Although major advances have been made in protection of cloud platforms against malicious attacks, little has been done regarding the protection of these platforms against insider threats. This paper looks into this challenge by introducing self-adaptation as a mechanism to handle insider threats in cloud platforms, and this will be demonstrated in the context of OpenStack. OpenStack is a popular cloud platform that relies on Keystone, its identity management component, for controlling access to its resources. The use of self-adaptation for handling insider threats has been motivated by the fact that self-adaptation has been shown to be quite effective in dealing with uncertainty in a wide range of applications. Insider threats have become a major cause for concern since legitimate, though malicious, users might have access, in case of theft, to a large amount of information. The key contribution of this paper is the definition of an architectural solution that incorporates self-adaptation into OpenStack Keystone in order to handle insider threats. For that, we have identified and analysed several insider threats scenarios in the context of the OpenStack cloud platform, and have developed a prototype that was used for experimenting and evaluating the impact of these scenarios upon the self-adaptive authorisation system for the cloud platforms.

中文翻译：

---

OpenStack云平台中的自适应授权

尽管在保护云平台免受恶意攻击方面已取得重大进展，但在保护这些平台免受内部威胁方面却做得很少。本文通过引入自适应作为一种处理云平台内部威胁的机制来研究这一挑战，并将在OpenStack的上下文中进行演示。OpenStack是一种流行的云平台，它依赖于其身份管理组件Keystone来控制对其资源的访问。事实表明，自适应在处理广泛应用中的不确定性方面非常有效，这促使使用自适应来处理内部威胁。内部威胁已成为引起关注的主要原因，因为合法的用户（尽管是恶意用户）在盗窃，大量的信息。本文的主要贡献是定义了一种架构解决方案，该架构解决方案将自适应功能整合到OpenStack Keystone中以处理内部威胁。为此，我们在OpenStack云平台的环境中识别并分析了几种内部威胁方案，并开发了一个原型，用于试验和评估这些方案对云平台的自适应授权系统的影响。