Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic; Bernd Prünster; Dominik Ziegler; Alexander Marsalek; Andreas Reiter

doi:10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic, Bernd Prünster, Dominik Ziegler, Alexander Marsalek, Andreas Reiter

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.

In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

Originalsprache	englisch
Titel	OTM Confederated International Conferences
Untertitel	On the Move to Meaningful Internet Systems
Herausgeber (Verlag)	Springer International Publishing AG
Seiten	943 - 961
Seitenumfang	18
ISBN (elektronisch)	978-3-319-48472-3
ISBN (Print)	978-3-319-48471-6
DOIs	https://doi.org/10.1007/978-3-319-48472-3_60
Publikationsstatus	Veröffentlicht - 2016

Publikationsreihe

Name	Lecture Notes in Computer Science (LNCS)
Herausgeber (Verlag)	Springer International Publishing
Nummer	10033

ASJC Scopus subject areas

Information systems

Zugriff auf Dokument

10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public EntitiesEndgültige, publizierte Fassung, 644 KB

http://link.springer.com/chapter/10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities
Bojan Suzic (Redner/in), Bernd Prünster (Beitragende/r), Dominik Ziegler (Beitragende/r), Alexander Marsalek (Beitragende/r) & Andreas Reiter (Beitragende/r)
Okt. 2016
Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science

Dieses zitieren

Suzic, B., Prünster, B., Ziegler, D., Marsalek, A., & Reiter, A. (2016). Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems (S. 943 - 961). (Lecture Notes in Computer Science (LNCS); Nr. 10033). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities. / Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik et al.
OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. S. 943 - 961 (Lecture Notes in Computer Science (LNCS); Nr. 10033).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Suzic, B, Prünster, B, Ziegler, D, Marsalek, A & Reiter, A 2016, Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Lecture Notes in Computer Science (LNCS), Nr. 10033, Springer International Publishing AG , S. 943 - 961. https://doi.org/10.1007/978-3-319-48472-3_60

@inproceedings{612ea3990c70483985a1e378714d6e44,

title = "Balancing Utility and Security: Securing Cloud Federations of Public Entities",

abstract = "Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.",

keywords = "authorization, cloud security, cloud federation, api security, data masking, data security policy, policy language, xacml",

author = "Bojan Suzic and Bernd Pr{\"u}nster and Dominik Ziegler and Alexander Marsalek and Andreas Reiter",

year = "2016",

doi = "10.1007/978-3-319-48472-3_60",

language = "English",

isbn = "978-3-319-48471-6",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer International Publishing AG ",

number = "10033",

pages = "943 -- 961",

booktitle = "OTM Confederated International Conferences",

address = "Switzerland",

}

TY - GEN

T1 - Balancing Utility and Security: Securing Cloud Federations of Public Entities

AU - Suzic, Bojan

AU - Prünster, Bernd

AU - Ziegler, Dominik

AU - Marsalek, Alexander

AU - Reiter, Andreas

PY - 2016

Y1 - 2016

N2 - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

AB - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

KW - authorization

KW - cloud security

KW - cloud federation

KW - api security

KW - data masking

KW - data security policy

KW - policy language

KW - xacml

U2 - 10.1007/978-3-319-48472-3_60

DO - 10.1007/978-3-319-48472-3_60

M3 - Conference paper

SN - 978-3-319-48471-6

T3 - Lecture Notes in Computer Science (LNCS)

SP - 943

EP - 961

BT - OTM Confederated International Conferences

PB - Springer International Publishing AG

ER -

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Abstract

Publikationsreihe

ASJC Scopus subject areas

Zugriff auf Dokument

Fingerprint

Aktivitäten

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Dieses zitieren