Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2015: Network and System Security pp 206–220Cite as

MT-ABAC: A Multi-Tenant Attribute-Based Access Control Model with Tenant Trust

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Abstract

A major barrier to the adoption of cloud Infrastructure-as-a-Service (IaaS) is collaboration, where multiple tenants engage in collaborative tasks requiring resources to be shared across tenant boundaries. Currently, cloud IaaS providers focus on multi-tenant isolation, and offer limited or no cross-tenant access capabilities in their IaaS APIs. In this paper, we present a novel attribute-based access control (ABAC) model to enable collaboration between tenants in a cloud IaaS, as well as more generally. Our approach allows cross-tenant attribute assignment to provide access to shared resources across tenants. Particularly, our tenant-trust authorizes a trustee tenant to assign its attributes to users from a trustor tenant, enabling access to the trustee tenant’s resources. We designate our multi-tenant attribute-based access control model as MT-ABAC. Previously, a multi-tenant role-based access control (MT-RBAC) model has been defined in the literature wherein a trustee tenant can assign its roles to users from a trustor tenant. We demonstrate that MT-ABAC can be configured to enforce MT-RBAC thus subsuming it as a special case.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amazon AWS. http://aws.amazon.com/es/ec2

  2. OpenStack. http://www.openstack.org/

  3. Abdallah, A.E., Khayat, E.J.: A formal model for parameterized role-based access control. In: Dimitrakos, T., Martinelli, F. (eds.) FAST 2005. IFIP, vol. 173, pp. 233–246. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proc. of Annual Conf. on Comp. Sec. Applications (ACSAC), pp. 168–176. IEEE (2000)

    Google Scholar 

  5. Coyne, E., Weil, T.R.: ABAC and RBAC: Scalable, flexible, and auditable access management. IT Professional 3, 14–16 (2013)

    Article  Google Scholar 

  6. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  7. Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Freudenthal, E., Pesin, T., et al.: dRBAC: distributed role-based access control for dynamic coalition environments. In: Proc. of ICDCS, pp. 411–420. IEEE (2002)

    Google Scholar 

  9. Hu, V.C., Ferraiolo, D., et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800, 162 (2014)

    Google Scholar 

  10. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 2, 85–88 (2015)

    Article  Google Scholar 

  11. Jin, X., Krishnan, R., Sandhu, R.S.: A unified attribute-based access control model covering DAC, MAC and RBAC. DBSec 12, 41–55 (2012)

    Google Scholar 

  12. Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 6, 79–81 (2010)

    Article  Google Scholar 

  14. Kurmus, A., Gupta, M., Pletka, R., Cachin, C., Haas, R.: A comparison of secure multi-tenancy architectures for filesystem storage clouds. In: Kon, F., Kermarrec, A.-M. (eds.) Middleware 2011. LNCS, vol. 7049, pp. 471–490. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Li, Q., Zhang, X., Xu, M., Wu, J.: Towards secure dynamic collaborations with group-based RBAC model. Computers & Security 28(5), 260–275 (2009)

    Article  Google Scholar 

  16. Mell, P., Grance, T.: The NIST definition of cloud computing (2011)

    Google Scholar 

  17. Pustchi, N., Krishnan, R., Sandhu, R.: Authorization federation in IaaS multi cloud. In: Proc. of Security in Cloud Computing, pp. 63–71. ACM (2015)

    Google Scholar 

  18. Sandhu, R.: The authorization leap from rights to attributes: maturation or chaos? In: Proc. of SACMAT, pp. 69–70. ACM (2012)

    Google Scholar 

  19. Sandhu, R.S.: Lattice-based access control models. Computer 26(11), 9–19 (1993)

    Article  Google Scholar 

  20. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  21. Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Communications Magazine 32(9), 40–48 (1994)

    Article  Google Scholar 

  22. Smari, W.W., Clemente, P., Lalande, J.-F.: An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system. Future Generation Computer Systems 31, 147–168 (2014)

    Article  Google Scholar 

  23. Tang, B.: Multi-Tenant Access Control for Cloud Services. PhD thesis, University of Texas at San Antonio (2014)

    Google Scholar 

  24. Tang, B., Sandhu, R.: Cross-tenant trust models in cloud computing. In: Proc. of Int. Conf. IRI, pp. 129–136. IEEE (2013)

    Google Scholar 

  25. Tang, B., Sandhu, R.: Extending openstack access control with domain trust. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 54–69. Springer, Heidelberg (2014)

    Google Scholar 

  26. Tang, B., Sandhu, R., Li, Q.: Multi-tenancy authorization models for collaborative cloud services. In: Proc. of CTS, pp. 132–138. IEEE (2013)

    Google Scholar 

  27. Yong, J., Bertino, E., Roberts, M.T.D.: Extended RBAC with role attributes. In: Proc. of PACIS, pages 457–469 (2006)

    Google Scholar 

  28. Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proc. of SACMAT, pp. 149–157. ACM (2003)

    Google Scholar 

  29. Zhang, Z., Zhang, X., Sandhu, R.: ROBAC: Scalable role and organization based access control models. In: Proc. of CollaborateCom, pp. 1–9. IEEE (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Cyber Security, Department of Computer Science, University of Texas San Antonio, One UTSA Circle, San Antonio, TX, 78249, USA

    Navid Pustchi & Ravi Sandhu

Authors
  1. Navid Pustchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ravi Sandhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Navid Pustchi .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Pustchi, N., Sandhu, R. (2015). MT-ABAC: A Multi-Tenant Attribute-Based Access Control Model with Tenant Trust. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation