{"title":"C3S-TTP:基于 TOSCA 的云服务配置安全可信第三方","authors":"Mohamed Oulaaffart, Rémi Badonnel, Olivier Festor","doi":"10.1007/s10922-023-09792-7","DOIUrl":null,"url":null,"abstract":"<p>The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":"119 1","pages":""},"PeriodicalIF":4.1000,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services\",\"authors\":\"Mohamed Oulaaffart, Rémi Badonnel, Olivier Festor\",\"doi\":\"10.1007/s10922-023-09792-7\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.</p>\",\"PeriodicalId\":50119,\"journal\":{\"name\":\"Journal of Network and Systems Management\",\"volume\":\"119 1\",\"pages\":\"\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-01-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Systems Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10922-023-09792-7\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Systems Management","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10922-023-09792-7","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services
The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.
期刊介绍:
Journal of Network and Systems Management, features peer-reviewed original research, as well as case studies in the fields of network and system management. The journal regularly disseminates significant new information on both the telecommunications and computing aspects of these fields, as well as their evolution and emerging integration. This outstanding quarterly covers architecture, analysis, design, software, standards, and migration issues related to the operation, management, and control of distributed systems and communication networks for voice, data, video, and networked computing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
