Toward Unified and Flexible Security Policies Enforceable within the Cloud - Distributed Applications and Interoperable Systems
Conference Papers Year : 2013

Toward Unified and Flexible Security Policies Enforceable within the Cloud

Abstract

Security engineering for any given application can usually be done in many different ways. There is often a tradeoff between usability (including efficiency) and the level of protection offered. Typically the risks are assessed by developers, and a particular approach is chosen, with the assumption that the design can stay fixed for some time.Adoption of Cloud computing will challenge the viability of this approach. Beyond the extra difficulties faced when doing security engineering within distributed systems, Cloud providers require a different threat model from self-hosted resources. They are best considered “trusted but curious” even if the curiosity is accidental on the Cloud provider’s part. Some threats from such Cloud providers can be confounded through the use of cryptography, but doing so is overkill in terms of the performance penalty for many applications.To acquire the benefits of Cloud computing while minimising security risks, we believe that application developers should be provided with the ability to dynamically change the security enforcement technology in use by their software, balancing performance and security as they see fit. Recent cryptography research will significantly increase our ability to offer a runtime choice of contrasting security enforcement approaches without needing to modify the security policy. We present our initial research into this area, and outline our vision for the future.
Fichier principal
Vignette du fichier
978-3-642-38541-4_15_Chapter.pdf (131.46 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01489456 , version 1 (14-03-2017)

Licence

Identifiers

Cite

David Eyers, Giovanni Russello. Toward Unified and Flexible Security Policies Enforceable within the Cloud. 13th International Conference on Distributed Applications and Interoperable Systems (DAIS), Jun 2013, Florence, Italy. pp.181-186, ⟨10.1007/978-3-642-38541-4_15⟩. ⟨hal-01489456⟩
82 View
77 Download

Altmetric

Share

More