Open AccessCloudAC: a cloud‐oriented multilayer access control system for logic virtual domain
Author(s) -
Qiang Weizhong,
Zou Deqing,
Wang Shenglan,
Yang Laurence Tianruo,
Jin Hai,
Shi Lei
Publication year - 2013
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2012.0094
Subject(s) - computer science , cloud computing , access control , domain (mathematical analysis) , distributed computing , computer security , operating system , mathematics , mathematical analysis
The security issue has been a challenging concern for cloud computing because of the multitenant usage model. In cloud, each application normally runs on a dynamic coalition that is composed by multiple virtual machines (VMs) running on different virtualised service nodes, which the authors called logic virtual domain (LVD). Moreover, the owners of cloud applications, who are also the tenants of cloud, would specify some security policies to control the access to those resources that they have paid for. Therefore the owners of cloud infrastructures have to provide the tenants with the mechanism to correctly configure and enforce the access control policies on resources that are from multiple service nodes, to meet the security requirements from cloud applications. To address the above challenge, this study presents the design and implementation about a multilayer access control architecture for LVD, named CloudAC, aiming to provide isolation control, information flow control and resource‐sharing control among multiple VMs on Xen virtualisation platforms in cloud computing environment. The theory and technology this research formed will provide reliable security guarantee for resource configuration and application deployment on LVDs.