Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Virtualization Management Convergence Access Control Model for Cloud Computing Environments

클라우드 컴퓨팅 환경에서 가상화 관리 융합접근제어 모델

  • 최은복 (전주대학교 스마트미디어학과)
  • Received : 2018.07.10
  • Accepted : 2018.10.20
  • Published : 2018.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The purpose of access control is to prevent computing resources from illegal behavior such as leakage, modification, and destruction by unauthorized users. As the cloud computing environment is expanded to resource sharing services using virtualization technology, a new security model and access control technique are required to provide dynamic and secure cloud-based computing services. The virtualization management convergence access control model provides a flexible user authorization function by applying the dynamic privilege assignment function to the role based access control mechanism. In addition, by applying access control mechanism based on security level and rules, we solve the conflict problem in virtual machine system and guarantee the safeness of physical resources. This model will help to build a secure and efficient cloud-based virtualization management system and will be expanded to a mechanism that reflects the multi-level characteristics.

접근제어 목적은 컴퓨팅 자원을 불법적인 사용자로부터 유출, 수정, 파괴와 같은 비합법적인 행위로부터 원천적으로 차단하고 보호하는데 있다. 클라우드 컴퓨팅 환경이 가상화 기술을 활용한 자원공유 서비스로 확장됨에 따라 동적이고 안전한 클라우드 기반 서비스를 제공하기 위해서는 새로운 보안 모델과 접근제어 기법이 요구되어진다. 본 가상화 관리 융합접근제어 모델은 역할기반 접근제어 기법에 동적 권한 배정 기능을 적용하여 유연한 사용자 권한 부여 기능을 제공하였다. 또한 보안등급과 규칙에 의거한 접근제어 기법을 적용함으로써 공유개념의 가상머신 시스템에서 권한충돌 문제 해결과 물리적 자원의 안전성을 보장토록 하였다. 본 모델은 안전하고 효율적인 클라우드 기반의 가상화 관리 시스템을 구축하는데 도움이 될 것이며 향후 다단계 특성을 반영한 메카니즘으로 확장될 필요성이 있다.

Keywords

References

  1. R. Aluvalu & L. Muddana. (2016). A Dynamic attribute-based risk aware access control model(DA-RAAC) for cloud computing. IEEE International Conference on Computational Intelligence and Computing Research. DOI : 10.1109/iccic.2016.7919618
  2. D. Zou, L. Shi & H. Jin. (2009). DVM_MAC:A Mandatory Access Control System in Distributed Virtual Computing Enviroment, IEEE 15th Internaltional Conference on Parallel and Distributed Systems, 556-563, DOI : 10.1109/ICPADS.2009.128
  3. W. Li, H. Wan, X. Ren & S. Li. (2012). A Refined RBAC Model for Cloud Computing, IEEE/ACIS International Conference on Computer and Information Science, 43-48 DOI : 10.1109/icis.2012.13
  4. C. Weng, Y. Luo, M. Li & X. Lu. (2008). A BLP-based Access Control Mechanism for the Virtual Machine System, IEEE 9th International Conference for Young Computer Scientists, 2278-2282. DOI : 10.1109/ICYCS.2008.503
  5. H. Zhu, Y. Xue, Y. Zhang, X. Chen, H. Li & X. Liu. (2013). V-MLR:A Multilevel Security Model for Virtualization, IEEE 5th International Conference on Intelligent Networking and Collaborative Systems, 9-16. DOI : 10.1109/INCoS.2013.12
  6. L. Kerr & J. Alves-Foss. (2016). Combining Mandatory and Attribute-bsed Access Control, IEEE 49th Hawaii International Conference o System Sciences, 2616-2623. DOI : 10.1109/HICSS.2016.328
  7. S. M. Lee, S. B. Suh, B. D Jeong & S. D. Mo. (2008). A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization, IEEE Communications Society, 251-256 DOI : 10.1109/ccnc08.2007.63
  8. Amazon Elastic Compute Cloud(EC2). (2009). http://aws.amazon.com/ec2.
  9. Amazon Simple Storage Service(S3) (2009). http://aws.amazon.com/s3.
  10. VMware vCenter Server. (2011). http://aws.vmware.com/products/vcenter-server.
  11. Windows Server 2008 Virtualization with Hyper-V. (2009).http://www.microsoft.com/windowsserver2008/en/us/hyperv-main.aspx.
  12. Ovirt. (2011). http://www.ovirt.org/.
  13. British Standards. (2013). ISO/IEC 27001:2013(E) (Information technlolgy-Security techniques-A Information security management systems-Rquirements)
  14. Y. Zhu, C. J. Hu, & X. Wang. (2015). From RBAC to ABAC:Constructing Flexible Data Access Control for Cloud Storage Services, IEEE Transactions on Services Computing, 8(4), 601-616. DOI : 10.1109/TSC.2014.2363474
  15. C. Pengrui, W. LingDa, Y. Chao & Y. Ronghuan. (2016). A Hierachical Access Control Model of Software Repository Based on RBAC, IEEE, 761-765 DOI : 10.1109/icsess.2016.7883179
  16. R. S. Sandhu, E. J. Coyne, H. L. Feinstein & C. E. Youman. (1996) Role-Based Access Control Models, COMPUTER SOCIETY, IEEE, 38-47
  17. E. B. Choi & S. J. Lee. (2016). Acces Control Mechanism based on MAC for Cloud Convergence, Jouunal of the Korea Convergence Society, 1-8 DOI : 10.15207/jkcs.2016.7.1.001
  18. M. Benedetti & M. Mori. (2018). Parametric RBAC Maintenance via Max-SAT. ACM on Symposium on Access Control Models and Technologies, 15-25. DOI : 10.1145/3205977.3205987