# Introduction sers of an application play different role in an organization. Based on their role they have previleges to gain access to application resources. The role is convenient way in managing users in large scale and controlling access to resources in better way. Authorization is a term that refers to an information secuirty mechanism that deals with access rights in order to deny or authorize a user to access particular resource. This is based on access policies and the criticality of resources. Authorization is the part of overall computer or information security which is synonymous to real world thinking of humans with respect to access control. For instance a user in manager role is privileged to perform certain action and the same is denied to a user in clerk role. This is what reflects the real world though process that is captured greatly with access control mechanisms. After authentication of a user which deals with finding whether user is genuine (identity of user), authorization is crucial for controllling the authenitcated user in accessing resources. To reiterate, the process of denying or granting access to resources is known as authorization. Figure 1 shows overview of different authorization As can be seen in Figure 1, it is evident that the three models have different approaches in controlling access to resources. Stated differently, though resource is same, the users are controlled to access it differently. According to Jin [41] role based access control (RBAC) has its drawbacks as described here. Explosion of roles parameters, privileges makes it complex. It is difficult to design roles and managing them. It is cumbersome to grant/revoke privileges to/from roles. Making changes based on global or local factors is difficult. And RBAC does not support a custom extension to it. Attribute based access control (ABAC) overcomes these drawbacks and provides a flexible means of granting access rights through attributes. Here attribute is a key/value pair. However, it can be a set of key/value pairs to which access rights can be granted to authorized users. Access implications when user's attributes are changed and reaching consensus on the meaning of attributes are the drawbacks in ABAC as discussed in [42].mechanism. # Related Works This section reviews literature on different kinds of authentication systems such as role based authentication, attribute based authentication and predicate based authentication. Leandro et al. [1] proposed a multi-tenancy authorization system for cloud computing. It is based on Shibboleth without using a trusted third party. Similar kind of work is done in [2], [14] for cloud architectures. Reeja [3] focused on cooperative secondary authorization that is a method of role based access control mechanism with a recycling approach. Khalid et al. [4] proposed a protocol for authorization and authentication for cloud that supports anonymous communication. Birgisson et al. [5] employed cookies with contextual caveats for authorization in cloud. This mechanism is decentralized in nature with delegation of principals. Gonzalez et al. [6] credentials based authorization and authentication for cloud computing. Continuous authorization reevaluation method is proposed by Marcon et al. [7]. Lang [8] proposed authorization as a service (AaaS) for cloud computing and Service Oriented Architecture (SOA) applications for reliable security. Chen et al. [9] proposed authentication mechanisms for high quality applications that deal with multimedia. Zareapoor et al. [10] focused on data security model for safe cloud. Kumar and Sharma [11] proposed mechanisms for protecting cloud systems from Distributed Denial of Service (DDoS) attacks. Ryoo et al. [12] focused on secure mechanisms in cloud with auditing services. Masood et al. [13] proposed an access control framework for cloud computing. They proposed a service layer for cloud known as Access Control as a Service (ACaaS). This is a generic solution for authenticaiotn and authorization. Zhu and Gong [15] proposed fuzzy authorization scheme based on Cipher text-Policy Attribute Based Encryption (CP-ABE). It works fine with multiple clouds besides enabling fuzziness in authorization. For multi-platform clouds an authorization frameworks is proposed in [16] and Vida [17] proposed two-step authentication for cloud which is based on de-duplication which ensures privacy and integrity of data. Akimbo et al. [18] focused on securing PaaS layer of cloud. Other authorization and authentication schemes can be found in [19] and [20]. Other mechanisms found in the literature include identity based encryption [21] and other mechanisms as described here. Popa et al. [22] proposed Cloud Policy for access