Title :
iHAC: A Hybrid Access Control Framework for IaaS Clouds
Author :
Chao Zhou ; Bo Li
Author_Institution :
State Key Lab. of Software Dev. Environ., Beihang Univ., Beijing, China
Abstract :
Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in IaaS clouds. The introduction of virtualization layer increases new security risks which should be restricted and confined by more stringent access control techniques. In this paper, we propose a hybrid access control framework, named iHAC, which combines the advantages of both Role-based Access Control (RBAC) and Type Enforcement (TE) model to enable unified access control and authorization for IaaS clouds. A permission transition model is provided to dynamically assign permission to virtual machines. A VMM-based access control mechanism is designed to confine the VM´s behaviors in a fine-grained manner. Ihac is implemented and evaluated in iVIC platform. The experimental results show that our proposed framework is effective and efficient.
Keywords :
authorisation; cloud computing; virtual machines; IaaS clouds; Internet; RBAC; VMM; authorization; cloud computing; hybrid access control framework; iHAC; permission transition model; resource sharing; role-based access control; security risk; type enforcement model; virtual machine; virtualization layer; Authorization; Cloud computing; Virtual machining; Virtualization; IaaS cloud; hybrid access control; virtual machine;
Conference_Titel :
Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on
Conference_Location :
London
DOI :
10.1109/UCC.2014.139
