Advertisement

Cluster Computing

, Volume 16, Issue 4, pp 707–724 | Cite as

SNUAGE: an efficient platform-as-a-service security framework for the cloud

  • Wassim ItaniEmail author
  • Ayman Kayssi
  • Ali Chehab
Article

Abstract

In this paper we present SNUAGE, a platform-as-a-service security framework for building secure and scalable multi-layered services based on the cloud computing model. SNUAGE ensures the authenticity, integrity, and confidentiality of data communication over the network links by creating a set of security associations between the data-bound components on the presentation layer and their respective data sources on the data persistence layer. SNUAGE encapsulates the security procedures, policies, and mechanisms in these security associations at the service development stage to form a collection of isolated and protected security domains. The secure communication among the entities in one security domain is governed and controlled by a standalone security processor and policy attached to this domain. This results into: (1) a safer data delivery mechanism that prevents security vulnerabilities in one domain from spreading to the other domains and controls the inter-domain information flow to protect the privacy of network data, (2) a reusable security framework that can be employed in existing platform-as-a-service environments and across diverse cloud computing service models, and (3) an increase in productivity and delivery of reliable and secure cloud computing services supported by a transparent programming model that relieves application developers from the intricate details of security programming. Last but not least, SNUAGE contributes to a major enhancement in the energy consumption and performance of supported cloud services by providing a suitable execution container in its protected security domains for a wide suite of energy- and performance-efficient cryptographic constructs such as those adopted by policy-driven and content-based security protocols. An energy analysis of the system shows, via real energy measurements, major savings in energy consumption on the consumer devices as well as on the cloud servers. Moreover, a sample implementation of the presented security framework is developed using Java and deployed and tested in a real cloud computing infrastructure using the Google App Engine service platform. Performance benchmarks show that the proposed framework provides a significant throughput enhancement compared to traditional network security protocols such as the Secure Sockets Layer and the Transport Layer Security protocols.

Keywords

Cloud computing security Platform-as-a-Service security Data confidentiality Integrity Policy-based security 

References

  1. 1.
    Bowers, K., Juels, A., Oprea, A.: HAIL: A high-availability and integrity layer for cloud storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 187–198 (2009) CrossRefGoogle Scholar
  2. 2.
    Collins, T., Hopkins, D., Langford, S., Sabin, M.: Public key cryptographic apparatus and method. US patent #5,848,159, January 1997 Google Scholar
  3. 3.
    Castelluccia, C., Mykletun, E., Tsudik, G.: Improving secure server performance by re-balancing SSL/TLS handshakes. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 26–34 (2006) Google Scholar
  4. 4.
    Daemen, J., Rijmen, V., Rijndael: The advanced encryption standard. Dr. Dobb’s Journal (2001) Google Scholar
  5. 5.
    Fiat, A.: Batch RSA. In: Proceedings of Crypto’89, pp. 175–185 (1989) Google Scholar
  6. 6.
  7. 7.
    Freier, A., Karlton, P., Kocher, P.: The SSL protocol version 3.0. Internet-draft, November (1996) Google Scholar
  8. 8.
    Google App Engine home page: http://appengine.google.com/. Accessed 1 June 2011
  9. 9.
    Itani, W., Kayssi, A., Chehab, A.: An enterprise policy-based security protocol for protecting relational database network objects. In: Proceedings of the 2006 International Wireless Communications and Mobile Computing Conference (IWCMC 2006), Vancouver, Canada (2006) Google Scholar
  10. 10.
    Itani, W., Kayssi, A., Chehab, A.: Policy-based security for M-commerce networks. In: Huang, W., Wang, Y., Day, J. (eds.) Global Mobile Commerce: Strategies, Implementation and Case Studies, August 2007. Idea Group Publishing, Hershey (2007) Google Scholar
  11. 11.
    Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Financial Cryptography and Data Security, pp. 136–149 (2010) CrossRefGoogle Scholar
  12. 12.
    Microsoft Azure home page: http://www.microsoft.com/windowsazure/. Accessed 1 June 2011
  13. 13.
    Oracle Corp.: Java Secure Socket Extension (JSSE) reference guide. Retrieved from: http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html. Accessed 15 September 2010
  14. 14.
    Potlapally, N., Ravi, S., Raghunathan, A., Jha, N.K.: Analyzing the energy consumption of security protocols. In: International Symposium on Low Power Electronics and Design (ISLPED), August (2003) Google Scholar
  15. 15.
    Rescorla, E.: SSL and TLS, Designing and Building Secure Systems. Addison Wesley, Boston (2001) Google Scholar
  16. 16.
    Shacham, H., Boneh, D.: Improving SSL handshake performance via batching. In: Proceedings of RSA 2001, vol. 2020, pp. 28–43 (2001) Google Scholar
  17. 17.
    Shacham, H., Boneh, D.: Fast variants of RSA. In: CryptoBytes (RSA Laboratories), vol. 5, pp. 1–9 (2002) Google Scholar
  18. 18.
    Shacham, H., Boneh, D., Rescorla, E.: Client-side caching for TLS. ACM Trans. Inf. Syst. Secur. 7(4), 553–575 (2004) CrossRefGoogle Scholar
  19. 19.
    SalesForce PaaS platform home page: http://www.salesforce.com/paas/. Accessed 1 June 2011
  20. 20.
    Takagi, T.: Fast RSA-type cryptosystem modulo pkq. In: Proceedings of Crypto’98. Lecture Notes in Computer Sciences, vol. 1462, pp. 318–326 (1998) Google Scholar
  21. 21.
    Telecommunication Standardization Sector of ITU: “ASN.1 encoding rules: XML encoding rules (XER)”, ITU-T recommendation X.693. Retrieved from: http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-X.693-0207w.zip. Accessed: 1 June 2011
  22. 22.
    Weiner, M.: Cryptanalysis of short RSA secret exponents. IEEE Trans. Inf. Theory 36(3), 553–558 (1990) CrossRefGoogle Scholar
  23. 23.
    Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: Computer Security–ESORICS 2009, pp. 355–370 (2010) Google Scholar
  24. 24.
    Itani, W., Kayssi, A., Chehab, A.: An efficient and scalable Security ProtocoL for protecting fixed-content objects in ContEnt addressable StoraGe architectures. In: Proc. of the Third International Conference on Security and Privacy in Communication Networks, Nice, France, September (2007) Google Scholar
  25. 25.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings of IEEE INFOCOM, pp. 1–9 (2010) CrossRefGoogle Scholar
  26. 26.
    Norcen, R., Podesser, M., Pommer, A., Schmidt, H.P., Uhl, A.: Confidential storage and transmission of medical image data. Comput. Biol. Med. 33, 277–292 (2003) CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringBeirut Arab UniversityBeirutLebanon
  2. 2.Department of Electrical and Computer EngineeringAmerican University of BeirutBeirutLebanon

Personalised recommendations