Flying over Mobile Clouds with Security Planes: Select Your Class of SLA for End-to-End Security

End-to-end security is one of the biggest challenges for mobile clouds today: mobile cloud computing may mean the worst of cloud and device worlds regarding threats. Unfortunately, previous solutions considered the problem from one end only, lacking device-to-cloud virtual organizations (VOrgs), end-to-end VOrg isolation, and automated security supervision. This paper presents Orange MC2, a new security architecture and implementation overcoming such limitations. For homogeneous security SLA guarantees, execution environments in device and cloud domains are dynamically set up into VOrgs called MC2s, forming end-to-end security planes over the infrastructure. Strict plane separation is agnostic to underlying isolation mechanisms using a policy framework for security policy distribution and enforcement throughout an MC2. Security may be autonomically regulated at several levels of granularity in MC2s, both across domains and infrastructure layers. The paper also reports on a case study implementation. Results show that the architecture may be deployed effectively in practice, offering a first simple solution for selective end-to-end mobile cloud security, with interesting perspectives for a network operator.