Balancing Utility and Security: Securing Cloud Federations of Public Entities

Bojan Suzic, Bernd Prünster, Dominik Ziegler, Alexander Marsalek, Andreas Reiter

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.

In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.
Original languageEnglish
Title of host publicationOTM Confederated International Conferences
Subtitle of host publicationOn the Move to Meaningful Internet Systems
PublisherSpringer International Publishing AG
Pages943 - 961
Number of pages18
ISBN (Electronic)978-3-319-48472-3
ISBN (Print)978-3-319-48471-6
DOIs
Publication statusPublished - 2016

Publication series

NameLecture Notes in Computer Science (LNCS)
PublisherSpringer International Publishing
Number10033

Fingerprint

Public administration
Data privacy
Security of data
Scalability
Processing

Keywords

  • authorization
  • cloud security
  • cloud federation
  • api security
  • data masking
  • data security policy
  • policy language
  • xacml

ASJC Scopus subject areas

  • Information Systems

Cite this

Suzic, B., Prünster, B., Ziegler, D., Marsalek, A., & Reiter, A. (2016). Balancing Utility and Security: Securing Cloud Federations of Public Entities. In OTM Confederated International Conferences: On the Move to Meaningful Internet Systems (pp. 943 - 961). (Lecture Notes in Computer Science (LNCS); No. 10033). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-48472-3_60

Balancing Utility and Security: Securing Cloud Federations of Public Entities. / Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik; Marsalek, Alexander; Reiter, Andreas.

OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. p. 943 - 961 (Lecture Notes in Computer Science (LNCS); No. 10033).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Suzic, B, Prünster, B, Ziegler, D, Marsalek, A & Reiter, A 2016, Balancing Utility and Security: Securing Cloud Federations of Public Entities. in OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Lecture Notes in Computer Science (LNCS), no. 10033, Springer International Publishing AG , pp. 943 - 961. https://doi.org/10.1007/978-3-319-48472-3_60
Suzic B, Prünster B, Ziegler D, Marsalek A, Reiter A. Balancing Utility and Security: Securing Cloud Federations of Public Entities. In OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG . 2016. p. 943 - 961. (Lecture Notes in Computer Science (LNCS); 10033). https://doi.org/10.1007/978-3-319-48472-3_60
Suzic, Bojan ; Prünster, Bernd ; Ziegler, Dominik ; Marsalek, Alexander ; Reiter, Andreas. / Balancing Utility and Security: Securing Cloud Federations of Public Entities. OTM Confederated International Conferences: On the Move to Meaningful Internet Systems. Springer International Publishing AG , 2016. pp. 943 - 961 (Lecture Notes in Computer Science (LNCS); 10033).
@inproceedings{612ea3990c70483985a1e378714d6e44,
title = "Balancing Utility and Security: Securing Cloud Federations of Public Entities",
abstract = "Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.",
keywords = "authorization, cloud security, cloud federation, api security, data masking, data security policy, policy language, xacml",
author = "Bojan Suzic and Bernd Pr{\"u}nster and Dominik Ziegler and Alexander Marsalek and Andreas Reiter",
year = "2016",
doi = "10.1007/978-3-319-48472-3_60",
language = "English",
isbn = "978-3-319-48471-6",
series = "Lecture Notes in Computer Science (LNCS)",
publisher = "Springer International Publishing AG",
number = "10033",
pages = "943 -- 961",
booktitle = "OTM Confederated International Conferences",
address = "Switzerland",

}

TY - GEN

T1 - Balancing Utility and Security: Securing Cloud Federations of Public Entities

AU - Suzic, Bojan

AU - Prünster, Bernd

AU - Ziegler, Dominik

AU - Marsalek, Alexander

AU - Reiter, Andreas

PY - 2016

Y1 - 2016

N2 - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

AB - Following their practical needs and legal constraints, recent application of the cloud paradigm among public administrations has been focused on the deployment of private clouds. Due to the increasing amount of data and processing requirements, many organizations are considering possibilities to additionally optimize their infrastructures and collaborative processes by employing private cloud federations.In this work, we present our contribution based on three real-world use cases implemented in the course of the SUNFISH project. We consider intra- and inter-organizational processes which demand secure and transparent infrastructure and data sharing. Based on derived requirements for data security and privacy in cloud federations, we propose a security governance architecture which enables a multi-layered, context and process-aware policy enforcement in heterogeneous environments. The proposed architecture relies on the micro-services paradigm to support scalability and provides additional security by integrating reactive and transformative security controls. To prove the feasibility of this work we provide performance evaluation of our implementation.

KW - authorization

KW - cloud security

KW - cloud federation

KW - api security

KW - data masking

KW - data security policy

KW - policy language

KW - xacml

U2 - 10.1007/978-3-319-48472-3_60

DO - 10.1007/978-3-319-48472-3_60

M3 - Conference contribution

SN - 978-3-319-48471-6

T3 - Lecture Notes in Computer Science (LNCS)

SP - 943

EP - 961

BT - OTM Confederated International Conferences

PB - Springer International Publishing AG

ER -