Towards a Security-Enhanced Cloud Platform

Abstract

While cloud computing platform becomes popular and works as a platform for network function virtualization (NFV), the security of the cloud also becomes an important subject. However, although there are many works about security mechanisms, there has not been much research into what problems can occur when these conventional mechanisms are applied to the cloud system. Thus, we have given more attention to the robustness of communications resided in the cloud, not security mechanism itself, and found that security threats could arise from communication between cloud services and identification process. To cope with this problem, we propose three approaches: integrative identification system in a single cloud service, action-based token authorization, and partially encrypted communication between the identification system and cloud services. By implementing these approaches to open-source cloud computing platform, Openstack, we show that our approaches are feasible.