Security Framework for Virtualised Infrastructure Services Provisioned On-demand

Cloud computing is developing as a new wave of ICT technologies, offering a common approach to on-demand provisioning computation, storage and network resources which are generally referred to as infrastructure services. Most of currently available commercial Cloud services are built and organized reflecting simple relations between single provider and single customer with simple security and trust model. New architectural models should allow multi-provider heterogeneous services environment that can be delivered to organizational customers representing multiple user groups. These models should be supported by new security approaches to create consistent security services in virtualised multi-provider Cloud environment and incorporate complex access control and trust relations among Cloud actors. The paper analyzes basis use cases in Cloud services provisioning and defines a security infrastructure reference model which is used to define other security infrastructure aspects such as dynamic trust management, distributed access control, policy and security context management. It also provides information about ongoing implementation of the proposed Dynamic Access Control Infrastructure based on Enterprise Service Bus as a part of complex infrastructure services provisioning system.

[1]  Cees T. A. M. de Laat,et al.  Access control infrastructure for on-demand provisioned virtualised infrastructure services , 2011, 2011 International Conference on Collaboration Technologies and Systems (CTS).

[2]  Luis Rodero-Merino,et al.  A break in the clouds: towards a cloud definition , 2008, CCRV.

[3]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[4]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[5]  Wolfgang Ziegler,et al.  Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[6]  Angelos D. Keromytis,et al.  Dynamic Trust Management , 2009, Computer.

[7]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[8]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[9]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[10]  Jonathan M. McCune,et al.  Trust and Trusted Computing Platforms , 2011 .

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Michael D. Hogan,et al.  NIST Cloud Computing Standards Roadmap , 2013 .

[13]  Cees T. A. M. de Laat,et al.  Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[14]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[15]  Leon Gommans,et al.  Extending user-controlled security domain with TPM/TCG in Grid-based virtual collaborative environment , 2007, 2007 International Symposium on Collaborative Technologies and Systems.

[16]  Jose M. Alcaraz Calero,et al.  Toward a Multi-Tenancy Authorization System for Cloud Services , 2010, IEEE Security & Privacy.

[17]  Percy French,et al.  A break in the clouds , 1986 .