Securing a Community Cloud

Abstract

Virtual Interacting Network CommunIty (Vinci) is a software architecture that exploits virtualization to secure a community cloud, i.e. a cloud system shared among communities with distinct security levels and reliability requirements. A community consists of a set of users, their applications, a set of services and of shared resources. Users with distinct privileges and applications with distinct trust levels belong to distinct communities. Rather than acquiring and managing its own physical infrastructure, a community defines a virtual ICT infrastructure, i.e. an overlay, by instantiating and interconnecting virtual machines (VMs) defined from a small set of templates. Vinci includes templates to run user applications, protect shared resources and control traffic among communities to filter out malware or distributed attacks. The adoption of alternative VM templates minimizes the complexity of each VM and increases the robustness of both the VMs and of the overall infrastructure. The resulting overlays are mapped onto the cloud infrastructure or, from another perspective, they access an infrastructure service. The cloud provider defines a further overlay that interconnects VMs to manage the infrastructure resources and configure the VMs at start-up.