Access Control for Hierarchical Joint-Tenancy
نویسندگان
چکیده
Basic role based access control [RBAC] provides a mechanism for segregating access privileges based upon users' hierarchical roles within an organization. This model doesn't scale well when there is tight integration of multiple hierarchies. In a case where there is joint-tenancy and a requirement for different levels of disclosure based upon a user's hierarchy, or in our case, organization or company, basic RBAC requires these hierarchies to be effectively merged. Specific roles that effectively represent both the users’ organizations and roles must be translated to fit within the merged hierarchy to be used to control access. Essentially, users from multiple organizations are served from a single role base with roles designed to constrain their access as needed. Our work proposes, through parameterized roles and privileges, a means for accurately representing both users' roles within their respective hierarchies for providing access to controlled objects. Using this method will reduce the amount of complexity required in terms of the number of roles and privileges. The resulting set of roles, privileges, and objects will make modeling and visualizing the access role hierarchy significantly simplified. This paper will give some background on role based access control, parameterized roles and privileges, and then focus on how RBAC with parameterized roles and privileges can be leveraged as an access control solution for the problems presented by joint tenancy.
منابع مشابه
Autonomous Decentralized Authorization and Authentication Management for Hierarchical Multi-Tenancy
Hierarchical multi-tenancy, which enables tenants to be divided into subtenants, is a flexible and scalable architecture for representing subsets of users and application resources in the real world. However, the resource isolation and sharing relations for tenants with hierarchies are more complicated than those between tenants in the flat Multi-Tenancy Architecture. In this paper, a hierarchi...
متن کاملSemantic-aware multi-tenancy authorization system for cloud architectures
Cloud Computing is an emerging paradigm to offer on demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift into the cloud. Some recent works provide access control models suitable for the cloud, however there are important shortages that need to be addressed in this field. This work presents a step forward...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds
A filesystem-level storage cloud offers network-filesystem access to multiple customers at low cost over the Internet. In this paper, we investigate two alternative architectures for achieving multi-tenancy securely and efficiently in such storage cloud services. They isolate customers in virtual machines at the hypervisor level and through mandatory access-control checks in one shared operatin...
متن کاملMulti Tenancy Access Control Using Cloud Service in MVC
Cloud Computing is the next generation Internet service and data center, and it is also used for public utilities and on-demand computing. Cloud computing is not a totally new technology, but rather a derived concept of application and service innovation in which, multi-tenancy is one of the important issues among the core technologies of cloud computing applications. Many tenants can access th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/cs/0603085 شماره
صفحات -
تاریخ انتشار 2006