Policy and Context Management in Dynamically Provisioned Access Control Service for Virtualized Cloud Infrastructures

Canh Ngo, Peter Membrey, Yuri Demchenko, Cees de Laat
2012 2012 Seventh International Conference on Availability, Reliability and Security  
Cloud computing is developing as a new wave of ICT technologies, offering a common approach to ondemand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations of a single provider to multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous services environment
more » ... at can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant crossing security domains to create consistent and dynamically configurable security services for virtualised infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic Access Control Infrastructure as the part of a complex infrastructure services provisioning system.
doi:10.1109/ares.2012.81 dblp:conf/IEEEares/NgoMDL12 fatcat:6azh4c5slfgkdbrzhqpxsvrp5e