- Access control for on-demand provisioned cloud infrastructure services
- Award date
- 24 February 2016
- Number of pages
- Document type
- PhD thesis
- Faculty of Science (FNWI)
- Informatics Institute (IVI)
The evolution of Cloud Computing brings advantages to both customers and service providers to utilize and manage computing and network resources more efficiently with virtualization, service-oriented architecture technologies, and automated on-demand resource provisioning. However, these advantages come with challenges on how to securely and efficiently protect customer resources in cloud environments. Service providers need to provide elastic and flexible cloud resources to their large numbers of customers based on the multi-tenancy model while ensuring reliable isolation on shared infrastructures. In this thesis we propose a multi-tenant access control system with fine-grained authorization for cloud service management. It supports integration with the information model of cloud infrastructure management for providers. The proposed solution allows customers to dynamically create access control service instances together with policy definitions constrained in Service Level Agreements while deploying provisioned clouds. For Intercloud scenarios with clouds across multiple providers, we introduce an authorization token exchange approach to solve distributed, inter-domain authorization and security context management problems. To solve the bottleneck issues when using the XACML policy language in high performance authorization systems, we propose and implement a novel approach that includes modeling, analyzing and optimizing XACML policy elements. It constructs custom decision diagrams for XACML to increase efficiency of policy evaluation. The implementation not only achieves magnitudes of throughputs improvement but also retains original XACML policy semantics and expressiveness.
- Research conducted at: Universiteit van Amsterdam
Series: ASCI dissertation series 346
If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library, or send a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible.