Cloud computing presents several attractive benefits such as increased productivity, flexible access to resources and reduced costs. In order to leverage these benefits, a common challenge faced is selection of appropriate cloud services for specific tasks. Multi-cloud platforms have emerged as a way for overcoming this challenge by combining several cloud services in order to maximize the advantages of the cloud. However, multi-cloud systems present several challenges owing to inadequate cross-provider APIs, lack of cloud computing standards and non-unified access control mechanisms.
Our research focuses on mitigating these concerns in the context of access control mechanisms in multi-cloud storage solution of CloudRAID. We propose unified access control model for multi-cloud storage where we leverage different access control models provided by multiple cloud storage services in order to give the access for cloud storage's stakeholders to resources in multiple cloud storage services. We follow privilege separation concept and least privilege principle to ensure that the cloud resources are secured and can only be accessed by its authorized stakeholders with limited allowed actions. And finally we leverage on the concept of "Signed URLs" to provide centralized and unified access control in multiple cloud storage services. These approaches could be deployed as a central authentication system for enterprise multi-cloud platforms with the advantage of seamless integration with enterprise authentication protocols.