| With the development of cloud computing,multi-tenant technique is widely used in various cloud systems.The adoption of the new technique has brought new security challenges,how to gain efficiency,fine-grained access control is one of the most important ones.Access control is used to prevent data access from an illegal user.Traditional access control model is pre-assigned model,which can provide protection to data access in a closed system,but cannot fit the dynamic cloud environment.There are two kinds of access in multi-tenant environment:one is inner-tenant access.Another is cross-tenant access.So multi-tenant access control should support cross-tenant access on the basis of tenant isolation.In this article,we proposed Multi-tenant Usage Control Model,and an enforcement framework for MT-UCON,besides we realized a prototype system to verify our model.Our main contributions in this paper are as follows:1)By analyzing security requirement under multi-tenant environment.We proposed MT-UCON model by extending basic UCON model.A new entity tenant was introduced to gain tenant isolation.Besides,we introduced the concept tenant-trust to support cross-tenant access scenario.Our model can provide fine-grained,continuous access control in a multi-tenant environment.2)We proposed a semi-distributed enforcement framework for MT-UCON.Decision point was divided into system decision point and tenant decision point.Duty of system and tenant are separated.This separation simplified access process in multi-tenant environment,and promotes the scalability of the whole system.3)We realized a prototype system of MT-UCON,and verified the correctness of our model and framework through system benchmarks. |
PDF Full Text Request