Authorization Federation in Multi-tenant Multi-cloud Iaas Approved by Supervising Committee:
نویسندگان
چکیده
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3 Scope and Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.4 Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.5 Summary of Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.6 Organization of Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Chapter 2: Background and Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.1 Cloud Federation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2 Multi-Tenant Role-Based Access Control . . . . . . . . . . . . . . . . . . . . . . 17 2.3 Attribute-Based Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.4 OpenStack Cloud Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Chapter 3: Federation Framework for Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.1 Federation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2 Multi-Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 3.3 Cloud Federation Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.4 Tenant-Trust Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.5 Scope of this Dissertation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Chapter 4: Peer-to-Peer Multi-Cloud MT-RBAC Model and OpenStack Implementation 46 4.1 Multi-Cloud Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.2 Role-Based Peer-to-Peer Domain-Trust . . . . . . . . . . . . . . . . . . . . . . . 47 4.2.1 Cross Domain Trust with OpenStack . . . . . . . . . . . . . . . . . . . . . 49 4.2.2 Multi-cloud MT-RBAC Administrative Model . . . . . . . . . . . . . . . . 51 4.3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.3.1 OpenStack Background . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.3.2 Multi-Cloud OpenStack Model . . . . . . . . . . . . . . . . . . . . . . . 58 4.3.3 OpenStack Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Chapter 5: Peer-to-Peer Multi-Tenant ABAC Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.1 Attribute-Based Peer-to-Peer Motivation . . . . . . . . . . . . . . . . . . . . . . . 62 5.2 Attribute-Based Access Control Model (ABAC0) . . . . . . . . . . . . . . . . . . 63
منابع مشابه
Adopting Provenance-Based Access Control in OpenStack Cloud IaaS
Provenance-based Access Control (PBAC) has recently risen as an effective access control approach that can utilize readily provided history information of underlying systems to enhance various aspects of access control in a computing environment. The adoption of PBAC capabilities to the authorization engine of a multi-tenant cloud Infrastructure-as-a-Service (IaaS) such as OpenStack can enhance...
متن کاملMT-ABAC: A Multi-Tenant Attribute-Based Access Control Model with Tenant Trust
A major barrier to the adoption of cloud Infrastructure-as-aService (IaaS) is collaboration, where multiple tenants engage in collaborative tasks requiring resources to be shared across tenant boundaries. Currently, cloud IaaS providers focus on multi-tenant isolation, and offer limited or no cross-tenant access capabilities in their IaaS APIs. In this paper, we present a novel attribute-based ...
متن کاملTraffic and Failure Aware VM Placement for Multi-tenant IaaS Cloud
In an infrastructure as a service (IaaS) cloud, tenants want to receive reliable services and the cloud provider intends to reducing intra-network traffic in order to provide more services. Achieving the requirements of both sides is a challenging problem. Current tenant abstraction models cannot provide enough information for the cloud provider to optimize network traffic while satisfying reli...
متن کاملTraffic Isolation on Multi-Tenant Data Center Networks
To satisfy demanding clients and o↵er features comparable to the competition, infrastructure-as-a-service providers (IaaS) need fast, flexible and easily configurable local networks. OpenStack is one of the most well known open IaaS platforms. Although OpenStack meets most needs of a IaaS platform, its virtualized network implementation still lacks flexibility to support isolation on a multi-te...
متن کاملAuthorisation Policy Federation in Heterogeneous Multi-Cloud Environments
Current Infrastructure as a Service (IaaS) cloud platforms have their own authorisation system, containing different access control policies and models. Clients with accounts in multiple cloud providers struggle to manage their rules in order to provide a homogeneous access control experience to users. This work proposes a solution: an Authorisation Policy Federation (APF) of heterogeneous clou...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016