Abstract: SaaS shared nature determines the importance of user’s trusted access behavior to cloud services. In the traditional access control model, once the users have been given a role, they will always have the privileges based the role. It lacks dynamic. For the above-mentioned points, this paper presents a dynamic access control model based on user’s behavior in SaaS. It is based on the traditional access control model and the analysis of the characteristics of user’s trusted behavior. The tenants in the model achieve a better control of the security domains. In addition, user groups and the scope of the data achieve a better control of the granularity. This reflects the flexibility of the access control to cloud service. Based on the evidence value during the user’s visit, this model uses fuzzy analytic hierarchy process to determine the trust level of the behavior. And then according to the sensitivity level, the privileges that the user can exercise will be determined ultimately. This reflects the dynamic. As the results showed, the access control model presented in this paper can respond to user’s illegal behavior quickly. At the same time, it is able to control legitimate access behavior effectively and ensuring the safety and reliability of cloud services.

Key words: user’s behavior, cloud-RBAC model, dynamic access control