• DocumentCode
    244610
  • Title

    An advanced security-aware Cloud architecture

  • Author

    Bobelin, Laurent ; Bousquet, Aline ; Briffaut, Jeremy ; Couturier, Jean-Francois ; Toinard, Christian ; Caron, Eddy ; Lefray, Arnaud ; Rouzaud-Cornabas, Jonathan

  • Author_Institution
    INSA Centre Val de Loire, Univ. Orleans, Bourges, France
  • fYear
    2014
  • fDate
    21-25 July 2014
  • Firstpage
    572
  • Lastpage
    579
  • Abstract
    Nowadays, Cloud offers many interesting features such as on-demand and pay-as-you-go resources, but induces new security problems in case a company wants to outsource its critical services. But since Clouds are shared between multiple tenants, both applications and execution environments need to be secured consistently in order to avoid possible attacks from malicious tenants. Moreover, if a large range of security mechanisms can improve the Cloud security, the configuration of those mechanisms to guarantee a global security property remains an open problem. Nowadays Clouds solutions lack two key features in order to realize it: an easy expression of security requirements and an actual enforcement of those requirements. This paper describes an overall architecture providing those features and an experiment run in order to demonstrate its validity. Our solution includes a language, a distribution engine and a security enforcement agent. The language eases the definition of the security properties required to plug an application into a Cloud. The distribution engine computes the sub-properties related to the different resources that must be deployed into the Cloud and coordinates the different enforcement agents associated to the provisioned resources. Our use-case addresses private hosting of customer data into the Cloud. The implementation and experiments show that the global security requirements (authentication and confidentiality) are satisfied when the application is scheduled within virtual machines and shared resources.
  • Keywords
    cloud computing; message authentication; outsourcing; virtual machines; advanced security-aware cloud architecture; application scheduling; authentication requirement; cloud security; confidentiality requirement; critical service outsourcing; distribution engine; global security property; global security requirements; malicious tenants; on-demand resource; pay-as-you-go resource; private customer data hosting; resource sharing; security enforcement agent; virtual machines; Authentication; Cloud computing; Computer architecture; Context; Engines; Mechanical factors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High Performance Computing & Simulation (HPCS), 2014 International Conference on
  • Conference_Location
    Bologna
  • Print_ISBN
    978-1-4799-5312-7
  • Type

    conf

  • DOI
    10.1109/HPCSim.2014.6903737
  • Filename
    6903737