Skip to main content
SpringerLink
Log in
Book cover

Frontiers in Internet Technologies pp 194–205Cite as

VRBAC: An Extended RBAC Model for Virtualized Environment and Its Conflict Checking Approach

  • Conference paper

  • 1001 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 401))

Abstract

This paper extends RBAC’s authorizing ability via adding domain and virtual machine features aiming at applying in the virtualized scenarios. We define a new model named VRBAC in which authorized users can migrate or copy virtual machines from one domain to another without causing a conflict. Subjects can also share permissions of not only resources but also virtual machines with other subjects from the same or different domains. Three types of conflicts in VRBAC policies are discussed and described in form of description logic, which provides extra access to reasoning engines and facilitates the conflict checking procedure. Based on Active Directory and Xen Cloud Platform, VRBAC model visualization and its conflict checking can be enforced within the prototype system. The experimental results indicate that all conflicts can be effectively detected and the literal report generated can provide conflict details such as conflict types, positions and causes as guidance for further conflict resolution.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Claycomb, W.R., Shin, D.: Detecting insider activity using enhanced directory virtualization. In: Proceedings of the 2010 ACM Workshop on Insider Threats, pp. 29–36. ACM (2010)

    Google Scholar 

  2. Hirano, M., Shinagawa, T., Eiraku, H., Hasegawa, S., Omote, K., Tanimoto, K., Horie, T., Kato, K., Okuda, T., Kawai, E.: Introducing role-based access control to a secure virtual machine monitor: security policy enforcement mechanism for distributed computers. In: IEEE Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1225–1230. IEEE (2008)

    Google Scholar 

  3. Madnick, S.E., Donovan, J.J.: Application and analysis of the virtual machine approach to information system security and isolation. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 210–224. ACM (1973)

    Google Scholar 

  4. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE (2005)

    Google Scholar 

  5. Meushaw, R., Simard, D.: NetTop: Commercial technology in high assurance applications. Tech. Trend Notes: Preview of Tomorrow’s Information Technologies 9 (2000)

    Google Scholar 

  6. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, pp. 193–206. ACM (2003)

    Google Scholar 

  7. Liu, Q., Wang, G., Weng, C., Luo, Y., Li, M.: A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security I: Theory. China Communications 7, 137–143 (2010)

    Google Scholar 

  8. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: ACM Sigmod Record, pp. 474–485. ACM (1997)

    Google Scholar 

  9. Ferraiolo, D.F., Kuhn, D.R.: Role-based access controls. arXiv preprint arXiv:0903.2171 (2009)

    Google Scholar 

  10. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Symposium on Access Control Models and Technologies: Proceedings of the Fifth ACM Workshop on Role-Based Access Control, pp. 47–63 (2000)

    Google Scholar 

  11. Sun, Y., Wang, Q., Li, N., Bertino, E., Atallah, M.J.: On the complexity of authorization in RBAC under qualification and security constraints. IEEE Transactions on Dependable and Secure Computing 8, 883–897 (2011)

    Article  Google Scholar 

  12. Wang, X., Gu, T., Guo, Y., Zheng, Y., Zong, J., Gong, B.: An Algorithm for Role Mapping Across Multi-domains Employing RBAC. Chinese Journal of Electronics 18 (2009)

    Google Scholar 

  13. Fan, B., Liang, X., Luo, Y., Bo, Y., Xia, C.: Conflict Detection Model of Access Control Policy in Collaborative Environment. In: 2011 International Conference on Computational and Information Sciences (ICCIS), pp. 377–381. IEEE (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Network Technology, Beihang University, Beijing, China

    Yang Luo, Yazhuo Li, Qing Tang, Zhao Wei & Chunhe Xia

  2. State Key Laboratory of Virtual Reality Technology and Systems, Beihang University, Beijing, China

    Chunhe Xia

  3. School of Computer Science and Engineering, Beihang University, Beijing, China

    Yang Luo, Yazhuo Li, Qing Tang, Zhao Wei & Chunhe Xia

Authors
  1. Yang Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yazhuo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qing Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhao Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chunhe Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, China

    Jinshu Su

  2. National University of Defense Technology, Changsha, Hunan, China

    Baokang Zhao , Zhigang Sun , Xiaofeng Wang  & Fei Wang , ,  & 

  3. Tsinghua University, Bejing, China

    Ke Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Luo, Y., Li, Y., Tang, Q., Wei, Z., Xia, C. (2013). VRBAC: An Extended RBAC Model for Virtualized Environment and Its Conflict Checking Approach. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds) Frontiers in Internet Technologies. Communications in Computer and Information Science, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53959-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-53959-6_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-53958-9

  • Online ISBN: 978-3-642-53959-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation