C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-based Cloud Services

Oulaaffart, Mohamed; Badonnel, Rémi; Festor, Olivier

doi:10.21203/rs.3.rs-2193898/v1

Cited by 2 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, they target integrating software trusted platform modules (TPM) into hypervisor environments in order to make TPM functions available to virtual machines. Also, we have shown in [26] how risk management methods can be applied to cloud infrastructures, in order to automatically determine the counter-measures to be applied during resource migrations. Most of existing techniques on inter-cloud security management are centered on identity management and access control, and do not exploit the knowledge provided by the specification of cloud composite services.…”

Section: Related Workmentioning

confidence: 99%

C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services

Oulaaffart,

Badonnel,

Festor

2024

J Netw Syst Manage

View full text Add to dashboard Cite

The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.

show abstract

Section: Related Workmentioning

confidence: 99%

C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services

Oulaaffart,

Badonnel,

Festor

2024

J Netw Syst Manage

View full text Add to dashboard Cite

show abstract

Perspective Chapter: Cloud Lock-in Parameters – Service Adoption and Migration

Opara-Martins¹

2023

Edge Computing - Technology, Management and Integration

View full text Add to dashboard Cite

ICT has been lauded as being revolutionised by cloud computing, which relieves businesses of having to make significant capital investments in ICT while allowing them to connect to incredibly potent computing capabilities over the network. Organisations adopt cloud computing as a way to solve business problems, not technical problems. As such, organisations across Europe are eagerly embracing cloud computing in their operating environments. Understanding cloud lock-in parameters is essential for supporting inter-cloud cooperation and seamless information and data exchange. Achieving vendor-neutral cloud services is a fundamental requirement and a necessary strategy to be fulfilled in order to enable portability. This chapter highlights technical advancements that contribute to the interoperable migration of services in the heterogeneous cloud environment. A set of guidelines and good practices were also collected and discussed, thus providing strategies on how lock-in can be mitigated. Moreover, this chapter provides some recommendations for moving forward with cloud computing adoption. To make sure the migration and integration between on-premise and cloud happen with minimal disruption to business and results in maximum sustainable cost benefit, the chapter’s contribution is also designed to provide new knowledge and greater depth to support organisations around the world to make informed decisions.

show abstract

C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-based Cloud Services

Cited by 2 publications

References 18 publications

C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services

C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services

Perspective Chapter: Cloud Lock-in Parameters – Service Adoption and Migration

Contact Info

Product

Resources

About