Show simple item record

dc.contributor.authorLi, Bo
dc.contributor.authorLi, Jianxin
dc.contributor.authorLiu, Lu
dc.contributor.authorZhou, Chao
dc.date.accessioned2016-11-16T16:00:51Z
dc.date.available2016-11-16T16:00:51Z
dc.date.issued2015-02-17
dc.identifier.citationLi, B., Li, J., Liu, L., and Zhou, C. (2016) Toward a flexible and fine-grained access control framework for infrastructure as a service clouds. Security Comm. Networks, 9: 2730–2743. doi: 10.1002/sec.1216.en
dc.identifier.issn19390114
dc.identifier.doi10.1002/sec.1216
dc.identifier.urihttp://hdl.handle.net/10545/620867
dc.description.abstractCloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in infrastructure as a service clouds. The introduction of virtualization layer increases new security risks, which should be restricted and confined by more stringent access control techniques. In this paper, we propose a flexible and fine-grained access control framework, named IaaS-oriented Hybrid Access Control (iHAC), which combines the advantages of both the role-based access control and type enforcement model. We consider access control issues from the perspective of virtual machines. A permission transition model is designed to dynamically assign permissions to virtual machines. A Virtual Machine Monitor (VMM)-based access control mechanism is presented to confine the virtual machine's behaviors in a fine-grained manner. A VMM-enabled network access control approach is proposed to regulate the communication among virtual machines. iHAC is successfully implemented in the Internet based Virtual Computing Infrastructure (iVIC)† platform, and several experiments are conducted to evaluate its effectiveness and efficiency. The results show that iHAC can make correct access control decisions with low performance overhead.
dc.language.isoenen
dc.publisherWileyen
dc.relation.urlhttp://doi.wiley.com/10.1002/sec.1216en
dc.rightsArchived with thanks to Security and Communication Networksen
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/en
dc.subjectIaaS clouden
dc.subjectVirtual machineen
dc.subjectAccess controlen
dc.titleToward a flexible and fine-grained access control framework for infrastructure as a service cloudsen
dc.typeArticleen
dc.contributor.departmentUniversity of Derbyen
dc.identifier.journalSecurity and Communication Networksen
dc.contributor.institutionState Key Laboratory of Software Development Environment; Beihang University; Beijing China
dc.contributor.institutionState Key Laboratory of Software Development Environment; Beihang University; Beijing China
dc.contributor.institutionSchool of Computing and Mathematics; University of Derby; U.K.
dc.contributor.institutionState Key Laboratory of Software Development Environment; Beihang University; Beijing China
html.description.abstractCloud computing, as an emerging computing paradigm, greatly facilitates resource sharing and enables providing computing power as services over the Internet. However, it also brings new challenges for security and access control, especially in infrastructure as a service clouds. The introduction of virtualization layer increases new security risks, which should be restricted and confined by more stringent access control techniques. In this paper, we propose a flexible and fine-grained access control framework, named IaaS-oriented Hybrid Access Control (iHAC), which combines the advantages of both the role-based access control and type enforcement model. We consider access control issues from the perspective of virtual machines. A permission transition model is designed to dynamically assign permissions to virtual machines. A Virtual Machine Monitor (VMM)-based access control mechanism is presented to confine the virtual machine's behaviors in a fine-grained manner. A VMM-enabled network access control approach is proposed to regulate the communication among virtual machines. iHAC is successfully implemented in the Internet based Virtual Computing Infrastructure (iVIC)† platform, and several experiments are conducted to evaluate its effectiveness and efficiency. The results show that iHAC can make correct access control decisions with low performance overhead.


This item appears in the following Collection(s)

Show simple item record

Archived with thanks to Security and Communication Networks
Except where otherwise noted, this item's license is described as Archived with thanks to Security and Communication Networks