Skip to main content

Mandatory Access Protection Within Cloud Systems

Abstract

In order to guarantee security properties, such as confidentiality and integrity, cryptographic mechanisms provide encryption and signature of data, but protection is required to control the data accesses. The recent attacks on Facebook and Twitter show that the protection must not be limited to the infrastructure i.e. the hosts and the guest virtual machines.

Keywords

  • Virtual Machine
  • Security Property
  • Cloud Environment
  • Access Control Policy
  • Java Application

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-38586-5_5
  • Chapter length: 29 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   109.00
Price excludes VAT (USA)
  • ISBN: 978-3-642-38586-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   149.99
Price excludes VAT (USA)
Hardcover Book
USD   159.99
Price excludes VAT (USA)
Fig. 1
Fig. 2
Fig. 3

Notes

  1. 1.

    http://www.forbes.com/sites/andygreenberg/2013/02/15/facebook-hacked-via-java-vulnerability-claims-no-user-data-compromised/

  2. 2.

    http://www.symantec.com/connect/blogs/examination-java-vulnerability-cve-2012-1723

  3. 3.

    http://www.symantec.com/connect/blogs/examination-java-vulnerability-cve-2012-1723

  4. 4.

    http://celticplus-seed4c.org/

References

  1. Smalley S, Vance C, Salamon W (2001) Implementing selinux as a linux security module. NAI Labs Report 1:43

    Google Scholar 

  2. Morris J (2009) sVirt: Hardening linux virtualization with mandatory access control. Linux.conf.au conference, In

    Google Scholar 

  3. Briffaut J, Lefebvre E, Rouzaud-Cornabas J, Toinard C, (2011) Piga-virt: an advanced distributed macprotection of virtual systems. In: VHPC, (2011) 6th workshop on virtualization and high-performance cloud computing. Bordeaux, France 2011

    Google Scholar 

  4. Sotomayor B, Montero RS, Llorente IM, Foster I (2009) Virtual infrastructure management in private and hybrid clouds. IEEE Internet Comput 13(5):14–22

    CrossRef  Google Scholar 

  5. Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In Proceedings of the 2010 IEEE second international conference on cloud computing technology and science, CLOUDCOM ’10, Washington, DC, USA, 2010. IEEE Computer Society, pp 693–702.

    Google Scholar 

  6. Jaeger T, Schiffman J (2010) Outlook: cloudy with a chance of security challenges and improvements. IEEE Secu Priv Mag 8(1):77–80

    CrossRef  Google Scholar 

  7. Vaquero LM, Rodero-Merino L, Morán D (2011) Locking the sky: a survey on iaas cloud security. Computing 91:93–118

    CrossRef  MATH  Google Scholar 

  8. Sandhu R, Boppana R, Krishnan R, Reich J, Wolff T, Zachry J (2010) Towards a discipline of mission-aware cloud computing. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW ’10, New York, NY, USA, 2010. ACM, pp 13–18.

    Google Scholar 

  9. Briffaut J, Perès M, Rouzaud-Cornabas J, Solanki TC, Venelle B (2011) Piga-os: Retour sur le système d’exploitation vainqueur du défi sécurité. In 8ième Conférence Francophone sur les Systèmes d’Exploitation, 2011.

    Google Scholar 

  10. Takabi H, Joshi JBD, Ahn G (2010) Security and privacy challenges in cloud computing environments. IEEE Secur Priv 8(6):24–31

    CrossRef  Google Scholar 

  11. Harrison MA, Ruzzo WL, Ullman JD (1976) Protection in operating systems. Commun ACM 19(8):461–471

    MathSciNet  CrossRef  MATH  Google Scholar 

  12. Lampson BW (1971) Protection. In: The 5th symposium on information sciences and systems, Princeton University, March 1971, pp 437–443.

    Google Scholar 

  13. Hicks B, Rueda S, King D, Moyer T, Schiffman J, Sreenivasan Y, McDaniel P, Jaeger T (2010) An architecture for enforcing end-to-end access control over web applications. In Proceedings of the 15th ACM symposium on Access control models and technologies, SACMAT ’10, New York, NY, USA, 2010. ACM, pp 163–172.

    Google Scholar 

  14. Jérémy B (2007) Formalisation et garantie de propriétés de sécurité système : application à la détection d’intrusions. PhD thesis, Thèse de doctorat en informatique, Université d’Orléans, 13 décembre 2007.

    Google Scholar 

  15. Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the linux operating system. In: 2001 USENIX annual technical conference (FREENIX ’01), Boston, Massachusets, United-States, 2001. USENIX Association.

