An advanced security-aware Cloud architecture
作者: Laurent Bobelin , Aline Bousquet , Jeremy Briffaut , Jean-Francois Couturier , Christian Toinard
DOI: 10.1109/HPCSIM.2014.6903737
关键词:
摘要: Nowadays, Cloud offers many interesting features such as on-demand and pay-as-you-go resources, but induces new security problems in case a company wants to outsource its critical services. But since Clouds are shared between multiple tenants, both applications execution environments need be secured consistently order avoid possible attacks from malicious tenants. Moreover, if large range of mechanisms can improve the security, configuration those guarantee global property remains an open problem. Nowadays solutions lack two key realize it: easy expression requirements actual enforcement requirements. This paper describes overall architecture providing experiment run demonstrate validity. Our solution includes language, distribution engine agent. The language eases definition properties required plug application into Cloud. computes sub-properties related different resources that must deployed coordinates agents associated provisioned resources. use-case addresses private hosting customer data implementation experiments show (authentication confidentiality) satisfied when is scheduled within virtual machines
archives-ouvertes.fr
sci-hub.se 参考文章(10)
Massimiliano Masi, Rosario Pugliese, Francesco Tiezzi, Formalisation and implementation of the XACML access control mechanism international conference on engineering secure software and systems. ,vol. 7159, pp. 60- 74 ,(2012) , 10.1007/978-3-642-28166-2_7
David Basin, Felix Klaedtke, Samuel Müller, Policy monitoring in first-order temporal logic computer aided verification. pp. 1- 18 ,(2010) , 10.1007/978-3-642-14295-6_1
Angelos D. Keromytis, Roxana Geambasu, Simha Sethumadhavan, Salvatore J. Stolfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew Elder, Darrell Kienzle, Angelos Stavrou, The MEERKATS Cloud Security Architecture international conference on distributed computing systems workshops. pp. 446- 450 ,(2012) , 10.1109/ICDCSW.2012.42
Trent Jaeger, Joshua Schiffman, Outlook: Cloudy with a Chance of Security Challenges and Improvements ieee symposium on security and privacy. ,vol. 8, pp. 77- 80 ,(2010) , 10.1109/MSP.2010.45
David Basin, Felix Klaedtke, Samuel Müller, Monitoring security policies with metric first-order temporal logic Proceeding of the 15th ACM symposium on Access control models and technologies - SACMAT '10. pp. 23- 34 ,(2010) , 10.1145/1809842.1809849
David Basin, Manuel Clavel, Marina Egea, A decade of model-driven security Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT '11. pp. 1- 10 ,(2011) , 10.1145/1998441.1998443
Vincent C. Hu, Evan Martin, JeeHyun Hwang, Tao Xie, Conformance Checking of Access Control Policies Specified in XACML computer software and applications conference. ,vol. 2, pp. 275- 280 ,(2007) , 10.1109/COMPSAC.2007.96
Ravi Sandhu, Raj Boppana, Ram Krishnan, Jeff Reich, Todd Wolff, Josh Zachry, Towards a discipline of mission-aware cloud computing cloud computing security workshop. pp. 13- 18 ,(2010) , 10.1145/1866835.1866839
Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz, Verification and change-impact analysis of access-control policies international conference on software engineering. pp. 196- 205 ,(2005) , 10.1145/1062455.1062502
C. Wright, C. Cowan, J. Morris, S. Smalley, G. Kroah-Hartman, Linux security modules: general security support for the linux kernel Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]. pp. 213- 226 ,(2003) , 10.1109/FITS.2003.1264934