Lookup NU author(s): Professor Paul Watson
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Cloud computing has the potential to provide lowcost, scalable computing, but cloud security is a major area ofconcern. Many organizations are therefore considering usinga combination of a secure internal cloud, along with (whatthey perceive to be) less secure public clouds. However, thisraises the issue of how to partition applications across a setof clouds, while meeting security requirements. Currently, thisis usually done on an ad-hoc basis, which is potentially errorprone, or for simplicity the whole application is deployed ona single cloud, so removing the possible performance andavailability beneﬁts of exploiting multiple clouds within a singleapplication. This paper describes an alternative to ad-hocapproaches – a method that determines all ways in whichapplications structured as workﬂows can be partitioned overthe set of available clouds such that security requirements aremet. The approach is based on a Multi-Level Security modelthat extends Bell-LaPadula to encompass cloud computing.This includes introducing workﬂow transformations that areneeded where data is communicated between clouds. In speciﬁccases these transformations can result in security breaches, butthe paper describes how these can be detected. Once a set ofvalid options has been generated, a cost model is used to rankthem. The method has been implemented in a tool, which isbrieﬂy described in the paper.
Author(s): Watson P
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Third IEEE International Conference on Cloud Computing Technology and Science (CloudCom)
Year of Conference: 2011
Library holdings: Search Newcastle University Library for this item