The Journal of Supercomputing

, Volume 61, Issue 2, pp 337–352 | Cite as

Reference deployment models for eliminating user concerns on cloud security

  • Gansen Zhao
  • Chunming Rong
  • Martin Gilje Jaatun
  • Frode Eika Sandnes
Article

Abstract

Cloud computing has become a hot topic both in research and in industry, and when making decisions on deploying/adopting cloud computing related solutions, security has always been a major concern. This article summarizes security related issues in cloud computing and proposes five service deployment models to address these issues. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment.

Keywords

Cloud computing Cloud security Reference deployment model Security concerns 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Amazon Elastic Compute Cloud (EC2) (2009) http://www.amazon.com/ec2/
  2. 2.
    Amazon Simple Storage Service (2009) http://aws.amazon.com/s3
  3. 3.
    Anonymous (2005) Bank outsources security to the cloud. Commun News 42(12) Google Scholar
  4. 4.
    Anonymous (2006) Bank trusts security to ‘the cloud’. Commun News 43(9) Google Scholar
  5. 5.
    Apache Hadoop (2009) http://hadoop.apache.org/
  6. 6.
    Armbrust M., Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley Google Scholar
  7. 7.
    Beco S, Maraschini A, Pacini F (2009) Cloud computing and RESERVOIR project. Nuovo Cimento Soc Ital Fis C Colloq Phys 32(2). doi:10.1393/ncc/i2009-10388-5
  8. 8.
    Bellebia D, Douin J-M (2006) Applying patterns to build a lightweight middleware for embedded systems. In: PLoP ’06: proceedings of the 2006 conference on pattern languages of programs. ACM Press, New York, pp 1–13 CrossRefGoogle Scholar
  9. 9.
    Blakley B, Heath C (2004) Security design patterns. The Open Group Security Forum Google Scholar
  10. 10.
  11. 11.
    Chen D, Huang X, Ren X (2009) Access control of cloud service based on ucon. In: The first international conference on cloud computing, 2009, pp 559–564 Google Scholar
  12. 12.
    Cloud CIE Computing Expert Committee (2010) Cloud computing white paper. Technical report, Chinese Institute of Electronics Google Scholar
  13. 13.
  14. 14.
    Creese S, Hopkins P, Pearson S, Shen Y (2009) Data protection-aware design for cloud services. In: The first international conference on cloud computing, 2009, pp 119–130 Google Scholar
  15. 15.
    Dean J, Ghemawat S (2008) MapReduce: simplified data processing on large clusters. Commun ACM 51(1):107–113 CrossRefGoogle Scholar
  16. 16.
    Eucalyptus (2009) http://eucalyptus.cs.ucsb.edu/
  17. 17.
    Fernandez EB, Wu J, Larrondo-Petrie MM, Shao Y (2009) On building secure SCADA systems using security patterns. In: CSIIRW ’09: proceedings of the 5th annual workshop on cyber security and information intelligence research. ACM Press, New York, pp 1–4 CrossRefGoogle Scholar
  18. 18.
    Ghemawat S, Gobioff H, Leung S-T (2003) The Google File System. SIGOPS Oper Syst Rev 37(5): 29–43 CrossRefGoogle Scholar
  19. 19.
    Google App Engine (2009) http://appengine.google.com
  20. 20.
    Heyman T, Yskout K, Scandariato R, Joosen W (2007) An analysis of the security patterns landscape. In: SESS ’07: proceedings of the third international workshop on software engineering for secure systems. IEEE Computer Society, Washington, p 3 Google Scholar
  21. 21.
    Hu L, Ying S, Jia X, Zhao K (2009) Towards an approach of semantic access control for cloud computing. In: The first international conference on cloud computing, 2009, pp 145–156 Google Scholar
  22. 22.
    Hughes KJ (2002) Domain based security: enabling security at the level of applications and business processes. http://www.qinetiq.com
  23. 23.
    Isard M, Budiu M, Yu Y, Birrell A, Fetterly D (2007) Dryad: distributed data-parallel programs from sequential building blocks. In: EuroSys ’07: proceedings of the 2nd ACM SIGOPS/EuroSys European conference on computer systems. ACM Press, New York, pp 59–72 Google Scholar
  24. 24.
    Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Priv 7(4): 61–64 CrossRefGoogle Scholar
  25. 25.
    Keahey K, Tsugawa M, Matsunaga A (2009) Sky computing. IEEE Internet Comput 13(5): 43–51 CrossRefGoogle Scholar
  26. 26.
    Kodituwakku SR, Bertok P, Zhao L (2001) Aplrac: a pattern language for designing and implementing role-based access control. In: EuroPLoP’01, 2001 Google Scholar
