Trusted Cloud Tenant Separation Mechanism Supporting Transparency

Tenant separation is a provision for cloud computing to be provided to tenants as a third party service, therefore the tenants' confidence in the security effectiveness of cloud tenant is critical to the promotion of cloud services. However, in a third party service such as cloud computing, tenants have few opportunities to take part in the construction and management of the infrastructure of cloud computing, making it hard for the tenants to trust the tenant separation mechanism in cloud. This paper views the transparency requirement as a part of trusted cloud tenant separation mechanism, implements a cloud tenant separation mechanism and its transparency requirement based on the inter-domain information flow control policy in cloud computing systems, and proves that the resulting cloud tenant separation mechanism is secure and effective by non-interference theory.

[1]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[2]  J. Thomas Haigh,et al.  Extending The Non-Interference Version Of MLS For Sat , 1987, 1986 IEEE Symposium on Security and Privacy.

[3]  Steven B. Lipner,et al.  Trusted Computer System Evaluation Criteria ( Orange Book ) December , 2001 .

[4]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[5]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[6]  Calton Pu,et al.  Reducing TCB complexity for security-sensitive applications: three case studies , 2006, EuroSys.

[7]  Cong Nie Dynamic Root of Trust in Trusted Computing , 2007 .

[8]  J. Rushby,et al.  The MILS component integration approach to secure information sharing , 2008, 2008 IEEE/AIAA 27th Digital Avionics Systems Conference.

[9]  Chris I. Dalton,et al.  Hypervisors: Preventing hypervisor-based rootkits with trusted execution technology , 2008 .

[10]  Steven Hand,et al.  Improving Xen security through disaggregation , 2008, VEE '08.

[11]  John Rushby,et al.  A Formal Model for MILS Integration , 2008 .

[12]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[13]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[14]  Song Xiao Preventing Hypervisor-based Rootkit with Trusted Execution Technology , 2009 .

[15]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[16]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[17]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[18]  Yu Guo,et al.  A trusted computing environment model in cloud architecture , 2010, 2010 International Conference on Machine Learning and Cybernetics.

[19]  Lori M. Kaufman,et al.  Can a Trusted Environment Provide Security? , 2010, IEEE Security & Privacy.

[20]  Wayne Pauley,et al.  Cloud Provider Transparency: An Empirical Evaluation , 2010, IEEE Security & Privacy.

[21]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[22]  David M. Nicol,et al.  Trust mechanisms for cloud computing , 2013, Journal of Cloud Computing: Advances, Systems and Applications.

[23]  Vijay Varadharajan,et al.  TREASURE: Trust Enhanced Security for Cloud Environments , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[24]  Ali Sunyaev,et al.  Cloud services certification , 2013, CACM.

[25]  Abhishek N. Patel,et al.  TPM as a Middleware for Enterprise Data Security , 2013 .

[26]  Mohammed Eunus Ali,et al.  AntiqueData: A Proxy to Maintain Computational Transparency in Cloud , 2014, DASFAA Workshops.

[27]  Alec Wolman,et al.  cTPM: A Cloud TPM for Cross-Device Trusted Applications , 2014, NSDI.

[28]  Ashish Kumar,et al.  Reduction of cost by implementing transparency in cloud computing through different approaches , 2014, 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies.

[29]  Kimmo Hätönen,et al.  Towards Trusted Environment in Cloud Monitoring , 2014, 2014 11th International Conference on Information Technology: New Generations.

[30]  Ron van der Meyden What, indeed, is intransitive noninterference? , 2015, J. Comput. Secur..