Adaptive Access Control Mechanism (AACM) for Enterprise Cloud Computing

Enterprise cloud computing provides various services to enterprises, but access to these services is controlled by a frewall. Te frewall determines the actions and operations a legitimate user can perform on the available resources. Access control policies allow or restrict access to resources, and they also keep a record of attempted access. In the role-based access control model, access to resources is based on a user’s role in the enterprise. As resources are limited, the policy manager has to create policies that optimize resource availability to diferent roles to improve overall resource utilization. However, this optimization is challenging without prior knowledge of user behaviour and resource requirements for each role. Due to insufcient knowledge, some resources may be available to the wrong roles, while others may be required by other roles but are inaccessible. Tis results in decreased resource utilization, requiring the redefnition of access control policies with optimal resource availability. Te optimal allocation of resources can be achieved by analyzing user behaviour under diferent roles. Te study proposes a novel method for access control that utilizes role profling and redefnes access control policies for diferent roles to optimize resource availability. Formal methods are employed to ensure accurate system behaviour in software and hardware systems. Formal specifcations provide a high-level representation of system behaviour and characteristics. Tis paper proposes formal specifcations using the “ Z ” language to ensure accurate system behaviour in access control mechanisms. Te proposed mechanism is implemented in a simulated environment and validated using four variants of the recommender approach. Te study concludes that the proposed mechanism consistently enhances operational capability, minimizing over-and under-allocation of resources to roles and improving overall resource utilization within the enterprise. Te proposed method is benefcial in dynamic environments where the system must adapt to evolving scenarios.


Introduction
Enterprise cloud computing ofers infrastructure, software, and platform services to an enterprise whose access is controlled by a frewall. Enterprise cloud computing results in better speed and performance of computing resources as well as improved utilization and lower operational and infrastructure costs for an enterprise. Enterprise cloud computing provides a secure computing environment, providing the capability for access control policies, where decisions are based on numerous factors, such as the role of the user defned within the enterprise, the type of data or application being accessed by the user, and the kind of device being used. Enterprise clouds are better than conventional on-premise servers and other storage systems because they are faster, reduce latency, and prevent data loss.
Te primary objective of access control is to ensure security. In situations where resources are limited or optimizing their utilization is important, such as in an enterprise cloud environment, access control can be employed to restrict resource access to only those users who genuinely require it. However, this requirement may change over time. Traditional access control models face a challenge in that their policies are static and lack a recommender system to adapt them based on resource usage. Tis paper introduces a mechanism to tackle this issue. Te novelty of this paper lies in proposing the utilization of access control to enhance the overall service of an enterprise cloud, aiming to achieve maximum resource utilization with a minimal number of resources used. Other suggested improvements in access models in literature have not addressed this particular aspect. In the context of present paper, adaptiveness refers to the ability of the access control model to dynamically modify its policies based on the changing requirements of diferent roles within an enterprise. It recognizes that the access requirements of users may vary over time and aims to provide a fexible and responsive approach to managing resource access.
In the context of the present study, an enterprise has users and resources. Te users of the enterprise are intended to use the resources of the enterprise to accomplish their tasks. Te resources are not physically and dedicatedly allocated to any of the users. Te resources are provided logically to the users based on their needs, specifed in their requests, but as per the policies of the enterprise that are defned as access control policies of the resource, depending on the role of the user requesting the resource(s). Te resources are available in the form of an enterprise cloud. Roles are assigned to every user depending on their assigned duties and responsibilities. In order to use resources of the cloud, a user has to submit a request to the cloud through the access control policy module. Te policy manager of the access control module either accepts or discards the request based on the request submitted by the user and policies defned for the role of the user. Te accepted request is forwarded to the cloud for processing. At regular intervals of time, the log entries that encompass the status of the user requests of each role are analyzed, and a number of reports are generated. Te requests are analyzed with the intention to defne the role profle in terms of resources because of the variation in user requests for resources in every role. Te purpose of the analysis is to identify over-availability and under-availability of the resources as per the policies defned by the enterprise for each role. Te analysis of log entries regarding the resource request from a user, request, and role perspectives helps in the redefnition of access control policies. Te intention behind the redefnition is to increase the overall resource utilization and optimal availability of the resources of the enterprise to their users.
Te paper includes a review of access control, its policies, and models in Section 2. Tis section also contains a review of access control in cloud computing. Section 3 describes the formal specifcations in the "Z" language and behaviour of the proposed adaptive access control mechanism. Section 4 provides a performance evaluation of the proposed study using four variants to suggest recommendations and redefnition of policies to avoid any over-and underutilization of resources at that time. Section 5 concludes the study. Te intended audience for the paper is researchers interested in improving the utilization of computing resources of an enterprise cloud by controlling access control policies.

