RESEARCH FEATURE
0018-9162/12/$31.00 © 2012 IEEE Published by the IEEE Computer Society JULY 2012 73
tion,
2
the use of a third-party auditor to verify the integrity
of data stored in the cloud,
3,4
and access control based on
data attributes and semantics.
5,6
Some trust management experts recommend applying
multiple security policies to authenticate users, manage
identities, and protect data from unauthorized users.
Amazon administrators, for example, log and routinely
audit any access to customers’ data or operating systems.
6
Each of these research efforts aims to develop a secu-
rity solution for a specific threat, yet such methods are
incompatible with cloud services, which sometimes have
vastly different security requirements. Some services in-
volve public information that needs only basic security.
Others, such as banking transactions, involve more sensi-
tive information. To date, no single security architecture
satisfies this requirements mix. As the “Why Not Protect
at the Highest Level?” sidebar describes, the one-level-
fits-all approach of traditional client-server architectures
wastes resources and makes service use unnecessarily
complex.
To fill the need for a more discerning security archi-
tecture, we are exploring a security-on-demand design
that applies security algorithms and protocols according to
three stages in the service data’s life cycle: in transmission,
C
loud computing makes it possible for content pro-
viders to quickly deploy and scale services and
benefit from low-cost, pay-by-use models, while
service users enjoy the flexibility that Internet-
based computing provides. Cloud services generally take
the form of software as a service (SaaS), platform as a ser-
vice (PaaS), or infrastructure as a service (IaaS). Successful
commercial solutions include Amazon’s EC2/S3, Google
Apps, and force.com.
However, the very flexibility and rapid provisioning
that cloud computing offers pose serious obstacles to any
security architecture.
1
Users find it difficult to fully trust
cloud-based services because cloud-based data storage and
protection methods are largely user transparent. There is
no way to know, for example, if the service providers have
properly deleted users’ purged data or if they are saving it
for their own reasons, such as passing on the user’s name
to third parties offering products related to the provided
service or extracting privacy information for malicious
use.
2
Current research on cloud security is still in the early
stages, and no universal model or set of techniques has
yet emerged. Methods include segregating user resources
during data processing to prevent widespread virus infec-
An architecture that differentiates security according to service-specific
characteristics avoids an unnecessary drain on IT resources by protect-
ing a variety of cloud computing services at just the right level.
Jianyong Chen, Yang Wang,
and Xiaomin Wang
Shenzhen University, China
On-Demand
Security
Architecture
for Cloud
Computing
下载后可阅读完整内容,剩余5页未读,立即下载
weixin_38733245
- 粉丝: 4
- 资源: 894
我的内容管理
展开
最新资源
- 最优条件下三次B样条小波边缘检测算子研究
- 深入解析:wav文件格式结构
- JIRA系统配置指南:代理与SSL设置
- 入门必备:电阻电容识别全解析
- U盘制作启动盘:详细教程解决无光驱装系统难题
- Eclipse快捷键大全:提升开发效率的必备秘籍
- C++ Primer Plus中文版:深入学习C++编程必备
- Eclipse常用快捷键汇总与操作指南
- JavaScript作用域解析与面向对象基础
- 软通动力Java笔试题解析
- 自定义标签配置与使用指南
- Android Intent深度解析:组件通信与广播机制
- 增强MyEclipse代码提示功能设置教程
- x86下VMware环境中Openwrt编译与LuCI集成指南
- S3C2440A嵌入式终端电源管理系统设计探讨
- Intel DTCP-IP技术在数字家庭中的内容保护
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
