Wireless Personal Communications

, Volume 84, Issue 3, pp 2119–2134 | Cite as

An Attribute-Role Based Access Control Mechanism for Multi-tenancy Cloud Environment

  • Nai Wei Lo
  • Ta Chih Yang
  • Ming Huang GuoEmail author


Because of the rapid development of software technology, many enterprises require more high-performance hardware to enhance their competitiveness. Cloud computing is the result of distributed computing, grid computing and is gradually being seen as the future solution to the companies. Cloud computing can virtualize existing software and hardware to reduce costs. Thus, enterprises only require high Internet bandwidth and devices to access cloud service on the Internet. This would decrease many overhead costs and reduce IT staff requirement. A cloud environment provider provides many companies to rent a cloud service simultaneously in the provider’s cloud, the technology is named multi-tenancy cloud service. However, how to access resource safely is an important topic if user want to adopt multi-tenancy cloud computing technology. The cloud-computing environment is vulnerable to network-related attacks. This research uses role-based access control authorization mechanism concept and combines it with attribute based access control to determine which tenant that user can access. The enhanced authorization mechanism can improve the safety of cloud computing services and protected the data secret.


Multi-tenancy Cloud computing Role-based access control Authorization Attribute 



The authors gratefully acknowledge the support from the Taiwan Information Security Center and the National Science Council, Taiwan, under the Grants Numbers NSC 102-2218-E-011-013.


  1. 1.
    Lee, X. H., Doll, T., Barbosu, M., Luque, A., & Wang, D. W. (2012). An enhancement of the role-based access control model to facilitate information access management in context of team collaboration and workflow. Journal of Biomedical Informatics, 45(6), 1084–1107.CrossRefGoogle Scholar
  2. 2.
    Liaw, H. T., Guo, M. H., Yang, T. C., & Yen, C. T. (2011). An authoirzation mechanism based on identity based token and RBAC for cloud environment. Journal of Innovation and Management, 8(3), 1–35.Google Scholar
  3. 3.
    Gruschka, N., & Jensen, M. (2010). Attack surfaces attacks on cloud services. In International conference on cloud computing.Google Scholar
  4. 4.
    Tang, L., Dong, J., Zhao, Y., & Zhang. L. J. (2008). Enterprise cloud service architecture. In International conference on cloud computing.Google Scholar
  5. 5.
    Sangroya, A., Kumar, S., Dhok, J., & Varma, V., (2010). Towards analyzing data security risks in cloud computing environments. In International conference on information systems, technology, and management.Google Scholar
  6. 6.
    Li, X. Y., Shi, Y., Guo, Y., & Ma, W. (2010). Multi-tenancy based access control in cloud. In International conference on computational intelligence and software engineering, 1–4.Google Scholar
  7. 7.
    Almutairi, A., Sarfraz, M., Basalamah, S., Aref, W., & Ghafoor, A. (2013). A distributed access control architecture for cloud computing. IEEE Software, 29(2), 36–44.CrossRefGoogle Scholar
  8. 8.
    Chong, F., Carraro, G., & Wolter, R. (2006). Multi-tenant data architecture. Accessed 27 June 2014.
  9. 9.
    Chu, H. C., Deng, D. J., Chao, H. C., & Huang, Y. M. (2009). Next generation of terrorism: Ubiquitous cyber terrorism with the accumulation of all intangible fears. Journal of Universal Computer Science, 15(12), 2373–2386.Google Scholar
  10. 10.
    Chu, H. C., Deng, D. J., Chao, H. C., & Huang, Y. M. (2011). An ontology-driven model for digital forensics investigations of computer incidents under the ubiquitous conputing environments. Wirless Personal Communications, 56(5), 5–19.Google Scholar
  11. 11.
    Tang, B., Li, Q., & Sandhu, R. (2013). A multi-tenant RBAC model for collaborative cloud services. In Eleventh annual conference on pirvacy and trust.Google Scholar
  12. 12.
    Gerges, S., Khattab, S., Hassan, H., & Omara, F. (2013). Scalable multi-tenant authorization in highly collaborative cloud applications. International Journal of Cloud Computing and Services Science, 2(2), 106–115.Google Scholar
  13. 13.
    Chiang, D. J., Wang, C. S., & Deng, D. J., (2014). Real-time data delivery using prediction mechanism in mobile environments. Wireless Personal Communications, 74(4), 1345–1362.Google Scholar
  14. 14.
    Guo, M. H., Deng, D. J., Liaw, H. T., & Park, J. H. (2014). An efficient route scheduling mechanism for WiMAX network. The Knowledge Engineering Review, 29(4), 452–462.Google Scholar
  15. 15.
    Deng D. J., Shu, L., & Kato, N. (2014). Digital forensics in mobile computing system and ubiquitous wireless networks. Security and Communication Networks, 7(12), 2492–2494.Google Scholar
  16. 16.
    Ferraiolo, D. F., Sandhu, R., Garila, S., & Kuhn, D. R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.CrossRefGoogle Scholar
  17. 17.
    Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, 29(2), 38–47.CrossRefGoogle Scholar
  18. 18.
    Mon, E. E., & Naing, T. T. (2011). The privacy-aware access control system using attribute and role based access control in private cloud. In IEEE international conference on broadband network and multimedia technology.Google Scholar
  19. 19.
    Wan, Z. G., Liu, J., & Deng, R. H. (2012). HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Transactions on Information Forensics and Security, 7(2), 743–754.CrossRefGoogle Scholar
  20. 20.
    Yuan, E., & Tong, J. (2005). Attributed based access control (ABAC) for web services. In IEEE international conference on web services.Google Scholar
  21. 21.
    Shen, H. B., & Hong, F. (2006). An attribute-based access control model for web services. In International conference on parallel and distributed computing, applications and technologies, 74–79.Google Scholar
  22. 22.
    Iqbal, Z., & Noll, J. (2012). Towards semantic-enhanced attribute-based access control for cloud services. In International conference on trust, security and privacy in computing and communications.Google Scholar
  23. 23.
    Yang, T. C., Lo, N. W., & Liaw, H. T. (2012). An enhancement RBAC mechanism for multi-tenancy cloud environment. In International workshop on advanced information technology and applications.Google Scholar
  24. 24.
    Carles, M. G., Guillermo, N. A., & Joan, B. (2011). Fuzzy role-based access control. In Information processing letters.Google Scholar
  25. 25.
    Alshehri, S., & Rajendra, K. R. (2013). Secure access control for health information sharing systems. In 2013 IEEE international conference on healthcare informatics.Google Scholar
  26. 26.
    Joshi, J., Bertino, E., Latif, U., & Ghafoor, A. (2005). A generalized temporal role-based access control. In IEEE transactions on knowledge and data engineering.Google Scholar
  27. 27.
    Oh, S., & Park, S. (2003). Taskrole-based access control model. Information Systems, 28(6), 533–562.zbMATHCrossRefGoogle Scholar
  28. 28.
    Masoumzadeh, A., & Joshi, J. B. (2008). Purbac: purpose-aware role-based access control. In International conferences in proceedings of the OTM 2008 confederated.Google Scholar
  29. 29.
    Alipour, H., Sabbari, M., & Nazemi, E. (2011). A policy-based access control model for web services. In International conference for internet technology and secured transactions.Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department of Information ManagementShih Hsin UniversityTaipeiTaiwan, ROC
  2. 2.Department of Information ManagementNational Taiwan University of Science and TechnologyDa’an Dist., TaipeiTaiwan, ROC

Personalised recommendations