Role-Based Access and Encryption in Multi-Tenant Insurance Architectures
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V1I4P107Keywords:
Multi-tenant insurance, role-based access control (RBAC), encryption, cloud security, data privacy, AES, RSA, ECC, access management, regulatory complianceAbstract
The insurance business has been subject to a radical digital transformation, and multi-tenant architectures have become a favored design to provide scalable and efficient services. Multi-tenancy enables insurers, agents, brokers and customers to access the same infrastructure, yet with logical isolation of data. Nonetheless, the changed paradigm is accompanied by the greater need to ensure high levels of security and privacy. Role Based Access Control (RBAC) coupled with encryption is a powerful remedy to the issue of data isolation, regulatory compliance and unwarranted access. The current paper explores how the use of RBAC and encryption methods can help improve the confidentiality, integrity and availability of information on a multi-tenant insurance architecture. It offers an overview of access control model, cryptographic scheme, and architectural structures used prior to 2020, and empirically analyzes them by means of simulated models. These findings indicate that hierarchical access control based on roles and combined with hybrid encryption can be relied upon to guarantee secure policy management, claims processing and customer onboarding in shared insurance platforms. Besides, an offered methodology is a combination of attribute-based restrictions with RBAC to facilitate fine-grained access. Comparative evaluation of AES, RSA, and ECC in multi-tenant databases highlights performance trade-offs. The research closes with the recommendations on the best practice and design of secure, scalable, and regulation-compliant insurance systems
Downloads
References
[1] Cai, H., Reinwald, B., Wang, N., & Guo, C. J. (2013). Saas multi-tenancy: Framework, technology, and case study. In Cloud Computing Advancements in Design, Implementation, and Technologies (pp. 67-82). IGI Global Scientific Publishing.
[2] Kriouile, H., & Asri, B. E. (2018). A rich-variant architecture for a user-aware multi-tenant SaaS approach. arXiv preprint arXiv:1812.08253.
[3] Weber, I., Lu, Q., Tran, A. B., Deshmukh, A., Gorski, M., & Strazds, M. (2019, March). A platform architecture for multi-tenant blockchain-based systems. In 2019 IEEE International Conference on Software Architecture (ICSA) (pp. 101-110). IEEE.
[4] Walraven, S., De Borger, W., Vanbrabant, B., Lagaisse, B., Van Landuyt, D., & Joosen, W. (2015, December). Adaptive performance isolation middleware for multi-tenant saas. In 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC) (pp. 112-121). IEEE.
[5] Ferraiolo, D., Cugini, J., & Kuhn, D. R. (1995, December). Role-based access control (RBAC): Features and motivations. In Proceedings of 11th annual computer security application conference (pp. 241-48).
[6] Sandhu, R. S. (1998). Role-based access control. In Advances in computers (Vol. 46, pp. 237-286). Elsevier.
[7] Zaghloul, E., Zhou, K., & Ren, J. (2018). P-MOD: Secure Privilege-Based Multilevel Organizational Data-Sharing in Cloud Computing. arXiv.
[8] Yang, S. J., Lai, P. C., & Lin, J. (2013, July). Design role-based multi-tenancy access control scheme for cloud services. In 2013 International Symposium on Biometrics and Security Technologies (pp. 273-279). IEEE.
[9] Lo, N. W., Yang, T. C., & Guo, M. H. (2015). An attribute-role based access control mechanism for multi-tenancy cloud environment. Wireless Personal Communications, 84(3), 2119-2134.
[10] Horcas, J. M., Pinto, M., & Fuentes, L. (2016, September). Product line architecture for automatic evolution of multi-tenant applications. In 2016 IEEE 20th International Enterprise Distributed Object Computing Conference (EDOC) (pp. 1-10). IEEE.
[11] Kabbedijk, J., Pors, M., Jansen, S., & Brinkkemper, S. (2014, August). Multi-tenant architecture comparison. In European Conference on Software Architecture (pp. 202-209). Cham: Springer International Publishing.
[12] Zhang, Z., Yu, Y., Ramani, S. K., Afanasyev, A., & Zhang, L. (2019). NAC: Automating Access Control via Named Data. arXiv.
[13] Shanta, J. V. (2012). Evaluating the performance of symmetric key algorithms: AES (advanced encryption standard) and DES (data encryption standard). IJCEM International Journal of Computational Engineering & Management, 15(4), 43-49.
[14] Malatras, A., Geneiatakis, D., & Vakalis, I. (2017). On the efficiency of user identification: a system-based approach. International Journal of Information Security, 16(6), 653-671.
[15] Sandhu, R. S., & Samarati, P. (2002). Access control: principle and practice. IEEE communications magazine, 32(9), 40-48.
[16] Lara-Nino, C. A., Diaz-Perez, A., & Morales-Sandoval, M. (2018). Elliptic curve lightweight cryptography: A survey. Ieee Access, 6, 72514-72550.
[17] Nadeem, A., & Javed, M. Y. (2005, August). A performance comparison of data encryption algorithms. In 2005 international Conference on information and communication technologies (pp. 84-89). IEEE.
[18] Panda, M. (2016, October). Performance analysis of encryption algorithms for security. In 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES) (pp. 278-284). IEEE.
[19] Ardagna, C. A., Damiani, E., Frati, F., Rebeccani, D., & Ughetti, M. (2012, June). Scalability patterns for platform-as-a-service. In 2012 IEEE Fifth International Conference on Cloud Computing (pp. 718-725). IEEE.
[20] Sims, M., Corkill, D., & Lesser, V. (2008). Automated organization design for multi-agent systems. Autonomous agents and multi-agent systems, 16(2), 151-185.
