iHAC: A Hybrid Access Control Framework for IaaS Clouds

Author

Chao Zhou ; Bo Li

Author_Institution

State Key Lab. of Software Dev. Environ., Beihang Univ., Beijing, China

fYear

2014

fDate

8-11 Dec. 2014

Firstpage

853

Lastpage

858

Abstract

Cloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in IaaS clouds. The introduction of virtualization layer increases new security risks which should be restricted and confined by more stringent access control techniques. In this paper, we propose a hybrid access control framework, named iHAC, which combines the advantages of both Role-based Access Control (RBAC) and Type Enforcement (TE) model to enable unified access control and authorization for IaaS clouds. A permission transition model is provided to dynamically assign permission to virtual machines. A VMM-based access control mechanism is designed to confine the VM´s behaviors in a fine-grained manner. Ihac is implemented and evaluated in iVIC platform. The experimental results show that our proposed framework is effective and efficient.

Keywords

authorisation; cloud computing; virtual machines; IaaS clouds; Internet; RBAC; VMM; authorization; cloud computing; hybrid access control framework; iHAC; permission transition model; resource sharing; role-based access control; security risk; type enforcement model; virtual machine; virtualization layer; Authorization; Cloud computing; Virtual machining; Virtualization; IaaS cloud; hybrid access control; virtual machine;

fLanguage

English

Publisher

ieee

Conference_Titel

Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on

Conference_Location

London

Type

conf

DOI

10.1109/UCC.2014.139

Filename

7027606