Securing Loosely-Coupled Collaboration in Cloud Environment through Dynamic Detection and Removal of Access Conflicts


Online collaboration service has become a popular offering of present day Software-as-a-Service (SaaS) clouds. It facilitates sharing of information among multiple participating domains and accessing them from remote locations. Owing to loosely-coupled nature of such collaborations, access request from a remote user is made in the form of a set of permissions. The cloud vendor maps the requested permissions into appropriate local roles in order to allow resource access. However, coexistence of such multiple simultaneous role activation requests may introduce conflicts which violate the principle of security. In this paper, we propose a distributed secure collaboration framework which enables collaborating domains to detect and remove these conflicts. Two features of our framework are: (i) it requires only local information, and (ii) it detects and removes conflicts on-the-fly. Formal proofs have been provided to establish the correctness of our approach. Experimental results and qualitative comparison with related work demonstrate the efficacy of our approach in terms of response time, thus addressing the scalability requirement of cloud services.


Computer Science

Research Center/Lab(s)

Intelligent Systems Center


The work of N. Ghosh was partially supported by TCS Research Scholarship grant. The work of S. K. Das was supported by the US National Science Foundation grants under award numbers CNS-1355505, IIS-1404673 and CNS-1404677.

Keywords and Phrases

Clouds; Web services; Access conflict; Collaboration services; Loosely coupled; Role hierarchy; Separation of duty; Software as a service (SaaS); Loosely-coupled

International Standard Serial Number (ISSN)

2168-7161; 2372-0018

Document Type

Article - Journal

Document Version


File Type





© 2016 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Publication Date

01 Jul 2016