Extending OpenStack Access Control with Domain Trust

Tang, Bo; Sandhu, Ravi

doi:10.1007/978-3-319-11698-3_5

Cited by 29 publications

(25 citation statements)

References 20 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other RBAC extensions towards collaboration uses centralized authority to manage collaboration which is not applicable in multi-cloud scenarios. Recent work on collaboration such as CTTM [21] and OSAC-DT [22] extended RBAC to inherit its benefits toward collaboration. CTTM enables trust between tenants in a single cloud.…”

Section: Related Workmentioning

confidence: 98%

See 1 more Smart Citation

Authorization Federation in IaaS Multi Cloud

Pustchi

Krishnan

Sandhu

2015

Proceedings of the 3rd International Workshop on Security in Cloud Computing

Self Cite

View full text Add to dashboard Cite

As more and more organizations move to cloud, it is inevitable that cross-organizational collaboration will need to be supported in the cloud. In this paper, we explore models for collaboration among clouds whose resources are distributed across multiple cloud service providers. In particular, we focus on collaboration and sharing of resources in an infrastructure as a service cloud, where compute resources complemented with storage and networking are offered as a service to customers by cloud service providers. We develop a multi-cloud trust model at different scopes of administration. At cloud level, infrastructure resources can be shared between clouds. At lower administrative scopes, cloud service providers are able to share their resources and service instances among customers within multiple clouds. Finally, we formally specify the administrative aspects of multi-cloud collaboration models we develop. We have implemented a proof of concept prototype based on the administrative model of OpenStack, the de facto open-source software for building infrastructure as a service clouds.

show abstract

Section: Related Workmentioning

confidence: 98%

“…In Figure 4, the conceptual administrative boundary of each realm with relation to services and users in a cloud is illustrated. Such conceptual structure of entities presents an extension the OSAC model for OpenStack [22].…”

Section: The Administrative Realms Of Collaborationmentioning

confidence: 99%

Authorization Federation in IaaS Multi Cloud

Pustchi

Krishnan

Sandhu

2015

Proceedings of the 3rd International Workshop on Security in Cloud Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…In the context of cloud, in [10], the author proposed trust relationships established between tenants to facilitate sharing. It makes outsourcing easy to implement by simply adding trust relationships among tenants in cloud.…”

Section: Related Workmentioning

confidence: 99%

“…OpenStack provides several services, including compute (Nova), identity (Keystone), block storage (Cin- In [10], the authors present a core OpenStack Access Control (OSAC) model based on the OpenStack Identity API v3, as shown in figure 2. The OSAC model consists of eight entities: users, groups, projects, domains, roles, services, operations, and tokens.…”

Section: Introductionmentioning

confidence: 99%

“…A user has one home domain but can be assigned to multiple projects, which can be distributed in different domains. That is, the ownership of users and Figure 2: OpenStack Access Control (OSAC) model [10] projects can be defined by assigning them to a domain. Note that users in a domain are powerless unless they are assigned to a project with a particular role.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Information and Resource Sharing in Cloud Infrastructure as a Service

Zhang

Krishnan

Sandhu

2014

Proceedings of the 2014 ACM Workshop on Information Sharing &Amp; Collaborative Security

Self Cite

View full text Add to dashboard Cite

Cloud infrastructure as a service (IaaS) refers to virtualized IT resources such as compute, storage and networking, offered as a service by a cloud service provider on demand to its customers (equivalently tenants). IaaS is a fast-maturing cloud service model today where tenants are strictly isolated from each other. With the prominence of IaaS as the next generation model for outsourcing IT infrastructure, we believe there is a need to facilitate secure sharing between tenants for various reasons such joint cyber incident response, catalyzing productivity, etc. In this paper, we investigate various models for information and resource sharing between tenants in an IaaS cloud. The models facilitate a tenant to share its IT resources with other tenants in a controlled manner. One motivation for sharing resources is for cyber incident response. We formally specify operational and administrative models for sharing and discuss enforcement and implementation issues in the widely-deployed OpenStack platform, the de facto open-source cloud IaaS software.

show abstract