{"title":"云中的安全资源分配","authors":"Saeed Al-Haj, E. Al-Shaer, H. Ramasamy","doi":"10.1109/SCC.2013.36","DOIUrl":null,"url":null,"abstract":"Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.","PeriodicalId":370898,"journal":{"name":"2013 IEEE International Conference on Services Computing","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"Security-Aware Resource Allocation in Clouds\",\"authors\":\"Saeed Al-Haj, E. Al-Shaer, H. Ramasamy\",\"doi\":\"10.1109/SCC.2013.36\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.\",\"PeriodicalId\":370898,\"journal\":{\"name\":\"2013 IEEE International Conference on Services Computing\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE International Conference on Services Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SCC.2013.36\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Services Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCC.2013.36","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
