Analysis of access control model for data security and privacy on multi-tenant SaaS
Cloud computing has become most trending and emerging technology in recent years and has changed the way of computation and services delivered to customer. Despite all the advantages that cloud provides, users still feel insecure to adopt cloud computing and having major concern over the data securi...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
American Scientific Publishers
2018
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/64695/ http://psasir.upm.edu.my/id/eprint/64695/1/Analysis%20of%20access%20control%20model%20for%20data%20security%20and%20privacy%20on%20multi-tenant%20SaaS.pdf |
| _version_ | 1848855071589138432 |
|---|---|
| author | Duraisamy, Gunavathi Abd Ghani, Abdul Azim Zulzalil, Hazura Abdullah, Azizol |
| author_facet | Duraisamy, Gunavathi Abd Ghani, Abdul Azim Zulzalil, Hazura Abdullah, Azizol |
| author_sort | Duraisamy, Gunavathi |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Cloud computing has become most trending and emerging technology in recent years and has changed the way of computation and services delivered to customer. Despite all the advantages that cloud provides, users still feel insecure to adopt cloud computing and having major concern over the data security and privacy. This is due to the data of numerous tenants are being located in the same location or database. In this environment data access by unauthorized user is possible. To overcome this issue, there should be a clear boundary for each tenant. Access control model is used to grant the right level of permission to the user in order to carry out their duties, to prevent unauthorized access and to protect assets of organizations and systems. Access control model also can prevent unauthorized user from accessing protected data, ensure authorized users can access protected data and prevent authorized users from performing illegal actions on protected data. There are many types of access control model available in the industry. However, not all the models can be applied in cloud environment due to various reasons. This paper presents an analysis of existing role based access control models. We use evaluation criteria that outlined by NIST for access control system. First, we identified a list of criteria that are suitable to apply in cloud environment specifically on data security and privacy of multi-tenant SaaS application in public cloud. Then, we analysed the existing access control models against the identified evaluation criteria. The analysis outlines the important gaps and missing elements of an access control model that can be extended into an access control model based testing. |
| first_indexed | 2025-11-15T11:19:56Z |
| format | Article |
| id | upm-64695 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T11:19:56Z |
| publishDate | 2018 |
| publisher | American Scientific Publishers |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-646952018-08-14T02:39:21Z http://psasir.upm.edu.my/id/eprint/64695/ Analysis of access control model for data security and privacy on multi-tenant SaaS Duraisamy, Gunavathi Abd Ghani, Abdul Azim Zulzalil, Hazura Abdullah, Azizol Cloud computing has become most trending and emerging technology in recent years and has changed the way of computation and services delivered to customer. Despite all the advantages that cloud provides, users still feel insecure to adopt cloud computing and having major concern over the data security and privacy. This is due to the data of numerous tenants are being located in the same location or database. In this environment data access by unauthorized user is possible. To overcome this issue, there should be a clear boundary for each tenant. Access control model is used to grant the right level of permission to the user in order to carry out their duties, to prevent unauthorized access and to protect assets of organizations and systems. Access control model also can prevent unauthorized user from accessing protected data, ensure authorized users can access protected data and prevent authorized users from performing illegal actions on protected data. There are many types of access control model available in the industry. However, not all the models can be applied in cloud environment due to various reasons. This paper presents an analysis of existing role based access control models. We use evaluation criteria that outlined by NIST for access control system. First, we identified a list of criteria that are suitable to apply in cloud environment specifically on data security and privacy of multi-tenant SaaS application in public cloud. Then, we analysed the existing access control models against the identified evaluation criteria. The analysis outlines the important gaps and missing elements of an access control model that can be extended into an access control model based testing. American Scientific Publishers 2018 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/64695/1/Analysis%20of%20access%20control%20model%20for%20data%20security%20and%20privacy%20on%20multi-tenant%20SaaS.pdf Duraisamy, Gunavathi and Abd Ghani, Abdul Azim and Zulzalil, Hazura and Abdullah, Azizol (2018) Analysis of access control model for data security and privacy on multi-tenant SaaS. Advanced Science Letters, 24 (3). pp. 1619-1622. ISSN 1936-6612; ESSN: 1936-7317 https://www.ingentaconnect.com/contentone/asp/asl/2018/00000024/00000003/art00019 10.1166/asl.2018.11122 |
| spellingShingle | Duraisamy, Gunavathi Abd Ghani, Abdul Azim Zulzalil, Hazura Abdullah, Azizol Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title | Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title_full | Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title_fullStr | Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title_full_unstemmed | Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title_short | Analysis of access control model for data security and privacy on multi-tenant SaaS |
| title_sort | analysis of access control model for data security and privacy on multi-tenant saas |
| url | http://psasir.upm.edu.my/id/eprint/64695/ http://psasir.upm.edu.my/id/eprint/64695/ http://psasir.upm.edu.my/id/eprint/64695/ http://psasir.upm.edu.my/id/eprint/64695/1/Analysis%20of%20access%20control%20model%20for%20data%20security%20and%20privacy%20on%20multi-tenant%20SaaS.pdf |