Abstract
Cloud computing is widely considered as an attractive service model since the users commitments for investment and operations are minimised, and costs are in direct relation to usage and demand. However, when networking aspects for distributed clouds are considered, there is little support and the effort is often underestimated. The project SAIL is addressing cloud networking as the combination of management for cloud computing and vital networking capabilities between distributed cloud resources involved to improve the management of both. This position paper presents new security challenges as considered in SAIL for ensuring legitimate usage of cloud networking resources and for preventing misuse.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
SAIL project website (2010), http://www.sail-project.eu/
Provos, N., Rajab, M.A., Mavrommatis, P.: Cybercrime 2.0: When the cloud turns dark. Queue 7(2), 46–47 (2009)
McCarthy, J.: MIT Centennial Speech of 1961 cited in Architects of the Information Society. In: Garfinkel, S.L. (ed.) Thirty-five Years of the Laboratory for Computer Science. MIT, Cambridge (1999)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing. Tech. Rep. UCB/EECS-2009-28, EECS Department, University of California, Berkeley (2009)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: XEN and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)
VMware (2010), http://www.vmware.com
Edwards, A., Fischer, A., Lain, A.: Diverter: A new approach to networking within virtualized infrastructures. Tech. Rep. HPL-2009-231, HP Laboratories (2009)
Amazon elastic block store (2010), http://aws.amazon.com/ebs/
Intel virtualization (2010), http://www.intel.com/technology/virtualization/
AMD Virtualization (AMD-V) Technology (2010), http://sites.amd.com/us/business/it-solutions/virtualization/Pages/amd-v.aspx
Fraser, D.: The canadian response to the USA Patriot Act. IEEE Security Privacy 5(5), 66–68 (2007)
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Union, L201, 0037–0047 (2002)
Amazon virtual private cloud (2010), http://aws.amazon.com/vpc/
Pallis, G., Vakali, A.: Insight and perspectives for content delivery networks. Commun. ACM 49(1), 101–106 (2006)
Chowdhury, N.M.K., Boutaba, R.: A survey of network virtualization. Computer Networks 54(5), 862–876 (2010)
Bavier, A., Feamster, N., Huang, M., Peterson, L., Rexford, J.: In VINI veritas: realistic and controlled network experimentation. In: SIGCOMM 2006: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 3–14. ACM, New York (2006)
Feamster, N., Gao, L., Rexford, J.: How to lease the internet in your spare time. SIGCOMM Comput. Commun. Rev. 37(1), 61–64 (2007)
Schaffrath, G., Werle, C., Papadimitriou, P., Feldmann, A., Bless, R., Greenhalgh, A., Wundsam, A., Kind, M., Maennel, O., Mathy, L.: Network virtualization architecture: proposal and initial prototype. In: VISA 2009: Proceedings of the 1st ACM Workshop on Virtualized Infrastructure Systems and Architectures, pp. 63–72. ACM, New York (2009)
FEDERICA: Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures (2010), http://www.fp7-federica.eu/
Wang, Y., Keller, E., Biskeborn, B., van der Merwe, J., Rexford, J.: Virtual routers on the move: live router migration as a network-management primitive. SIGCOMM Comput. Commun. Rev. 38(4), 231–242 (2008)
Brunette, G., Mogul, R.: Security guidance for critical areas of focus in cloud computing v2.1. Cloud Security Alliance (2009)
Streitberger, W., Ruppel, A.: Cloud computing security - protection goals, taxonomy, market review. Tech. rep., Institute for Secure Information Technology SIT (2010)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM, New York (2009)
Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: XeNA: an access negotiation framework using XACML. Annals of Telecommunications 64(1), 155–169 (2009)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM, New York (2009)
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)
Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (2003)
XEN networking blog (2010), http://wiki.xensource.com/xenwiki/XenNetworking
Chinni, S., Hiremane, R.: Virtual machine device queues (VMDq) - white paper (2010), http://software.intel.com/file/1919
Pci-sig single root i/o virtualization (sr-iov) support in intel virtualization technology for connectivity - white paper (2008), http://www.intel.com/network/connectivity/solutions/SR-IOV-046NTL_Whitepaper_061308.pdf
Uhlig, R., Neiger, G., Rodgers, D., Santoni, A., Martins, F., Anderson, A., Bennett, S., Kagi, A., Leung, F., Smith, L.: Intel virtualization technology. Computer 38(5), 48–56 (2005)
Price, M., Partners, A.: The Paradox of Security in Virtual Environments. Computer 41(11), 22–28 (2008)
King, S.T., Chen, P.M., Wang, Y.M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, pp. 314–327 (2006)
CA Community Blog: Zeus ”in-the-cloud” (2009), http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Schoo, P. et al. (2011). Challenges for Cloud Networking Security. In: Pentikousis, K., Agüero, R., García-Arranz, M., Papavassiliou, S. (eds) Mobile Networks and Management. MONAMI 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 68. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21444-8_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-21444-8_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21443-1
Online ISBN: 978-3-642-21444-8
eBook Packages: Computer ScienceComputer Science (R0)