Enforcing Security and Assurance Properties in Cloud Environment

Abstract : Before deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.
Complete list of metadatas

Cited literature [23 references]  Display  Hide  Download

https://hal.inria.fr/hal-01240557
Contributor : Eddy Caron <>
Submitted on : Wednesday, December 9, 2015 - 12:15:54 PM
Last modification on : Monday, February 10, 2020 - 4:36:52 PM
Long-term archiving on: Saturday, April 29, 2017 - 9:27:46 AM

File

UCC_2015.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License

Identifiers

  • HAL Id : hal-01240557, version 1

Citation

Aline Bousquet, Jérémy Briffaut, Eddy Caron, Eva María Dominguez, Javier Franco, et al.. Enforcing Security and Assurance Properties in Cloud Environment. 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), University of Cyprus, Dec 2015, Limassol, Cyprus. ⟨hal-01240557⟩

Share

Metrics

Record views

4651

Files downloads

5727