یک مدل کنترل دسترسی برای رایانش ابری

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security requirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Mandatory Access Control (MAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil cloud's access control requirements. This is because cloud computing has a diverse set of users with different sets of security requirements. It also has unique security challenges such as multi-tenant hosting and heterogeneity of security policies, rules and domains. This paper presents a detailed access control requirement analysis for cloud computing and identifies important gaps, which are not fulfilled by conventional access control models. This paper also proposes an access control model to meet the identified cloud access control requirements. We believe that the proposed model can not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permission to the same cloud user and gives him/her the ability to use multiple services securely.