Secure Partitioning of Cloud Applications, with Cost Look-Ahead-Reference-Cited by-同舟云学术

Secure Partitioning of Cloud Applications, with Cost Look-Ahead

Published:2023-06-22 Issue:7 Volume:15 Page:224
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Bocci Alessandro¹^ORCID,Forti Stefano¹^ORCID,Guanciale Roberto²^ORCID,Ferrari Gian-Luigi¹^ORCID,Brogi Antonio¹^ORCID

Affiliation:

1. Department of Computer Science, University of Pisa, 56127 Pisa, Italy

2. Division of Theoretical Computer Science, KTH Royal Institute of Technology, 114 28 Stockholm, Sweden

Abstract

The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.

Funder

Energy-aware management of software applications in Cloud-IoT ecosystems

Italian Ministry of University and Research

University of Pisa

Swedish Foundation for Strategic Research

Publisher

MDPI AG

Subject

Computer Networks and Communications

Link

https://www.mdpi.com/1999-5903/15/7/224/pdf

Reference53 articles.

1. Foundations and evolution of modern computing paradigms: Cloud, iot, edge, and fog;Tange;IEEE Access,2019

2. Data Security in the World of Cloud Computing;Kaufman;IEEE Secur. Priv.,2009

3. Shaikh, F.B., and Haider, S. (2011, January 11–14). Security threats in cloud computing. Proceedings of the International Conference for Internet Technology and Secured Transactions 2011, Abu Dhabi, United Arab Emirates.

4. Cloud computing security taxonomy: From an atomistic to a holistic view;Mthunzi;Future Gener. Comput. Syst.,2020

5. A comprehensive survey on security challenges in different network layers in cloud computing;Jangjou;Arch. Comput. Methods Eng.,2022