Abstract
The security of open-source clouds is important, and there are many challenges in the area of user access which can be resolved using various implementations. OpenStack-based clouds must implement some identity solution based on a built-in Keystone project. In addition, it is important to secure the lower layer of this cloud and its infrastructure, where there is some potential vulnerability. This area can be mistakenly underestimated. The approach based on an authentication, authorization and accounting (AAA) solution offers some possibilities for extending Keystone by expanding it to other services, which will help to integrate it into the existing environment. Furthermore, it will enhance security features and thus secure the entire environment. This article discusses the authentication, authorization and accounting principles for an OpenStack platform and offers a simplified description of their implementation and testing.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Benjamin, B., Coffman, J., Esiely-Barrera, H. et al.: Data protection in OpenStack. In: 10th IEEE International Conference on Cloud Computing, CLOUD 2017. IEEE Computer Society, pp. 560–567 (2017)
Dinesha, H.A., Agrawal, V.K.: Multi-level authentication technique for accessing cloud services. In: 2012 International Conference on Computing, Communication and Applications, ICCCA 2012 (2012)
Elia, I.A., Antunes, N., Laranjeiro, N., Vieira, M.: An analysis of OpenStack vulnerabilities. In: Proceedings – 2017 13th European Dependable Computing Conference, EDCC 2017. Institute of Electrical and Electronics Engineers Inc., pp. 129–134 (2017)
Khedher, O., Chowdhury, C.D.: Mastering OpenStack, 2nd edn. Packt, Birmingham (2017)
Jackson, K., Bunch, C., Sigler, E., Denton, J.: OpenStack Cloud Computing Cookbook, 4th edn. Packt, Birmingham (2018)
Liu, C., Singhal, A., Wijesekera, D.: Identifying evidence for cloud forensic analysis. Advances in Digital Forensics XIII. IAICT, vol. 511, pp. 111–130. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67208-3_7
Luo, Y., Luo, W., Puyang, T., et al.: OpenStack security modules: a least-invasive access control framework for the cloud. In: 9th International Conference on Cloud Computing, CLOUD 2016. IEEE Computer Society, pp. 51–58 (2017)
Majumdar, S., Madi, T., Wang, Y., et al.: User-level runtime security auditing for the cloud. IEEE Trans. Inf. Forensics Secur. 13(5), 1185–1199 (2018)
Martinelli, S., Nash, H., Topol, B.: Identity, Authentication, and Access Management in OpenStack: Implementing and Deploying Keystone, 1st edn. O’Reilly Media, Sebastopol (2015)
Nithya, A.K., Dhannya, A.K.: Privacy protected documents on OpenStack cloud. In: Proceedings of the 29th International Teletraffic Congress, ITC 2017. Institute of Electrical and Electronics Engineers Inc. (2017)
OpenStack project web page. http://openstack.org. Accessed 20 Mar 2019
Perez, M.A., Lopez, M.G., Marin, L.R., Chadwick, D.W., Schechtman, S.I.: Integrating an AAA-based federation mechanism for OpenStack the CLASSe view. Concurrency Comput. 29(12), e4148 (2017)
Ruiu, P., Caragnano, G., Masala, G.L., Grosso, E.: Accessing cloud services through biometrics authentication. In: Proceedings – 2016 10th International Conference on Complex, Intelligent, and Software Intensive Systems, CISIS 2016. Institute of Electrical and Electronics Engineers Inc., pp. 38–43 (2016)
Senk, C., Dotzler, F.: Biometric authentication as a service for enterprise identity management deployment: a data protection perspective. In: Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011, pp. 43–50 (2011)
Sette, I.S., Chadwick, D.W., Ferraz, C.A.G.: Authorization policy federation in heterogeneous multicloud environments. Trade J. 4(4), 38–47 (2017)
Shamugam, V., Murray, I., Sidhu, A.S.: Elliptical curve cryptography-kerberos authentication model for keystone in open stack. In: Mohamed Ali, M.S., Wahid, H., Mohd Subha, N.A., Sahlan, S., Md. Yunus, M.A., Wahap, A.R. (eds.) AsiaSim 2017. CCIS, vol. 752, pp. 633–644. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-6502-6_54
Solberg, M., Silverman, B.: OpenStack for Architects. Packt, Birmingham (2017)
Srinivasan, M.K., Sarukesi, K., Rodrigues, P., Manoj, M.S., Revathy, P.: State-of-the-art cloud computing security taxonomies – A classification of security challenges in the present cloud computing environment. In: Proceedings of 2012 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2012, pp. 470–476 (2012)
Acknowledgment
The research has been partially supported by the Faculty of Informatics and Management, UHK, Specific Research Project 2107: Computer Networks for Cloud, Distributed Computing and Internet of Things II.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Mercl, L., Sobeslav, V., Mikulecky, P., Macinka, M. (2019). Infrastructure Authentication, Authorization and Accounting Solutions for an OpenStack Platform. In: Awan, I., Younas, M., Ünal, P., Aleksy, M. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2019. Lecture Notes in Computer Science(), vol 11673. Springer, Cham. https://doi.org/10.1007/978-3-030-27192-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-27192-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27191-6
Online ISBN: 978-3-030-27192-3
eBook Packages: Computer ScienceComputer Science (R0)