Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic; Bernd Prünster; Dominik Ziegler; Alexander Marsalek; Andreas Reiter

doi:10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic, Bernd Prünster, Dominik Ziegler, Alexander Marsalek, Andreas Reiter

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.

In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

Original language	English
Title of host publication	OTM Confederated International Conferences
Subtitle of host publication	On the Move to Meaningful Internet Systems
Publisher	Springer International Publishing AG
Pages	943 - 961
Number of pages	18
ISBN (Electronic)	978-3-319-48472-3
ISBN (Print)	978-3-319-48471-6
DOIs	https://doi.org/10.1007/978-3-319-48472-3_60
Publication status	Published - 2016

Publication series

Name	Lecture Notes in Computer Science (LNCS)
Publisher	Springer International Publishing
Number	10033

Keywords

authorization
cloud security
cloud federation
api security
data masking
data security policy
policy language
xacml

ASJC Scopus subject areas

Information Systems

Access to Document

10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public EntitiesFinal published version, 644 KB

http://link.springer.com/chapter/10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities
Bojan Suzic (Speaker), Bernd Prünster (Contributor), Dominik Ziegler (Contributor), Alexander Marsalek (Contributor) & Andreas Reiter (Contributor)
Oct 2016
Activity: Talk or presentation › Talk at conference or symposium › Science to science

Cite this

Suzic, B., Prünster, B., Ziegler, D., Marsalek, A., & Reiter, A. (2016). Balancing Utility and Security: Securing Cloud Federations of Public Entities. In OTM Confederated International Conferences: On the Move to Meaningful Internet Systems (pp. 943 - 961). (Lecture Notes in Computer Science (LNCS); No. 10033). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities. / Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik et al.
OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. p. 943 - 961 (Lecture Notes in Computer Science (LNCS); No. 10033).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Suzic, B, Prünster, B, Ziegler, D, Marsalek, A & Reiter, A 2016, Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Lecture Notes in Computer Science (LNCS), no. 10033, Springer International Publishing AG , pp. 943 - 961. https://doi.org/10.1007/978-3-319-48472-3_60

@inproceedings{612ea3990c70483985a1e378714d6e44,

title = "Balancing Utility and Security: Securing Cloud Federations of Public Entities",

abstract = "Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.",

keywords = "authorization, cloud security, cloud federation, api security, data masking, data security policy, policy language, xacml",

author = "Bojan Suzic and Bernd Pr{\"u}nster and Dominik Ziegler and Alexander Marsalek and Andreas Reiter",

year = "2016",

doi = "10.1007/978-3-319-48472-3_60",

language = "English",

isbn = "978-3-319-48471-6",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer International Publishing AG ",

number = "10033",

pages = "943 -- 961",

booktitle = "OTM Confederated International Conferences",

address = "Switzerland",

}

TY - GEN

T1 - Balancing Utility and Security: Securing Cloud Federations of Public Entities

AU - Suzic, Bojan

AU - Prünster, Bernd

AU - Ziegler, Dominik

AU - Marsalek, Alexander

AU - Reiter, Andreas

PY - 2016

Y1 - 2016

N2 - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

AB - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

KW - authorization

KW - cloud security

KW - cloud federation

KW - api security

KW - data masking

KW - data security policy

KW - policy language

KW - xacml

U2 - 10.1007/978-3-319-48472-3_60

DO - 10.1007/978-3-319-48472-3_60

M3 - Conference paper

SN - 978-3-319-48471-6

T3 - Lecture Notes in Computer Science (LNCS)

SP - 943

EP - 961

BT - OTM Confederated International Conferences

PB - Springer International Publishing AG

ER -

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Access to Document

Activities

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Cite this