control in cloud which is hypervisor based and proved to be robust. Ruj et al. [23], [26] proposed a privacy preserving mechanism for access control in a decentralized fashion. She et al. [24] proposed a rule bsed information flow control for cloud with fine-grained access control. Zhu and Ma [25] proposed a role based access control for cloud that exploits Attributed-Based Encryption with Attribute Lattice (ABE-AL). Sun et al. [27] presented multikeyword text search with secure authentication and authorization. Sun and Wang [28] focused on purposebased access control for XML databases. Bauer et al. [29] proposed logic-based access control with credentials and constraints for robust security. Similar work was done in [34]. Tu et al. [30] proposed a finegrained access control mechanism which also supports revocation of credentials. Ababneh et al. [31] focused on the policy -based dialog for protecting systems with physical access control. Jung and Joshi [36] proposed Community Centric Property Based Access Control (CPBAC) which is an extension to Community Centric Role Interaction Based Access Control (CRiBAC) for Online Social Networks (OSNs). Service Level Agreement (SLA) based security risk analysis is explored in [37]. Dara [38] explored cryptography challenges in cloud. Jana and Bandyopadhyay [39] explored controlled privacy in mobile cloud for protecting system from different threats. Yadav and Wanjari [40] proposed an authentication mechanism for smart grid besides exploring its secure access to smart grid in real time environment. In this paper our focus is on the predicate based access control mechanisms for improved security in cloud. # III. # Predicate based Access Control Mechanism In this section we provide a generic framework that can be used for any workflow system. Any workflow system needs data to be captured and protected besides giving controlled access to its legitimate users. Instead of giving a domain-specific solution, we provide a generic framework that can be adapted to different application domains. There are certain things common across domains. This is the basis for the generic framework. Every workflow system has to deal with data. Therefore the central point of discussion is the record or tuple that needs to be given controlled access to users. Therefore we considered the record or tuple as basis to which many aspects are associated with. The record is a master record that might have associated tuples in different relations based on the transactions made. However, the master record is very important as it does not generally subjected to frequent changes. Figure 2 shows the generic framework that is further extended in Figure 3. The framework shows different aspects such as instance-based user-group, task-based privileges, privilege propagation, role, instance-based predicate and dynamic authorization. All these aspects are related to the record or tuple with respect to access control. Instance Based User Group: When a master record is created, there might be some users who are involved in that. Such user-group should be able to access that record to be precise. Therefore it is essential to have a instance-based user group associated with the master tuple. Instance-Based Predicate: Having access control record for every master tuple or record is not an effective practice. It leads to more number of access control records which exceed actual records in master relations. Therefore it is essential to have a predicate based access control. A predicate is some clause that can be used with queries. For instance a doctor can access all healthcare records in which his ID is stored. This kind of predicate can avoid maintaining so many access control records pertaining to different master tuples. Task-Based Privileges: Certain users are allowed to perform definite tasks for which privileges are to be granted. When performing a task user is allowed to access only one master record. And the same user may be allowed to gain access to multiple master tuples with respect to another task. Thus task-based privileges can simplify access control. Privilege Propagation: In some select situations privileges are propagated from one role to another role. Such privileges are not determined statically. Therefore it is essential to have privilege propagation feature for effective access control mechanism. For instance a user in clerk role needs to access different loan records based on the field officers' recommendations. Therefore they need to have different privileges in different situations though the task remains same. Role: Role plays a vital role in controlling access. Even the predicate -based access control model presented in this paper can enjoy the