Policy and context management in dynamically provisioned access control service for virtualized Cloud infrastructures

Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning of computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between a single provider and multiple customers with simple security and trust model. New architectural models should allow multi-provider heterogeneous service environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches for multi-provider, multi-tenant environment crossing multiple security domains to create consistent and dynamically configurable security services for virtualized infrastructures. This paper proposes an on-demand provisioned access control infrastructure with dynamic trust establishment for entities in a Cloud IaaS architecture model. It applies XACML-based RBAC model for the flexible authorization policy configuration and management. It uses authorization ticket as a security session management mechanism to solve the security context synchronization and exchange between multiple Cloud providers. The paper describes practical implementation of the proposed Dynamic Access Control Infrastructure as the part of a complex infrastructure services provisioning system.