M. Sukmana, K. Torkura, Hendrik Graupner, Feng Cheng, C. Meinel
{"title":"Unified Cloud Access Control Model for Cloud Storage Broker","authors":"M. Sukmana, K. Torkura, Hendrik Graupner, Feng Cheng, C. Meinel","doi":"10.1109/ICOIN.2019.8717982","DOIUrl":null,"url":null,"abstract":"Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs.","PeriodicalId":422041,"journal":{"name":"2019 International Conference on Information Networking (ICOIN)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Information Networking (ICOIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOIN.2019.8717982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Cloud Storage Broker (CSB) provides value-added cloud storage service for enterprise usage by leveraging multi-cloud storage architecture. However, it raises several challenges for managing resources and its access control in multiple Cloud Service Providers (CSPs) for authorized CSB stakeholders. In this paper we propose unified cloud access control model that provides the abstraction of CSP's services for centralized and automated cloud resource and access control management in multiple CSPs. Our proposal offers role-based access control for CSB stakeholders to access cloud resources by assigning necessary privileges and access control list for cloud resources and CSB stakeholders, respectively, following privilege separation concept and least privilege principle. We implement our unified model in a CSB system called CloudRAID for Business (CfB) with the evaluation result shows it provides system-and-cloud level security service for cfB and centralized resource and access control management in multiple CSPs.
云存储代理(CSB)通过利用多云存储架构为企业提供增值的云存储服务。然而,它为授权的CSB利益相关者在多个云服务提供商(csp)中管理资源及其访问控制提出了一些挑战。本文提出了统一的云访问控制模型,该模型对云服务提供商的服务进行了抽象,实现了云资源和访问控制在多个云服务提供商中的集中化和自动化管理。我们的方案遵循权限分离概念和最小权限原则,通过为云资源和CSB利益相关者分别分配必要的权限和访问控制列表,为CSB利益相关者访问云资源提供基于角色的访问控制。我们将该统一模型应用于一个名为CloudRAID for Business (CfB)的CSB系统中,评估结果表明它为CfB提供了系统级和云级的安全服务,并在多个csp中进行了集中的资源和访问控制管理。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
