Enforcing Security and Assurance Properties in Cloud Environment

Aline Bousquet 1 Jérémy Briffaut 1 Eddy Caron 2 Eva María Dominguez 3 Javier Franco 4 Arnaud Lefray 1, 2 Oscar López 5 Saioa Ros 5 Jonathan Rouzaud-Cornabas 6, 7 Christian Toinard 1 Mikel Uriarte 5
2 AVALON - Algorithms and Software Architectures for Distributed and HPC Platforms
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
7 BEAGLE - Artificial Evolution and Computational Biology
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information, Inria Grenoble - Rhône-Alpes, LBBE - Laboratoire de Biométrie et Biologie Evolutive, CarMeN - Cardiovasculaire, métabolisme, diabétologie et nutrition
Abstract : Before deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.
Type de document :
Communication dans un congrès
8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), Dec 2015, Limassol, Cyprus. 2015, 8th IEEE/ACM International Conference on Utility and Cloud Computing. 〈http://cyprusconferences.org/ucc2015〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01240557
Contributeur : Eddy Caron <>
Soumis le : mercredi 9 décembre 2015 - 12:15:54
Dernière modification le : mardi 17 juillet 2018 - 15:49:38
Document(s) archivé(s) le : samedi 29 avril 2017 - 09:27:46

Fichier

UCC_2015.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité - Pas d'utilisation commerciale - Pas de modification 4.0 International License

Identifiants

  • HAL Id : hal-01240557, version 1

Citation

Aline Bousquet, Jérémy Briffaut, Eddy Caron, Eva María Dominguez, Javier Franco, et al.. Enforcing Security and Assurance Properties in Cloud Environment. 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), Dec 2015, Limassol, Cyprus. 2015, 8th IEEE/ACM International Conference on Utility and Cloud Computing. 〈http://cyprusconferences.org/ucc2015〉. 〈hal-01240557〉

Partager

Métriques

Consultations de la notice

3309

Téléchargements de fichiers

5608