Security policy verification for multi-domains in cloud systems

Security policy verification for multi-domains in cloud systems

The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2014-04, Vol.13 (2), p.97-111
Hauptverfasser: Gouglidis, Antonios, Mavridis, Ioannis, Hu, Vincent C.
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Business models
Cloud computing
Coding and Information Theory
Collaboration
Communications Engineering
Computer Communication Networks
Computer information security
Computer Science
Cryptology
Cybersecurity
Enrichment
Management of Computing and Information Systems
Networks
Operating Systems
Policies
Proposals
Redundancy
Social research
Software services
Special Issue Paper
Statistical analysis
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 111
container_issue 2
container_start_page 97
container_title International journal of information security
container_volume 13
creator Gouglidis, Antonios
Mavridis, Ioannis
Hu, Vincent C.
description The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.
doi_str_mv 10.1007/s10207-013-0205-x
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1516747050</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1516747050</sourcerecordid><originalsourceid>FETCH-LOGICAL-c349t-13ae9f22298aa5bcb97eb7c77039624768033c6f32865836deb824fb1033e3963</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhoMouK7-AG8FL16ik6RJ2pPI4hcseFDPIU1TydI2a9LK9t-bpSIieJpheN6X4UHonMAVAZDXkQAFiYEwnBaOdwdoQQThmFMJhz-7oMfoJMYNACVQkgW6ebFmDG6Ysq1vnZmyTxtc44wenO-zxoesG9vB4dp32vUxc31mWj_WWZziYLt4io4a3UZ79j2X6O3-7nX1iNfPD0-r2zU2LC8HTJi2ZUMpLQuteWWqUtpKGimBlYLmUhTAmBENo4XgBRO1rQqaNxVJZ5sQtkSXc-82-I_RxkF1Lhrbtrq3foyKcCJkLoFDQi_-oBs_hj59lygoeSqmeaLITJngYwy2UdvgOh0mRUDtlapZqUpK1V6p2qUMnTMxsf27Db-a_w19ARJ2eAE</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1509582424</pqid></control><display><type>article</type><title>Security policy verification for multi-domains in cloud systems</title><source>Business Source Complete</source><source>SpringerLink Journals - AutoHoldings</source><creator>Gouglidis, Antonios ; Mavridis, Ioannis ; Hu, Vincent C.</creator><creatorcontrib>Gouglidis, Antonios ; Mavridis, Ioannis ; Hu, Vincent C.</creatorcontrib><description>The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-013-0205-x</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Access control ; Business models ; Cloud computing ; Coding and Information Theory ; Collaboration ; Communications Engineering ; Computer Communication Networks ; Computer information security ; Computer Science ; Cryptology ; Cybersecurity ; Enrichment ; Management of Computing and Information Systems ; Networks ; Operating Systems ; Policies ; Proposals ; Redundancy ; Social research ; Software services ; Special Issue Paper ; Statistical analysis</subject><ispartof>International journal of information security, 2014-04, Vol.13 (2), p.97-111</ispartof><rights>Springer-Verlag Berlin Heidelberg 2013</rights><rights>Springer-Verlag Berlin Heidelberg 2014</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c349t-13ae9f22298aa5bcb97eb7c77039624768033c6f32865836deb824fb1033e3963</citedby><cites>FETCH-LOGICAL-c349t-13ae9f22298aa5bcb97eb7c77039624768033c6f32865836deb824fb1033e3963</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-013-0205-x$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-013-0205-x$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27922,27923,41486,42555,51317</link.rule.ids></links><search><creatorcontrib>Gouglidis, Antonios</creatorcontrib><creatorcontrib>Mavridis, Ioannis</creatorcontrib><creatorcontrib>Hu, Vincent C.</creatorcontrib><title>Security policy verification for multi-domains in cloud systems</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.</description><subject>Access control</subject><subject>Business models</subject><subject>Cloud computing</subject><subject>Coding and Information Theory</subject><subject>Collaboration</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Computer information security</subject><subject>Computer Science</subject><subject>Cryptology</subject><subject>Cybersecurity</subject><subject>Enrichment</subject><subject>Management of Computing and Information Systems</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Policies</subject><subject>Proposals</subject><subject>Redundancy</subject><subject>Social research</subject><subject>Software services</subject><subject>Special Issue Paper</subject><subject>Statistical analysis</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp1kE1LxDAQhoMouK7-AG8FL16ik6RJ2pPI4hcseFDPIU1TydI2a9LK9t-bpSIieJpheN6X4UHonMAVAZDXkQAFiYEwnBaOdwdoQQThmFMJhz-7oMfoJMYNACVQkgW6ebFmDG6Ysq1vnZmyTxtc44wenO-zxoesG9vB4dp32vUxc31mWj_WWZziYLt4io4a3UZ79j2X6O3-7nX1iNfPD0-r2zU2LC8HTJi2ZUMpLQuteWWqUtpKGimBlYLmUhTAmBENo4XgBRO1rQqaNxVJZ5sQtkSXc-82-I_RxkF1Lhrbtrq3foyKcCJkLoFDQi_-oBs_hj59lygoeSqmeaLITJngYwy2UdvgOh0mRUDtlapZqUpK1V6p2qUMnTMxsf27Db-a_w19ARJ2eAE</recordid><startdate>20140401</startdate><enddate>20140401</enddate><creator>Gouglidis, Antonios</creator><creator>Mavridis, Ioannis</creator><creator>Hu, Vincent C.