Abstract

Cloud Computing is developed as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources that are generally referred to as infrastructure services. Most of currently available commercial cloud services are built and organized reflecting simple relations between single provider and customers with the simple security and trust model. New architectural models should deliver multi-provider heterogeneous cloud services environments to organizational customers representing multiple user groups. These models need to be enforced by consistent security services operating in virtualized multi-provider cloud environment. They should incorporate complex access control mechanisms and trust relations among cloud actors. In this paper, we analyze cloud services provisioning use-cases and propose an access control model for multi-tenant cloud services using attribute-based access control model. We also extend the model for Intercloud scenarios with the exchanging tokens approach. To facilitate attribute-based policy evaluation and implementing the proposed model, we apply an efficient mechanism to transform complex logical expressions in policies to compact decision diagrams. Our prototype of the multi-tenant attribute-based access control system for Intercloud is developed, tested and integrated into the GEYSERS project. Evaluations prove that our approach has a good performance in terms of numbers of cloud resources and numbers of clients.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.