Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security infrastructure for on-demand provisioned cloud infrastructure services

: Ngo, Canh; Laat, Cees de; Demchenko, Yuri; Rong, Chunmin; Wlodarczyk, Tomasz Wiktor; Ziegler, Wolfgang


Institute of Electrical and Electronics Engineers -IEEE-:
Third IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2011 : Athens, Greece, Nov 29 - Dec 1, 2011
New York, NY: IEEE, 2011
ISBN: 978-0-7695-4622-3
International Conference on Cloud Computing Technology and Science (CloudCom) <3, 2011, Athens>
Fraunhofer SCAI ()
cloud security infrastructure; cloud infrastructure as a service (IaaS); on-demand infrastructure services provisioning; dynamic access control infrastructure; security context management

Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services, including creation and management of the dynamic security associations, as a part of the provisioned composite services or virtual infrastructures. The first task is a traditional task in security engineering, while dynamic provisioning of managed security services in virtualised environment remains a problem and requires addit ional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required security mechanisms for secure data management in dynamically provisioned Cloud infrastructures. The paper refers to the architectural framework for on-demand infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control infrastructure (DACI). The paper proposes the security mechanisms that are required for consistent DACI o peration, in particular security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and security context between provisioned services and virtualised platform.