Information Technology Reference
In-Depth Information
define and govern access control decisions. This may lead to considerable com-
plexity when dealing with several access control models like MAC, RBAC and
so on. A well-designed model should be simple and robust enough for ecient
and secure run-time enforcement.
RBAC has been introduced to access control area for above twenty years[9,
10], in fact it's proven to be one of the most promising candidates for access
control security in VMM. Conflict checking approaches for RBAC models have
been widely studied. In practice, a verifying method between access control con-
straints and user-role assignment has been proposed[11]. This paper mainly dis-
cussed about the fundamental problem about how to verify whether a user-role
assignment satisfies all constraints and how to generate an optimal user-role as-
signment. While experimental results show that the computational complexity
of this approach can be NP-hard. The approach based on role mapping mainly
concerns about data sharing conflicts between constrains like cyclic inheritance
and separations of duties[12, 13]. The prototype system proves to be effective
and ecient in conflict resolution. This approach is not appropriate for our anal-
ysis because we need a method considering the virtual machines as objects for
the virtualized scenario. Also the domain tagging mechanism would lead to some
changes in conflict checking procedure.
3 A RBAC Model for Virtualization
Unlike the ordinary access control systems, the authorization for virtualized sce-
nario has its own distinctive characteristics. For instance, VM replaces the Role
to be the key concept in virtualized environment. Meantime, all elements and
relations in RBAC will been tagged with different domain labels for distributed
management purpose. All these new requirements have exceeded the expression
ability of current RBAC model and therefore VRBAC is proposed in this section
with features as following.
Conception model of VRBAC is shown in Fig. 1, in which we could see that
VM element is added between Role and Resource to represent the virtual ma-
chines in the resource pool. Also UA and PA could have been imbedded in a
VM instead of a global context. So a User or Role who's in charge of a VM will
implicitly control all the UA and PA instances in a VM.
We use the following notation and definitions to describe VRBAC.
•
USERS
is a set of users.
•
ROLES
is a set of roles.
•
VMS
is a set of virtual machines.
• OBS
is a set of resources.
•
OPS
is a set of operations.
•
PRMS
=2
(
VMS×OBS×OPS
)
is a set of permissions.
•
UAS
ↆ
USERS
×
ROLES
is a set of User-Role assignment.
•
PAS
ↆ
PRMS
×
ROLES
is a set of Role-Permission assignment.