Review of Literature
For the present study, we have conducted a thorough review of various papers related to access control in general and specifcally for cloud computing. Tese papers have been selected based on their relevance and signifcance to our research topic. Te review has provided us with a comprehensive understanding of the current state-of-the-art techniques and approaches used for access control in cloud computing. We have also identifed the gaps in the existing literature and the research opportunities that can be explored to improve the access control mechanisms in enterprise clouds. Te insights gained from this review have been used to develop our proposed adaptive access control mechanism and to evaluate its performance against existing methods.

Access
Control. An important security aspect of an organization is to safeguard its data and resources for unauthorized revelation or modifcations [1][2][3]. Access control covers three functions: authentication, authorization, and accountability [4]. Authentication is the process of verifying the identity of a user who requests access to a resource. Tis process involves the submission of a user ID and a password or other credentials to prove the user's identity. Authorization is the process of determining whether a user is allowed to access a specifc resource or perform a particular operation on that resource. Tis process involves comparing the user's credentials to the access control rules defned for the resource. Accountability is the process of tracking the actions of users who access resources and recording them in a log. Tis information can be used to trace security breaches or violations of access control policies.
Te development of an access control system demands that the rules to control access be defned. It follows a multiphase process based on the following concepts [1]: Security policy: it defnes the (high-level) rules according to which access control must be regulated. Security model: It provides a formal representation of the access control security policy and its functioning. Te formalization allows the proof of properties on the security provided by the access control system being designed. Security mechanism: it defnes the low-level (software and hardware) functions that implement the control imposed by the policy and formally stated in the model.
In the context of cloud computing, access control plays a crucial role in ensuring the security of the cloud environment. Cloud computing provides a shared computing environment, which means that multiple users and applications share the same physical infrastructure. As a result, the access control policies must be carefully designed and implemented to prevent unauthorized access to sensitive data and resources. Cloud providers typically ofer various access control mechanisms and tools that can be used to manage user access to cloud resources.

Access Control Policies and Models.
Access control is a fundamental concept in computer security that refers to the process of selectively restricting access to resources or data within a computing environment. Access control models provide a framework for enforcing access control policies that defne who can access what resources and under what conditions. Te initial access control models focused on identitybased access control, where access is granted based on the identity of the user. Te initial work in this direction was proposed by Lampson [5]. Te proposed model uses the access control matrix as framework for reasoning about the permitted access in the computing environment. In 1973, Bell-LaPadula [6] proposed a model of protection systems that deals with the control of information fow and assigns access permissions to users based on specifc rules. Sandhu and Samarati [2] discussed various access control policies, and the authors also suggested the role-based access control to be an appealing substitute to conventional access control. However, as computing environments became more complex, new access control models were proposed to address the limitations of identity-based access control.
Te three main categories of access control models [1,[7][8][9] are discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). DAC policies allow users to control access to resources based on their discretion. MAC policies, on the other hand, are centrally controlled and enforce mandatory rules for access control. RBAC policies [9] control access based on the roles assigned to users within the system. Hu et al. [3] explained some of the commonly employed access control services ofered in IT systems.
RBAC is considered to be the most promising access control policy for complex environments, as it provides a fexible and scalable approach [10] to access control that can be easily customized to meet the specifc needs of different organizations.
Among these policies, RBAC is the most promising access control policy for complex environments [11].
Other access control policies have also been proposed, including attribute-based access control [12][13][14], gatewaybased access control [15], and context-aware access control [4,16,17]. Tese policies are designed to address specifc access control requirements in diferent computing environments. Te paper [18] is to introduce and delve into the concept of activity-centric access control (ACAC) within smart and connected ecosystems, emphasizing its signifcance, vision, and research agenda. Te study [19] introduces a novel approach to data security using multiple device shadows (digital twins) to separate and restrict access to data points based on assigned tags. Te work [20] proposes ReBAC IoT, an attribute-aware relationship-based access control model for smart IoT systems, considering social relationships among users and attributes to enable dynamic and fne-grained access control. Te paper [21] focuses on examining the problem of user attribute reachability, specifcally considering attributes assigned directly to users as well as those inherited through group memberships. Te paper [22] introduces a hybrid RBAC model that combines ofine deep reinforcement learning and Bayesian belief networks to dynamically improve the initial RBAC policy while ensuring compliance with system security rules.