advantages of role based access control. While performing a particular task a user who belongs to a role can gain access to a particular tuple only. It is true with all users of all roles. An important observation is here is that different users of a similar role also can involve in different process instances. Thus it is very clear that the concept of role and the concept of instance-based user group are distinct. They are not interchangeable. Dynamic Authorization: There are some situations in which users can gain access to historical records for learning and better decision making. Nevertheless, there are some sensitive tuples of particular department that needs are to be exempted from the dynamic authorization. Stated differently, there should be provision in the access control model to provide access to historical data while exercising restrictions to sensitive tuples at the same time. # IV. Components of Access Control Model Predicate based access control model, we presented in this paper is generic in nature and can be adapted to different domains with required changes. Apart from the aspects associated with master tuple shown in Figure 2, there are five components associated with predicate-based access control model. They are subject, task, object, constraint and privilege. These components are used with certain notations to have a comprehensive predicate-based access control model. Prior to describing the components, les us discuss some of the important notations used. A runtime instance is nothing but the ID of master record and its associated data. Different master records are distinguished by using unique ID. The state of runtime instance is represented using some variables. They are presented in Table 2. Apart from these variables which can be called as system variables, designers of application can create domain specific variables. These variables are accessible throughout the workflow system. Subject: It is the first component that is made up of user, and role, runtime instance based user group. A group of users is represented as U. Role represents a collection of privileges that are assigned to users of that specific role. In an organization, roles are hierarchically organized as shown in Figure 5. R denotes a set of roles. . R = r i (1?i?n) and < R r i , r j ? R r i precedes r j in the hierarchy (r i < R r j ) The runtime instance based user group denotes a set of users (individuals) who were involved when the master tuple is created. For instance in a health care workflow system (case study is given in the subsequent section) a patient is served by Doctor, Nurse, and Receptionist. In this case these three users are known as runtime instance based user group. And these three should be able to access the record as per privileges and roles. There is many to many relationship between users and roles. And the instance user group is dynamic and new users may be included at runtime. Task: The task is a component. A set of components of workflow is represented as a tree. An example is shown in Figure 7. Let T represent set of tasks. t i , t j ? T t i includes t j in the hierarchy (t i < T t j ) if t i has a subtask t j Object: This is the third component. There are many objects involved and each object can have properties or attributes pertaining to security and access control. Such attribute is known as security attribute. These are used to define diversifie set of files of different kinds such as audio, video, .exe, instance of Java classes, a relation instance, a database, set of relations and so on. O represents set of objects. The data generated by the current runtime instance of record can be of two types such as current and historical. Historical refers to the past runtime instance of the same kind produced data. Current refers to the data produced by the current runtime instance of the master record. Outside indicates that the data comes from outside of the workflow process to which the predicate based access control is employed. Constraint: This is the fourth component denoted by C which refers to set of constraints. Every constraint is a an expression that results in a Boolean value. There are many operators for which can produce Boolean result. The syntax is as follows. (a) ?o (o ? O ? o ? rel(c)) (b) ¬?