This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Toward a Multi-Tenancy Authorization System for Cloud Services
November/December 2010 (vol. 8 no. 6)
pp. 48-55
Jose M. Alcaraz Calero, Hewlett-Packard Labs and the University of Murcia
Nigel Edwards, Hewlett-Packard Labs
Johannes Kirschnick, Hewlett-Packard Labs
Lawrence Wilcock, Hewlett-Packard Labs
Mike Wray, Hewlett-Packard Labs
Cloud computing presents new security challenges to control access to information in cloud services. This article describes an authorization model suitable for cloud computing that supports hierarchical role-based access control, path-based object hierarchies, and federation. The authors also present an authorization system architecture for implementing the model. In particular, they provide some technical implementation details, together with performance results from the prototype. They also describe security, privacy, and trust management aspects for the authorization system.

1. B. Hayes, "Cloud Computing," Comm. ACM, vol. 51, no. 7, 2008, pp. 9–11.
2. A. Lenk et al., "What's Inside the Cloud? An Architectural Map of the Cloud Landscape," Proc. Int'l Conf. Software Eng. (ICSE) Workshop on Software Eng. Challenges of Cloud Computing, IEEE CS Press, 2009, pp. 23–31.
3. R. Sandhu, D. Ferraiolo, and R. Kuhn, "The NIST Model for Role-Based Access Control: Towards a Unified Standard," Proc. 5th ACM Workshop Role-Based -Access Control, ACM Press, 2000, pp. 47–63.
4. D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and System Security, vol. 4, no. 3, 2001, pp. 224–274.
5. Q. Ni et al., "Privacy-Aware Role-Based Access Control," IEEE Security & Privacy, vol. 7, no. 4, 2009, pp. 35–43.
6. R.T. Fielding, "Architectural Styles and the Design of Network-Based Software Architectures," doctoral dissertation, Information and Computer Science Dept., Univ. of California, Irvine, 2000.
1. R. Chow et al., "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control," Proc. ACM Cloud Computing Security Workshop (CCSW), ACM Press, 2009, pp. 85–90.
2. A. Sangroya et al., "Towards Analyzing Data Security Risks in Cloud Computing Environments," Proc. Int'l Conf. Information Systems, Technology, and Management (ICISTM), Springer-Verlag, 2010, p. 255–265.
3. D. Nurmi et al., "The Eucalyptus Open-Source Cloud-Computing System," Proc. 9th IEEE/ACM Int'l Symp. Cluster Computing and the Grid, IEEE CS Press, 2009, pp. 124–131.
4. R.T. Fielding, "Architectural Styles and the Design of Network-Based Software Architectures," doctoral dissertation, Information and Computer Science Dept., Univ. of California, Irvine, 2000.
5. S. Berger et al., "Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation," IBM J. Resources & Developments, vol. 53, no. 4, 2009, p. 12.
6. X. Zhang et al., "Securing Elastic Applications on Mobile Devices for Cloud Computing," Proc. ACM Cloud Computing Security Workshop (CCSW), ACM Press, 2009, pp. 127–134.
7. C. Danwei, H. Xiuli, and R. Xunyi, "Access Control of Cloud Service Based on UCON," Proc. 1st Int'l Conf. Cloud Computing, LNCS 5931, Springer-Verlag, 2009, pp. 559–564.
8. R. Sandhu and J. Park, "Usage Control: A Vision for Next Generation Access Control," Mathematical Methods, Models, and Architectures for Network Security Systems, LNCS 2776, Springer-Verlag, 2003, p. 1731.
9. L. Hu et al., "Towards an Approach of Semantic Access Control for Cloud Computing," Proc. 1st Int'l Conf. Cloud Computing, LNCS 5931, Springer-Verlag, 2009, pp. 145–156.
10. S.D. Capitani et al., "Over-Encryption: Management of Access Control Evolution on Outsourced Data," Proc. Int'l Conf. Very Large Databases (VLDB), VLDB Endowment, 2007, pp. 123–134.
11. S. Yu et al., "Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing," Proc. 29th IEEE Int'l Conf. Computer Comm., IEEE Press, 2010, pp. 534–542.

Index Terms:
Cloud computing, security, privacy, authorization, role-based access control, hierarchical RBAC
Citation:
Jose M. Alcaraz Calero, Nigel Edwards, Johannes Kirschnick, Lawrence Wilcock, Mike Wray, "Toward a Multi-Tenancy Authorization System for Cloud Services," IEEE Security & Privacy, vol. 8, no. 6, pp. 48-55, Nov.-Dec. 2010, doi:10.1109/MSP.2010.194
Usage of this product signifies your acceptance of the Terms of Use.