This Article 
 Bibliographic References 
 Add to: 
A Distributed Access Control Architecture for Cloud Computing
March-April 2012 (vol. 29 no. 2)
pp. 36-44
Abdulrahman A. Almutairi, Purdue University
Muhammad I. Sarfraz, Purdue University
Saleh Basalamah, Umm Al-Qura University
Walid G. Aref, Purdue University
Arif Ghafoor, Purdue University
The large-scale, dynamic, and heterogeneous nature of cloud computing poses numerous security challenges. But the cloud's main challenge is to provide a robust authorization mechanism that incorporates multitenancy and virtualization aspects of resources. The authors present a distributed architecture that incorporates principles from security management and software engineering and propose key requirements and a design model for the architecture.

1. H. Takabi, J.B.D. Joshi, and G.-J. Ahn, "Security and Privacy Challenges in Cloud Computing Environments," IEEE Security & Privacy, vol. 8, no. 6, 2010, pp. 24–31.
2. T. Ristenpart et al., "Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds," Proc. 16th ACM Conf. Computer and Communications Security (CCS 09), ACM, 2009, pp. 199–212.
3. D. Nurmi et al., "The Eucalyptus Open-Source Cloud-Computing System," Proc. 9th IEEE/ACM Int'l Symp. Cluster Computing and the Grid (CCGRID 09), IEEE CS, 2009, pp. 124–131.
4. S. Berger et al., "Security for the Cloud Infrastructure: Trusted Virtual Data Center Implementation," IBM J. Research and Development, vol. 53, no. 4, 2009, pp. 560–571.
5. J.M. Alcaraz Calero et al., "Toward a Multitenancy Authorization System for Cloud Services," IEEE Security & Privacy, vol. 8, no. 6, 2010, pp. 48–55.
6. R. Bhatti, E. Bertino, and A. Ghafoor, "X-Federate: A Policy Engineering Framework for Federated Access Management," IEEE Trans. Software Eng., vol. 32, no. 5, 2006, pp. 330–346.
7. J. Rushby, Noninterference, Transitivity, and Channel-Control Security Policies, tech. report CSL-92-02, Computer Science Lab, SRI Int'l, 1992.
8. B. Shafiq et al., "Secure Interoperation in a Multidomain Environment Employing RBAC Policies," IEEE Trans. Knowledge and Data Eng., vol. 17, no. 11, 2005, pp. 1557–1577.
9. D. Jackson, I. Schechter, and I. Shlyakhter, "ALCOA: The Alloy Constraint Analyzer," Proc. 22nd Int'l Conf. Software Eng., ACM, 2000, pp. 730–733.
10. S. Afzal, R. Maciejewski, and D.S. Ebert, "Visual Analytics Decision Support Environment for Epidemic Modeling and Response Evaluation," IEEE Conf. Visual Analytics Science and Technology (VAST 11), IEEE CS, 2011, pp. 191–200.

Index Terms:
software engineering, distributed access control, cloud computing, multitenancy, resource virtualization
Abdulrahman A. Almutairi, Muhammad I. Sarfraz, Saleh Basalamah, Walid G. Aref, Arif Ghafoor, "A Distributed Access Control Architecture for Cloud Computing," IEEE Software, vol. 29, no. 2, pp. 36-44, March-April 2012, doi:10.1109/MS.2011.153
Usage of this product signifies your acceptance of the Terms of Use.