Abstract
Enterprises increasingly recognize the compelling economic and operational benefits from virtualizing and pooling IT resources in the cloud. Nevertheless, the significant and valuable transformation of organizations that adopt cloud computing is accompanied by a number of security threats that should be considered. In this paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword – a novel holistic framework that aspires to alleviate these challenges. Specifically, the proposed framework involves a context-aware security model, the necessary policies enforcement mechanism along with a physical distribution, encryption and query middleware.
Article PDF
Similar content being viewed by others
References
Alliance, C.S.: The notorious nine – cloud computing top threats in 2013 (2013)
Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014). doi:http://doi.acm.org/10.1145/2636328
Boustia, N., Mokhtari, A.: Representation and reasoning on orbac: Description logic with defaults and exceptions approach. In: Third International Conference on Availability, Reliability and Security.ARES 08, pp. 1008–1012. doi:10.1109/ARES.2008.144 (2008)
Chandran, S.M., Joshi, J.B.D.: Lot-rbac: a location and time-based rbac model. In: Proceedings of the 6th International Conference on Web Information Systems Engineering, pp. 361–375. Springer, Berlin, WISE’05. doi:10.1007/11581062_27 (2005)
Cleeff, A.V., Pieters, W., Wieringa, R.: Benefits of location-based access control: A literature study. In: Proceedings of the 2010 IEEE/ACM Int’L Conference on Green Computing and Communications & Int’L Conference on Cyber, Physical and Social Computing, pp 739–746. IEEE Computer Society, Washington, DC, GREENCOM-CPSCOM ’10. doi:10.1109/GreenCom-CPSCom.2010.148 (2010)
Costabello, L., Villata, S., Gandon, F.: Context-aware access control for rdf graph stores. In: Raedt, L.D., Bessière, C., Dubois, D., Doherty, P., Frasconi, P., Heintz, F., Lucas, P.J.F. (eds.) ECAI, IOS Press, Frontiers in Artificial Intelligence and Applications, vol 242, pp 282–287. http://dblp.uni-trier.de/db/conf/ecai/ecai2012.html (2012)
Covington M.J., Long W., Srinivasan S., Dev A.K., Ahamad M., Abowd G.D.: Securing context-aware applications using environment roles. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, SACMAT ’01, pp 10–20. doi:http://doi.acm.org/10.1145/373256.373258 (2001)
Decker, M.: Modelling of location-aware access control rules. In: Handbook of Research on Mobility and Computing: Evolving Technologies and Ubiquitous Impacts, pp. 912–929. IGI Global. doi:10.4018/978-1-60960-042-6.ch057 (2011)
Dey, A.K.: Understanding and using context. Pers. Ubiquit. Comput. 5(1), 4–7 (2001). doi:10.1007/s007790170019
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Dowsley, R., Michalas, A., Nagel, M.: A report on design and implementation of protected searchable data in iaas. Tech. rep. Swedish Institute of Computer Science (SICS) (2016)
Ferrari, E.: Access Control in Data Management Systems. Morgan and Claypool Publishers (2010)
Gabel, M., Hübsch, G.: Secure database outsourcing to the cloud using the mimosecco middleware. In: Krcmar, H., Reussner, R., Rumpe, B. (eds.) Trusted Cloud Computing, pp 187–202. Springer International Publishing, Berlin (2014), 10.1007/978-3-319-12718-7_12
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: ACM SIGOPS Operating Systems Review, vol. 37, pp. 193–206 (2003)
Gentry C.: A fully homomorphic encryption scheme. PhD thesis, Stanford, CA, USA, aAI3382729 (2009)
Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing. Int. J. Hum.-Comput. Stud. 43(5–6), 907–928 (1995). doi:10.1006/ijhc.1995.1081
Hu, H., Ahn, G.J., Kulkarni, K.: Ontology-based policy anomaly management for autonomic computing. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 487–494 (2011)
Huber, M., Gabel, M., Schulze, M., Bieber, A.: Cumulus4j: a provably secure database abstraction layer. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L., Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops, Springer, Lecture Notes in Computer Science, vol. 8128, pp. 180–193. http://dblp.uni-trier.de/db/conf/ares/cd-ares2013w.html (2013)
IBM: Security and high availability in cloud computing environments. Tech. rep. IBM SmartCloud Enterprise, East Lansing. http://www-935.ibm.com/services/za/gts/cloud/Security_and_high_availability_in_cloud_computing_environments.pdf (2011)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., Sebé, F. (eds.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol 6054. doi:10.1007/978-3-642-14992-4_13 10.1007/978-3-642-14992-4_13, pp 136–149. Springer, Berlin (2010)
Kayes, A.S.M., Han, J., Colman, A.: An ontology-based approach to context-aware access control for software services. In: Lin, X., Manolopoulos, Y., Srivastava, D., Huang, G. (eds.) WISE (1), Springer, Lecture Notes in Computer Science, vol. 8180, pp. 410–420. http://dblp.uni-trier.de/db/conf/wise/wise2013-1.html(2013)
