Security for Cross-Tenant Access Control in Cloud Computing

Security for Cross-Tenant Access Control in Cloud Computing

Pramod P. Pillai, Venkataratnam P., Siva Yellampalli
Copyright: © 2020 |Pages: 35
DOI: 10.4018/978-1-7998-1082-7.ch003
(Individual Chapters)
No Current Special Offers


Cloud computing is becoming a de facto standard for most of the emerging technology solutions. In a typical cloud environment, various tenants purchase the compute, storage resource, and would be sharing the resource with other tenants. Sharing of the resources among various tenants is not popular due to the security concerns. There are few solutions that try to solve the security problem of resource sharing among tenants. Having a trusted mediator between multiple tenants is one of the methods. Few research papers have been written, and this chapter attempts to enhance one of the published solutions: Cross-tenant access control model for cloud computing. Most of the existing research papers explore the theoretical way to solve the problem. This project develops a working prototype and proves how resource sharing can be achieved. This research develops the concept of resource sharing activation, where the resource can be shared with multiple cloud tenant and the deactivation where the shared resources can be removed from the shared resource pool.
Chapter Preview

Problem Definition

There are many solutions for sharing resources in a public cloud infrastructure with each solution has its own limitation. The design by Quratulain Alamet et al in the paper titled A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specification and Verification (Alam et al, 2017) proposed many improved in the existing resource sharing mechanism in the public cloud infrastructure. But this paper has few limitations and has opportunities to improvement. The current work improvises on the work conducted by Quratulain Alam et al. The area identified for improvement are as follows

  • 1.

    Reduce the messaging between the tenants to share given resource.

  • 2.

    Share the resource only for a predefined time rather than sharing it forever.

  • 3.

    The resources that are shared are encrypted.


Chapter Outline

This chapter provides the detailed description on steps, methods and procedures followed for the execution of the designee, comparison of different parameters and the complete physical design implementation. This chapter has four sections and short description of each section is mentioned below,

Section 1 discusses the Literature survey,

Section 2 details the system architecture of the system and requirement specification.

Section 3 explores the design options that were explored for the various sub-system design.

Section 4 explains the verification aspect.

Key Terms in this Chapter

Authorization: In computing world authorization refers to specifying access rights/privileges to computing resources.

Cloud Computing: It defined as on demand availability of computing resources, like data storage and computing power, without direct active management by the user.

HTTP (HyperText Transfer Protocol): Is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the world wide web.

RBAC (Role-Based Access Control): Is a method of limiting access to computing resource based on the roles of individual users within an organization.

SFTP: Secure file transfer protocol.

Authentication: It is a process of verifying a user’s identity. In simple mechanism, this involves using a username and password to prove one identity. In complex system, certificates, images can be used to prove one's identity.

CSP (Cloud Service Provider): Is a company that offers some component of cloud computing—typically infrastructure as a service (IaaS), software as a service (SaaS), or platform as a service (PaaS)—to other businesses or individuals.

SAML (Security Assertion Markup Language): Is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Complete Chapter List

Search this Book: