Authorization federation in multi-tenant multi-cloud IaaS
Cloud computing significance has been proven in the marketplace and well documented in the literature. A major concern in adopting cloud Infrastructure-as-a-service (IaaS) is federation, where tenants engage in collaborative tasks requiring resources to be shared across tenant boundaries. Federation is a critical impediment to private, public, and hybrid cloud deployments today. The federated cloud model is a significant shift towards democratization in the cloud market. It enables businesses using local cloud providers to connect with customers, partners and employees anywhere in the world. In this context, cloud service providers (CSP) use multi-tenancy to consolidate economic utility of shared infrastructure by isolating users' data into tenants. Tenants are isolated containers owning resources such as users, storage objects, and virtual machines in the cloud. While tenant isolation is desirable, it hinders federation in cloud platforms. Role-based access control (RBAC) has been widely accepted and applied in practice for over two decades. The majority of current cloud IaaS platforms adopt some variation of RBAC. It has been considerably investigated in terms of multi-tenancy, federation, policy integration, etc. However, to cover RBAC limitations, there has been considerable recent interest towards attribute-based and attribute integration to role-based models. Attribute-based access control (ABAC) also has been researched on various aspects such as policy languages and multi-tenancy. In order to effectively provide cloud computing federation with cloud intrinsic characteristics such as multi-tenancy, virtualization, and service oriented architecture (SOA) fine-grained cloud oriented access control models are required. In this dissertation, we propose a set of access control models to enable federation in the cloud IaaS platform. Our contributions are categorized into two federation models, Peer-to-Peer model where trust is established between two tenants and Circle-of-Trust model where a group of tenants adhere to agreed policies and interfaces to collaborate. In Peer-to-Peer federation, role-based and attribute-based models are proposed to enable cross-tenant access. We extend existing multi-tenant approaches into multi-cloud role-based access control model providing cross-cloud user assignments. Moreover, a novel attribute-based access control model providing Peer-to-Peer federation between tenants in a cloud IaaS, as well as more generally, is proposed. Our approach allows cross-tenant attribute assignment across tenants. Particularly, tenant-trust authorizes a trustee tenant to assign its attributes to users from a trustor tenant, enabling access to the trustee tenant's resources. In Circle-of-Trust federation, we propose a suite of multi-tenant role-based, role-centric, and tenant-trust models in the context of homogeneous and heterogeneous circles. In a homogeneous circle with uniform tenant types, role-based approach allows tenants to equally assert cross-tenant user assignments. In role-centric attribute-based model, attributes are added to differentiate tenants in heterogeneous circles with non-uniform tenant types. Attributes are used to limit user-role assignments with respect to tenant types. Tenant-trust model provides user-role assignment in homogeneous and heterogeneous circles enabling federation in the circle. Particularly, it specifies user-role assignments with respect to rules and policies in the circle. As a proof of concept, we demonstrate the feasibility of the proposed multi-tenant multi-cloud access control model by integrating into an open-source cloud IaaS platform. Particularly, OpenStack identity service is extended in an OpenStack to OpenStack federation, providing user-role assignments across distinct domains across different OpenStack clouds. Our implementations have minimal impact on administration and no impact on operation performance in OpenStack.