Secure Information and Resource Sharing in Cloud IaaS

dc.contributor.advisorSandhu, Ravi
dc.contributor.authorZhang, Yun
dc.contributor.committeeMemberKrishnan, Ram
dc.contributor.committeeMemberLama, Palden
dc.contributor.committeeMemberNiu, Jianwei
dc.contributor.committeeMemberWhite, Gregory B.
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractCloud infrastructure as a service (IaaS) refers to virtualized IT resources such as compute, storage and networking, offered as a service by a cloud service provider on demand to its customers (or tenants). IaaS is the fastest maturing cloud service model today where tenants are typically strictly isolated from each other. Cloud IaaS provides enterprises and organizations a secure and efficient environment to deploy their systems. While organizations and companies benefit from moving to cloud platform, it is likely that similar cyber attacks will happen to organizations that share the same cloud platform and similar infrastructure. One way to mitigate this risk is to securely share cyber security information and resources among these organizations. Contemporary public cloud platforms such as OpenStack, AWS and Microsoft Azure are lacking a widely accepted access control model for such secure information and resource sharing. A community in a cloud IaaS refers to a group of organizations with similar organizational structures or business models sharing common business interests, utilizing cloud IaaS to realize their infrastructure deployments. Threat analysis and incident response infrastructure and resources can be rapidly shared in a cloud community, whereby the participating organizations save time and cost in handling cyber incidents. A community can establish a mechanism to prevent, detect and respond to cyber attacks, share cyber security information among these organizations, and help member organizations in the community response to and recover from cyber incidents expeditiously. In this dissertation, we present an access control model to enable organizations to securely share cyber information and resources during cyber collaborations in a community-based isolated environment in cloud IaaS platforms. The model facilitates a tenant to share its IT resources with other tenants in a controlled and secure manner. It enables secure and effective management of information sharing from a community based perspective for both routine and cyber incident response needs. We then define access control models for each of the three dominant cloud IaaS platforms, viz., OpenStack, Amazon AWS and Microsoft Azure, to abstractly represent the access control features of three complex systems. We further develop access control models for sharing between organizations in a community-based isolated environment on these IaaS cloud platforms. Then we formally specify administrative models and discuss enforcement and implementation techniques for each cloud IaaS platform. Finally, we compare these models for these three systems from perspective of enforcing the secure sharing model in different cloud IaaS platforms.
dc.description.departmentComputer Science
dc.format.extent142 pages
dc.subjectaccess control model
dc.subjectCloud IaaS
dc.subjectinformation sharing
dc.subjectresource sharing
dc.subject.classificationComputer science
dc.titleSecure Information and Resource Sharing in Cloud IaaS
dcterms.accessRightspq_closed Science of Texas at San Antonio of Philosophy


Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
8.59 MB
Adobe Portable Document Format