{"title":"具有DOMAIN RBAC的云的对象隔离","authors":"V. Ranganathan, G. P. Venkataraman","doi":"10.1109/CCEM.2012.6354616","DOIUrl":null,"url":null,"abstract":"Cloud computing has taken technology into a mix of networking, virtualization and clustering environment which has opened up a new era with lots of opportunities thereby making business highly scalable. However there are several challenges that need to be addressed, in particular, security, which Forrester [1] has listed as being one of the most crucial concerns. One of the most effective and time-tested ways to ensure security is via Role Based Access Control (RBAC) [2]; with emphasis in cloud computing environments on data protection, authentication and authorization. RBAC provides a policy framework to enable delegation of responsibilities of the super user permissions to other users. This framework helps define non-root users with proper authorizations to perform specific system administration tasks. However it does not provide a mechanism to define the set of objects on which these roles could be exercised. By default, all Role based tasks can be performed on all objects of that type. Therefore to address this issue DOMAIN RBAC has been implemented, with object isolation feature included, as an extension of RBAC. Object Isolation marks a boundary across system resources and users by defining which users can access specified resources on the system while the RBAC roles would determine what operations can be performed on the accessible resources. In this paper we present and describe a method by which object isolation has been implemented via DOMAIN RBAC along with a use case. We also illustrate our approach by showing how it is implemented on IBM's AIX version 7 Operating System which can be leveraged in cloud environment.","PeriodicalId":409273,"journal":{"name":"2012 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM)","volume":"173 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Object Isolation for Cloud with DOMAIN RBAC\",\"authors\":\"V. Ranganathan, G. P. Venkataraman\",\"doi\":\"10.1109/CCEM.2012.6354616\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing has taken technology into a mix of networking, virtualization and clustering environment which has opened up a new era with lots of opportunities thereby making business highly scalable. However there are several challenges that need to be addressed, in particular, security, which Forrester [1] has listed as being one of the most crucial concerns. One of the most effective and time-tested ways to ensure security is via Role Based Access Control (RBAC) [2]; with emphasis in cloud computing environments on data protection, authentication and authorization. RBAC provides a policy framework to enable delegation of responsibilities of the super user permissions to other users. This framework helps define non-root users with proper authorizations to perform specific system administration tasks. However it does not provide a mechanism to define the set of objects on which these roles could be exercised. By default, all Role based tasks can be performed on all objects of that type. Therefore to address this issue DOMAIN RBAC has been implemented, with object isolation feature included, as an extension of RBAC. Object Isolation marks a boundary across system resources and users by defining which users can access specified resources on the system while the RBAC roles would determine what operations can be performed on the accessible resources. In this paper we present and describe a method by which object isolation has been implemented via DOMAIN RBAC along with a use case. We also illustrate our approach by showing how it is implemented on IBM's AIX version 7 Operating System which can be leveraged in cloud environment.\",\"PeriodicalId\":409273,\"journal\":{\"name\":\"2012 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM)\",\"volume\":\"173 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCEM.2012.6354616\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCEM.2012.6354616","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
云计算将技术带入了网络、虚拟化和集群环境的混合,这开启了一个充满机遇的新时代,从而使业务具有高度可扩展性。然而,仍有一些挑战需要解决,特别是安全性,Forrester[1]将其列为最关键的问题之一。确保安全的最有效和久经考验的方法之一是通过基于角色的访问控制(RBAC) [2];重点关注云计算环境下的数据保护、身份验证和授权。RBAC提供了一个策略框架,可以将超级用户权限的职责委托给其他用户。该框架有助于定义具有适当授权的非root用户,以执行特定的系统管理任务。但是,它没有提供一种机制来定义可以在其上执行这些角色的对象集。默认情况下,所有基于Role的任务都可以在该类型的所有对象上执行。因此,为了解决这个问题,已经实现了DOMAIN RBAC,其中包括对象隔离功能,作为RBAC的扩展。对象隔离通过定义哪些用户可以访问系统上的指定资源来标记系统资源和用户之间的边界,而RBAC角色将确定可以在可访问的资源上执行哪些操作。在本文中,我们提出并描述了一种通过DOMAIN RBAC实现对象隔离的方法以及一个用例。我们还通过展示如何在IBM的AIX version 7操作系统上实现该方法来说明我们的方法,该方法可以在云环境中使用。
Cloud computing has taken technology into a mix of networking, virtualization and clustering environment which has opened up a new era with lots of opportunities thereby making business highly scalable. However there are several challenges that need to be addressed, in particular, security, which Forrester [1] has listed as being one of the most crucial concerns. One of the most effective and time-tested ways to ensure security is via Role Based Access Control (RBAC) [2]; with emphasis in cloud computing environments on data protection, authentication and authorization. RBAC provides a policy framework to enable delegation of responsibilities of the super user permissions to other users. This framework helps define non-root users with proper authorizations to perform specific system administration tasks. However it does not provide a mechanism to define the set of objects on which these roles could be exercised. By default, all Role based tasks can be performed on all objects of that type. Therefore to address this issue DOMAIN RBAC has been implemented, with object isolation feature included, as an extension of RBAC. Object Isolation marks a boundary across system resources and users by defining which users can access specified resources on the system while the RBAC roles would determine what operations can be performed on the accessible resources. In this paper we present and describe a method by which object isolation has been implemented via DOMAIN RBAC along with a use case. We also illustrate our approach by showing how it is implemented on IBM's AIX version 7 Operating System which can be leveraged in cloud environment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
