Abstract: Today modern computing systems leverage distributed models such as cloud, grid, etc. One of the obstacles of wide spreading these distributed computing models is security challenges which includes access control problem. These computing models because of providing features like on-demand self-service, ubiquitous network access, rapid elasticity and scalability, having dynamic infrastructure and offering measured service, need a powerful and continuous control over access and usage session. Cloud service is based on Web Services, and it will face all kinds of security problems including what Web Services face. The development of cloud service closely relates to its security, so the research of cloud service security is a very important theme. In cloud environment, the definition of data and its protection are gradually varied when contents shifting from one virtual machine to another; in these new scenarios, the multi-tenancy pattern has been taken as a core attribute. For this reason, many users need to change their roles according to different situations, certifications has impact much more complicated challenges in cloud environment while access control was suitable for the static status but no longer for the changing situation. Usage control (UCON) model is emerged to cover some drawbacks of traditional access control models with features like attribute mutability and continuity of control. In this paper, a new usage control protocol model—multi-UCON (MUCON) based on usage control (UCON), combined with encryption technology and the digital watermarking technology, is proposed with the characteristics of flexible accrediting, feature binding, and off-line controlling. The analysis and simulation experiments indicate that the proposed protocol model is secured, reliable, and easy to be implemented, which can be deployed in cloud computing environments for data protection.

Keywords: Cloud computing, Data protection, Access control, UCON, MUCON, Rights transfer.