Towards Secure Collaboration in Federated Cloud Environments

Bojan Suzic; Andreas Reiter

doi:10.1109/ARES.2016.46

Towards Secure Collaboration in Federated Cloud Environments

Bojan Suzic, Andreas Reiter

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Public administrations across Europe are actively following and adopting cloud paradigms. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from cloud computing. However, there is a growing need to further support the consolidation and sharing of resources across different public entities or corporations. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on infrastructure, data and services level. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level.

Original language	English
Title of host publication	2016 11th International Conference on Availability, Reliability and Security (ARES)
Publisher	Institute of Electrical and Electronics Engineers
Pages	750-759
Number of pages	10
ISBN (Electronic)	978-1-5090-0990-9
ISBN (Print)	978-1-5090-0991-6
DOIs	https://doi.org/10.1109/ARES.2016.46
Publication status	Published - 2016
Event	11th International Conference on Availability, Reliability and Security: ARES 2016 - University of Applied Sciences Salzburg, Salzburg, Austria Duration: 31 Aug 2016 → 2 Sept 2016

Conference

Conference	11th International Conference on Availability, Reliability and Security
Country/Territory	Austria
City	Salzburg
Period	31/08/16 → 2/09/16

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1109/ARES.2016.46

Towards Secure Collaboration in Federated Cloud EnvironmentsAccepted author manuscript, 551 KBLicence: Unspecified

http://ieeexplore.ieee.org/abstract/document/7784642/

Cite this

Suzic, B & Reiter, A 2016, Towards Secure Collaboration in Federated Cloud Environments. in 2016 11th International Conference on Availability, Reliability and Security (ARES). Institute of Electrical and Electronics Engineers, pp. 750-759, 11th International Conference on Availability, Reliability and Security, Salzburg, Austria, 31/08/16. https://doi.org/10.1109/ARES.2016.46

@inproceedings{5329d22201a041f59dcf1a4a2b562d74,

title = "Towards Secure Collaboration in Federated Cloud Environments",

abstract = "Public administrations across Europe are actively following and adopting cloud paradigms. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from cloud computing. However, there is a growing need to further support the consolidation and sharing of resources across different public entities or corporations. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on infrastructure, data and services level. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level.",

keywords = "authorization, federated authorization, intracloud, intra-cloud, multicloud, multi-cloud, xacml, rbac, authentication, oauth, security enforcement, security policies, abac, data security, data transformation, encryption, format-preserving encryption, cloud federation, integration, service integration",

author = "Bojan Suzic and Andreas Reiter",

note = "This work has been supported partially by the SUNFISH project (N.644666) funded by the European Commission H2020 Program.; 11th International Conference on Availability, Reliability and Security : ARES 2016 ; Conference date: 31-08-2016 Through 02-09-2016",

year = "2016",

doi = "10.1109/ARES.2016.46",

language = "English",

isbn = "978-1-5090-0991-6 ",

pages = "750--759",

booktitle = "2016 11th International Conference on Availability, Reliability and Security (ARES)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

TY - GEN

T1 - Towards Secure Collaboration in Federated Cloud Environments

AU - Suzic, Bojan

AU - Reiter, Andreas

N1 - This work has been supported partially by the SUNFISH project (N.644666) funded by the European Commission H2020 Program.

PY - 2016

Y1 - 2016

N2 - Public administrations across Europe are actively following and adopting cloud paradigms. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from cloud computing. However, there is a growing need to further support the consolidation and sharing of resources across different public entities or corporations. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on infrastructure, data and services level. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level.

AB - Public administrations across Europe are actively following and adopting cloud paradigms. By establishing modern data centers and consolidating their infrastructures, many organizations already benefit from cloud computing. However, there is a growing need to further support the consolidation and sharing of resources across different public entities or corporations. The ever increasing volume of processed data and diversity of organizational interactions stress this need even further, calling for the integration on infrastructure, data and services level. This is currently hindered by strict requirements in the field of data security and privacy. In this paper, we present ongoing work enabling secure private cloud federations for public administrations, performed in the scope of the SUNFISH H2020 project. We focus on architectural components and processes that establish cross-organizational enforcement of data security policies in heterogeneous environments. Our proposal introduces proactive restriction of data flows in federated environments by integrating real-time based security policy enforcement and its post-execution conformance verification. The goal of this framework is to enable secure service integration and data exchange in cross-entity contexts by inspecting data flows and assuring their conformance with security policies, both on organizational and federation level.

KW - authorization

KW - federated authorization

KW - intracloud

KW - intra-cloud

KW - multicloud

KW - multi-cloud

KW - xacml

KW - rbac

KW - authentication

KW - oauth

KW - security enforcement

KW - security policies

KW - abac

KW - data security

KW - data transformation

KW - encryption

KW - format-preserving encryption

KW - cloud federation

KW - integration

KW - service integration

U2 - 10.1109/ARES.2016.46

DO - 10.1109/ARES.2016.46

M3 - Conference paper

SN - 978-1-5090-0991-6

SP - 750

EP - 759

BT - 2016 11th International Conference on Availability, Reliability and Security (ARES)

PB - Institute of Electrical and Electronics Engineers

T2 - 11th International Conference on Availability, Reliability and Security

Y2 - 31 August 2016 through 2 September 2016

ER -

Towards Secure Collaboration in Federated Cloud Environments

Abstract

Conference

ASJC Scopus subject areas

Fields of Expertise

Access to Document

Fingerprint

Cite this