Security Framework for Virtualised Infrastructure Services Provisioned On-demand

Abstract

Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between single provider and single customer with simple security and trust model. New architectural models should allow multi-provider heterogeneous services environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches to create consistent security services in virtualised multi-provider Cloud environment and incorporate complex access control and trust relations among Cloud actors. The paper analyzes basis use cases in Cloud services provisioning and defines a security infrastructure reference model which is used to define other security infrastructure aspects such as dynamic trust management, distributed access control, policy and security context management. It also provides information about ongoing implementation of the proposed Dynamic Access Control Infrastructure based on Enterprise Service Bus as a part of complex infrastructure services provisioning system.