One embodiment disclosed herein relates to the general field of telecommunications, and in particular to so-called “cloud computing” systems.
Some embodiments relate more particularly to a user accessing computer resources made available to that user by a cloud computing system.
According to the definition given by the National Institute of Standards and Technology (NIST), “cloud computing” is a model enabling users to have self-service access on demand, via a network, to computer resources and networks such as storage space, computation power, applications, software, or indeed services, which are virtualized (i.e. made virtual) and shared.
In other words, the computer resources and networks are not located on a local server of an entity or on a user station, but in accordance with the concept of cloud computing they are “dematerialized” in a “cloud” made up of a plurality of remote servers that are mutually interconnected and accessible to users via a network application. Users can thus have varying access to those resources, without needing to manage the underlying infrastructure for these resources, which infrastructure is often complex.
The concept of “cloud computing” is described in greater detail in the document published by the International Telecommunication Union (ITU) entitled “FG Cloud TR version 1.0—Part 1: introduction to the cloud ecosystem: definitions, taxonomies, use cases, and high-level requirements”, February 2012.
In known manner, “cloud computing” benefits from numerous advantages:
flexibility and diversity of resources, which are shared and practically unlimited;
scalability of resources, which are supplied on demand;
simple and automatic administration of business computer infrastructures and networks, and a reduction in administration costs;
etc.
Nevertheless, a major challenge with the “cloud computing” concept is to guarantee protection and security for access to resources.
Specifically, changing from a secure and closed conventional computer environment to an infrastructure in an open and shared cloud over which the user or the business has no control and which is accessible via a telecommunications network such as the public Internet (which is itself particularly vulnerable and is continuously being subjected to attacks and computer piracy), raises concerns with potential users in terms of security.
Thus, in the opinion of the ITU, access control is nowadays fundamental for securing access to cloud computer systems.
Numerous mechanisms exist in the present state of the art for controlling (and making secure) access to computer systems (or in equivalent manner, to information systems) of entities or organizations such as businesses.
Those mechanisms are based essentially on two elements, namely:
defining a policy in terms of access rights that are formulated using a subject-object-action approach, i.e. such-and-such a subject does or does not have permission to perform such-and-such an action on such-and-such an object; and
implementing this policy on receiving a request from a user seeking to access the resources made available by the computer system, by checking on the user's access rights to those resources.
By way of example, such mechanisms are the role-based access control (RBAC) model or the organization-based access control (OrBAC) model as described respectively in the following documents: R-S. Sandhu et al., “Role-Based Access Control Models”, IEEE Computer 29(2), pp. 38-47, 1996; and A. Abou El Kalam et al., “Organization Based Access Control”, 4th IEEE International Workshop on Policies for Distributed Systems and Networks, 2003.
The OrBAC model relies on an organization concept, and serves to model a variety of security policies defined for and by the organization in order to access its resources.
Thus, more precisely, the OrBAC model introduces the concepts of roles, activities, and views in order to be able to define a security policy associated with an organization, where:
a role is a set of subjects to which the same security rules are applied;
an activity is a set of actions to which the same security rules are applied; and
a view is a set of objects to which the same security rules are applied.
The Internet Engineering Task Force (IETF) has defined an extensible access control markup language (XACML) reference architecture that can be used by the OrBAC model for implementing access control in information systems. In known manner, this XACML architecture is based on five types of functional block, namely:
a block for applying an access control policy, known as a policy enforcement point (PEP);
a block for making a decision about access, known as a policy decision point (PDP);
a directory containing access control policies, known as a policy repository;
a block for managing information associated with access policies, known as a policy information point (PIP); and
a block for administering access policies, known as a policy administration point (PAP), which specifies and manages access policies.
Some embodiments described herein lie more particularly in the context of “multi-tenant” cloud systems in which a single instance of a cloud computer system is shared by a plurality of client organizations (referred to as “tenants”).
A tenant can thus be defined as an indivisible container having allocated thereto a set of users and a virtual share of resources. In practice, a tenant may serve to model a business, a service of a business, or a project.
At present, in most multi-tenant cloud systems, the resources of each of the tenants are partitioned into domains that are independent and watertight, each tenant managing its own access control policy independently.
Unfortunately, that design prevents cooperation between different tenants.
In order to remedy that problem, several tenant collaboration models have been proposed.
In particular, the document “Multi-Tenancy Authorization Models for Collaborative Cloud Services” by Bo Tang, Ravi Shandu, and Qi Li published in May 2013 in the IEEE Journal in Collaboration Technologies and Systems (CTS), pp. 132-138 no 978-1-4673-1/13 describes a system derived from the RBAC model for establishing a trust relationship between two tenants in a cloud system.
In general manner, a trust relationship may be defined as an access control mechanism defined between two entities in order to enable those entities to share resources in regulated manner.
A trust relationship thus breaks a tenant's isolation in controlled manner, the tenants remaining isolated from one another in principle, except when trust relationships are established between the tenants enabling them to share certain resources, under certain conditions.
Known methods of establishing associated trust and access control relationships present a certain number of problems. Specifically, those methods:
require a resource-discovery mechanism to be put into place in the cloud system in order to enable each tenant to have an overall view of the cloud so as to enable any one tenant to identify another tenant with which to establish a trust relationship;
do not enable a trust relationship to be established between two tenants in automatic manner.
Some embodiments disclosed herein propose a mechanism for establishing trust relationships between tenants in a cloud network that does not present those drawbacks.