Semantic-aware multi-tenancy authorization system for cloud architectures

Jorge Bernal Bernabe, Juan M. Marin Perez, Jose M. Alcaraz Calero, Felix J. Garcia Clemente, Gregorio Martinez Perez, Antonio F. Gomez Skarmeta

Research output: Contribution to journalArticle

Abstract

Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.
Original languageEnglish
Pages (from-to)154-167
Number of pages14
JournalFuture Generation Computer Systems
Volume32
DOIs
Publication statusPublished - 1 Mar 2014
Externally publishedYes

Keywords

  • Authorization system
  • Cloud computing
  • Multi-tenancy
  • Trust model
  • Semantic web

Cite this

Bernal Bernabe, J., Marin Perez, J. M., Alcaraz Calero, J. M., Garcia Clemente, F. J., Martinez Perez, G., & Gomez Skarmeta, A. F. (2014). Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems, 32, 154-167. https://doi.org/10.1016/j.future.2012.05.011
Bernal Bernabe, Jorge ; Marin Perez, Juan M. ; Alcaraz Calero, Jose M. ; Garcia Clemente, Felix J. ; Martinez Perez, Gregorio ; Gomez Skarmeta, Antonio F. / Semantic-aware multi-tenancy authorization system for cloud architectures. In: Future Generation Computer Systems. 2014 ; Vol. 32. pp. 154-167.
@article{02491707b96b4e11aa25daef1267b5d4,
title = "Semantic-aware multi-tenancy authorization system for cloud architectures",
abstract = "Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.",
keywords = "Authorization system, Cloud computing, Multi-tenancy, Trust model, Semantic web",
author = "{Bernal Bernabe}, Jorge and {Marin Perez}, {Juan M.} and {Alcaraz Calero}, {Jose M.} and {Garcia Clemente}, {Felix J.} and {Martinez Perez}, Gregorio and {Gomez Skarmeta}, {Antonio F.}",
year = "2014",
month = "3",
day = "1",
doi = "10.1016/j.future.2012.05.011",
language = "English",
volume = "32",
pages = "154--167",
journal = "Future Generation Computer Systems",
issn = "0167-739X",
publisher = "Elsevier B.V.",

}

Bernal Bernabe, J, Marin Perez, JM, Alcaraz Calero, JM, Garcia Clemente, FJ, Martinez Perez, G & Gomez Skarmeta, AF 2014, 'Semantic-aware multi-tenancy authorization system for cloud architectures' Future Generation Computer Systems, vol. 32, pp. 154-167. https://doi.org/10.1016/j.future.2012.05.011

Semantic-aware multi-tenancy authorization system for cloud architectures. / Bernal Bernabe, Jorge; Marin Perez, Juan M.; Alcaraz Calero, Jose M.; Garcia Clemente, Felix J.; Martinez Perez, Gregorio; Gomez Skarmeta, Antonio F.

In: Future Generation Computer Systems, Vol. 32, 01.03.2014, p. 154-167.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Semantic-aware multi-tenancy authorization system for cloud architectures

AU - Bernal Bernabe, Jorge

AU - Marin Perez, Juan M.

AU - Alcaraz Calero, Jose M.

AU - Garcia Clemente, Felix J.

AU - Martinez Perez, Gregorio

AU - Gomez Skarmeta, Antonio F.

PY - 2014/3/1

Y1 - 2014/3/1

N2 - Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.

AB - Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.

KW - Authorization system

KW - Cloud computing

KW - Multi-tenancy

KW - Trust model

KW - Semantic web

U2 - 10.1016/j.future.2012.05.011

DO - 10.1016/j.future.2012.05.011

M3 - Article

VL - 32

SP - 154

EP - 167

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

SN - 0167-739X

ER -

Bernal Bernabe J, Marin Perez JM, Alcaraz Calero JM, Garcia Clemente FJ, Martinez Perez G, Gomez Skarmeta AF. Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems. 2014 Mar 1;32:154-167. https://doi.org/10.1016/j.future.2012.05.011