Policy-Customized: A New Abstraction for Building Security as a Service

Huang, Chenlin; Hou, Chuanwang; He, Ligang; Dai, Huadong; Ding, Yan

doi:10.1109/ispan-fcst-iscc.2017.57

Cited by 2 publications

(1 citation statement)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our group has designed and implemented an ABS-based security scheme for the SOD problem of VM. With their work, we proposed a security scheme for [13,14] in this paper. We assume that the cloud subscriber has defined a security policy that is stored in the vTCM.…”

Section: Safe Operation Of Docker Based On Absmentioning

confidence: 99%

PC-TDA: a policy-customized trusted Docker architecture based on attribute-based signature

Huang

et al. 2022

International Conference on Network Communication and Information Security (ICNCIS 2022)

View full text Add to dashboard Cite

Docker has become the main service deployment mode of cloud platform because of its lightweight and portable characteristics. With the popularity of cloud services, the security of Docker becomes an increasingly concerned issue. On one hand, the security capability of Docker is insufficient currently. Docker is designed to reduce the attack surface mainly by simplifying the system functions. Meanwhile, there are only limited built-in security mechanisms for Docker which are incapable of controlling the runtime security for Docker. On the other hand, there lacks personalized security policy deployment and enforcement mechanism in Docker which cannot meet the special security needs of users for cloud services. Focusing on the above problems, this paper proposes a new security-on-demand framework for Docker called a "Policy-Customized Trusted Docker Architecture "(PC-TDA) , which forces cloud service providers to provide secure Docker services satisfying the user customized security policies by introducing the attribute-based encryption mechanism. At the same time, PC-TDA uses the attribute-based signature mechanism to support the verification of the security status and security policies of cloud services. Based on the Kylin cloud, the PC-TDA is preliminarily implemented, and the verification results show the availability and rationality of our proposed architecture which can provide greater flexibility for cloud users to control Dockers.

show abstract

Section: Safe Operation Of Docker Based On Absmentioning

confidence: 99%