A cloud computing separation model based on information flow

Ma, Wei; Li, Huanqin; Witarsyah, Deden

doi:10.1515/phys-2019-0013

Cited by 2 publications

(1 citation statement)

References 17 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attributes represent delegate operations in the domain level, e.g., radio access network, fixed access network, transport network and 5G core domains. The delegation approaches rely on declarative languages to specify the resource needs (e.g., for containers at the cloud-native approach, virtual machines (VNF) or physical elements), which is a desirable approach for security safeguards and countermeasures when infrastructure employs many underlying technologies (e.g., firewalls, resource separation in virtualization platforms [5], carrier-grade network address translation). The top-level/service orchestrator sends the instructions to domain/lower-level orchestrators in order to construct service and fulfil the requirements from the service order.…”

Section: Introductionmentioning

confidence: 99%

Network Slicing Security Controls and Assurance for Verticals

et al. 2022

View full text Add to dashboard Cite

This paper focuses on the security challenges of network slice implementation in 5G networks. We propose that network slice controllers support security by enabling security controls at different network layers. The slice controller orchestrates multilevel domains with resources at a very high level but needs to understand how to define the resources at lower levels. In this context, the main outstanding security challenge is the compromise of several resources in the presence of an attack due to weak resource isolation at different levels. We analysed the current standards and trends directed to mitigate the vulnerabilities mentioned above, and we propose security controls and classify them by efficiency and applicability (easiness to develop). Security controls are a common way to secure networks, but they enforce security policies only in respective areas. Therefore, the security domains allow for structuring the orchestration principles by considering the necessary security controls to be applied. This approach is common for both vendor-neutral and vendor-dependent security solutions. In our classification, we considered the controls in the following fields: (i) fair resource allocation with dynamic security assurance, (ii) isolation in a multilayer architecture and (iii) response to DDoS attacks without service and security degradation.

show abstract

Section: Introductionmentioning

confidence: 99%

Network Slicing Security Controls and Assurance for Verticals

et al. 2022

View full text Add to dashboard Cite

show abstract

Dynamic Control Method for Tenants’ Sensitive Information Flow Based on Virtual Boundary Recognition

Lu¹,

Cao²,

Du³

2020

IEEE Access

View full text Add to dashboard Cite

In the cloud environment, owing to the large-scale sharing of the upper application instance and the underlying virtual machine resources, the tenants' information flow boundary in the shared virtual machine is fuzzy and difficult to identify. In addition, protection of tenant information flow between processes is inadequate, resulting in the leakage of sensitive information of tenants. Therefore, a dynamic control method for tenants' sensitive information flow based on virtual boundary recognition is proposed. By analyzing the behavior and operation log of tenants, the behavior feature vectors of tenants are constructed, and an automatic recognition algorithm of tenant virtual boundary based on the dynamic spiking neural network is designed. This algorithm can realize dynamic identification of the tenant virtual security boundary when the application service demand changes dynamically. Further, combined with the concept of centralized and decentralized information flow control, a dynamic control method of sensitive information flow is established. The security label is formally defined by using the lattice structure, and the control rules of tenants' information flow and the rules of tenant label encryption-declassification are designed. Thus, the independent, dynamic and secure control of tenants' information flow inside and outside the tenant virtual boundary. Finally, the detailed design of a dynamic security control application system for cloud tenants' sensitive information flow is provided. Experiments confirm that the proposed algorithm can identify the security boundary of tenants more accurately and efficiently than the traditional spiking neural network classification methods. Further, the security and effectiveness of the method is verified by the intransitive noninterference theory and the experiment of information flow control.

show abstract

A cloud computing separation model based on information flow

Cited by 2 publications

References 17 publications

Network Slicing Security Controls and Assurance for Verticals

Network Slicing Security Controls and Assurance for Verticals

Dynamic Control Method for Tenants’ Sensitive Information Flow Based on Virtual Boundary Recognition

Contact Info

Product

Resources

About