Skip to Main content Skip to Navigation
Conference papers

Enforcing Security and Assurance Properties in Cloud Environment

Abstract : Before deploying their infrastructure (resources, data, communications, ...) on a Cloud computing platform, companies want to be sure that it will be properly secured. At deployment time, the company provides a security policy describing its security requirements through a set of properties. Once its infrastructure deployed, the company want to be assured that this policy is applied and enforced. But describing and enforcing security properties and getting strong evidences of it is a complex task. To address this issue, in [1], we have proposed a language that can be used to express both security and assurance properties on distributed resources. Then, we have shown how these global properties can be cut into a set of properties to be enforced locally. In this paper, we show how these local properties can be used to automatically configure security mechanisms. Our language is context-based which allows it to be easily adapted to any resource naming systems e.g., Linux and Android (with SELinux) or PostgreSQL. Moreover, by abstracting low-level functionalities (e.g., deny write to a file) through capabilities, our language remains independent from the security mechanisms. These capabilities can then be combined into security and assurance properties in order to provide high-level functionalities, such as confidentiality or integrity. Furthermore, we propose a global architecture that receives these properties and automatically configures the security and assurance mechanisms accordingly. Finally, we express the security and assurance policies of an industrial environment for a commercialized product and show how its security is enforced.
Complete list of metadata

Cited literature [23 references]  Display  Hide  Download
Contributor : Eddy Caron Connect in order to contact the contributor
Submitted on : Wednesday, December 9, 2015 - 12:15:54 PM
Last modification on : Tuesday, October 12, 2021 - 5:20:39 PM
Long-term archiving on: : Saturday, April 29, 2017 - 9:27:46 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution - NonCommercial - NoDerivatives 4.0 International License


  • HAL Id : hal-01240557, version 1


Aline Bousquet, Jérémy Briffaut, Eddy Caron, Eva María Dominguez, Javier Franco, et al.. Enforcing Security and Assurance Properties in Cloud Environment. 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC 2015), University of Cyprus, Dec 2015, Limassol, Cyprus. ⟨hal-01240557⟩



Les métriques sont temporairement indisponibles