Skip to main navigation menu Skip to main content Skip to site footer

Vol. 13 No. 1 (2023)
Machine-Learning-Computational-Jan-2023

Articles

Evaluating the Effectiveness of Access Control Models and Identity Management Systems in Multi-Tenant Cloud Infrastructures

Published 2023-01-04

  • Prajwal Khadka Siti
    • ,
  • Sujata Adhikari

Prajwal Khadka Siti
Department of Computer Science, Sagarmatha Institute of Technology, 89 Kalimati Road, Kathmandu, 44601, Nepal.

Sujata Adhikari
Department of Computer Science, Lumbini University of Applied Sciences, Buddha Path, Butwal, Rupandehi, 32907, Nepal

Abstract

Multi-tenant cloud infrastructures provide significant advantages in terms of scalability, flexibility, and cost-efficiency by allowing multiple tenants to share the same physical and virtual resources. However, this shared model introduces complex security challenges, particularly in terms of access control and identity management. Effective access control is essential for ensuring that tenants’ data remains isolated, and unauthorized access is prevented, while identity management systems play a critical role in securely managing user authentication and authorization across different services. This paper evaluates the effectiveness of various access control models and identity management systems within the context of multi-tenant cloud infrastructures. Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) are examined, with RBAC providing simplicity and ease of administration, while ABAC offers greater flexibility through the use of contextual attributes. Both models have strengths and weaknesses when applied to cloud environments, especially concerning the need to balance security with performance and scalability. ABAC’s dynamic nature makes it better suited for environments requiring fine-grained access controls, but its complexity can pose challenges in policy management and enforcement. Conversely, RBAC’s static nature may lead to overly simplistic access controls in dynamic scenarios but excels in environments with relatively stable access requirements.

The paper also explores the role of federated identity management and Single Sign-On (SSO) in enhancing identity management across multi-tenant cloud environments. Federated identity management enables users to authenticate across different cloud services using a single set of credentials, reducing administrative overhead and improving user experience. However, it also introduces new security challenges, such as federation attacks and the risk of compromised credentials. Similarly, SSO simplifies access to multiple services but presents risks if not properly secured, especially in the case of compromised login sessions. Identity Governance and Administration (IGA) is discussed as a critical element for ensuring compliance, enforcing policies, and managing identities across multiple cloud environments. Despite these systems' capabilities, multi-tenant cloud environments face persistent security challenges, including tenant isolation, cross-tenant attacks, and insider threats. Tenant isolation remains a critical requirement to prevent unauthorized access between tenants. Cross-tenant attacks, often facilitated by vulnerabilities in the shared cloud infrastructure, highlight the importance of robust access controls and continuous monitoring. Insider threats, including those from administrators and privileged users, also present a significant risk and underscore the need for least-privilege access models and zero-trust security frameworks.

PDF