A Constraint-Based Model for Virtual Machine Data Access Control in Cloud Platform

Abstract

Virtual machine (VM) data access control provides a cloud-computing platform with guaranteed safety. Given that the cloud platform environment is dynamically variable, static VM data access operational authorization is different from the dynamic cloud platform environment in state determination. This difference affects the safety and performance of VMs in the entire cloud platform. A constraint-based VM data access control model was proposed in this study to evaluate the influence of dynamic environmental change in a cloud platform on VM data access control operation. The state information of the dynamic cloud environment was considered a constraint evaluation function. The model realized organic integration of static Bell–LaPadula model safety level and dynamic cloud platform environmental information. A safety policy of VM data access control operation was established, and the capability of the constraint-based access control model to improve the safety of VMs was verified. A model implementation framework and the main functions in combination with the proposed model were realized. The effectiveness and performance of the constraint-based VM data access control model were also evaluated. Results showed that the performance loss was within 7% when the constrained VM data access control model was used for operations, such as VM management. The test of communication intensive workload of a VM indicated that the operating time of the model was increased by approximately 4%. The constraint-based VM data access control model in cloud platform could adapt to the complex dynamic cloud platform environment and improve the safety of VMs. This study provided technical and theoretical bases for VM data access control in cloud platform.