Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Bo Tang,Ravi Sandhu,Qi Li

DOI: https://doi.org/10.1002/cpe.3446

2013-01-01

Abstract:The cloud service model intrinsically caters to multiple tenants, most obviously in public clouds but also in private clouds for large organizations. Currently most cloud service providers (CSPs) isolate user activities and data within a single tenant boundary with no or minimum cross-tenant interaction. It is anticipated that this situation will evolve soon to foster cross-tenant collaboration supported by Authorization as a Service (AaaS). At present there is no widely accepted model for cross-tenant authorization. Recently, Calero et al [12] informally presented a multi-tenancy authorization system (MTAS) which extends the well-known role-based access control (RBAC) model by building trust relations among collaborating tenants. In this paper we formalize this MTAS model and propose extensions for finer-grained cross-tenant trust. We also develop an administration model for MTAS (AMTAS). We demonstrate the utility and practical feasibility of MTAS by means of an example policy specification in XACML. We anticipate researchers will develop additional multi-tenant authorization models before eventual consolidation and unification.

Mei Hui,Dawei Jiang,Guoliang Li,Yuan Zhou

DOI: https://doi.org/10.1109/icde.2009.82

2009-01-01

Abstract:Multi-tenant data management is a form of software as a service (SaaS), whereby a third party service provider hosts databases as a service and provides its customers with seamless mechanisms to create, store and access their databases at the host site. One of the main problems in such a system, as we shall discuss in this paper, is scalability, namely the ability to serve an increasing number of tenants without too much query performance degradation. A promising way to handle the scalability issue is to consolidate tuples from different tenants into the same shared tables. However, this approach introduces two problems: 1) The shared tables are too sparse. 2)Indexing on shared tables is not effective. To resolve the problems, we propose a multi-tenant database system called M-Store, which provides storage and indexing services for multi-tenants. To improve the scalability of the system, we develop two techniques in M-Store: bitmap interpreted tuple (BIT) and multi-separated index (MSI). BIT is efficient in that it does not store NULLs from unused attributes in the shared tables and MSI provides flexibility since it only indexes each tenant's own data on frequently accessed attributes. We extended MySQL based on our proposed design and conducted extensive experiments. The experimental results show that our proposed approach is a promising multi-tenancy storage and indexing scheme which can be easily integrated into existing DBMS.

Tang Bo,Li Qi,Sandhu Ravi

DOI: https://doi.org/10.1109/PST.2013.6596058

2013-01-01

Abstract:Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures. In this setting, a tenant temporarily uses a piece of virtually dedicated software, platform, or infrastructure. To fully benefit from the cloud, tenants are seeking to build controlled and secure collaboration with each other. In this paper, we propose a Multi-Tenant Role-Based Access Control (MT-RBAC) model family which aims to provide fine-grained authorization in collaborative cloud environments by building trust relations among tenants. With an established trust relation in MT-RBAC, the trustee can precisely authorize cross-tenant accesses to the truster's resources consistent with constraints over the trust relation and other components designated by the truster. The users in the trustee may restrictively inherit permissions from the truster so that multi-tenant collaboration is securely enabled. Using SUN's XACML library, we prototype MT-RBAC models on a novel Authorization as a Service (AaaS) platform with the Joyent commercial cloud system. The performance and scalability metrics are evaluated with respect to an open source cloud storage system. The results show that our prototype incurs only 0.016 second authorization delay for end users on average and is scalable in cloud environments.

Fei Liu,Jing Wang,Hongtao Bai,Huiping Sun

DOI: https://doi.org/10.1109/ITNG.2015.34

2015-01-01

Abstract:As cloud computing technology develops rapidly, more convenience has been brought to users by various cloud providers with various cloud services. However, difficulty of management, especially when different access control protocols and personal information involved, has become one of barriers that inhibit the development process of cloud technology. In this paper, a user-centered ID MaaS (Identity Management as a Service) is proposed combined with a novel access control model based on trust and risk evaluation. Besides, a format-preserving encryption (FPE) method is proposed as an auxiliary scheme guaranteeing the effectiveness of access control. ID MaaS offers a solution that effectively alleviates the difficulty of realizing unified management of users' identity and information among diverse cloud service providers.