</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>0U~</scope><scope>1-H</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L.0</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20140401</creationdate><title>Security policy verification for multi-domains in cloud systems</title><author>Gouglidis, Antonios ; Mavridis, Ioannis ; Hu, Vincent C.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c349t-13ae9f22298aa5bcb97eb7c77039624768033c6f32865836deb824fb1033e3963</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Access control</topic><topic>Business models</topic><topic>Cloud computing</topic><topic>Coding and Information Theory</topic><topic>Collaboration</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Computer information security</topic><topic>Computer Science</topic><topic>Cryptology</topic><topic>Cybersecurity</topic><topic>Enrichment</topic><topic>Management of Computing and Information Systems</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Policies</topic><topic>Proposals</topic><topic>Redundancy</topic><topic>Social research</topic><topic>Software services</topic><topic>Special Issue Paper</topic><topic>Statistical analysis</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Gouglidis, Antonios</creatorcontrib><creatorcontrib>Mavridis, Ioannis</creatorcontrib><creatorcontrib>Hu, Vincent C.</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>Global News &amp; ABI/Inform Professional</collection><collection>Trade PRO</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Professional Standard</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Criminal Justice Database</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Gouglidis, Antonios</au><au>Mavridis, Ioannis</au><au>Hu, Vincent C.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Security policy verification for multi-domains in cloud systems</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2014-04-01</date><risdate>2014</risdate><volume>13</volume><issue>2</issue><spage>97</spage><epage>111</epage><pages>97-111</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>The cloud is a modern computing paradigm with the ability to support a business model by providing multi-tenancy, scalability, elasticity, pay as you go and self-provisioning of resources by using broad network access. Yet, cloud systems are mostly bounded to single domains, and collaboration among different cloud systems is an active area of research. Over time, such collaboration schemas are becoming of vital importance since they allow companies to diversify their services on multiple cloud systems to increase both uptime and usage of services. The existence of an efficient management process for the enforcement of security policies among the participating cloud systems would facilitate the adoption of multi-domain cloud systems. An important issue in collaborative environments is secure inter-operation. Stemmed from the absence of relevant work in the area of cloud computing, we define a model checking technique that can be used as a management service/tool for the verification of multi-domain cloud policies. Our proposal is based on NIST’s (National Institute of Standards and Technology) generic model checking technique and has been enriched with RBAC reasoning. Current approaches, in Grid systems, are capable of verifying and detect only conflicts and redundancies between two policies. However, the latter cannot overcome the risk of privileged user access in multi-domain cloud systems. In this paper, we provide the formal definition of the proposed technique and security properties that have to be verified in multi-domain cloud systems. Furthermore, an evaluation of the technique through a series of performance tests is provided.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-013-0205-x</doi><tpages>15</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2014-04, Vol.13 (2), p.97-111
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_miscellaneous_1516747050
source Business Source Complete; SpringerLink Journals - AutoHoldings
subjects Access control
Business models
Cloud computing
Coding and Information Theory
Collaboration
Communications Engineering
Computer Communication Networks
Computer information security
Computer Science
Cryptology
Cybersecurity
Enrichment
Management of Computing and Information Systems
Networks
Operating Systems
Policies
Proposals
Redundancy
Social research
Software services
Special Issue Paper
Statistical analysis
title Security policy verification for multi-domains in cloud systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T20%3A47%3A29IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Security%20policy%20verification%20for%20multi-domains%20in%20cloud%20systems&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Gouglidis,%20Antonios&rft.date=2014-04-01&rft.volume=13&rft.issue=2&rft.spage=97&rft.epage=111&rft.pages=97-111&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-013-0205-x&rft_dat=%3Cproquest_cross%3E1516747050%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1509582424&rft_id=info:pmid/&rfr_iscdi=true