2,416 research outputs found
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Recommended from our members
Camflow: Managed Data-Sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government, consisting of different departments, provides services to its citizens through a common platform. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows;a crucial issue once data has left its owner's control by cloud-hosted applications andwithin cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-To-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' data flow policy with regard to protection and sharing, aswell as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency and offers system-wide visibility over data flows. This helps those responsible to meet their data management obligations, providing evidence of compliance, and aids in the identification ofpolicy errors and misconfigurations. We present our IFC model and describe and evaluate our IFC architecture and implementation (CamFlow). This comprises an OS level implementation of IFC with support for application management, together with an IFC-enabled middleware.This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre
Recommended from our members
Twenty security considerations for cloud-supported Internet of Things
To realise the broad vision of pervasive computing,
underpinned by the “Internet of Things” (IoT), it is essential to
break down application and technology-based silos and support
broad connectivity and data sharing; the cloud being a natural
enabler. Work in IoT tends towards the subsystem, often focusing
on particular technical concerns or application domains, before
offloading data to the cloud. As such, there has been little regard
given to the security, privacy and personal safety risks that arise
beyond these subsystems; that is, from the wide-scale, crossplatform
openness that cloud services bring to IoT.
In this paper we focus on security considerations for IoT from
the perspectives of cloud tenants, end-users and cloud providers,
in the context of wide-scale IoT proliferation, working across
the range of IoT technologies (be they things or entire IoT
subsystems). Our contribution is to analyse the current state of
cloud-supported IoT to make explicit the security considerations
that require further work.This work was supported by UK Engineering and Physical Sciences
Research Council grant EP/K011510 CloudSafetyNet:
End-to-End Application Security in the Cloud and Microsoft
through the Microsoft Cloud Computing Research Centre
Recommended from our members
A survey on security issues and solutions at different layers of Cloud computing
Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment
An Overview of Cloud Computing Challenges and Its Security Concerns
There has been an increasing advancement about Cloud computing during the past couple of years. Cloud computing has become a new computer model which aims to deliver reliable, customizable and scalable computing environment for end-users. Companies are choosing to move their data, applications and services to the Cloud. The advantages are significant ranging from increasing the availability, reliability, light weight, easily accessible applications, and low cost but so are the risks associated with. Companies that require application hosting could potentially benefit from the provisioning of computing infrastructure resources as a service. In addition to the economic advantages of an on-demand computing environment, businesses also enjoy the flexibility to scale up or down their services to accommodate the changing nature or the business requirement without having to invest in new equipment however, migrating data to the Cloud exposed the data to be an easy and vulnerable target for all the maliciously intended actors all over the world. This paper brings an introduction overview to Cloud computing, it’s enabling technologies behind such a design, its evolution and finally the security concerns that is entails
- …