Toward Unified and Flexible Security Policies Enforceable within the Cloud

Abstract : Security engineering for any given application can usually be done in many different ways. There is often a tradeoff between usability (including efficiency) and the level of protection offered. Typically the risks are assessed by developers, and a particular approach is chosen, with the assumption that the design can stay fixed for some time.Adoption of Cloud computing will challenge the viability of this approach. Beyond the extra difficulties faced when doing security engineering within distributed systems, Cloud providers require a different threat model from self-hosted resources. They are best considered “trusted but curious” even if the curiosity is accidental on the Cloud provider’s part. Some threats from such Cloud providers can be confounded through the use of cryptography, but doing so is overkill in terms of the performance penalty for many applications.To acquire the benefits of Cloud computing while minimising security risks, we believe that application developers should be provided with the ability to dynamically change the security enforcement technology in use by their software, balancing performance and security as they see fit. Recent cryptography research will significantly increase our ability to offer a runtime choice of contrasting security enforcement approaches without needing to modify the security policy. We present our initial research into this area, and outline our vision for the future.
Type de document :
Communication dans un congrès
Jim Dowling; François Taïani. 13th International Conference on Distributed Applications and Interoperable Systems (DAIS), Jun 2013, Florence, Italy. Springer, Lecture Notes in Computer Science, LNCS-7891, pp.181-186, 2013, Distributed Applications and Interoperable Systems. 〈10.1007/978-3-642-38541-4_15〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01489456
Contributeur : Hal Ifip <>
Soumis le : mardi 14 mars 2017 - 14:19:26
Dernière modification le : mardi 14 mars 2017 - 16:07:25
Document(s) archivé(s) le : jeudi 15 juin 2017 - 14:17:21

Fichier

978-3-642-38541-4_15_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

David Eyers, Giovanni Russello. Toward Unified and Flexible Security Policies Enforceable within the Cloud. Jim Dowling; François Taïani. 13th International Conference on Distributed Applications and Interoperable Systems (DAIS), Jun 2013, Florence, Italy. Springer, Lecture Notes in Computer Science, LNCS-7891, pp.181-186, 2013, Distributed Applications and Interoperable Systems. 〈10.1007/978-3-642-38541-4_15〉. 〈hal-01489456〉

Partager

Métriques

Consultations de la notice

66

Téléchargements de fichiers

25