Access Control in Cloud
Computing. Neumann [23] gave the insight into the barriers and its fxes to ofer a reliable cloud computing environment. Khan [12] presented various access control methods used in cloud computing and highlighted attribute-based access control features required in dynamic environments. Meghanathan [7] reviewed various dynamic access control models to achieve cross-domain authentication. Li and Zhao [24] highlighted the key challenges towards access control in cloud computing environment and the ensuing research directions. Ahmed and Ashraf Hossain [25] presented a study of the cloud computing concepts involving security issues with respect to cloud computing and cloud infrastructure. Majumder et al. [26] discussed the issues and challenges faced in the cloud computing environment. Aluvalu and Muddana [27] presented the analysis of diferent access control models for cloud computing elucidating the problems faced by these models and their viable solutions. Indu et al. [28] reviewed the challenges concerning authentication, access management, security, and services in cloud environment and proposed the solutions to address these issues. Various existing access control schemes were examined for the security concerns in cloud computing environment [29]. Karataş and Akbulut [30] described numerous access control mechanisms in cloud computing environment for various purposes. El Sibai et al. [31] presented a survey on access control mechanisms for cloud computing.
Cha et al. [32] presented an attribute-based access control (ABAC) model that controls access based on the attributes of requestors, services, resources, and environment. Lin et al. [33] provided a trust-based access control mechanism for cloud computing by incorporating the trust into the cloud environment. Younis et al. [8] proposed an access control model for cloud computing AC3 to meet the identifed cloud access control requirements. It ensured the secure sharing of resources, providing diverse access control to the same cloud user, and gave user the capability to utilize various services securely. Te researchers suggested diferent types of access control models for the cloud computing environments [34]. To address the vulnerability in data privacy of cloud users in cloud computing environment, a fne-grained access control mechanism using cryptography was proposed. Te paper [35] covers several features of access control mechanisms, including attribute-based encryption, role-based and hierarchical identity management, identity-based authentication, and trust-based models that are suitable for cloud computing environments. A new enhanced authorization approach to access control in cloud was proposed [36]. Te study [37] presents an online malware detection system that utilizes process level performance metrics, evaluating the efcacy of various baseline machine learning models. A smart healthcare cloud using smart contract access control [38] was introduced. A rolebased access control for cloud storage [39] was proposed. Te paper [40] evaluates and analyzes access control mechanisms in cloud computing based on centralized and decentralized models and presents a comparison of each model's advantages and limitations and discusses the challenges associated with access control in the cloud.
Overall, the studies mentioned focus on the challenges and solutions related to access control in cloud computing environments. Tese challenges include issues with authentication, access management, security, and privacy. Various access control models are discussed such as attribute-based access control (ABAC) [41], trust-based access control, and fne-grained access control using cryptography. Te studies highlight the importance of developing reliable and efective access control mechanisms to ensure the reliable sharing of resources and services in cloud computing environments.

Design of the Adaptive Access Control Mechanism
Te mechanism presented in the paper introduces a fresh approach to access control mechanisms that can enhance the efcient utilization of cloud resources. Tis approach involves utilizing role profling and adjusting access control policies for diferent roles to optimize the availability of cloud resources while maintaining security. Te mechanism is especially benefcial in scenarios where access control policies can also be leveraged to enhance resource utilization, leading to better overall efciency. By implementing this mechanism, enterprises can streamline their resource allocation processes, improve the response time to requests, and ensure optimal utilization of their cloud resources, thereby improving operational efciency and reducing costs. Te implementation cost of the proposed approach involves eforts in creating and maintaining log fles to capture user requests, analyzing the log fle contents using a recommender algorithm, and making access control decisions based on the recommendations generated. It includes resources for developing and managing the log fles, designing and training the recommender algorithm, integrating it into the system, and implementing decision-making logic. Additionally, integration, deployment, maintenance, monitoring, training, and documentation eforts are also necessary.

Requirements of the Mechanism.
Te basic requirements of the stated mechanism are as follows: (i) A user is identifed by a unique ID and designation (ii) A user may have additional charges (iii) Every user has at least one role (iv) Designation and additional charges may map to diferent roles (v) Tere are a number of users with same role (vi) Each role has the availability of subset of the available resources (vii) Available resources are allocated among the various roles in a controlled manner (viii) A user may have a number of requests (ix) A request is identifed by the unique ID and the information related to the owner of the request (x) A request belongs to single user under one role (xi) A request is either accepted or discarded on the basis of the defned policies (xii) Policies are defned in terms of instances available for a given resource for every role

Features of the Mechanism.
Te proposed access control mechanism introduces several additional features to the traditional RBAC model to enhance its capabilities in improving resource utilization in dynamic environments. Firstly, the mechanism is designed to be dynamic and adaptable to changing operational scenarios. Tis means that the access control policies can be redefned at regular intervals to optimize resource allocation based on changing demand and availability.
Secondly, the mechanism allows a user to have multiple roles, but the applicable policies are determined by the role requested. Te user has one designated role, while additional roles may be assigned with additional charges. Tis enables more fexible resource allocation based on the specifc needs of each role.
Tirdly, the mechanism supports requests for multiple resources with multiple instances in a single request. Te access policy includes limits on the number of instances for each allowed resource, as well as a limit on the number of instances for each role. Tis ensures that resources are allocated optimally and efciently, while also preventing overallocation and under-utilization of resources.
Finally, the mechanism provides results that aid in decision making about the addition, deletion, and redistribution of resources among roles to optimize utilization at a lower cost. Te mechanism generates reports that can be used to identify over-and under-utilized resources and to identify trends in resource usage, enabling enterprises to make informed decisions about resource allocation.
In summary, the proposed access control mechanism introduces new features that allow for more efcient resource allocation in dynamic environments, ultimately leading to optimized resource utilization. Te mechanism achieves this by allowing for dynamic adaptation to changing operational scenarios, allowing users to have multiple roles and requesting multiple resources with multiple instances in a single request, and aiding in the decision-making process for resource allocation. Te overall result is increased resource availability with fewer resources, all while maintaining security.

