CloudAC: a cloud-oriented multilayer access control system for logic virtual domain

The security issue has been a challenging concern for cloud computing because of the multitenant usage model. In cloud, each application normally runs on a dynamic coalition that is composed by multiple virtual machines (VMs) running on different virtualised service nodes, which the authors called logic virtual domain (LVD). Moreover, the owners of cloud applications, who are also the tenants of cloud, would specify some security policies to control the access to those resources that they have paid for. Therefore the owners of cloud infrastructures have to provide the tenants with the mechanism to correctly configure and enforce the access control policies on resources that are from multiple service nodes, to meet the security requirements from cloud applications. To address the above challenge, this study presents the design and implementation about a multilayer access control architecture for LVD, named CloudAC, aiming to provide isolation control, information flow control and resource-sharing control among multiple VMs on Xen virtualisation platforms in cloud computing environment. The theory and technology this research formed will provide reliable security guarantee for resource configuration and application deployment on LVDs.