A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service.

Datacenters for cloud infrastructure-as-a-service (IaaS) consist of a large number of heterogeneous virtual resources, such as virtual machines (VMs) and virtual local area networks (VLANs). It takes a complex process to manage and arrange these virtual resources to build particular computing environments. Misconfiguration of this management process increases possibility of security vulnerability in this system. Moreover, multiplexing virtual resources of disjoint customers upon same physical hardware leads to several security concerns, such as cross-channel and denial-of-service attacks. Trusted Virtual Datacenter (TVDc) is a commerical product which informally presents a process to manage strong isolation among these virtual resources in order to mitigate these issues. In this paper, we formally represent this TVDc management model. We also develop an authorization model for the cloud administrative-user privilege management in this system.