Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic, Bernd Prünster, Dominik Ziegler, Alexander Marsalek, Andreas Reiter

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.

In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.
Originalspracheenglisch
TitelOTM Confederated International Conferences
UntertitelOn the Move to Meaningful Internet Systems
Herausgeber (Verlag)Springer International Publishing AG
Seiten943 - 961
Seitenumfang18
ISBN (elektronisch)978-3-319-48472-3
ISBN (Print)978-3-319-48471-6
DOIs
PublikationsstatusVeröffentlicht - 2016

Publikationsreihe

NameLecture Notes in Computer Science (LNCS)
Herausgeber (Verlag)Springer International Publishing
Nummer10033

Fingerprint

Public administration
Data privacy
Security of data
Scalability
Processing

Schlagwörter

    ASJC Scopus subject areas

    • Information systems

    Dies zitieren

    Suzic, B., Prünster, B., Ziegler, D., Marsalek, A., & Reiter, A. (2016). Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems (S. 943 - 961). (Lecture Notes in Computer Science (LNCS); Nr. 10033). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-48472-3_60

    Balancing Utility and Security: Securing Cloud Federations of Public Entities. / Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik; Marsalek, Alexander; Reiter, Andreas.

    OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. S. 943 - 961 (Lecture Notes in Computer Science (LNCS); Nr. 10033).

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Suzic, B, Prünster, B, Ziegler, D, Marsalek, A & Reiter, A 2016, Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Lecture Notes in Computer Science (LNCS), Nr. 10033, Springer International Publishing AG , S. 943 - 961. https://doi.org/10.1007/978-3-319-48472-3_60
    Suzic B, Prünster B, Ziegler D, Marsalek A, Reiter A. Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG . 2016. S. 943 - 961. (Lecture Notes in Computer Science (LNCS); 10033). https://doi.org/10.1007/978-3-319-48472-3_60
    Suzic, Bojan ; Prünster, Bernd ; Ziegler, Dominik ; Marsalek, Alexander ; Reiter, Andreas. / Balancing Utility and Security: Securing Cloud Federations of Public Entities. OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. S. 943 - 961 (Lecture Notes in Computer Science (LNCS); 10033).
    @inproceedings{612ea3990c70483985a1e378714d6e44,
    title = "Balancing Utility and Security: Securing Cloud Federations of Public Entities",
    abstract = "Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.",
    keywords = "authorization, cloud security, cloud federation, api security, data masking, data security policy, policy language, xacml",
    author = "Bojan Suzic and Bernd Pr{\"u}nster and Dominik Ziegler and Alexander Marsalek and Andreas Reiter",
    year = "2016",
    doi = "10.1007/978-3-319-48472-3_60",
    language = "English",
    isbn = "978-3-319-48471-6",
    series = "Lecture Notes in Computer Science (LNCS)",
    publisher = "Springer International Publishing AG",
    number = "10033",
    pages = "943 -- 961",
    booktitle = "OTM Confederated International Conferences",
    address = "Switzerland",

    }

    TY - GEN

    T1 - Balancing Utility and Security: Securing Cloud Federations of Public Entities

    AU - Suzic, Bojan

    AU - Prünster, Bernd

    AU - Ziegler, Dominik

    AU - Marsalek, Alexander

    AU - Reiter, Andreas

    PY - 2016

    Y1 - 2016

    N2 - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

    AB - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

    KW - authorization

    KW - cloud security

    KW - cloud federation

    KW - api security

    KW - data masking

    KW - data security policy

    KW - policy language

    KW - xacml

    U2 - 10.1007/978-3-319-48472-3_60

    DO - 10.1007/978-3-319-48472-3_60

    M3 - Conference contribution

    SN - 978-3-319-48471-6

    T3 - Lecture Notes in Computer Science (LNCS)

    SP - 943

    EP - 961

    BT - OTM Confederated International Conferences

    PB - Springer International Publishing AG

    ER -