Abstract
Cloud computing has become a hot topic both in research and in industry, and when making decisions on deploying/adopting cloud computing related solutions, security has always been a major concern. This article summarizes security related issues in cloud computing and proposes five service deployment models to address these issues. The proposed models provide different security related features to address different requirements and scenarios and can serve as reference models for deployment.
Similar content being viewed by others
References
Amazon Elastic Compute Cloud (EC2) (2009) http://www.amazon.com/ec2/
Amazon Simple Storage Service (2009) http://aws.amazon.com/s3
Anonymous (2005) Bank outsources security to the cloud. Commun News 42(12)
Anonymous (2006) Bank trusts security to ‘the cloud’. Commun News 43(9)
Apache Hadoop (2009) http://hadoop.apache.org/
Armbrust M., Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the clouds: a Berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley
Beco S, Maraschini A, Pacini F (2009) Cloud computing and RESERVOIR project. Nuovo Cimento Soc Ital Fis C Colloq Phys 32(2). doi:10.1393/ncc/i2009-10388-5
Bellebia D, Douin J-M (2006) Applying patterns to build a lightweight middleware for embedded systems. In: PLoP ’06: proceedings of the 2006 conference on pattern languages of programs. ACM Press, New York, pp 1–13
Blakley B, Heath C (2004) Security design patterns. The Open Group Security Forum
CARMEN (2009) http://www.carmen.org.uk/
Chen D, Huang X, Ren X (2009) Access control of cloud service based on ucon. In: The first international conference on cloud computing, 2009, pp 559–564
Cloud CIE Computing Expert Committee (2010) Cloud computing white paper. Technical report, Chinese Institute of Electronics
Condor DAGman (2009) http://www.cs.wisc.edu/condor/dagman/
Creese S, Hopkins P, Pearson S, Shen Y (2009) Data protection-aware design for cloud services. In: The first international conference on cloud computing, 2009, pp 119–130
Dean J, Ghemawat S (2008) MapReduce: simplified data processing on large clusters. Commun ACM 51(1):107–113
Eucalyptus (2009) http://eucalyptus.cs.ucsb.edu/
Fernandez EB, Wu J, Larrondo-Petrie MM, Shao Y (2009) On building secure SCADA systems using security patterns. In: CSIIRW ’09: proceedings of the 5th annual workshop on cyber security and information intelligence research. ACM Press, New York, pp 1–4
Ghemawat S, Gobioff H, Leung S-T (2003) The Google File System. SIGOPS Oper Syst Rev 37(5): 29–43
Google App Engine (2009) http://appengine.google.com
Heyman T, Yskout K, Scandariato R, Joosen W (2007) An analysis of the security patterns landscape. In: SESS ’07: proceedings of the third international workshop on software engineering for secure systems. IEEE Computer Society, Washington, p 3
Hu L, Ying S, Jia X, Zhao K (2009) Towards an approach of semantic access control for cloud computing. In: The first international conference on cloud computing, 2009, pp 145–156
Hughes KJ (2002) Domain based security: enabling security at the level of applications and business processes. http://www.qinetiq.com
Isard M, Budiu M, Yu Y, Birrell A, Fetterly D (2007) Dryad: distributed data-parallel programs from sequential building blocks. In: EuroSys ’07: proceedings of the 2nd ACM SIGOPS/EuroSys European conference on computer systems. ACM Press, New York, pp 59–72
Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Priv 7(4): 61–64
Keahey K, Tsugawa M, Matsunaga A (2009) Sky computing. IEEE Internet Comput 13(5): 43–51
Kodituwakku SR, Bertok P, Zhao L (2001) Aplrac: a pattern language for designing and implementing role-based access control. In: EuroPLoP’01, 2001
Kupa (2009) http://meta.cesnet.cz/cms/opencms/en/docs/clouds/
Li H, Dai Y, Tian L, Yang H (2009) Identity-based authentication for cloud computing. In: The first international conference on cloud computing, 2009, pp 157–166
Microsoft Live Mesh (2009) http://www.mesh.com/
Maruyama N. Yoshioka K, Washizaki H (2008) A survey on security patterns. Prog Inform (5):35–47. doi:10.2201/NiiPi.2008.5.5
Nimbus (2009) http://workspace.globus.org/
Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L, Zagorodnov D (2008) The eucalyptus open-source cloud-computing system. In: Proceedings of cloud computing and its applications, October 2008
Nyre ÅA, Jaatun MG (2009) Privacy in a semantic cloud: what’s trust got to do with it? In: The first international conference on cloud computing, 2009, pp 107–118
Pearson S, Shen Y, Mowbray M (2009) A privacy manager for cloud computing. In: The first international conference on cloud computing, 2009, pp 90–106
Plobl K, Nowey T, Mletzko C (2006) Towards a security architecture for vehicular ad hoc networks. In: ARES ’06: proceedings of the first international conference on availability, reliability and security. IEEE Computer Society, Washington, pp 374–381
Qinetiq (2005) Domain based security—User guide No 2: introduction to infosec architecture models, November. http://www.qinetiq.com
Salesforce (2009) http://www.salesforce.com/
Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns. Wiley, New York
Schumacher M, Fernandez E, Hybertson D, Buschmann F (2005) Security patterns: integrating security and systems engineering. Wiley, New York
Singh A, Srivatsa M, Liu L (2009) Search-as-a-service: outsourced search over outsourced storage. ACM Trans Web 3(4). doi:10.1145/1594173.1594175
Uemura T, Dohi T, Kaio N (2009) Availability analysis of a scalable intrusion tolerant architecture with two detection modes. In: The first international conference on cloud computing, 2009, pp 178–189
Wispy (2009) A cloud computing testbed, http://www.rcac.purdue.edu/teragrid/resources/#wispy
Yan L, Rong C, Zhao G (2009) Strengthen cloud computing security with federal identity management using hierarchical identity-based cryptography. In: The first international conference on cloud computing, 2009, pp 167–177
Yoder J, Barcalow J (1997) Architectural patterns for enabling application security. In: PLoP, 1997
Youssef SM, Baith Mohamed A, Mikhail MA (2009) An enhanced security architecture for wireless sensor network. In: DNCOCO’09: proceedings of the 8th WSEAS international conference on data networks, communications, computers, Stevens Point, Wisconsin, USA, 2009. World Scientific and Engineering Academy and Society (WSEAS), pp 216–224
Yu Y, Isard M, Fetterly D, Budiu M, Erlingsson Ú, Gunda PK, Currey J (2008) DryadLINQ: a system for general-purpose distributed data-parallel computing using a high-level language. In: Proceedings of the 8th symposium on operating systems design and implementation (OSDI ’08), San Diego, CA, December 2008
Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye XP, Tang N (2009) Cloud computing: a statistics aspect of users. In: Jaatun MG, Zhao G, Rong C (eds) The first international conference on cloud computing. Lecture notes in computer science, vol 5931. Springer, Berlin, pp 347–358
Zhao G, Rong C, Jaatun MG, Sandnes FE (2010) Deployment models: towards eliminating security concerns from cloud computing. In: The first international workshop on cloud computing interoperability and services, June 2010
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhao, G., Rong, C., Jaatun, M.G. et al. Reference deployment models for eliminating user concerns on cloud security. J Supercomput 61, 337–352 (2012). https://doi.org/10.1007/s11227-010-0460-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-010-0460-9