摘要
Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control require- ments in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation re- sults is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate tech- nique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumer- ate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge - access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorpo- rate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple accesscontrol models.
Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control require- ments in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation re- sults is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate tech- nique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumer- ate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge - access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorpo- rate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple accesscontrol models.