Formal Specifcations and Behaviour of the AACM.
Formal methods [42,43] are procedures based on mathematical models for the design of software and hardware systems. Unlike other design systems, formal methods use mathematical proof as a complement to system testing to ensure correct behaviour. Te strength of formal methods lies in their ability to verify the entire state space of the system, and the properties that can be proved to hold in the system will hold for all possible inputs.
Formal specifcations provide a concise description of the high-level behaviour and properties of a system. Tese specifcations can be model-oriented by constructing a model of the system behaviour using mathematical objects such as sets and sequences. Alternatively, they can use a set of necessary properties to describe system behaviour, such as axioms and rules. Formal specifcations provide several benefts, including (i) Higher level of rigor: Formal specifcations ofer a higher level of rigor, which leads to better problem understanding. Tis helps ensure that the system meets its requirements and specifcations. (ii) Uncovering defects: Formal specifcations help uncover defects that may be missed when using traditional specifcation methods. By using a formal notation, it becomes easier to identify problems and inconsistencies in the system design. (iii) Early defect detection: Formal specifcations allow for early defect detection, which can save time and reduce costs. By detecting defects early in the development process, it is easier to fx them before they become major problems. (iv) Self-consistency: Te semantics of formal specifcation languages allow for verifcation of selfconsistency. Tis means that the specifcation itself can be checked for consistency, which helps ensure that the system will behave as intended. (v) Formal proofs: Formal specifcations facilitate the use of formal proofs to establish fundamental system properties and invariants. Tis can help ensure that the system meets its requirements and specifcations.
Overall, formal specifcations provide several benefts that can help ensure the correctness and reliability of software and hardware systems.
Many formal notations have been developed for writing formal specifcations.
Te B method [44] is a method of software development based on B, a tool-supported formal method based on an abstract machine notation, used in the development of computer software. It was originally developed by Jean-Raymond Abrial. B is related to the Z notation.
VDM [45] was developed at the IBM laboratories in Vienna. Te current version of the VDM specifcation language, VDM-SL, has been standardized by the International Standards Organization (ISO). It supports the modelling and analysis of software systems at diferent levels of abstraction. Using VDM-SL constructs, both data and algorithmic abstractions expressed in one level can be refned to a lower level to derive a concrete model that is closer to the fnal implementation of the system.
Z is a formal specifcation language [46] based on Zermelo set theory. It was developed at the Programming Research Group at Oxford University in the early 1980s and became an ISO standard in 2002. Z specifcations are mathematical and employ a classical two-valued logic. Te use of mathematics ensures precision and allows inconsistencies and gaps in the specifcation to be identifed. Teorem provers may be employed to demonstrate that the software implementation meets its specifcation [47].
Z has been used to underpin a model of RBAC [48]. Te Z specifcation is created for the commercial application of online food ordering system to improve the order detail accuracy and efciency [49]. Z specifcation language is used to design the e-commerce system and specify security constraints [50]. A scanner and parser for Z specifcations [51] was introduced.
Other formal specifcation languages include (i) CSP (communicating sequential processes) [52]: a formal language for describing patterns of interaction in concurrent systems. (ii) TLA+ (temporal logic of actions): a language for specifying and verifying concurrent and distributed systems, developed by Leslie Lamport. (iii) Alloy [53]: a lightweight specifcation language and analyzer for software modelling and analysis, developed at MIT.
Each of these languages [54] has its own strengths and weaknesses, and the choice of language depends on the specifc requirements and constraints of the system being modelled.

Formal Specifcations.
In the study, the specifcation pattern is utilized to defne the formal specifcations of the proposed mechanism. Tis pattern involves employing the syntax and semantics of the Z language to capture the desired behaviour and properties of the system or process being modelled.
Te enterprise is defned as E � {USERS, RESOURCE} where USERS is the set of users and RESOURCES is the set of available computing resources. So, USERS � {u1, u2, u3, . . ., un} is a fnite set of users where each user is identifed by a set of attributes. Te USER_ID is to uniquely identify the user, USER_DESIG is attributed to designation of the user, a fnite set of ROLES is assigned to user on the basis of their designation and additional charges assigned, ADDL_-CHARGE is a fnite set of additional charges held by the user, and ALLOCATED_RESOURCES is a fnite set of tuples of resource and the number of instances of that resource allocated to the user at a given instant for each of the assigned role.
Te statement of the problem is to fnd the optimized mapping of the members of the RESOURCES set, as resources, to members of the ROLES set. Te optimization is with the intention to enhance the resource utilization. Role profling is used for it. Te formal specifcations for the USERS, RESOURCES, and ROLES are given in Figure 1.

