4Access Control in Cloud IaaS

Yun Zhang, Ram Krishnan, Farhan Patwa, and Ravi Sandhu

University of Texas at San Antonio, San Antonio, TX, USA

4.1 Introduction

Cloud computing is revolutionizing the way businesses obtain IT resources. Cloud computing refers to Internet‐based computing that provides on‐demand access to a shared pool of configurable computing resources (Hassan 2011), such as networks, servers, storages, applications, services, etc. Instead of having an application installed on a local PC, applications are hosted in the Cloud. Cloud computing allows users and organizations to conveniently and rapidly get computing resources with minimal management effort, helping organizations avoid focusing on upfront infrastructure costs. Rapid maturity of both commercial and open source cloud platforms greatly contributes to the wider acceptance and application of cloud computing in industry.

Infrastructure‐as‐a‐Service (IaaS) is a cloud service model (Mell and Grance 2011) in which a cloud service provider (CSP) offers compute, storage, and networking resources as a service to its tenants. Tenant refers to an organization that is a customer of a CSP. Traditionally, IaaS providers maintain strict separation between tenants, for obvious reasons. Thus their virtual resources are strongly isolated. For instance, in OpenStack (http://openstack.org), a tenant user does not have the capability to access resources outside its domain. Domain refers to the administrative boundary of ...

Get Security, Privacy, and Digital Forensics in the Cloud now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.