Co-Existance of High Assurance and Cloud Based Computing

Chapter
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 170)

Abstract

Cloud computing is emerging as an attractive, cost effective computing paradigm. However, many of the applications require high assurance, attribution and formal access control processes including defense, banking, credit, content distribution, etc. Current implementations of cloud services do not meet high assurance requirements. The high assurance requirement presents many challenges to normal computing and some rather precise requirements that have developed from high assurance issues for web service applications. The challenges of high assurance associated with cloud computing are primarily in five areas. The first is virtualization and the loss of attribution that accompanies a highly virtualized environment. The second is the loss of ability to perform end-to-end communications. The third is the extent to which encryption is needed and the need for a comprehensive key management process for public key infrastructure, as well as session and other cryptologic keys. The fourth is in monitoring and logging for attribution, compliance and data forensics. The fifth is in cloud content storage. We explore each of these challenges and discuss how they may be able to be overcome. Our view of high assurance and the issues associated with web services is shaped by our work with DoD and the Air Force, but applies to a broader range of applications, including content delivery and rights management.

Keywords

Attribution Authentication Cloud computing Content management High assurance Hypervisor IT security Virtualization 

References

  1. 1.
    Simpson WR, Chandersekaran C (2011) High assurance challenges for cloud computing. In: Proceedings of the world congress on engineering and computer science 2011, Lecture notes in engineering and computer science, vol I. San Francisco, Oct 2011, pp 61–66Google Scholar
  2. 2.
    Jansen W, Grance T (2011) NIST SP 800-144 Draft: guidelines on security and privacy in public cloud computing, security division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, Jan 2011. http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf
  3. 3.
    Mell P, Grance T (2011) NIST SP 800-145 Draft: cloud computing, computer security division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, Jan 2011. http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
  4. 4.
    Cloud Security Alliance (2009) Security guidance for critical areas of focus in cloud computing V2.1, Dec 2009, https://cloudsecurityalliance.org/csaguide.pdf
  5. 5.
    OASIS Identity Federation (2011) Liberty alliance project, Available at http://projectliberty.org/resources/specifications.php. Accessed 19 Feb 2011
  6. 6.
    OASIS profiles for the OASIS security assertion markup language (SAML) V2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Accessed 19 Feb 2011
  7. 7.
    Standard for Naming Active Entities on DoD IT Networks, Version 3.5, Sept 23, 2010Google Scholar
  8. 8.
    Remarks-Debra Chrapaty, Corporate Vice President, Global Foundation Services, Microsoft Mgt Summit, Las Vegas, May 2008. http://www.microsoft.com/Presspass/exec/debrac/mms2008.mspx. Accessed 19 Feb 2011
  9. 9.
    Plesser A (2008) Executive producer, Beet.tv, cloud computing is hyped and overblown, Forrester’s Frank Gillett.Big Tech Companies have “Cloud Envy”. http://www.beet.tv/2008/09/cloud-computing.html, Sept 26, 2008. Accessed 19 Feb 2011
  10. 10.
    Catteddu D, Hogben G, European Network Information Security Agency (ENISA) (2009) Cloud computing risk assessment, Nov 2009. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
  11. 11.
    Simpson WR, Chandersekaran C, Trice A (2008) A persona-based framework for flexible delegation and least privilege. In: Electronic digest of the 2008 system and software technology conference, Las Vegas, Nevada, May 2008Google Scholar
  12. 12.
    Simpson WR, Chandersekaran C, Trice A (2008) Cross-domain solutions in an era of information sharing. In: The 1st international multi-conference on engineering and technological innovation (IMET 2008), vol I. Orlando, FL, pp 313–318Google Scholar
  13. 13.
    Simpson WR, Chandersekaran C (2009) Information sharing and federation. In: The 2nd international multi-Conference on engineering and technological innovation (IMETI 2009), vol I. Orlando, FL, pp 300–305Google Scholar
  14. 14.
    Chandersekaran C, Simpson WR (2010) A SAML framework for delegation, attribution and least privilege. In: The 3rd international multi-Conference on engineering and technological innovation (IMETI 2010), vol 2. Orlando, FL, pp 303–308Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  • William R. Simpson
    • 1
  • Coimbatore Chandersekaran
    • 1
  1. 1.Institute for Defense AnalysesAlexandriaUSA

Personalised recommendations