Abstract | ||
---|---|---|
The access control mechanisms of existing cloud systems, mainly OpenStack, fail to provide two key factors: i) centralized access mediation and ii) flexible policy customization. This situation prevents cloud administrators and end customers from enhancing their security. Furthermore, a variety of clouds have implemented their access control systems and policies in separated ways. This might confuse the customers whose businesses are built on multiple clouds, as they have to take efforts to accommodate their policies for different platforms. The OpenStack Security Modules (OSM) project has developed a least-invasive access control framework for OpenStack to enable different access control models to be implemented as loadable modules. This framework can be a good replacement of the existing permission checks in OpenStack and other platforms. We also propose an integration mechanism for multiple policies to form a single decision. This paper presents the design and implementation of OSM, including a new service called patron and an attachment module called access endpoint middleware (AEM). Experiments on the tempest benchmark indicate that OSM has improved the flexibility and security of policy management without affecting other services. Meantime, the average performance overhead remains as low as 7.3%, which is acceptable for practical use. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/CLOUD.2016.0017 | 2016 IEEE 9th International Conference on Cloud Computing (CLOUD) |
Keywords | Field | DocType |
cloud service,OpenStack,Access Control,Security Hook,Multiple-Policy Mechanism,Policy Integration | Middleware,Permission,Authentication,Tempest,Cloud systems,Computer science,Computer security,Access control,Operating system,Personalization,Cloud computing | Conference |
ISSN | ISBN | Citations |
2159-6182 | 978-1-5090-2620-3 | 0 |
PageRank | References | Authors |
0.34 | 8 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yang Luo | 1 | 15 | 8.44 |
Luo Wu | 2 | 4 | 4.54 |
Tian Puyang | 3 | 0 | 0.68 |
Qingni Shen | 4 | 71 | 22.47 |
Anbang Ruan | 5 | 38 | 6.47 |
Zhonghai Wu | 6 | 34 | 12.36 |