By Topic

Policy and Context Management in Dynamically Provisioned Access Control Service for Virtualized Cloud Infrastructures

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Canh Ngo ; Univ. of Amsterdam, Amsterdam, Netherlands ; Peter Membrey ; Yuri Demchenko ; Cees de Laat

Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic Access Control Infrastructure as the part of a complex infrastructure services provisioning system.

Published in:

Availability, Reliability and Security (ARES), 2012 Seventh International Conference on

Date of Conference:

20-24 Aug. 2012