Security Middleground for Resource Protection in Measurement Infrastructure-as-a-Service
| Autor: | Kunpeng Zhu, Alex Berryman, Mukundan Sridharan, Ravi Akella, Prasad Calyam, Saptarshi Debroy |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Authentication
Information Systems and Management Cloud computing security Computer Networks and Communications business.industry Computer science Network security 020206 networking & telecommunications Access control Cloud computing 02 engineering and technology Computer security computer.software_genre Computer Science Applications Hardware and Architecture Middleware Threat model 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Orchestration (computing) business computer |
| Zdroj: | IEEE Transactions on Services Computing. 12:621-638 |
| ISSN: | 2372-0204 |
| DOI: | 10.1109/tsc.2016.2618792 |
| Popis: | Securing multi-domain network performance monitoring (NPM) systems that are being widely deployed as ‘Measurement Infrastructure-as-a-Service’ (MIaaS) in high-performance computing is becoming increasingly critical. It presents an emerging set of research challenges in cloud security given that security mechanisms such as policy-driven access to federated NPM services across multiple domains need to be designed carefully to protect MIaaS resources and data. In this paper, we advocate the design of a security middleground between default open/closed access settings and present policy-driven access controls of measurement functions for a multi-domain federation using a MIaaS. Our approach involves an analytical investigation based on a set of custom metrics to compare and contrast the legacy, role-based and more fine-grained, attribute-based access control schemes to design a security middleground. We implement the chosen middleground with a secured middleware, viz., “OnTimeSecure”. Our middleware enables ‘user-to-service’ and ‘service-to-service’ authentication, and enforces federated authorization entitlement policies for timely orchestration of MIaaS services. Lastly, we evaluate OnTimeSecure in a real multi-domain MIaaS testbed by performing threat modeling and security risk assessments to validate the analysis outcomes and demonstrate its effectiveness for easy integration and sustainable adoption. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|