Secure Information and Resource Sharing in Cloud Infrastructure as a Service

Cloud infrastructure as a service (IaaS) refers to virtualized IT resources such as compute, storage and networking, offered as a service by a cloud service provider on demand to its customers (equivalently tenants). IaaS is a fast-maturing cloud service model today where tenants are strictly isolated from each other. With the prominence of IaaS as the next generation model for outsourcing IT infrastructure, we believe there is a need to facilitate secure sharing between tenants for various reasons such joint cyber incident response, catalyzing productivity, etc. In this paper, we investigate various models for information and resource sharing between tenants in an IaaS cloud. The models facilitate a tenant to share its IT resources with other tenants in a controlled manner. One motivation for sharing resources is for cyber incident response. We formally specify operational and administrative models for sharing and discuss enforcement and implementation issues in the widely-deployed OpenStack platform, the de facto open-source cloud IaaS software.