Khan, A.R.: Access control in cloud computing environment. ARPN J. Eng. Appl. Sci. 7(5), 613–615 (2012)
Kourtesis D., Paraskakis I.: A registry and repository system supporting cloud application platform governance. In: Proceedings of the 2011 International Conference on Service-Oriented Computing, pp. 255–256. Springer, Berlin, ICSOC’11. doi:10.1007/978-3-642-31875-7_36 (2012)
Krasner, G.E., Pope, S.T.: A cookbook for using the model-view controller user interface paradigm in smalltalk-80. J Object Oriented Program 1(3), 26–49 (1988) [http://dl.acm.org/citation.cfm?id=50757.50759]
Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, USA, SACMAT ’08, pp 113–122. doi:http://doi.acm.org/10.1145/1377836.1377854 (2008)
Lodderstedt T., Basin D.A., Doser J.: Secureuml: a uml-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on The Unified Modeling Language, UML ’02, pp 426–441. Springer, London. http://dl.acm.org/citation.cfm?id=647246.719477 (2002)
Michalas, A., Dowsley, R.: Towards trusted ehealth services in the cloud. In: 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD’15), co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), IEEE/ACM (2015)
Michalas, A., Komninos, N.: The lord of the sense: A privacy preserving reputation system for participatory sensing applications. In: Computers and Communication (ISCC), 2014 IEEE Symposium, pp 1–6. IEEE (2014)
Michalas, A., Komninos, N., Prasad, N.R., Oleshchuk, V.A.: New client puzzle approach for dos resistance in ad hoc networks. In: 2010 IEEE International Conference Information Theory and Information Security (ICITIS), pp. 568–573. IEEE (2010)
Michalas, A., Paladi, N., Gehrmann, C.: Security aspects of e-health systems migration to the cloud. In: 2014 IEEE 16th International Conference on e-Health Networking, Applications and Services (Healthcom), pp 212–218. IEEE (2014)
Micro, T.: The need for cloud computing security. In: A Trend Micro White Paper (2010)
Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Proceedings of the Second European Conference on the Semantic Web: Research and Applications, ESWC’05, pp 290–302. Springer, Berlin. doi:10.1007/11431053_20 (2005)
Paladi, N., Michalas, A.: One of our hosts in another country: challenges of data geolocation in cloud storage. In: 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace Electronic Systems (VITAE), pp. 1–6. doi:10.1109/VITAE.2014.6934507 (2014)
Paladi, N., Michalas, A., Gehrmann, C.: Domain based storage protection with secure access control for the cloud. In: Proceedings of the 2014 International Workshop on Security in Cloud Computing, ASIACCS ’14. ACM, New York. doi:10.1145/2600075.2600082 (2014)
Paladi, N., Gehrmann, C., Michalas, A.: Providing user security guarantees in public infrastructure clouds. IEEE Trans. on Cloud Comput. PP(99), 1–1 (2016). doi:10.1109/TCC.2016.2525991
Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: Protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP ’11, pp 85–100. ACM, New York. doi:http://doi.acm.org/10.1145/2043556.2043566(2011)
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, USENIX, Berkeley, CA, HotCloud’09. http://dl.acm.org/citation.cfm?id=1855533.1855536 (2009)
Shen, H., Cheng, Y.: A context-aware semantic-based access control model for mobile web services. In: Shen, G., Huang, X. (eds.) Advanced Research on Computer Science and Information Engineering, Communications in Computer and Information Science, vol 153. doi:10.1007/978-3-642-21411-0_21, pp 132–139. Springer, Berlin (2011)
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A semantic context-aware access control framework for secure collaborations in pervasive computing environments. In: Proceedings of the 5th International Conference on The Semantic Web, ISWC’06, pp 473–486. Springer, Berlin. doi:10.1007/11926078_34 (2006)
Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: Kaos policy management for semantic web services. IEEE Intell. Syst. 19(4), 32–41 (2004). doi:10.1109/MIS.2004.31
Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I.: A survey on context security policies. In: 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD’15), co-located with the 8th IEEE/ACM International Conference on Utility and Cloud Computing (UCC), IEEE/ACM (2015)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp 203–216. ACM (2011)
Author information
Authors and Affiliations
Corresponding author
Additional information
The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644814, the PaaSword project (www.paasword.eu) within the ICT Programme ICT-07-2014: Advanced Cloud Infrastructures and Services.
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Verginadis, Y., Michalas, A., Gouvas, P. et al. PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services. J Grid Computing 15, 219–234 (2017). https://doi.org/10.1007/s10723-017-9394-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-017-9394-2