Towards a Generic Security Framework for Cloud Data Management Environments

Abstract

Providing an adequate security level in Cloud Environments is currently an extremely active research area. More specifically, malicious behaviors targeting large-scale Cloud data repositories (e.g., Denial of Service attacks) may drastically degrade the overall performance of such systems and cannot be detected by typical authentication mechanisms. This article proposes a generic security management framework allowing providers of Cloud data management systems to define and enforce complex security policies. This security framework is designed to detect and stop a large array of attacks defined through an expressive policy description language and to be easily interfaced with various data management systems. The authors show that they can efficiently protect a data storage system by evaluating the security framework on top of the BlobSeer data management platform. The authors evaluate the benefits of preventing a DoS attack targeted towards BlobSeer through experiments performed on the Grid’5000 testbed.