An Advanced Security-Aware Cloud Architecture

Autor: Aline Bousquet, Laurent Bobelin, Jérémy Briffaut, Jean-François Couturier, Jonathan Rouzaud-Cornabas, Arnaud Lefray, Christian Toinard, Eddy Caron
Přispěvatelé: Laboratoire d'Informatique Fondamentale d'Orléans (LIFO), Université d'Orléans (UO)-Institut National des Sciences Appliquées - Centre Val de Loire (INSA CVL), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA), Sécurité des Données et des Systèmes (SDS), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université d'Orléans (UO)-Institut National des Sciences Appliquées - Centre Val de Loire (INSA CVL), Algorithms and Software Architectures for Distributed and HPC Platforms (AVALON), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), Laboratoire de l'Informatique du Parallélisme (LIP), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Seed4C : Security Embedded Element and Data privacy for the Cloud, Centre National de la Recherche Scientifique (CNRS)-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École normale supérieure - Lyon (ENS Lyon)-Centre National de la Recherche Scientifique (CNRS)-Université de Lyon-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École normale supérieure - Lyon (ENS Lyon)
Jazyk: angličtina
Rok vydání: 2014
Předmět:
Zdroj: HPCS 2014-The 2014 International Conference on High Performance Computing & Simulation
HPCS 2014-The 2014 International Conference on High Performance Computing & Simulation, Jul 2014, Bologne, Italy
HPCS
Popis: International audience; Nowadays, Cloud offers many interesting features such as on-demand and pay-as-you-go resources, but induces new security problems in case a company wants to outsource its critical services. But since Clouds are shared between multiple tenants, both applications and execution environments need to be secured consistently in order to avoid possible attacks from malicious tenants. Moreover, if a large range of security mechanisms can improve the Cloud security, the configuration of those mechanisms to guarantee a global security property remains an open problem. Nowadays Clouds solutions lack two key features in order to realize it: an easy expression of security requirements and an actual enforcement of those requirements. This paper describes an overall architecture providing those features and an experiment run in order to demonstrate its validity. Our solution includes a language, a distribution engine and a security enforcement agent. The language eases the definition of the security properties required to plug an application into a Cloud. The distribution engine computes the sub-properties related to the different resources that must be deployed into the Cloud and coordinates the different enforcement agents associated to the provisioned resources. Our use-case addresses private hosting of customer data into the Cloud. The implementation and experiments show that the global security requirements (authentication and confidentiality) are satisfied when the application is scheduled within virtual machines and shared resources.
Databáze: OpenAIRE
Externí odkaz: