DEVELOPMENT OF ATTRIBUTE BASED ACCESS CONTROL MODEL ON NATIONAL DATA CENTER ENVIRONMENT
National data centers are data placement, storage and processing facilities, and centralized data recovery in the cloud computing environment. The facility must be able to share data for all central and regional agencies. The use of shared data creates a new vulnerability, including illegal acces...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/39675 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | National data centers are data placement, storage and processing facilities, and
centralized data recovery in the cloud computing environment. The facility must
be able to share data for all central and regional agencies. The use of shared data
creates a new vulnerability, including illegal access, authorization errors, and data
loss. In addition to the transmission process, requests for access are generally
through public networks which can trigger attacks on data traffic. To be able to
access national data centers, users must be able to prove themselves worthy of the
access control method. Some access control models have been able to limit access
for users based on roles defining based access. The problem arise for system
administrators for large scale companies or government is the difficulty of role
management.
In this study, an attribute-based access control model was developed that will be
applied to the national data center environment to restrict access to data, and
protect data confidentiality, and prevent user denial. The model is created by
implementing public key infrastructure on the HTTPS protocol. The use of
HTTPS will guarantee data security in the transmission process on public
networks. To be able to handle heavy data traffic, a web-based service platform
with architectural type RESTful is used. Every user who requests access will get a
web token as an access key and can access data if the attributes they have meet the
criteria set by the data owner. These criteria are manifested in the form of access
policies. Every access attempt will be recorded in a log file, and can be used to
verify access if an access violation occurs.
From the results of testing and analysis that has been done. Functionally, the
access control model can work in accordance with the design. Problems with
access control regarding identification, authentication, authorization and access
decisions have been answered. In performance, the value of throughput and delay
that occurs is still acceptable. From the security aspect, attacks on eavesdropping,
MITM, replay attacks, bruteforce attacks and repudiation can be avoided. |
|---|