Scalable Multi-Tenant Authorization in Highly-Collaborative Cloud Applications

Samy Gerges, Sherif Khattab, Hesham Hassan, Fatma A Omara


Collaborative applications have lately gained extra momentum due to two recent phenomena: data explosion and cloud computing. With more and more data and applications being hosted in the ''cloud'', it becomes easier for organizations with varying levels of mutual trust to share and collaborate over resources. However, a pressing challenge remains with the need of each organization to control access to its resources. Authorization, usually implemented as role-based access control (RBAC), has been recently proposed as a consolidated, multi-tenant cloud service, whereby RBAC rules of the collaborating organizations are stored centrally with a trusted authorization provider to mask heterogeneity and to simplify management. A critical factor to the success of such aggregating approach to access control is the scalability of the rule store to the number of collaborating organizations and to the degree of collaboration. In this paper, we focus on the scalability of the online rule store, that is, the set of rules that are checked with every authorization request, and thus, needs to reside in fast storage (e.g., main memory). We propose an authorization system that scales well to the degree of collaboration and call our system highly-collaborative authorization service (HCAS). HCAS is based on role mapping, a well-known RBAC technique that maps roles across collaborating organizations. HCAS replaces the inter-domain RBAC rules with a more scalable set of role-mapping tuples. Using simulation, we show that HCAS achieves super-linear savings in the size of online rule store. HCAS exhibits a favorable behavior of a slightly decreasing rule set with increasing degree of collaboration in highly collaborative settings. Scalability of online memory in RBAC multi-tenant authorization systems enables efficient software and hardware implementations.

Full Text:

Total views : 0 times


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.