Design And Implementation Of Hierarchical Multi-tenancy Collaborative Access Control System On E-Science Platform

E-Science is a global project to share scientific resources, aiming to provide collaboration among different scientific areas. Cloud computing is an important method to solve the resource sharing problem of e-Science. On the e-Science platform, lots of different scientific areas,or different groups of a research origanization coexist. Considering these scientific areas or research groups as tenants of different layers, we treat the collaboration and independent research of them as resource sharing and isolation among tenants. It is important to design a proper access control model to solve the scientific collaboration problem among tenants, and meanwhile keep their scientific privacy. Most existing access control models on cloud platforms only solve the multi-tenant sharing problems form cloud manager view, but the autonomy of each tenant and tenant collaboration on resources belonging to different owners are ignored.To solve the above problems, a sub tenancy collaborative access control model(STCAC) is designed. Different from the existing multi-tenancy access control models,STCAC emphasizes the resource sharing of tenants of different layers, and the collaboration between them. ARBAC access control model is used to provide resource sharing and isolation among tenants of different layers, and the task-role based access control model is used to solve the dynamic permission management of tenants' collaboration. Then, a third-party distributed access control center is designed,converting the access control requirements of e-Science platform to a set of the security policies, and at the same time, providing high concurrency for the multiple access control request of the platform. a loading balance algorithm on access control information is given out, which can decrease cross-node access control in the distributed system, and then improve efficiency.At last, a system prototype is designed and implemented, proving that this system can solve the problems of resource sharing and collaboration among tenants. A testing on thousands of tenants and resources access control data shows that load balanceing algorithm is effective, and can descrease the cross-node authorization checks on the distributed e-Science platfrom.