A Multi-Level Security Model for Partitioning Workflows over Federated Clouds

  1. Lookup NU author(s)
  2. Professor Paul Watson
Author(s)Watson P
Editor(s)
Publication type Conference Proceedings (inc. Abstract)
Conference NameThird IEEE International Conference on Cloud Computing Technology and Science (CloudCom)
Conference LocationAthens, Greece
Year of Conference2011
Legacy Date29 November - 1 December 2011
Volume
Pages180-188
Sponsor(s)IEEE
ISBN9781467300902
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Cloud computing has the potential to provide lowcost, scalable computing, but cloud security is a major area ofconcern. Many organizations are therefore considering usinga combination of a secure internal cloud, along with (whatthey perceive to be) less secure public clouds. However, thisraises the issue of how to partition applications across a setof clouds, while meeting security requirements. Currently, thisis usually done on an ad-hoc basis, which is potentially errorprone, or for simplicity the whole application is deployed ona single cloud, so removing the possible performance andavailability benefits of exploiting multiple clouds within a singleapplication. This paper describes an alternative to ad-hocapproaches – a method that determines all ways in whichapplications structured as workflows can be partitioned overthe set of available clouds such that security requirements aremet. The approach is based on a Multi-Level Security modelthat extends Bell-LaPadula to encompass cloud computing.This includes introducing workflow transformations that areneeded where data is communicated between clouds. In specificcases these transformations can result in security breaches, butthe paper describes how these can be detected. Once a set ofvalid options has been generated, a cost model is used to rankthem. The method has been implemented in a tool, which isbriefly described in the paper.
PublisherIEEE
URLhttp://dx.doi.org/10.1109/CloudCom.2011.33
DOI10.1109/CloudCom.2011.33
ActionsLink to this publication
Library holdingsSearch Newcastle University Library for this item