Toward a flexible and fine-grained access control framework for infrastructure as a service clouds
Journal article
Authors | Li, Bo, Li, Jianxin, Liu, Lu and Zhou, Chao |
---|---|
Abstract | Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in infrastructure as a service clouds. The introduction of virtualization layer increases new security risks, which should be restricted and confined by more stringent access control techniques. In this paper, we propose a flexible and fine-grained access control framework, named IaaS-oriented Hybrid Access Control (iHAC), which combines the advantages of both the role-based access control and type enforcement model. We consider access control issues from the perspective of virtual machines. A permission transition model is designed to dynamically assign permissions to virtual machines. A Virtual Machine Monitor (VMM)-based access control mechanism is presented to confine the virtual machine's behaviors in a fine-grained manner. A VMM-enabled network access control approach is proposed to regulate the communication among virtual machines. iHAC is successfully implemented in the Internet based Virtual Computing Infrastructure (iVIC)† platform, and several experiments are conducted to evaluate its effectiveness and efficiency. The results show that iHAC can make correct access control decisions with low performance overhead. |
Keywords | IaaS cloud; Virtual machine; Access control |
Year | 2015 |
Journal | Security and Communication Networks |
Publisher | Wiley |
ISSN | 19390114 |
Digital Object Identifier (DOI) | https://doi.org/10.1002/sec.1216 |
Web address (URL) | http://hdl.handle.net/10545/620867 |
http://creativecommons.org/licenses/by-nc-nd/4.0/ | |
hdl:10545/620867 | |
Publication dates | 17 Feb 2015 |
Publication process dates | |
Deposited | 16 Nov 2016, 16:00 |
Rights | Archived with thanks to Security and Communication Networks |
Contributors | University of Derby, State Key Laboratory of Software Development Environment; Beihang University; Beijing China, State Key Laboratory of Software Development Environment; Beihang University; Beijing China, School of Computing and Mathematics; University of Derby; U.K. and State Key Laboratory of Software Development Environment; Beihang University; Beijing China |
File | File Access Level Open |
File | File Access Level Open |
https://repository.derby.ac.uk/item/92v67/toward-a-flexible-and-fine-grained-access-control-framework-for-infrastructure-as-a-service-clouds
Download files
64
total views0
total downloads5
views this month0
downloads this month