(o 1 , o 2 ) (o 1 ? O ? o 2 ? O ? o 1 ? o 2 ? {o 1 , o 2 } ? rel(c)) In any constraint c ? C, only one object's security attributes should appear Privilege: This is the last component in the model. Let P represents set of access rights or privileges. These access rights are exercised by subjects on objects. There are different types of privileges such as new, destroy, select, insert, update, delete, read and edit. Out of them new, read, edit and destroy are for document files and the rest are for database objects. # V. Case Study -Health Care Work Flow System Cloud computing has emerged as a new model of computing which provides pool of computing resources in pay as you use fashion. Any cloud based workflow system (or even without cloud) can make use of the proposed predicated based access control model. Figure 4 shows a general work flow of the health care system. Many details are not considered for making it simple. However the flow can provide required functionalities that can be used to demonstrate the access control mechanisms. As shown in Figure 4, the flow starts with an appointment. On requesting appointment registration of the patient is completed. Then health service provider will check for any symptoms or temperature, blood pressure and so on in order to identify the problem. Sometimes, it is possible that investigation is made with different tests and problem is identified. Once the problem is identified either medicine is prescribed or referred to a specialist doctor. After taking medicine, the patient will pay money. This is the flow which actually reflects a typical, though not elaborate, scenario in every healthcare unit. # VI. # Roles in the Health Care System The roles in any workflow system are hierarchical in nature. Healthcare system is no exception. It has many roles and some roles depend on other roles. Figure 5 shows roles in hierarchical fashion. As shown in Figure 7, the workflow repository contains many entities and attributes. These entities, attributes and relationships are mapped to related tables in relational database. Patient, problem identifier, privilege and physician are the entities with different attributes involved. The repository is not completely provided and the cardinality is not shown in the diagram. As shown in Figure 6, there are many tasks involved in the healthcare system. The main tasks considered are appointment, registration, diagnosis, and money transfer. The registration process contains two sub tasks such as patient record, checking eligibility. Diagnosis has two sub tasks such as adding record and prescription. Money transfer has two sub tasks such as one related to patient and other one related to insurance. # VII. Access Control Model Employed to Healthcare Workflow System The following components and relationships are considered to have a formal access control system for the healthcare workflow system. In this query o is either a relational table or set of files that can be used to retrieve data. Here c' represents either privilege propagation or runtime-instance based access control based on the runtime situations. The union of privileges is used based on the constraints given for authorized access to the data. Once query operation is finished, the object IDs that satisfy predicate based access control are retrieved. Then further processing carried out. If the o belongs to a relation, join operation can be used to combine results. If not name and category of files can be used. Even if the o is a special data, that external interface is invoked to access it. Data can be migrated from current domain to historical domain. The object o' is used to represent historical object. The following operations complete the migration process. # Experimental Results We built a prototype application that caters to the needs of a healthcare workflow system. Then we applied the predicate based access control which combines the features of roles and attributes as well and obtains synergic effect in controlling access to application resources. The application has proved to be useful for the real world applications as it was able to provide controlled access with high flexibility and utility. The results of application with respect to the attributes, constraints and are presented here. As can be seen in Figure 8 and Figure 9, it is evident that the horizontal axis represents number of attributes while the vertical axis represents the time taken. The results reveal the difference in time when constraints are applied while performing the proposed access control mechanisms. # IX. # Conclusions and Future Work In this paper, we studied different kinds of access control mechanisms. We found that there are two widely used access control mechanisms. They are RBAC and ABAC. The RBAC depends on the roles that represent set of privileges that can be assigned to users who belong to the role. RBAC has its drawbacks as described here. Explosion of roles parameters, privileges makes it complex. It is difficult to design roles and managing them. It is cumbersome to grant/revoke privileges to/from roles. Making changes based on global or local factors is difficult. And RBAC does not support