Context. With the development of computer software, hardware, and communication technologies, a new type of human-centered computing model, called Cloud Computing (CC) has been established as a commercial computer network service. However, the openness of CC brings huge security challenge to the identity-based access control system, as it not able to effectively prevent malicious users accessing; information security problems, system stability problems, and also the trust issues between cloud service users (CSUs) and cloud service providers (CSPs) are arising therefrom. User behavior trust (UBT) evaluation is a valid method to solve security dilemmas of identity-based access control system, but current studies of UBT based access control model is still not mature enough, existing the problems like UBT evaluation complexity, trust dynamic update efficiency, evaluation accuracy, etc.

Objective. The aim of the study is to design and develop an improved UBT based CC access control model compare to the current state-of-art. Including an improved UBT evaluation method, able to reflect the user’s credibility according to the user’s interaction behavior, provides access control model with valid evidence to making access control decision; and a dynamic authorization control and re-allocation strategy, able to timely response to user’s malicious behavior during entire interaction process through real-time behavior trust evaluation. Timely updating CSUs trust value and re-allocating authority degree.

Methods. This study presented a systematical literature review (SLR) to identify the working structure of UBT based access control model; summarize the CSUs’ behaviors that can be collected as UBT evaluation evidence; identify the attributes of trust that will affect the accuracy of UBT evaluation; and evaluated the current state-of-art of UBT based access control models and their potential advantages, opportunities, and weaknesses. Using the acquired knowledge, design a UBT based access control model, and adopt prototype method to simulate the performance of the model, in order to verify its validation, verify improvements, and limitations.

Results. Through the SLR, two types of UBT based access control model working structures are identified and illustrated, essential elements are summarized, and a dynamic trust and access update module is described; 23 CSU’s behavior evidence items are identified and classified into three classes; four important trust attributes, influences, and corresponding countermeasures are identified and summarized; and eight current state-of-art of UBT based access control models are identified and evaluated. A Triple Dynamic Window based Access Control model (TDW) was designed and established as a prototype, the simulation result indicates the TDW model is well performed on the trust fraud problem and trust expiration problem.

Conclusions. From the research results that we obtained from this study, we have identified several basic elements of UBT evaluation method, evaluated the current state-of-art UBT based access control models. Towards the weaknesses of trust fraud prevention and trust expiration problem, this paper designed a TDW based access control model. In comparing to the current state-of-art of UBT models, the TDW model has the following advantages, such as it is effectively preventing trust fraud problem with “slow rise” principle, able to timely response to malicious behavior by constantly aggravate punishment strategy (“rapid decrease” principle), effectively prevent malicious behavior and malicious user, and able to reflect the recent credibility of accessing user by expired trust update strategy and most recent trust calculation; finally, it has simple and customizable data structure, simple trust evaluation method, which has good scalability.