Extending OpenStack Access Control with Domain Trust
نویسندگان
چکیده
OpenStack has been rapidly established as the most popular open-source platform for cloud Infrastrusture-as-a-Service in this fast moving industry. In response to increasing access control requirements from its users, the OpenStack identity service Keystone has introduced several entities, such as domains and projects in addition to roles, resulting in a rather complex and somewhat obscure authorization model. In this paper, we present a formalized description of the core OpenStack access control (OSAC). We further propose a domain trust extension for OSAC to facilitate secure cross-domain authorization. We have implemented a proof-of-concept prototype of this trust extension based on Keystone. The authorization delay introduced by the domain trusts is 0.7 percent on average in our experiments.
منابع مشابه
Authorization Federation in Multi-tenant Multi-cloud Iaas Approved by Supervising Committee:
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...
متن کاملData Confidentiality in Public Cloud: A Method for Inclusion of ID-PKC Schemes in OpenStack Cloud
The term data security refers to the degree of resistance of protection given to information from unintended or unauthorized access. The core principles of information security remain the same Confidentiality, Integrity and Availability also referred as CIA triad. With cloud adoption the confidential enterprise data is moved from organization premises to untrusted public network and due to this...
متن کاملTowards a localisation of trust framework for pervasive environments
Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. The existence of those networked devices provides us with a mobile, spontaneous and dynamic way to access various resources provided by different (security policy) domains. In recent years, we have witnessed the evolutionary development of numerous multiple domain applications. One of the ...
متن کاملRequirements for Policy Languages for Trust Negotiation
In open systems like the Internet, traditional approaches to security based on identity do not provide a solution to the problem of establishing trust between strangers, because strangers do not share the same security domain. A new approach to establishing trust between strangers is trust negotiation, the bilateral exchange of digital credentials describing attributes of the negotiation partic...
متن کاملTrust Based Access Control Policy in Multi-domain of Cloud Computing
Cloud computing is a new paradigm which enables users to reduce their costs and is advantageous to both the serving and served organizations. However, security issue is a major concern in the adoption of cloud computing. The most effective way of protecting cloud computing services, resources and users is access control. This paper intends to provide a trust-based access control mechanism for c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014