Semantically Rich, Context Aware Access Control for Openstack
September 1, 2018
In an open source cloud computing platform such as OpenStack, operators use Role-Based Access Control (RBAC) model to grant access to cloud resources. However, these user-level role-based access control techniques fail to include comprehensive user context. We believe a situational aware framework will improve security by bringing in user's context to such cloud systems. In this paper, we create a semantically rich context-sensitive access control system for OpenStack by incorporating the user's current context attributes like location, time, etc. In a proof-of-concept implementation, we integrate a knowledge graph with our own access control system to express and enforce the contextual-situation policies in OpenStack. The proposed system provides enhanced, flexible access control while minimizing the overhead of altering the existing access control framework. We also discuss various use cases, to highlight the benefits of our system and show enforcement results.
Downloads: 63 downloads