| 摘要 |
Super user control subscription service by cloud infrastructure provider in which said super user has control access limitation over virtual machine application deployment by utilizing five main features namely interface layer; super user control service (SCS) storage; super user creator and rules validator; packet interception engine and packet queue. Further, the present invention deploys the used of logging activities of the said super user upon providing validation for authentication and authorization of Subscriber 1 {Submitter) and Subscriber 2 (Approver) to enhance security of the super user control subscription service. The present invention comprising at least one cloud provider administrator (102) and at least one virtual machine subscriber (104) in communication with at least one cloud infrastructure provider portal within a portal access; at least one networking protocol suite (110) in communication with at least one cloud service provider (CSP) portal (112) within a network; and at least one super user control service (SCS) (108) in communication with the at least one cloud infrastructure provider portal within a portal access and in communication with at least one cloud service provider (CSP) portal (112) within a network; said super user control service (SCS) enables virtual machine (VM) subscription service by enabling super user control limit to avoid insider security threats. The at least one interface layer (122) enables super user rules configuration for super user control service (SCS) subscriber through cloud infrastructure provider portal; the at least one super user creator and rules validator (116) creates and validates rules; the super user control service (SCS) storage (118) stores super user service (SCS) subscriber user information and super user rules information; the packet interception engine (120) verifies super user rules obtained from said super user control service (SCS) storage prior to forwarding to at least one virtual machine on cloud network layer and the packet queue module (114) queues network packet for analysis by said packet interception engine (120). |