Journal of Electrical and Computer Engineering 5
Te specifcations for various operations on USER set like to add new user and delete an existing one are shown in Figure 2. In order to add a new user, user designation and additional charges (if any) are provided as input. Te USER_ID is automatically generated by using a global variable USER_COUNT.
Te specifcations for mapping User_Desig to ROLES and Addl_Charges to ROLES are shown in Figure 3 along with the operations for adding and deleting a role for a given designation or charge and updating an existing mapping from designation to role or charge to role.
Te roles are assigned to users based on their designation and additional charges (if any) held by them. Tis mapping is shown by the specifcations shown in Figure 4.
Te specifcations of the queries that can be asked on the basis of role assignment like to fnd the roles for a given designation/charge or vice versa are shown in Figure 5.
Te policy database as shown in Figure 6 consists of set of policies POLICY � P1, P2, P3, . . . , Pn { } where each policy is characterized by a tuple of ROLES and RESOURCE_AL-LOWED. Here, RESOURCE_ALLOWED itself is a tuple of RESOURCE and INSTANCES indicating the instances of each resource allowed to a particular role.
Te specifcations to manage the policy database are given in Figure 7.
Te specifcation regarding the request for the resources is specifed in Figure 8.
Tere are some declarations that are required for further operations. Te motive behind creating these declarations is to create a log set LOG � log 1 , log 2 , log 3 , · · · , log n as specifed in Figure 9. Here, each log entry is attributed by the identity of the user, the role among the possible roles assigned to that user, and a unique identity of the request. In addition, the status of the request that is initially waiting and completed on successful completion of that request and a set to indicate the status of each requested resources are also recorded. Te purpose of the log entries is for further analysis of the requests by the user for optimizing the usage of the resources. LOG is used to record data on day-to-day basis. For analysis on data for more days, MONTH_LOG is maintained. It has the same members as LOG. It appends the daily entries of LOG to it.
Te specifcation regarding the limit on number of users and the number of current users for each role is shown in Figure 10. Here, the limit indicates the maximum allowed users for a given role and current users indicate the number of users for a given role at a given instance of time.
With an aim to characterize the role, a log that encapsulate the details regarding every resource with the number of instances currently allocated, number of times the limit of permissible instances gets exceeded for the given request, and an entry to record the number of moments the requested resource is not available for a given role is specifed as shown in Figure 11, . Te availability grade is also assigned as per the values in other attributes of the log.
Te specifcations of the module that makes a decision either to accept or discard the submitted request on the basis of the policies defned as per the credentials of the request, i.e., role of the user in the present context, are defned in Figure 12. Te requested resources with their instances are compared to the resources allowed for a given role. Te currently allocated resources are also considered for comparison purposes. If the requested resources and the required instances satisfy the criteria specifed in the policy, the user request is marked as accepted. Otherwise, the request is graded as discarded. Furthermore, the status of each requested resource is graded as ALLOW, BEYOND_LIMIT, and UNAVAILABLE depending upon the requested resource and specifed policies.
Te request that is accepted by the access control module is forwarded to the cloud for further processing. Te status of the request is changed to processing. Te resources available in cloud serve the incoming request. Te specifcations of the above said functionality are shown in Figure 13.
On the completion of the service to the request, the request status is changed to completed. Furthermore, the values in allocated resources in the user profle are also modifed, and it refects that the resources of the cloud are not more with the user of the request. Te specifcations are shown in Figure 14.
Te specifcation to query the log for a given role and to query the log for a given user is shown in Figure 15. Tese types of queries are helpful in the analysis of the requests from the role and from the user perspectives.
Te role log is modifed by querying the log for requests. Te specifcation of the said module is shown in Figure 16. Tis modifcation is an important step as on its basis further recommendations take place for optimizing the availability of resources among the various roles.
On the basis of it, resource availability of each resource for a role is graded. Te grade is OVER, NORMAL, or UNDER. Te resource is graded as NORMAL, if that resource is in the requests of the users of that role. It is graded as UNDER, if the resource is in the requests of the users of role under observation but it is not available as per the present policy of that role. Resource is with grade OVER, if it is in the policy of the role but it was never requested by the users of that role. Te specifcations for the same are shown in Figure 17. Te stated fgure shows the specifcations of the module for the creation of OVER_ALLOC, NORM_ALLOC, and UNDER_ALLOC sets of resources for each role by analysis of the MONTH_LOG. Te specifcations of grading resources using these sets are also shown in this fgure.      Journal of Electrical and Computer Engineering ROLE_RESOURCE_CLUSTER is created to make the clusters of the resources for each role appear in the requests of the users of that role. Here the clusters may overlap, i.e., a resource can be a member of more than one cluster. Te module uses the MONTH_LOG to fnd out the clusters of resources for every role. Te specifcations of this module are shown in Figure 18.
Te specifcations of the module to fnd the weights of every resource in each role are shown in Figures 19 and 20. Tis module is to take into account the probability of the requests of every resource in each role and the probability of every role having that resource in their requests. Figure 19 shows the specifcations of types used in Figure 20. Figure 20 shows the specifcation to fnd ROLE_RE-S_PROB and RES_ROLE_PROB and then to fnd the weight of each resource in every role using these probabilities.
Te specifcations to fnd the appearance of each resource in the requests for every role in terms of percentage to the total number of requests for that resource in all roles are shown in Figure 21.
(1) Recommenders. Te recommender system is responsible for providing recommendations to adjust the access control policies for resources and the number of instances allowed for each role. Tese recommendations are based on the data collected and organized during the operation of computing      Journal of Electrical and Computer Engineering   Journal of Electrical and Computer Engineering 11 services ofered by the cloud, to serve the requests made by the users of the cloud. Requests that comply with the access control policies are forwarded to the cloud, while those that do not comply are rejected. Te current study proposes four approaches for making these recommendations, and their performance is shown in the next section. Te specifcations to provide recommendation and to adapt the policy with the suggested recommendations using grading of the resources are shown in Figure 22. Tis recommender uses RESOURCE_GRADING_SET that is defned in earlier specifcations. ROLE_RESOURCE_CLUSTER, which is defned above, is used by the module to suggest recommendations and to adapt the policy. Te specifcations for this module are shown in Figure 23.

