A Semi-distributed Access Control Management Scheme for Securing Cloud Environment

Despite numerous advantages that cloud computing offer (e.g., Flexibility, elasticity, scalability, etc.), many potential clients are still hesitant to join the cloud due to their security and privacy concerns. Outsourcing the data to a cloud in a multitenant environment brings many security challenges including data leaks, threats, and malicious attacks. The cloud computing platform, virtual servers, and the provider´s services are highly dynamic and diverse in nature, making the traditional access control mechanisms (e.g., Firewalls and VLAN etc.) less effective in controlling the unauthorized access to cloud´s data and resources. Several access control policies and authorization system have been proposed in literature to defend against cloud security threats. Most of these systems are designed to work with one or more access control policies. However, little work has been done to develop generic access control architecture capable to work with most of the available access control policies. In this paper, we present a new access control architecture using a global resource management system (GRMS) to effectively handle both local and remote access requests. The introduction of GRMS makes our proposed architecture semi distributed at the expense of minimal request-response time. In addition, our proposed architecture works effectively with both peered access control module (PACM) and virtual resource manager (VRM) to protect and manage all resources and services of cloud providers from unauthorized access.