Semantic-aware multi-tenancy authorization system for cloud architectures

Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there a...

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2014-03, Vol.32, p.154-167
Main Authors: Bernal Bernabe, Jorge, Marin Perez, Juan M., Alcaraz Calero, Jose M., Garcia Clemente, Felix J., Martinez Perez, Gregorio, Gomez Skarmeta, Antonio F.
Format: Article
Language:English
Subjects:
Authorization system
Cloud computing
Multi-tenancy
Semantic web
Trust model
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results. ► Advanced multi-tenancy authorization system. ► Advanced features such as RBAC, hierarchical-RBAC and conditional-RBAC. ► Novel trust model proposed enabling a federated cloud environment. ► Implementation for OpenStack has validated the proposal. ► Performance statistics of the system integrated in OpenStack has been proposed.
ISSN:0167-739X
1872-7115
DOI:10.1016/j.future.2012.05.011