A multi-tenant usage access model for cloud computing

Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures. It offers tremendous advantages for enterprises and service providers. It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service. To realize access control in a multi-tenant cloud computing environment, this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants. The model consists of three sub-models, which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios. With an established trust relation in MT-UCON (Multi-tenant Usage Access Control), the trustee can precisely authorize cross-tenant accesses to the trustor's resources consistent with constraints over the trust relation and other components designated by the trustor. In addition, the security of the model is analyzed by an information flow method. The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants. © 2020 Tech Science Press. All rights reserved.