Towards multi-policy support for IaaS clouds to secure data sharing

Infrastructure as a service (IaaS) is a cloud service model that provides storage and computation services for users at a low price. A recent report from Gartner indicates that IaaS will be the fastest growing area among all of the cloud service models in the near future, and thus it is strongly envisioned that multiple companies will use IaaS clouds to share information among them. However, the current access control mechanisms in IaaS platforms do not have the ability to enable flexible data sharing among companies while addressing security problems such as information and privacy leaking. In this paper, we propose two IaaS cloud reference architectures that enforce cloud-level Chinese Wall security (CWS) policy to prevent information leaking among companies. The new architectures are also able to support customized domain level access control policies such as role-based access control (RBAC), privacy-preserving information retrieval, and single sign on (SSO). The reference architectures were implemented using Eucalyptus and its data storage service called Walrus; therefore, our approach can also be applied to commercial clouds like Amazon S3. The result of performance analysis has shown that our architectures are feasible, scalable, and efficient.