A Scalable Security Model for Enabling Dynamic Virtual Private Execution Infrastructures on the Internet

With the expansion and the convergence of computing and communication, the dynamic provisioning of customized processing and networking infrastructures as well as resource virtualization are appealing concepts and technologies. Therefore, new models and tools are needed to allow users to create, trust and exploit such on-demand virtual infrastructures within wide area distributed environments. This paper proposes to combine network and system virtualization with cryptographic identification and SPKI/HIP principles to help the user communities to build and share their own resource reservoirs. These ideas are implemented in the HIPerNet framework enabling the creation and the management of customized confined execution environments in a large scale context. Based on the example of biomedical applications, the paper focuses on the security model of the HIPerNet system and develops the key aspects of our distributed security approach. Then the paper discusses and illustrates how HIPerNet solutions fulfill the security requirements of applications through different scenarios.