Downloads provided by UsageCountsExpression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud
EC| SUPERCLOUD
Li, Yanhuang; Cuppens-Boulahia, Nora; Crom, Jean-Michel; Cuppens, Frédéric; Frey, Vincent;
Expression and Enforcement of Security Policy for Virtual Resource Allocation in IaaS Cloud
Many research works focus on the adoption of cloud infrastructure as a service(IaaS), where virtual machines (VM) are deployed on multiple cloud service providers (CSP). In terms of virtual resource allocation driven by security requirements, most of proposals take the aspect of cloud client into account but do not address such requirements from CSP. Besides, it is a shared understanding that using a formal policy model to support the expression of security requirements can drastically ease the cloud resource management and conflict resolution. To address these theoretical limitations, our work is based on a formal model that applies organization-based access control (OrBAC) policy to IaaS resource allocation. In this paper, we first integrate the attribute-based security requirements in service level agreement (SLA) contract. After transformation, the security requirements are expressed by OrBAC rules and these rules are considered together with other non-security demands during the enforcement of resource allocation. We have implemented a prototype for VM scheduling in OpenStack-based multi-cloud environment and evaluated its performance.
Canada, France
- Polytechnique Montréal Canada
- IMT Atlantique France
- Télécom ParisTech France
Security policy, Resource management, Cloud security, [INFO] Computer Science [cs]
Security policy, Resource management, Cloud security, [INFO] Computer Science [cs]
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).4 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average views 27 downloads 7 - 27views7downloads
selected citations
Citations provided by BIP!
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Citations provided by BIP!popularityPopularity provided by BIP!
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
Popularity provided by BIP!influenceInfluence provided by BIP!
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
Influence provided by BIP!impulseImpulse provided by BIP!
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
Impulse provided by BIP!viewsViews provided by UsageCounts
Views provided by UsageCountsdownloadsDownloads provided by UsageCounts
Downloads provided by UsageCounts 4
Average
Average
Average
27
7
Green