Journal of Electrical and Computer Engineering
Te weight of the resource in a role is used to decide either to recommend or reject a resource for every role. Tis approach is useful where the policy is only adapted to resources in every role where its weight is equal to or more than the threshold weight which is decided by the policy manger. Te specifcations of this recommender module are shown in Figure 24. Te threshold input is input to this module.
In order to adapt the policy with only those resources that appear more frequently in the requests, the percentage recommender is proposed. In this module, the frequency is determined in the form of percentage, a resource requested in a role to the total number of requests with that resource in all roles. Te specifcation is shown in Figure 25. In this module, the percentage threshold is input parameter.

Behaviour of the AACM.
A fnite state machine to specify the behaviour of the request in terms of its states and the action(s) to change the state is shown in Figure 26.
Te state transition diagram of the request is shown in Figure 27.
Te state transition table of the request object is shown in Table 1.
Te states and action for querying policy and updating it as a fnite state machine are shown in Figure 28.
Te state transition diagram of the policy database is shown in Figure 29.
Te state transition table for policy database is shown in Table 2.

Implementation
Using a simulator to generate data and validate the study is a common approach in computer science research, particularly in the feld of cloud computing. Simulators are used to create a realistic environment for testing and evaluation, allowing researchers to analyze the performance of proposed mechanisms under various conditions without the need for expensive physical infrastructure. By using a simulator, researchers can generate large amounts of data in a controlled environment and use statistical analysis to draw conclusions about the effectiveness of the proposed mechanism. Tis can help researchers to identify potential issues and optimize the mechanism before it is implemented in a real-world setting. Te proposed mechanism is implemented in a simulated environment to show its efectiveness. Te next subsection presents the simulation and the outcomes. Te other subsection validates the simulation mechanism. Figure 30. Te model generates users, roles, and resources based on user inputs.  Roles and resources are also generated with the given number as input. For the generated set of roles, a mapping is generated to map designation and charge to role with role assignment. For the given roles and resources, initially a policy is generated. Requests are generated by users and processed by the policy enforcement module, which logs each request in a log fle. Te log fle is then used to create ResourceLog and RoleLog fles, which are used as inputs for the proposed recommender algorithms. Te recommendations are fed to the policy management module (PEM), which adapts the policies based on the recommendations. In the simulation, the same set of users, roles, and resources is used with diferent sets of requests to evaluate the impact of the recommendations on the system's performance. Te next subsection presents the simulation outcomes, while the other subsection validates the simulation model.

Simulation Model and Performance. Te simulation model used in the study is presented in
A simulation study has been conducted to showcase the efectiveness of the proposed formal specifcations, and various simulation parameters have been varied to observe their impact on the performance of the suggested mechanism. Te simulation parameters are presented in Table 3.
Conventional RBAC is static in nature. An enterprise cloud is intended for an enterprise. Te goal of an enterprise is to have the optimal availability of its resources to their users for maximal utilization of its resources with minimal availability. However, the subjective approach used in defning access control policies in traditional RBAC may have an impact on resource utilization. Tis efect is illustrated in Figure 31, where resources allowed for each role are categorized as normal, over, or under. A resource is considered normal if it appears in the user's request, over if it is never requested by the role's user, and under if it is in the requests but not available to users according to the defned policy. Te fgure displays the resource usage for one simulation scenario, showing that some resources are available for roles but are not requested, while others may be required by requests where they are not available.
So, the need for the present study arises. Te present study suggests recommendations for revising the policies by extracting the role profle from the requests made by the users under each role. Te role profle entails several aspects related to resource management within a specifc role. Te role profle identifes and lists the resources that are accessible and available to users assigned to that particular role. It also includes a record of the resources that users belonging to that role commonly request or require for their tasks or responsibilities. Te role profle specifes the