  27. 27.
  28. 28.
    Li H, Dai Y, Tian L, Yang H (2009) Identity-based authentication for cloud computing. In: The first international conference on cloud computing, 2009, pp 157–166 Google Scholar
  29. 29.
    Microsoft Live Mesh (2009) http://www.mesh.com/
  30. 30.
    Maruyama N. Yoshioka K, Washizaki H (2008) A survey on security patterns. Prog Inform (5):35–47. doi:10.2201/NiiPi.2008.5.5
  31. 31.
  32. 32.
    Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L, Zagorodnov D (2008) The eucalyptus open-source cloud-computing system. In: Proceedings of cloud computing and its applications, October 2008 Google Scholar
  33. 33.
    Nyre ÅA, Jaatun MG (2009) Privacy in a semantic cloud: what’s trust got to do with it? In: The first international conference on cloud computing, 2009, pp 107–118 Google Scholar
  34. 34.
    Pearson S, Shen Y, Mowbray M (2009) A privacy manager for cloud computing. In: The first international conference on cloud computing, 2009, pp 90–106 Google Scholar
  35. 35.
    Plobl K, Nowey T, Mletzko C (2006) Towards a security architecture for vehicular ad hoc networks. In: ARES ’06: proceedings of the first international conference on availability, reliability and security. IEEE Computer Society, Washington, pp 374–381 Google Scholar
  36. 36.
    Qinetiq (2005) Domain based security—User guide No 2: introduction to infosec architecture models, November. http://www.qinetiq.com
  37. 37.
    Salesforce (2009) http://www.salesforce.com/
  38. 38.
    Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns. Wiley, New York Google Scholar
  39. 39.
    Schumacher M, Fernandez E, Hybertson D, Buschmann F (2005) Security patterns: integrating security and systems engineering. Wiley, New York Google Scholar
  40. 40.
    Singh A, Srivatsa M, Liu L (2009) Search-as-a-service: outsourced search over outsourced storage. ACM Trans Web 3(4). doi:10.1145/1594173.1594175
  41. 41.
    Uemura T, Dohi T, Kaio N (2009) Availability analysis of a scalable intrusion tolerant architecture with two detection modes. In: The first international conference on cloud computing, 2009, pp 178–189 Google Scholar
  42. 42.
    Wispy (2009) A cloud computing testbed, http://www.rcac.purdue.edu/teragrid/resources/#wispy
  43. 43.
    Yan L, Rong C, Zhao G (2009) Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. In: The first international conference on cloud computing, 2009, pp 167–177 Google Scholar
  44. 44.
    Yoder J, Barcalow J (1997) Architectural patterns for enabling application security. In: PLoP, 1997 Google Scholar
  45. 45.
    Youssef SM, Baith Mohamed A, Mikhail MA (2009) An enhanced security architecture for wireless sensor network. In: DNCOCO’09: proceedings of the 8th WSEAS international conference on data networks, communications, computers, Stevens Point, Wisconsin, USA, 2009. World Scientific and Engineering Academy and Society (WSEAS), pp 216–224 Google Scholar
  46. 46.
    Yu Y, Isard M, Fetterly D, Budiu M, Erlingsson Ú, Gunda PK, Currey J (2008) DryadLINQ: a system for general-purpose distributed data-parallel computing using a high-level language. In: Proceedings of the 8th symposium on operating systems design and implementation (OSDI ’08), San Diego, CA, December 2008 Google Scholar
  47. 47.
    Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye XP, Tang N (2009) Cloud computing: a statistics aspect of users. In: Jaatun MG, Zhao G, Rong C (eds) The first international conference on cloud computing. Lecture notes in computer science, vol 5931. Springer, Berlin, pp 347–358 Google Scholar
  48. 48.
    Zhao G, Rong C, Jaatun MG, Sandnes FE (2010) Deployment models: towards eliminating security concerns from cloud computing. In: The first international workshop on cloud computing interoperability and services, June 2010 Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Gansen Zhao
    • 1
  • Chunming Rong
    • 2
  • Martin Gilje Jaatun
    • 3
  • Frode Eika Sandnes
    • 4
  1. 1.School of Computer ScienceSouth China Normal UniversityGuangzhouChina
  2. 2.Faculty of Science and TechnologyUniversity of StavangerStavangerNorway
  3. 3.Department of Software Engineering, Safety and SecuritySINTEF ICTTrondheimNorway
  4. 4.Faculty of EngineeringOslo University CollegeOsloNorway

Personalised recommendations