    Google Scholar 

  16. Boebert WE, Kain RY (1985) A practical alternative to hierarchical integrity policies. In: The 8th national computer security conference, Gaithersburg, MD, USA, October 1985, pp 18–27.

    Google Scholar 

  17. Core Labs. Core force user’s guide. October 2005, pp 1–2.

    Google Scholar 

  18. Gros D, Toinard C, Briffaut J (2012) Contrôle d’accès mandataire pour Windows 7. In: SSTIC 2012, Rennes, France, June 2012, pp 266–291.

    Google Scholar 

  19. Keller E, Szefer J, Rexford J, Lee RB (2010) Nohype: virtualized cloud infrastructure without the virtualization. SIGARCH Comput Archit News 38(3):350–361

    CrossRef  Google Scholar 

  20. Szefer J, Keller E (2011) Lee RB (2011) Eliminating the hypervisor attack surface for a more secure cloud. ACM conference on computer and communications security, In

    Google Scholar 

  21. BitVisor 1.1 Reference Manual. http://www.bitvisor.org/, 2010

  22. Carbone M, Zamboni D, Lee W (2008) Taming virtualization. IEEE Secur Priv 6(1):65–67

    CrossRef  Google Scholar 

  23. Quynh NA, Takefuji Y (2006) A real-time integrity monitor for xen virtual machine. In: ICNS ’06: Proceedings of the international conference on networking and services, Washington, DC, USA, 2006. IEEE computer society, p 90.

    Google Scholar 

  24. Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin JL, Van Doorn L, Center IBMTJWR, Hawthorne NY (2005) Building a MAC-based security architecture for the Xen open-source hypervisor. In: Computer security applications conference, 21st Annual, 2005, p 10.

    Google Scholar 

  25. Raj H, Nathuji R, Singh A (2009) Resource management for isolation enhanced cloud services. CCSW ’09 Proceedings of the 2009 ACM workshop on Cloud computing, security, 2009, p 77.

    Google Scholar 

  26. Abadi M, Fournet C (2003) Access control based on execution history. In: Proceedings of the 10th annual network and distributed system security, symposium pp 107–121, 2003.

    Google Scholar 

  27. Pistoia M (2007) Beyond stack inspection: a unified access-control and information-flow security model. In: SP: security and privacy. IEEE 2007:149–163

    Google Scholar 

  28. Vivek H, Deepak C (2005) Michael F (2005) Dynamic taint propagation for java. Department of Information and Computer Science - University of California, Technical report

    Google Scholar 

  29. Vivek H, Deepak C (2005) Michael F (2005) Practical, dynamic information-flow for virtual machines. Department of Information and Computer Science - University of California, September, Technical report

    Google Scholar 

  30. Nair S, Simpson P, Crispo B, Tanenbaum A (2008) Trishul: a policy enforcement architecture for java virtual machines. In: Technical, Report IR-CS-045, May 2008.

    Google Scholar 

  31. Rouzaud-Cornabas J (2010) Formalisation de propriétés de sécurité pour la protection des systèmes d’exploitation. PhD thesis, Thèse de doctorat en informatique, Université d’Orléans, 2 décembre 2010.

    Google Scholar 

  32. Almutairi A, Sarfraz M, Basalamah S, Aref W, Ghafoor A (2012) A distributed access control architecture for cloud computing. IEEE Softw 29(2):36–44

    CrossRef  Google Scholar 

  33. Calero JMA, Edwards N, Kirschnick J, Wilcock L, Wray M (2010) Toward a multi-tenancy authorization system for cloud services. IEEE Secur Priv 8(6):48–55

    CrossRef  Google Scholar 

  34. Briffaut J, Toinard C, Gros D (2012) Contrôle d’accès mandataire pour windows 7. In: Symposium sur la sécurité des technologies de l’information et des, communications, 2012, pp 266–291.

    Google Scholar 

  35. Rueda S, Vijayakumar H, Jaeger T (2009) Analysis of virtual machine system policies. In: Proceedings of the 14th ACM symposium on Access control models and technologies, SACMAT ’09, New York, NY, USA, 2009. ACM, pp 227–236.

    Google Scholar 

  36. Payne BD, Sailer R, Cáceres R, Perez R, Lee W (2007) A layered approach to simplified access control in virtualized systems. SIGOPS Oper Syst Rev 41:12–19

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to M. Blanc .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Blanc, M. et al. (2014). Mandatory Access Protection Within Cloud Systems. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38586-5_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38585-8

  • Online ISBN: 978-3-642-38586-5

  • eBook Packages: EngineeringEngineering (R0)