a custom extension to it [41]. Access implications when user's attributes are changed and reaching consensus on the meaning of attributes are the drawbacks in ABAC [42]. We focused on the third alternative known as predicated based access control model which can also complement to the features of role and attributed based models. We proposed a generic model for predicate based access control that can be applied to any workflow system including cloud based workflow systems. Afterwards we applied the model to a case study "healthcare workflow system". We built a prototype application to demonstrate the proof of concept. The empirical results revealed that the proposed application is flexible and effective in controlling access to application resources. In future we intend to improve the PBAC and adapt it to different workflow systems. 1![Figure 1: Overview of access control models. (a) Role-based (b) Attribute based (c) Predicate based The third approach which is less explored is predicate based access control (PBAC) which can simplify the access control further besides complementing the other mechanisms. In other words, it can have synergic advantages of the other two access control mechanisms. In this paper we explore PBAC with cloud-based workflow systems. Table1show acronyms used in the paper. Our contributions in this paper include the design and implementation of PBAC mechanism with a case study. This research paves way](image-2.png "Figure 1 :") 2![Figure 2 : Generic framework required for predicate-based access control model](image-3.png "Figure 2 :") 3![Figure 3 : Components of predicate-based access control model](image-4.png "Figure 3 :") 1![o 2 , ?, o n } For every o ? O set of security attributes are defined security-attri(o) For each object o ? O object represents data of different domains like outside, historical and current](image-5.png "O = {o 1 ,") ![ ::= {OR } ::= < predicate1> {AND } < predicate> ::= ::= ::= | | < security-attribute-variable > Possible operators are: ::= '=' | '!=' | '<>' | '>' | '<' | '>=' | '<=' rel(c) represents all objects whose security attributes security-attri(o) are part of the constraint c A constraint is valid if it holds true for the following conditions:](image-6.png "") 4![Figure 4 : General work flow of a healthcare system](image-7.png "Figure 4 :") ![Predicate based Access Control for Cloud Workflow Systems Global Journal of Computer Science and Technology Volume XVI Issue I Version I 6 Year 2016 ( )](image-8.png "Exploring") 5![Figure 5 : Roles in healthcare workflow As shown in Figure 5, the roles include receptionist, physician, compounder or nurse, and pharmacist. The physician role can have sub roles such as internist, surgeon, numerologist, and paediatrician. Again the surgeon role has sub roles such as neurological surgeon, general surgeon and plastic surgeon. These roles are used in the access control system to have controlled access to various stakeholders of the system.](image-9.png "Figure 5 :") 6![Figure 6 : Tasks hierarchy involved in healthcare workflow system (some tasks omitted to simplify the workflow)](image-10.png "Figure 6 :") 7![Figure 7 : Entity relationship diagram for healthcare workflow system (with simplified relations)](image-11.png "Figure 7 :") 1 1II. 2VariableDescription#This.IDIt represents currentruntime instance ofmaster record. It is theinstance to which useris associated with.#This.TaskNameIt denotes the currenttask being performedby an authorized user.#This.RoleNameIt represents the rolename to which theauthorizeduserbelongs.#This.UserIDIt represents the uniqueID of the user whoaccessesruntimeinstance of masterrecord. © 2016 Global Journals Inc. (US) 1 © 2016 Global Journals Inc. (US) ( ) b * Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth APMarcos Leandro JTiago DanielRNascimento CarlaMSantos CarlosBWestphall Westphall The Eleventh International Conference on Networks 2012 * Semantic-aware multitenancy authorization system for cloud architectures JorgeBernal Bernabe A JuanMMarin Perez B JoseMAlcaraz Calero B FelixJGarcia Clementec GregorioMartinez Perez A AntonioFGomez Skarmetaa 2012 ELsevier * Role Based Access Control Mechanism In Cloud Computing Using Co -Operative Secondary Authorization Recycling Method SLReeja International Journal of Emerging Technology and Advanced Engineering 2 10 2012 * Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol UmerKhalida AbdulGhafoor MisbahIrum Muhammad Awais Shibli. 