Authors:
Hao Wei
;
Joaquin Salvachua Rodriguez
and
Antonio Tapiador
Affiliation:
Universidad Politécnica de Madrid, Spain
Keyword(s):
Cloud Computing, Security, Authorization, XACML, Access Control, OpenStack.
Related
Ontology
Subjects/Areas/Topics:
Artificial Intelligence
;
Biomedical Engineering
;
Collaboration and e-Services
;
Communication and Software Technologies and Architectures
;
Complex Systems Modeling and Simulation
;
Computer-Supported Education
;
Data Engineering
;
e-Business
;
Energy and Economy
;
Enterprise Information Systems
;
Health Information Systems
;
Information Technologies Supporting Learning
;
Integration/Interoperability
;
Interoperability
;
Knowledge Management and Information Sharing
;
Knowledge-Based Systems
;
Mobile and Pervasive Computing
;
Ontologies and the Semantic Web
;
Security and Privacy
;
Sensor Networks
;
Simulation and Modeling
;
Software Agents and Internet Computing
;
Software and Architectures
;
Sustainable Computing and Communications
;
Symbolic Systems
;
Telecommunications
Abstract:
The cloud computing is driving the future of internet computation, and evolutes the concepts from software to infrastructure. OpenStack is one of promising open-sourced cloud computing platforms. The active developer community and worldwide partners make OpenStack as a booming cloud ecosystem. In OpenStack, it supports JSON file based access control for user authorization. In this paper, we introduce a more powerful and complex access control method, XACML access control mechanism in OpenStack. XACML is an approved OASIS standard for access control language, with the capability of handling all major access control models. It has numerous advantages for nowadays cloud computing environment, include fine-grained authorization policies and implementation independence. This paper puts forward a XACML access control solution in OpenStack, which has Policy Enforcement Point (PEP) embedded in OpenStack cloud service and a XACML engine server with policy storage database. Our implementation
allows OpenStack users to choose XACML as an access control method of OpenStack and facilitate the management work on policies.
(More)