Unified Cloud Access Control Model for Cloud Storage Broker
- Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs.
Author details: | Muhammad Ihsan Haikal SukmanaORCiDGND, Kennedy A. TorkuraORCiD, Hendrik Graupner, Feng ChengGND, Christoph MeinelORCiDGND |
---|---|
DOI: | https://doi.org/10.1109/ICOIN.2019.8717982 |
ISBN: | 978-1-5386-8350-7 |
ISSN: | 1976-7684 |
Title of parent work (English): | 33rd International Conference on Information Networking (ICOIN 2019) |
Publisher: | IEEE |
Place of publishing: | Los Alamitos |
Publication type: | Other |
Language: | English |
Date of first publication: | 2019/05/20 |
Publication year: | 2019 |
Release date: | 2021/05/06 |
Tag: | Cloud Storage Broker; Cloud access control and resource management; Least privilege principle; Privilege separation concept; Role-based access control; Unified cloud model |
Number of pages: | 6 |
First page: | 60 |
Last Page: | 65 |
Funding institution: | Bundesdruckerei GmbH |
Organizational units: | An-Institute / Hasso-Plattner-Institut für Digital Engineering gGmbH |
DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 000 Informatik, Informationswissenschaft, allgemeine Werke |
Peer review: | Referiert |