22 2013 ELsevier * Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud ArnarBirgisson JoeGibbs Politz AnkurLfar Erlingsson Taly 2014 ACM * A framework for authentication and authorization credentials in cloud computing *Nelson Mimura Gonzalez Marco Antônio TorrezRojas MarcosViníciusMaciel Da Silva FernandoRedígolo TerezaCristina Melo De Brito Carvalho * CharlesChristianMiers ? MatsNäslund ? AbuSho IEEE 2013 * A UCONABC Resilient Authorization Evaluation for Cloud Computing AltairArlindo Luis MarconJr MaiconOlivo Santin JulianaStihler BachtoldJr IEEE 25 2 2014 * OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications UlrichLang 2010 IEEE * IMS Cloud Computing Architecture for High-Quality Multimedia Applications Jiann-LiangChenz Szu-LinWuy YanuariusTeofilus Larosa Pei-JiaYang Yang-FangLi 2011 IEEE * MasoumehZareapoor PouryaShamsolmoali MAfshar Alam 2014 Safe Cloud * Evaluation. International Journal of Electronics and Information Engineering 1 2 * Study of Intrusion Detection System for DDoS Attacks in Cloud Computing NareshKumar ShaliniSharma IEEE 2013 * Cloud Security Auditing: Challenges and Emerging Approaches JungwooRyoo SyedRizvi WilliamAiken JohnKissell IEEE 2013 * Cloud authorization: exploring techniques and approach towards effective access control framewo rk MasoodRahat MuhammadAwais ShibliYumna Ghazi AyeshaKanwal AliArshad 2014 Springer-Verlag Berlin Heidelberg * AN AUTHORIZATION MODEL FOR MULTI-TENANCY SERVICES IN CLOUD ZhaohaiZhang QiaoyanWen 2012 IEEE * Fuzzy Authorization for Cloud Storage ShashaZhu GuangGong 2013 IEEE * An Authentication and Authorization Solution for a Multiplatform Cloud Environment Information Security Journal: A Global Perspective Primo? Cigoj & Borka Jerman Bla?i ?. 2015 * An Authorized Duplicate Check Scheme for Removing Duplicate Copies of Repeating Data in The Cloud Environment to Reduce Amount of Storage Space ManoharVasantrao Rathod ProfS GVaidya International Journal & Magazine of Engineering Jannu. Prasanna Krishna, Macha. Ganesh Kumar. 19 4 2015. 2015 Management and Research * Local Authentication and Authorization System for Immediate Setup of Cloud Environments AlexanderStanik PatrickBittner MarvinByfield FridtjofSander DanielSch¨oder 2013 IEEE * Evaluation of an Enhanced Role-Based Access Control model to manage information access in collaborative processes for a statewide clinical education program XuanHungLe TerryDoll MonicaBarbosu AmnerisLuque DongwenWang 2013 ELsevier * Cloud Police: Taking Access Control out of the Network LucianPopa MinlanYu YSteven Ko 2010 ACM * Privacy Preserving Access Control with Authentication for Securing Data in Clouds SushmitaRuj MilosStojmenovic Amiya Nayak 2012 IEEE * Rule-Based Run-Time Information Flow Control in Service Cloud WeiShe I-LingYen BhavaniThuraisingham IEEE 2011 * How to Use Attribute-Based Encryption to Implement Rolebased Access Control in the Cloud YanZhu ChangjunHu DiMa JinLi 2013 ACM * Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds SushmitaRuj MilosStojmenovic Amiya Nayak 25 2 2014 IEEE. * Privacy-preserving Multi-keyword Text Search in the Cloud Supporting Similarity-based Ranking WenhaiSun BingWang NingCao MingLi WenjingLou YThomasHou 2013 ACM * A purpose-based access control in native XML databases LiliSun HuaWang 2011 John Wiley & Sons Ltd * Constraining Credential Usage in Logic-Based Access Control LujoBauer LiminJia DivyaSharma 2010 IEEE * A fine-grained access control and revocation scheme on clouds Shan-ShanTu Shao-ZhangNiu HuiLi 2012 John Wiley & Sons Ltd * A Policy-Based Dialogue System for Physical Access Control MohammadAbabneh DumindaWijesekera James Bret Michael 2012 IEEE * Applying a usage control model in an operating system kernel RafaelTeigao CarlosMaziero 2011 Elsevier 24 * Constraining Credential Usage in Logic-Based Access Control LujoBauer LiminJia DivyaSharma 2010 IEEE * A Secured Cloud based Health Care Data Management System International Journal of Computer Applications Md. Fakhrul Alam Onik, Syed Sabir Salman-Al-Musawi, Khairul Anam, Nafiul Rashid. 49 12 2012 * CPBAC: Property-based access control model for secure cooperation in online social networks YounaJung A BDJames Joshi 2014 ELsevier 41 * Sec Agreement: Advancing Security Risk Calculations in Cloud Services LMatthew Hale Rose Gamble IEEE 2012 * Cryptography Challenges for Computational Privacy in Public Clouds SashankDara 2013 ACM * Controlled Privacy in Mobile Cloud DebasishJana DebasisBandyopadhyay IEEE 2015 * Cloud Based Smart Metering Security Access and Monitoring System in the Real Time Environment International Journal of Engineering Research & Technology Nageshwar Dev yadav,Prof. Akash Wanjari. 3 2 2014 * A Policy-Based Dialogue System for Physical Access Control MohammadAbabneh DumindaWijesekera James Bret Michael 2012 IEEE * Attribute Based Access Control and Implementation in Infrastructure as a Service Cloud XinJin 2014 * From ABAC to ZBAC: The Evolution of Access Control Models AlanHKarp HarryHaury MichaelHDavis 2009