16
Journal of Electrical and Computer Engineering current availability status of the resources for users assigned to that role. Conversely, the role profle also notes any resources that are unavailable or restricted for users in that role.
Te application of the proposed recommendations yields a scenario shown in Figure 32 with maximum availability of resources to each role and that too with the same set of resources. A confusion matrix has been generated for each     Journal of Electrical and Computer Engineering       res49  res44  res43  res19  res17  res15  res25  res5  res30  res20  res38  res48  res22  res26  res28  res18  res10  res36  res32  res35 Normal Over Under Figure 31: Resource usage before.  res49  res44  res43  res19  res17  res15  res25  res5  res30  res20  res38  res48  res22  res26  res28  res18  res10  res36  res32  res35 Normal Over Under Figure 32: Resource usage after. Journal of Electrical and Computer Engineering 21 outcome of the simulation. Te description of the entries of the matrix is as follows: True positive: the number of resources required by the users of role is available in defned policy True negative: the number of resources not required by the users of role is not available in defned policy False positive: the number of resources not required by the users of role is available in defned policy False negative: the number of resources required by the users of role is not available in defned policy Te performance of the suggested approach has been evaluated on the bases of the following performance metrics presented in Table 4.
Te simulation study uses four approaches to validate the outcome of suggested study. Tese approaches are intended to build the role profle by mining the requests made by the users of that role and then propose recommendation on these bases. Te brief idea of each approach is as follows: Clustering approach: Tis approach is to make clusters of only those resources that are requested by the users for each role. A snapshot of sample output is shown in Figure 33.
Grading approach: Te resources are graded as over, normal, and under for each role. Te suggested recommendations are to keep resources with grade normal, remove resources with grade over, and add the resources with grade under. A sample output is shown in Figure 34.
Weight approach: Te weights are assigned to each resource for every role. Te weights are calculated on the basis of the probability of the role having a resource in their requests and the probability of resource request made by the role. Both of these probabilities are multiplied to get the weight. Tese weights are normalized in the range of 0 to 1. Tese weights are sorted in decreasing order for each role. Te sorted list gives the recommendations of the resources in the order of their weights. A sample output is shown in Figure 35. Percentage approach: Te percentage is determined individually for each resource within each role by comparing the number of times the resource was requested to the total number of requests made by the users in that role. Te calculated percentage is used for recommendation of the resources in the policy for every role. A sample output is shown in Figure 36.
Each approach is evaluated based on performance metrics. Te frst performance metric is the acceptance ratio of requests by the access control. Figure 37 shows the results before and after the adaptation of policies as per the recommendations. Te fgure demonstrates the results for every combination of simulation parameters, including the number of users, number of roles, and number of requests per day. It is observed from the fgure that the acceptance ratio tremendously increases in all approaches. Te performance of clustering and grading is comparable, while the outcome of the weight and percentage approaches is less. Te reason for this is that in clustering and grading, all recommendations are adapted into policies, while restrictions are imposed on the weight and percentage approaches. Te intention is to show the variant with and without restrictions.
To study the efect of the number of users on the results of the performance metrics, the proposed mechanism was simulated with 50, 200, 1000, and 5000 users, and the outputs are shown in Table 5. Te values in the table reveal that the metric values increase with the increase in the number of users, but only to some extent. Te main observation is that the mechanism consistently performs much better in all cases after adapting policies to the current behaviour of the users in terms of their requests.
Te visual representation of the outputs of the abovementioned explanation is shown in Figure 38. Te bars representing the performance have large values for the metrics after adapting the policies with the suggested recommendations. Terefore, it can be concluded that the proposed mechanism performs well irrespective of the number of users.
Te roles are very important as they determine the classes to which the resources are assigned. To investigate their efect on the performance metrics, a simulation study with 20, 35, and 50 possible roles was performed. Te values for diferent numbers of roles are tabulated in Table 6. It is evident from the table that the proposed mechanism achieves better performance for all values of roles and in all approaches studied.
Te outcomes in graphical form are shown in Figure 39. It can be observed from the representation that the values decrease in trend with the increase in roles. Tis is because with the increase in the number of roles, the number of classes also increases, and this increase has an efect on the value. However, even with the decreasing trend, the values are always better than before the adaptation of policies.
To investigate the efect of the number of requests on the outcomes of the proposed mechanism, a simulation study with 10, 100, and 1000 requests per day was conducted. Te results are presented in Table 7, which shows that the proposed mechanism improves the metrics in all cases and in every approach. Te increase in the number of requests leads to an increase in the values of the metrics, as expected. However, the improvement in performance is signifcant, indicating that the proposed mechanism is efective in handling large numbers of requests while maintaining high levels of security and resource availability.
Te efects of the variation in the number of requests on the outcomes are visualized in Figure 40. It is observed that a smaller number of requests have a slightly lower improvement in performance, and it increases with an increase in the number of requests, but the performance improvement is very small after an increase in the number of requests. In the present simulation study, with 10 requests, the enhancement is less compared to 100 requests per day. Another increase to 1000 has no signifcant improvement compared to 100 requests.

