Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Enhancing cloud security with context-aware usage control policies

: Jung, Christian; Eitel, Andreas; Schwarz, Reinhard

Fulltext (PDF; )

Plödereder, E.; Grunske, L.; Schneider, E.; Ull, D. ; Gesellschaft für Informatik -GI-, Bonn:
Informatik 2014. Big Data - Komplexität meistern. CD-ROM : Tagung der Gesellschaft für Informatik, 22. - 26. September 2014 in Stuttgart, Deutschland
Bonn: Köllen, 2014 (GI-Edition - Lecture Notes in Informatics (LNI) - Proceedings 232)
ISBN: 978-3-88579-626-8
Gesellschaft für Informatik (Jahrestagung) <44, 2014, Stuttgart>
Conference Paper, Electronic Publication
Fraunhofer IESE ()
security; security policy; data usage control; usage control; usage control security; KoSiUX; policy enforcement; cloud security; IND²UCE; SECCRIT

Cloud environments strongly rely on virtualization infrastructure that provides virtual resources by abstracting from the physical hardware. Thus, cloud providers can cost-efficiently share physical hardware among multiple tenants, and a single virtual resource may span multiple physical resources at different geo-locations. From a tenant's perspective, the uncertainty about location and context of virtual resources is a potential security threat. For instance, tenants may want to enforce geo-fencing to prevent their applications and data from migrating to undesirable jurisdictions, untrusted co-tenants, or dubious locations. They may also want to ensure that certain virtual resources share (or expressly do not share) a common physical resource, for example, to improve fault tolerance or performance. To tackle these problems, we suggest a flexible policy decision and enforcement framework for enabling usage control in cloud environments. In support of this framework, we collect additional information from the cloud environment to enforce context-aware and therefore more fine-grained usage control policies. Our solution offers flexible controls for secure and resilient cloud management. The paper presents our policy enforcement framework IND²UCE and its extension to enable context-ware policy enforcement on an exemplary cloud infrastructure using VMware products.