论文信息 - CloudAC: a cloud-oriented multilayer access control system for logic virtual domain

CloudAC: a cloud-oriented multilayer access control system for logic virtual domain

The security issue has been a challenging concern for cloud computing because of the multitenant usage model. In cloud, each application normally runs on a dynamic coalition that is composed by multiple virtual machines (VMs) running on different virtualised service nodes, which the authors called logic virtual domain (LVD). Moreover, the owners of cloud applications, who are also the tenants of cloud, would specify some security policies to control the access to those resources that they have paid for. Therefore the owners of cloud infrastructures have to provide the tenants with the mechanism to correctly configure and enforce the access control policies on resources that are from multiple service nodes, to meet the security requirements from cloud applications. To address the above challenge, this study presents the design and implementation about a multilayer access control architecture for LVD, named CloudAC, aiming to provide isolation control, information flow control and resource-sharing control among multiple VMs on Xen virtualisation platforms in cloud computing environment. The theory and technology this research formed will provide reliable security guarantee for resource configuration and application deployment on LVDs.

[1] Chris I. Dalton,et al. Towards automated security policy enforcement in multi-tenant virtual data centers , 2010, J. Comput. Secur..

[2] Stefan Berger,et al. Security for the cloud infrastructure: Trusted virtual data center implementation , 2009, IBM J. Res. Dev..

[3] Stefan Berger,et al. TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[4] Dejan S. Milojicic,et al. OpenNebula: A Cloud Management Tool , 2011, IEEE Internet Computing.

[5] Yong Zhao,et al. Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[6] Ian T. Foster,et al. The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[7] Andrew C. Myers,et al. Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[8] Ian T. Foster,et al. Virtual workspaces: Achieving quality of service and quality of life in the Grid , 2005, Sci. Program..