Verifcation and Validation of Simulation Model.
Model validation aims to verify that the model is actually performing satisfactorily in its application area. In this case, the model was developed to demonstrate a recommender system for adapting access control policies to prevent overallocation and under-allocation of resources. Te outcomes of the trials and evaluations conducted during the model development phases were validated and verifed to ensure that the model's performance meets the expected level of satisfaction. Te following techniques are used for validation: Degeneracy tests: to prove the degeneracy of the behaviour of model, it is tested with various combination of number of users, number of roles, and number of requests. Event validity: acceptance or rejection of requests by policy enforcement module and revision of the policies are some of the events that happen in the model, and the occurrence of such events is similar to the real system. Extreme condition tests: the conditions like no request generated by a role, request of more than permissible instances of an allowed resource, and having multiple roles are considered and the handling mechanism is implemented. Internal validity and parameter variability: a number of simulations for the same set of users, roles, and resources but diferent set of requests that are of the same number as in other simulation show the consistent behaviour.

Metric
Description Acceptance ratio Te number of requests accepted and forwarded to cloud for further services Accuracy Ratio of correctly classifed resources to the total no. of resources in each role Precision Ratio of correctly classifed resources to the total classifed resources in each role Recall Ratio of correctly classifed resources to the actual required resources in each role F1 measure It is the harmonic mean of precision and recall. Beta represents how many times recall is more important than precision.     Journal of Electrical and Computer Engineering Operational graphics: the dynamism in the values of performance indicators is visualized to confrm the correctness of the mechanism. Predictive validation: Te mechanism is to suggest the recommendations by forecasting the behaviours of users in every role. Te improvement in acceptance and other performance metrics validates the predictive ability of the model. Traces: Te outcomes of various kinds of internal processing are recorded and used for further processing in the generation of recommendations. Te acceptance ratio and confusion matrix entries are some of the traces used in the proposed system.
So, on the bases of these techniques, the simulation model is operationally validated.
To elaborate further, the mechanism presented in the paper involves regularly analyzing the log entries that encompass the status of user requests for computing resources in the enterprise cloud. Te analysis is done to identify overand under-utilization of resources as per the policies defned by the enterprise for each user role. Based on the analysis, the access control policies are redefned to optimize the utilization of resources and improve the acceptance rate of requests. By optimizing the utilization of computing resources, the proposed mechanism helps to reduce overallocation and under-allocation of resources to diferent roles within the enterprise, which can result in improved speed, performance, and utilization of computing resources. Additionally, the mechanism can provide insights into which resources are no longer needed or not frequently used, allowing for more efcient management of resources in the   10  100  100  1000  10  1000  100  10  1000  100  10  1000  100  10  1000  100  10  1000 20 35        enterprise cloud. Overall, the proposed mechanism is valuable in dynamic environments where the demand for computing resources can fuctuate rapidly. By regularly analyzing and redefning access control policies, the mechanism enables the enterprise to adapt to changing scenarios and ensure that computing resources are allocated efciently and efectively to diferent user roles. Tis can ultimately result in improved operational capabilities and lower costs for the enterprise.

Conclusion
In this paper, the authors propose a mechanism designed to improve the utilization of computing resources in an enterprise by regularly redefning access control policies. Te mechanism is particularly valuable in dynamic environments where the system must adapt to changing scenarios. Te authors explain that in traditional enterprise systems, computing resources are physically and dedicatedly allocated to specifc users or roles. However, in an enterprise cloud computing environment, resources are not allocated in this way. Instead, resources are provided logically to users based on their needs, as specifed in their requests, but are subject to access control policies defned by the enterprise. Tese policies determine which users have access to which resources based on factors such as the role of the user, the type of data or application being accessed, and the kind of device being used. Te proposed mechanism is designed to analyze log entries that encompass the status of user requests for each role in order to identify over-and under-availability of resources as per the access control policies defned by the enterprise. Tis analysis is intended to lead to the redefnition of access control policies in order to increase overall resource utilization and optimal availability of resources to enterprise users. Te mechanism is described in detail, including a state transition diagram and table that depict its behaviour. Te authors explain that the mechanism enhances operational capabilities by reducing overallocation and under-allocation of resources to roles. Te reports generated by the mechanism can also aid in decision making about the need for additional instances of resources

28
Journal of Electrical and Computer Engineering and identify resources that are no longer needed or not frequently used. Overall, the proposed mechanism is intended to improve the utilization of computing resources in an enterprise by dynamically redefning access control policies based on user requests and role profles. By increasing the availability of resources to users and roles that need them and reducing over-allocation and under-allocation, the mechanism is expected to lead to improved operational capabilities with less number of resources and increased overall resource utilization.

Data Availability
Te results presented in this study are based on simulations. Te underlying data used to support the fndings of this study are available from the corresponding author upon request.

Conflicts of Interest
Te authors declare that they have no conficts of interest.