A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specification and Verification

Sharing of resources on the cloud can be achieved on a large scale, since it is cost effective and location independent. Despite the hype surrounding cloud computing, organizations are still reluctant to deploy their businesses in the cloud computing environment due to concerns in secure resource sharing. In this paper, we propose a cloud resource mediation service offered by cloud service providers, which plays the role of trusted third party among its different tenants. This paper formally specifies the resource sharing mechanism between two different tenants in the presence of our proposed cloud resource mediation service. The correctness of permission activation and delegation mechanism among different tenants using four distinct algorithms (activation, delegation, forward revocation, and backward revocation) is also demonstrated using formal verification. The performance analysis suggests that the sharing of resources can be performed securely and efficiently across different tenants of the cloud.

[1]  Roberto Bruttomesso,et al.  The MathSAT 4SMT Solver , 2008, CAV.

[2]  Albert Oliveras,et al.  The Barcelogic SMT Solver , 2008, CAV.

[3]  Nor Badrul Anuar,et al.  Secure and dependable software defined networks , 2016, J. Netw. Comput. Appl..

[4]  Yongji Wang,et al.  Designing and Modeling of Covert Channels in Operating Systems , 2016, IEEE Transactions on Computers.

[5]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[6]  Kim-Kwang Raymond Choo,et al.  Cloud based data sharing with fine-grained proxy re-encryption , 2016, Pervasive Mob. Comput..

[7]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[8]  Kim-Kwang Raymond Choo Refuting security proofs for tripartite key exchange with model checker in planning problem setting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[9]  Joseph K. Liu,et al.  Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Kun Ma,et al.  Toward Fine-grained Data-level Access Control Model for Multi-tenant Applications , 2014 .

[11]  Dirk Grunwald,et al.  Jobber: Automating Inter-Tenant Trust in the Cloud , 2013, HotCloud.

[12]  Ximeng Liu,et al.  An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys , 2016, IEEE Transactions on Information Forensics and Security.

[13]  Athanasios V. Vasilakos,et al.  Formal Verification of the xDAuth Protocol , 2016, IEEE Transactions on Information Forensics and Security.

[14]  Josep Domingo-Ferrer,et al.  Cloud Cryptography: Theory, Practice and Future Research Directions , 2016, Future Gener. Comput. Syst..

[15]  Ravi S. Sandhu,et al.  Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud , 2015, 2015 IEEE International Conference on Information Reuse and Integration.

[16]  Ravi S. Sandhu,et al.  Cross-tenant trust models in cloud computing , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[17]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[18]  Yong Tang,et al.  Constructing authentication web in cloud computing , 2016, Secur. Commun. Networks.

[19]  Xiang-Yang Li,et al.  Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption , 2016, IEEE Transactions on Information Forensics and Security.

[20]  Samee Ullah Khan,et al.  DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party , 2017, IEEE Transactions on Cloud Computing.

[21]  Roberto Bruttomesso,et al.  The MathSAT 4 SMT Solver ( Tool Paper ) , 2008 .