Content area
Full text
Abstract: The security issue has been a challenging concern for cloud computing because of the multitenant usage model. In cloud, each application normally runs on a dynamic coalition that is composed by multiple virtual machines (VMs) running on different virtualised service nodes, which the authors called logic virtual domain (LVD). Moreover, the owners of cloud applications, who are also the tenants of cloud, would specify some security policies to control the access to those resources that they have paid for. Therefore the owners of cloud infrastructures have to provide the tenants with the mechanism to correctly configure and enforce the access control policies on resources that are from multiple service nodes, to meet the security requirements from cloud applications. To address the above challenge, this study presents the design and implementation about a multilayer access control architecture for LVD, named CloudAC, aiming to provide isolation control, information flow control and resource-sharing control among multiple VMs on Xen virtualisation platforms in cloud computing environment. The theory and technology this research formed will provide reliable security guarantee for resource configuration and application deployment on LVDs.
(ProQuest: ... denotes formulae omitted.)
1 Introduction
Cloud computing [1] is effectively facilitated by the development of virtualisation technology because of its excellent features, such as shielding the differences among the underlying heterogeneity hardware architectures, and greatly improving resources utilisation and management flexibility in cloud environment. Currently, there are typical cloud platforms, such as Amazon Elastic Computing Cloud and IBM Blue Cloud computing platform, that use virtualisation to support flexible resource allocation for applications.
Virtualisation is able to dynamically divide and consolidate computing resources, which promotes the emergence of the cloud computing paradigm. We propose logic virtual domain (LVD), which is a dynamic coalition composed by multiple virtual machines (VMs) running on different virtualised service nodes, in order to meet the resource allocation and collaboration processing needs of a distributed application. An LVD can also be treated as 'VM architecture-based virtual organisation [2]'. LVD offers an efficient and flexible execution environment for the upper software to configure resources. The deployment of multiple applications over clouds reflects in multiple LVDs. The LVD methods of application deployment and resource allocation in cloud computing environment is able to match the increasing demand [3]...