Design Role-Based Multi-tenancy Access Control Scheme for Cloud Services
Cloud Computing is the next generation Internet service and data center, and it is also used for public utilities and on-demand computing. Cloud computing is not a totally new technology, but rather a derived concept of application and service innovation in which, multi-tenancy is one of the important issues among the core technologies of cloud computing applications. Many tenants can access the different applications and computing resources in the same cloud server, whereas concurrent use by many users on a database or application will lead to large data volume, time consuming and security issues. Under these circumstances, it is particularly important to separate application and data for conflicts avoidance to enhance the system and data security. This paper emphasizes the cloud service model under a Multi-Tenant Architecture (MTA), using identity management and Role-Based Access Control, to propose and design a Role-Based Multi-Tenancy Access Control (RB-MTAC). The RB-MTAC applies identity management to determine the user's identity and applicable roles, since different users possess different functional roles with respective privileges for processing. Such role-based assignments can easily and efficiently manage a user's access rights to achieve application independence and data isolation for improving the processing performance of cloud multi-tenant services and hardening the security and privacy of cloud applications.