Systems and methods for providing software defined network based dynamic access control in a cloud

What is claimed: 1. A method comprising: receiving in an authentication, authorization, and accounting server a request from a user to access a cloud resource; receiving user authentication information in the authentication, authorization, and accounting server; comparing the user authentication information to a profile stored in a policy server to determine if the user is authorized to access the cloud resource; when the user is authorized to access the cloud resource, initiating a user session using a software defined network flow injection; assigning a source layer 3 IP address to the user from a preconfigured IP address pool; assigning an allowed layer 4 protocol or port; inserting a user specific flow with an IP address flow rule with the source layer 3 IP address and destination IP address of the cloud resource and a layer 4 flow rule that restricts access to only the allowed layer 4 protocol or port; granting the user access to the cloud resource; when the user session is terminated, sending an indication to the software defined network controller that the user session has been terminated; and removing the user specific flow with the software defined network controller to deny the user further access to the cloud resource. 2. The method of claim 1 wherein the software defined network device comprises a virtual router. 3. The method of claim 1 wherein the request from the user is provided by a front end access device. 4. The method of claim 2 wherein the virtual router is SDN enabled. 5. The method of claim 1 wherein the software defined network device is configured to deny access to the cloud resource unless there is a user-specific flow granting access to the user. 6. The method of claim 1 wherein the software defined network device is a ToR switch. 7. A system for controlling access to a cloud resource comprising: an authentication, authorization, and accounting server disposed in a software defined network; at least one subsystem that: receives a request in an authentication, authorization, and accounting server for access to the cloud resources from a user; receives user authentication information in the authentication, authorization, and accounting server; compares the user authentication information to a profile stored in a policy server to determine if the user is authorized to access the cloud resource; when the user is is authorized to access the cloud resource, initiates a user session using a software defined network flow injection; assigns a source layer 3 IP address to the user from a preconfigured IP address pool; assigns an allowed layer 4 protocol or port; inserts a user specific flow with an IP address flow rule with the source layer 3 IP address and destination IP address of the cloud resource and a layer 4 flow rule that restricts access to only the allowed layer 4 protocol or port; grants the user access to the cloud resource; when the user session is terminated, sends an indication to the software defined network controller that the user session has been terminated; and removes the user specific flow with the software defined network controller to deny the user further access to the cloud resource. 8. The system of claim 7 wherein the software defined network device comprises a virtual router. 9. The system of claim 7 wherein the at least one subsystem that receives a request for access comprises a subsystem that receives a request for access form a front end access device. 10. The system of claim 8 wherein the virtual router is SDN enabled. 11. The system of claim 7 wherein the software defined network device is configured to deny access to the cloud resources unless there is a user-specific flow granting access to the user. 12. The system of claim 7 wherein the software defined network device is a ToR switch.