Secure Information and Resource Sharing in Cloud IaaS

Date

2016

Authors

Zhang, Yun

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Cloud infrastructure as a service (IaaS) refers to virtualized IT resources such as compute, storage and networking, offered as a service by a cloud service provider on demand to its customers (or tenants). IaaS is the fastest maturing cloud service model today where tenants are typically strictly isolated from each other. Cloud IaaS provides enterprises and organizations a secure and efficient environment to deploy their systems. While organizations and companies benefit from moving to cloud platform, it is likely that similar cyber attacks will happen to organizations that share the same cloud platform and similar infrastructure. One way to mitigate this risk is to securely share cyber security information and resources among these organizations. Contemporary public cloud platforms such as OpenStack, AWS and Microsoft Azure are lacking a widely accepted access control model for such secure information and resource sharing.

A community in a cloud IaaS refers to a group of organizations with similar organizational structures or business models sharing common business interests, utilizing cloud IaaS to realize their infrastructure deployments. Threat analysis and incident response infrastructure and resources can be rapidly shared in a cloud community, whereby the participating organizations save time and cost in handling cyber incidents. A community can establish a mechanism to prevent, detect and respond to cyber attacks, share cyber security information among these organizations, and help member organizations in the community response to and recover from cyber incidents expeditiously.

In this dissertation, we present an access control model to enable organizations to securely share cyber information and resources during cyber collaborations in a community-based isolated environment in cloud IaaS platforms. The model facilitates a tenant to share its IT resources with other tenants in a controlled and secure manner. It enables secure and effective management of information sharing from a community based perspective for both routine and cyber incident response needs. We then define access control models for each of the three dominant cloud IaaS platforms, viz., OpenStack, Amazon AWS and Microsoft Azure, to abstractly represent the access control features of three complex systems. We further develop access control models for sharing between organizations in a community-based isolated environment on these IaaS cloud platforms. Then we formally specify administrative models and discuss enforcement and implementation techniques for each cloud IaaS platform. Finally, we compare these models for these three systems from perspective of enforcing the secure sharing model in different cloud IaaS platforms.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

access control model, Cloud IaaS, information sharing, resource sharing

Citation

Department

Computer Science