Enhancing cloud security with context-aware usage control policies
| dc.contributor.author | Jung, Christian | |
| dc.contributor.author | Eitel, Andreas | |
| dc.contributor.author | Schwarz, Reinhard | |
| dc.contributor.editor | Plödereder, E. | |
| dc.contributor.editor | Grunske, L. | |
| dc.contributor.editor | Schneider, E. | |
| dc.contributor.editor | Ull, D. | |
| dc.date.accessioned | 2017-07-26T11:00:09Z | |
| dc.date.available | 2017-07-26T11:00:09Z | |
| dc.date.issued | 2014 | |
| dc.description.abstract | Cloud environments strongly rely on virtualization infrastructure that provides virtual resources by abstracting from the physical hardware. Thus, cloud providers can cost-efficiently share physical hardware among multiple tenants, and a single virtual resource may span multiple physical resources at different geo-locations. From a tenant's perspective, the uncertainty about location and context of virtual resources is a potential security threat. For instance, tenants may want to enforce geo-fencing to prevent their applications and data from migrating to undesirable jurisdictions, untrusted co-tenants, or dubious locations. They may also want to ensure that certain virtual resources share (or expressly do not share) a common physical resource, for example, to improve fault tolerance or performance. To tackle these problems, we suggest a flexible policy decision and enforcement framework for enabling usage control in cloud environments. In support of this framework, we collect additional information from the cloud environment to enforce context-aware and therefore more fine-grained usage control policies. Our solution offers flexible controls for secure and resilient cloud management. The paper presents our policy enforcement framework IND2UCE and its extension to enable context-ware policy enforcement on an exemplary cloud infrastructure using VMware products. | en |
| dc.identifier.isbn | 978-3-88579-626-8 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Informatik 2014 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-232 | |
| dc.title | Enhancing cloud security with context-aware usage control policies | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 222 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 211 | |
| gi.conference.date | 22.-26. September 2014 | |
| gi.conference.location | Stuttgart |