Book section Open Access

Expression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud

Li, Yanhuang; Cuppens-Boulahia, Nora; Crom, Jean-Michel; Cuppens, Frédéric; Frey, Vincent

Many research works focus on the adoption of cloud infrastructure as a service(IaaS), where virtual machines (VM) are deployed on multiple cloud service providers (CSP). In terms of virtual resource allocation driven by security requirements, most of proposals take the aspect of cloud client into account but do not address such requirements from CSP. Besides, it is a shared understanding that using a formal policy model to support the expression of security requirements can drastically ease the cloud resource management and conflict resolution. To address these theoretical limitations, our work is based on a formal model that applies organization-based access control (OrBAC) policy to IaaS resource allocation. In this paper, we first integrate the attribute-based security requirements in service level agreement (SLA) contract. After transformation, the security requirements are expressed by OrBAC rules and these rules are considered together with other non-security demands during the enforcement of resource allocation. We have implemented a prototype for VM scheduling in OpenStack-based multi-cloud environment and evaluated its performance.

All versions This version
Views 122122
Downloads 7676
Data volume 116.1 MB116.1 MB
Unique views 119119
Unique downloads 7474


Cite as