5, no. 1, pp. 62-94, Feb. 2002. E. Bertino, P.A. Bonatti, and E. Ferrari, “TRBAC: A Temporal Role-Based Access Control Model,” ACM Trans. Information and System Security, vol. 4, no. 4, 2001. E. Bertino, E. Ferrari, and V. Atluri, “The Specification and Enforcement of Authorization Constraints in Workflow Management Systems,” ACM Trans. Information and System Security, vol. 2, no. 1, pp. 65-104, 1999. J.B.D. Joshi, E. Bertino, and A. Ghafoor, “Temporal Hierarchy and Inheritance Semantics for GTRBAC,” Proc. Seventh ACM Symp. Access Control Models and Technologies, June 2002. J. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005. G. Ahn and R. Sandhu, “Role-Based Authorization Constraints Specification,” ACM Trans. Information and System Security, vol. 3, no. 4, Nov. 2000. A. Kumar, N. Karnik, and G. Chafle, “Context Sensitivity in RoleBased Access Control,” ACM SIGOPS Operating Systems Rev., vol. 36, no. 3, pp. 53-66, July 2002. M. Niezette and J. Stevenne, “An Efficient Symbolic Representation of Periodic Time,” Proc. First Int’l Conf. Information and Knowledge Management, 1992. GK Srinivasa Gowda, CV Srikrishna and Kashyap Dhruve, “Measurement of End to End Delays in Ad Hoc 802.11 Networks”, International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 4, 2013, pp. 100 - 115, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. Ruksar Fatima, Dr.Mohammed Zafar Ali Khan, Dr. A. Govardhan and Kashyap Dhruve, “Detecting In-Situ Melanoma using Multi Parameter Extraction and Neural Classification Mechanisms”, International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 1, 2013, pp. 16 - 33, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. 137