Enhance OpenStack Access Control via Policy Enforcement Based on XACML

Hao Wei; Joaquin Salvachua Rodriguez; Antonio Tapiador

doi:10.5220/0004893802830289

Enhance OpenStack Access Control via Policy Enforcement Based on XACML

Hao Wei, Joaquin Salvachua Rodriguez, Antonio Tapiador

2014

Abstract

The cloud computing is driving the future of internet computation, and evolutes the concepts from software to infrastructure. OpenStack is one of promising open-sourced cloud computing platforms. The active developer community and worldwide partners make OpenStack as a booming cloud ecosystem. In OpenStack, it supports JSON file based access control for user authorization. In this paper, we introduce a more powerful and complex access control method, XACML access control mechanism in OpenStack. XACML is an approved OASIS standard for access control language, with the capability of handling all major access control models. It has numerous advantages for nowadays cloud computing environment, include fine-grained authorization policies and implementation independence. This paper puts forward a XACML access control solution in OpenStack, which has Policy Enforcement Point (PEP) embedded in OpenStack cloud service and a XACML engine server with policy storage database. Our implementation allows OpenStack users to choose XACML as an access control method of OpenStack and facilitate the management work on policies.

Download

Paper Citation

in Harvard Style

Wei H., Salvachua Rodriguez J. and Tapiador A. (2014). Enhance OpenStack Access Control via Policy Enforcement Based on XACML . In Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-028-4, pages 283-289. DOI: 10.5220/0004893802830289

in Bibtex Style

@conference{iceis14,
author={Hao Wei and Joaquin Salvachua Rodriguez and Antonio Tapiador},
title={Enhance OpenStack Access Control via Policy Enforcement Based on XACML},
booktitle={Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2014},
pages={283-289},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004893802830289},
isbn={978-989-758-028-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Enhance OpenStack Access Control via Policy Enforcement Based on XACML
SN - 978-989-758-028-4
AU - Wei H.
AU - Salvachua Rodriguez J.
AU - Tapiador A.
PY - 2014
SP - 283
EP - 289
DO - 10.5220/0004893802830289