Portal de Periódicos da CAPES

Extending OpenStack Access Control with Domain Trust

2014; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-11698-3_5

1611-3349

Bo Tang, Ravi Sandhu,

Cloud Data Security Solutions

OpenStack has been rapidly established as the most popular open-source platform for cloud Infrastrusture-as-a-Service in this fast moving industry. In response to increasing access control requirements from its users, the OpenStack identity service Keystone has introduced several entities, such as domains and projects in addition to roles, resulting in a rather complex and somewhat obscure authorization model. In this paper, we present a formalized description of the core OpenStack access control (OSAC). We further propose a domain trust extension for OSAC to facilitate secure cross-domain authorization. We have implemented a proof-of-concept prototype of this trust extension based on Keystone. The authorization delay introduced by the domain trusts is 0.7 percent on average in our experiments.