SHEN Qing-ni,YANG Ya-hui,YU Xi,ZHANG Li-zhe,CHEN Zhong

2011-01-01

Abstract:Cloud Storage is a multi-tenancy shared environment,so achieving data separation between different users effectively in the platform has become one of issues most concerned by users.In this paper,we provide business users a flexible access control policy,which is built on top of RBAC(Role-based Access Control),combined with organization label and a variety of security attributes with logical combinations.First of all,it provides strict inter-enterprise data isolation on cloud storage,ensuring that business users could not access data which doesn't belong to their organization.Moreover,it provides proper separation of organization internal data.Business users could customize the policy flexibly according to their own security requirements,isolating data from different sectors or geographical area.Finally,the policy provides a mechanism for corporations to share data on cloud storage by introducing the concept of "virtual organization",and guarantee companies with the same conflict set of interest could not be allowed to share data through traditional Chinese Wall Policy.This paper presents the design and implementation of a prototype based Hadoop distributed file system(HDFS),including security label,security policy,security decision module,enforcement procedure of security decision and user command interface.Then it analyzes the effectiveness and performance of the security mechanisms with experiments.The result shows that the policy meets the security requirement well and loss of system run-time performance is within an acceptable range.

XL Li,ZW Xu,XW Liu,N Yang

DOI: https://doi.org/10.1109/wi.2003.1241240

2003-01-01

Abstract:It is a challenge to integrate and share resources securely across multiple autonomous administrative domains environment. We introduce the community-based model of vega enterprise information grid and its operation mechanism. The individuals and/or institutes forming different communities can not only implement diverse policies and autonomous management of resource sharing without any impact on the other communities, but also achieve a globally shared goal. Based on the model, the access control technique, including framework and uniform formalizing, is presented in detail. The static or dynamic role binding is used for entitling user's request for accessing resources within or across communities, which ensures a globally unified view for user. A prototype describes how these techniques are useful in building an enterprise information grid. The evaluation and future continuing works are presented in the conclusion.

Pengfei Sun,Qingni Shen,Liang Gu,Yangwei Li

DOI: https://doi.org/10.1109/anthology.2013.6784967

2013-01-01

Abstract:Virtualization technologies enable multi-tenancy cloud business models by providing a scalable, shared resource platform for all tenants. Computing capacity, storage, and network are shared between multi-tenants. However, placing different customers' workloads on the same virtualization platform may lead to security vulnerabilities, which include the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure. The co-location of many customers inevitably causes conflict for the cloud provider as customers' communication security requirements are likely to be divergent from each other. In this paper, we introduce Multi-lateral Security concept to multi-tenancy cloud platform. It is difficult to analyze policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable effects. We present the Multilateral Security Architecture for Virtualization platform (VPMS) which enables the multilateral security for consumers.

Khalid Zaman Bijon,Ram Krishnan,Ravi Sandhu

DOI: https://doi.org/10.1007/978-3-319-11698-3_4

2014-01-01

Abstract:Datacenters for cloud infrastructure-as-a-service (IaaS) consist of a large number of heterogeneous virtual resources, such as virtual machines (VMs) and virtual local area networks (VLANs). It takes a complex process to manage and arrange these virtual resources to build particular computing environments. Misconfiguration of this management process increases possibility of security vulnerability in this system. Moreover, multiplexing virtual resources of disjoint customers upon same physical hardware leads to several security concerns, such as cross-channel and denial-of-service attacks. Trusted Virtual Datacenter (TVDc) is a commerical product which informally presents a process to manage strong isolation among these virtual resources in order to mitigate these issues. In this paper, we formally represent this TVDc management model. We also develop an authorization model for the cloud administrative-user privilege management in this system.

Fujun Feng,Chuang Lin,Dongsheng Peng,Junshan Li

DOI: https://doi.org/10.1109/HPCC.2008.37

2008-01-01

Abstract:In order to overcome the limitations in traditional access control models such as identity-based access control and meet the access requirements in distributed systems, we propose a Trust and Context based Access Control model called TCAC, it extends the traditional RBAC (role based access control) model with the notion of trust and context. Role assignment in TCAC is based on the trustworthiness and context information of users. The TCAC model is flexible, scalable, and well suitable for the dynamic and distributed systems. Then we provide a trust evaluation mechanism based on the local and global reputation to compute the trust value of a user in distributed system, which can avoid malicious nodes behave correctly in order to get the highest possible trust value. Finally an implementation framework of the access control system based on TCAC is described.

Yuding WANG,Jiahai YANG

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2017.26.059

2017-01-01

Abstract:The key cloud computing characteristics,such as data openness,elasticity,and sharing,complicate data access control.Traditional access control models cannot provide flexible,dynamic access control to large numbers of users with massive data files.This paper presents a data access control model based on the data's role and attribute for cloud computing.An attribute element is assigned to the data to provide role-based access control so that users can be assigned roles based on their own attributes and the tenant's attributes and current status,and can access data with different attributes.The paper illustrates the design of this model and the work processes and provides a theoretical security analysis.The results show that the model can provide dynamic,safe,fine grained access control for users accessing data in a cloud environment.

