Invention Title:

ADVANCED MULTI-LAYER ACCESS CONTROL POLICY ENFORCEMENT IN A MULTI-TENANT CLOUD ENVIRONMENT

Publication number:

US20250392624

Publication date:

2025-12-25

Section:

Electricity

Class:

H04L63/20

Inventors:

Peng Hui Jiang 🇨🇳 Beijing, China

Qi Feng Huo 🇨🇳 Beijing, China

Dileep Dixith 🇮🇳 Hyderabad, India

Subramaniyan Nallasivam 🇮🇳 Bangalore, India

Abhiram Kulkarni 🇮🇳 Bangalore, India

Applicant:

INTERNATIONAL BUSINESS MACHINES CORPORATION 🇺🇸 Armonk, NY, United States

Smart overview of the Invention

An advanced multi-layer access control policy enforcement is designed for a multi-tenant cloud environment, ensuring robust data security and privacy. This approach involves defining an advanced policy service within a data container, which manages and validates access control policies at both the application layer and a lower layer, such as the kernel layer. The service maps policy definitions from the application layer to access validation and authorization policies of the low layer, using eBPF programs for rule generation and application. This system effectively identifies data vulnerabilities and can reject unauthorized access requests from SaaS applications.

Challenges and Solutions

Multi-tenant cloud environments face significant challenges in securing distributed data, as users share applications and systems while requiring data privacy. Traditional role-based access control techniques are inadequate due to their reliance on user identifiers, which do not scale well in such environments. The proposed method addresses these challenges by employing an advanced policy service that provides granular access control across multiple layers, thereby enhancing data confidentiality and integrity and reducing the risk of data breaches.

System Performance and Compliance

The advanced multi-layer access control policy optimizes system performance by minimizing system downtime and ensuring efficient resource utilization. It streamlines access control processes, preventing resource wastage and bottlenecks, and enhances user experiences. Additionally, the system ensures compliance with regulatory and data privacy standards through adaptable policies and dynamic access controls, reducing legal risks and fostering tenant trust.

Computing Environment

The implementation of this access control policy involves a computing environment that includes various components such as computers, networks, and storage devices. The environment supports the execution of computer-readable code for enforcing the policy, utilizing components like processors, volatile memory, and persistent storage. The system architecture includes public and private clouds, remote servers, and end-user devices, facilitating robust policy enforcement across distributed resources.

Technical Implementation

The technical implementation involves a computer program product (CPP) that comprises machine-readable code stored on various storage media. These media include electronic, magnetic, optical, and semiconductor storage mediums, among others. The system architecture features components like processors, communication fabrics, and network modules, which work together to execute the advanced policy service. The architecture also integrates cloud orchestration modules, virtual machines, and containers to support dynamic and scalable policy enforcement in a multi-tenant cloud environment.