Toward Unified and Flexible Security Policies Enforceable within the Cloud

Abstract : Security engineering for any given application can usually be done in many different ways. There is often a tradeoff between usability (including efficiency) and the level of protection offered. Typically the risks are assessed by developers, and a particular approach is chosen, with the assumption that the design can stay fixed for some time.Adoption of Cloud computing will challenge the viability of this approach. Beyond the extra difficulties faced when doing security engineering within distributed systems, Cloud providers require a different threat model from self-hosted resources. They are best considered “trusted but curious” even if the curiosity is accidental on the Cloud provider’s part. Some threats from such Cloud providers can be confounded through the use of cryptography, but doing so is overkill in terms of the performance penalty for many applications.To acquire the benefits of Cloud computing while minimising security risks, we believe that application developers should be provided with the ability to dynamically change the security enforcement technology in use by their software, balancing performance and security as they see fit. Recent cryptography research will significantly increase our ability to offer a runtime choice of contrasting security enforcement approaches without needing to modify the security policy. We present our initial research into this area, and outline our vision for the future.
Complete list of metadatas

https://hal.inria.fr/hal-01489456
Contributor : Hal Ifip <>
Submitted on : Tuesday, March 14, 2017 - 2:19:26 PM
Last modification on : Wednesday, October 17, 2018 - 8:10:03 PM
Long-term archiving on : Thursday, June 15, 2017 - 2:17:21 PM

File

978-3-642-38541-4_15_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

David Eyers, Giovanni Russello. Toward Unified and Flexible Security Policies Enforceable within the Cloud. 13th International Conference on Distributed Applications and Interoperable Systems (DAIS), Jun 2013, Florence, Italy. pp.181-186, ⟨10.1007/978-3-642-38541-4_15⟩. ⟨hal-01489456⟩

Share

Metrics

Record views

82

Files downloads

80