Kashyap Thimmaraju,Saad Hermak,Gábor Rétvári,Stefan Schmid

2024-03-04

Abstract:Multi-tenant cloud computing provides great benefits in terms of resource sharing, elastic pricing, and scalability, however, it also changes the security landscape and introduces the need for strong isolation between the tenants, also inside the network. This paper is motivated by the observation that while multi-tenancy is widely used in cloud computing, the virtual switch designs currently used for network virtualization lack sufficient support for tenant isolation. Hence, we present, implement, and evaluate a virtual switch architecture, MTS, which brings secure design best-practice to the context of multi-tenant virtual networking: compartmentalization of virtual switches, least-privilege execution, complete mediation of all network communication, and reducing the trusted computing base shared between tenants. We build MTS from commodity components, providing an incrementally deployable and inexpensive upgrade path to cloud operators. Our extensive experiments, extending to both micro-benchmarks and cloud applications, show that, depending on the way it is deployed, MTS may produce 1.5-2x the throughput compared to state-of-the-art, with similar or better latency and modest resource overhead (1 extra CPU). MTS is available as open source software.

Cryptography and Security,Networking and Internet Architecture

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/icc.2011.5963329

2011-01-01

Communications

Abstract:The rapid development of applications running on global information infrastructure poses the problem of securing information sharing among domain collaborations. Existing access control models are defective in dynamic authorization based on user's trustworthiness and do not take full advantages of the infrastructure in implementing access control system. In this work, we propose a trust and role based access control model and the corresponding framework in infrastructure-centric environment. With the extension to RBAC model, trust level requirements, which dictate that the roles in the privilege context must be activated by the trustworthy user, can be specified. The comprehensive trust model, which calculates the user's trust level in multiple trust contexts based on behavior histories, is proposed. Moreover, by taking advantages of the infrastructure services, our scheme is flexible and scalable in that system administrators are free to choose custom scoring functions while the infrastructure trust evaluation services are relieved of the heavy burdens of history record maintenance and trust level update.

Quratulain Alam,Saif U. R. Malik,Adnan Akhunzada,Kim-Kwang Raymond Choo,Saher Tabbasum,Masoom Alam

DOI: https://doi.org/10.1109/tifs.2016.2646639

IF: 7.231

2017-06-01

IEEE Transactions on Information Forensics and Security

Abstract:Sharing of resources on the cloud can be achieved on a large scale, since it is cost effective and location independent. Despite the hype surrounding cloud computing, organizations are still reluctant to deploy their businesses in the cloud computing environment due to concerns in secure resource sharing. In this paper, we propose a cloud resource mediation service offered by cloud service providers, which plays the role of trusted third party among its different tenants. This paper formally specifies the resource sharing mechanism between two different tenants in the presence of our proposed cloud resource mediation service. The correctness of permission activation and delegation mechanism among different tenants using four distinct algorithms (activation, delegation, forward revocation, and backward revocation) is also demonstrated using formal verification. The performance analysis suggests that the sharing of resources can be performed securely and efficiently across different tenants of the cloud.

Wenbo Su,Qu Liu,Chuang Lin,Sherman Shen

DOI: https://doi.org/10.1109/icccn.2015.7288430

2015-01-01

Abstract:Software as a Service (SaaS) has become an important application development and service delivery model. Among different architectures, multi-tenant architecture (MTA) not only has advantage on maintenance, but also increases resource utilization by sharing instances. However, sharing instances brings challenges to the security of the service. As one of the three principal properties of the security, availability receives more and more attentions. Recently, there are extensive efforts on technical methods to implement a secure multi-tenant SaaS, but few works on the modeling and analysis of its availability. In this paper, we firstly present the availability issues of the multi-tenant SaaS. Two important mechanisms to implement the MTA SaaS are then introduced: network isolation and database sharing. After that, a stochastic Petri net (SPN) model is developed to analyze the availability. Specific metrics are proposed to measure the availability both from the aspects of the system and the tenant. To extend the SPN model for large scale analysis, we solve the state space explosion problem of SPN model based on the theory of Markov chain aggregation. Finally, numerical results are provided to demonstrate the effectiveness of the SPN model and the analysis is efficient.

Jiawei Ye,Huang Lu,Kazuhiro Maeda

DOI: https://doi.org/10.1109/apnoms.2016.7737282

2016-01-01

Abstract:When a cloud scales out to a large size, the cloud network potentially extends to a multi-domain structure, and needs to keep its scalability, consistency and flexibility. Software-Defined Networking (SDN) provides the technical possibility to realize the requirements. However, the existing studies of SDN focus on the perspective of network builders and managers, different from the perspective of network consumers, that will possibly cause some limitations. In this paper, we present the design of TOCA, a Tenant-Oriented Control Architecture for software-defined cloud networks. TOCA has a flat decentralized control plane structure to provide high scalability of a large-scale cloud network, in which a tenant-oriented network control mechanism is dedicated to meet the needs of consistent management in a multi-domain cloud network. Different from existing fine-gained network control method, TOCA provides abstracted network elements to describe the network communication requirements, and uses network control messages to control the network behaviors instead of the OpenFlow protocol. In this way, TOCA supports a flexible approach for tenants to define their own logical networks to meet the needs of their applications.

LI Chang-cheng,LIU Cheng-ying,HONG Ming-song,CAI Wei

DOI: https://doi.org/10.3969/j.issn.1006-5911.2005.03.008

2005-01-01

Computer Integrated Manufacturing Systems

Abstract:Based on study of the role-based access control (RBAC) model and the team-based access control (TMAC) model, combined with the characteristics of the technological process information management, an object-based multi-subject access control model was proposed. In this model, object's access control strategy could be inherited through the object's inheritance hierarchies and the type of access subject was expanded to more types. The model implemented a fine-grained security administration at the level of individual users and individual objects. And the access permissions were assigned effectively and were easy to be expressed. As an active security model, it considered the context of objects and users when activating the permissions. Finally, an application example was introduced to prove the feasibility and advantages of this model.

Jonathan K. Adams,Basheer N. Bristow

DOI: https://doi.org/10.48550/arXiv.cs/0603085

2006-03-22

Cryptography and Security

Abstract:Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon a user's hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or company, basic RBAC requires these hierarchies to be effectively merged. Specific roles that effectively represent both the user's organizations and roles must be translated to fit within the merged hierarchy to be used to control access. Essentially, users from multiple organizations are served from a single role base with roles designed to constrain their access as needed. Our work proposes, through parameterized roles and privileges, a means for accurately representing both users' roles within their respective hierarchies for providing access to controlled objects. Using this method will reduce the amount of complexity required in terms of the number of roles and privileges. The resulting set of roles, privileges, and objects will make modeling and visualizing the access role hierarchy significantly simplified. This paper will give some background on role based access control, parameterized roles and privileges, and then focus on how RBAC with parameterized roles and privileges can be leveraged as an access control solution for the problems presented by joint tenancy.

Mang Su,Anmin Fu,Yan Yu,Guozhen Shi

DOI: https://doi.org/10.1109/trustcom.2016.0299

2016-01-01

Abstract:More and more people prefer to obtain information from cloud. Different users tend to access different resources they interested at anytime across different networks by a variety of equipments. As same as the traditional management of file, the lifecycle theory is still suitable the electronic data in cloud computing. Firstly, we analyze the motivation of access control in cloud, and summarize the security requirements for the data management in the whole lifecycle. Second, we propose a resource-centric dynamic adaptive access control model (RCDA), which is extended from the action-based access control (ABAC). RCDA is able to describe other access control models through the way of customization. Furthermore, we give the scheme for implementation of RCDA. Finally, we make the comparisons between the RCDA and other existing models, and the results indicate that RCDA is able to satisfy the security requirements for the whole lifecycle of data by adaptively adjusting the access control policies.

Miloš Simić,Jovana Dedeić,Milan Stojkov,Ivan Prokić

DOI: https://doi.org/10.1109/access.2024.3369031

IF: 3.9

2024-03-12

IEEE Access

Abstract:The micro cloud model offers cloud behavior at the edge of the network. It allows dynamic organization of the resources, closer to the users and the data. One of the crucial problems to solve is to design a proper cloud model at the edge of the network and offer cloud services that support multi-tenancy. This cloud property is a governing mechanism to lower cloud costs. It is essential for the scalability of both public and private clouds due to the utilization of shared resources and the logical separation of tenants. This paper presents the model for the creation of virtual clouds (vClouds) on physical infrastructure using a hierarchy of namespaces, with proper organization and redistribution of resources such as CPU, RAM, and storage, while preserving logical isolation between vClouds, thus creating a multi-tenant system. The presented model guarantees accurate resource redistribution through graph transformations to model operations, while the proposed protocols ensure correctness by employing multiparty session types for modeling. We extend the secure computing mode to establish an isolated system, allowing sandboxing rules for every namespace and creating hierarchies of security profiles. This advancement enables our model to inherit parent security profiles fully, extend them by adding child-specific elements, or redefine and create entirely new ones. Furthermore, the users can switch context, meaning they can change vCloud or the namespace they operate on.

computer science, information systems,telecommunications,engineering, electrical & electronic