An Autonomic Cloud Management System for Enforcing Security and Assurance Properties

Enforcing security properties in a Cloud is a difficult task, which requires expertise. However, it is not the only security-related challenge met by a company migrating to a Cloud environment. Indeed, the tenant must also have assurance that the requested security properties have effectively been enforced. Therefore, the Cloud provider has to offer a way of monitoring the security. In this paper, we present a solution to express the assurance properties based on the security requirements of the tenant and to deploy these assurance properties. First, we introduce a language that expresses the assurance based on the tenant's security requirements. Secondly, we propose an infrastructure that deploys the assurance in a Cloud environment. This solution aims to be easy to use: the assurance directly results from the high-level expression of the tenant's security requirements, and no additional action is needed from the tenant. Consequently, we address one of the greatest drawback of security and assurance - the complexity of their configuration - while providing a complete assurance mechanism.

[1]  Martín Barrère,et al.  Towards the assessment of distributed vulnerabilities in autonomic networks and systems , 2012, 2012 IEEE Network Operations and Management Symposium.

[2]  Karen A. Scarfone,et al.  The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 , 2009 .

[3]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[4]  A. Leite,et al.  Commentary: Cloud computing - A security problem or solution? , 2011, Inf. Secur. Tech. Rep..

[5]  Frank Doelitzscher,et al.  An agent based business aware incident detection system for cloud environments , 2012, Journal of Cloud Computing: Advances, Systems and Applications.

[6]  Brendan Jennings,et al.  An autonomic architecture to manage Ubiquitous Computing networks and applications , 2009, 2009 First International Conference on Ubiquitous and Future Networks.

[7]  Guy Pujolle,et al.  Towards an Autonomic Piloting Virtual Network Architecture , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[8]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[9]  Aline Bousquet,et al.  An autonomous Cloud management system for in-depth security , 2014, 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet).

[10]  Eddy Caron,et al.  Security-Aware Models for Clouds , 2013, HPDC 2013.

[11]  Martín Barrère,et al.  Collaborative remediation of configuration vulnerabilities in autonomic networks and systems , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[12]  Petr Jan Horn,et al.  Autonomic Computing: IBM's Perspective on the State of Information Technology , 2001 .

[13]  Neal Ziring,et al.  Specification for the Extensible Configuration Checklist Description Format (XCCDF) , 2005 .