Cloud computing architectures based multi-tenant IDS

2013 National Security Days (JNS3) Pub Date : 2013-04-26 DOI:10.1109/JNS3.2013.6595469

Elmahdi Khalil, Saad Enniari, M. Zbakh

{"title":"Cloud computing architectures based multi-tenant IDS","authors":"Elmahdi Khalil, Saad Enniari, M. Zbakh","doi":"10.1109/JNS3.2013.6595469","DOIUrl":null,"url":null,"abstract":"Cloud computing is less expensive than traditional on-premise computing for users, as it provides accessibility and reliability options for users and scalable sales for provider. But, like most things in life, the benefits come with risks. It's just a matter of knowing if the benefits outweigh the risks and vice versa. Unfortunately, the cloud computing does not escape to this universal rule. Then, it is important to consider the security of the cloud. As a solution to protect the cloud from security issues [1, 2, 3, 4], we think that IDSs integrated in the cloud remains among the best solution. We will also present an architecture based IDS that respects multi-tenancy architecture. The objective behind integrating multi-tenancy aspect in our solution is to give tenants the ability to configure some parts of the application, such as the color of the user interface or business rules, but they can't customize the application's code. This means that although tenants an using the same building blocks in their configuration, the appearance or workflow of the application may be different for two tenants. Also, the Service Level Agreement (SLA) of each tenant can differ. In fact, we contend that multi-tenancy is a requirement for any cloud architecture because of four key benefits. First, High security: there are 3 key components that define the degree of isolation between multiple tenants in a data center: access policies, application deployment and data access and protection. Second, Economy: software development and maintenance costs are shared between the tenants. Third, Service assurance and faster updates: with multi-tenancy, the provider has to make updates once. In contrast with single-tenancy, an architecture in which each customer has their own software instance and may be given access to application code. Fourth, Efficiency and flexibility: A SaaS provider can run one instance of its application on one instance of a database and provide web access to multiple customers. Each tenant's data is Isolated and remains invisible to other tenants [11].","PeriodicalId":157229,"journal":{"name":"2013 National Security Days (JNS3)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 National Security Days (JNS3)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JNS3.2013.6595469","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Cloud computing is less expensive than traditional on-premise computing for users, as it provides accessibility and reliability options for users and scalable sales for provider. But, like most things in life, the benefits come with risks. It's just a matter of knowing if the benefits outweigh the risks and vice versa. Unfortunately, the cloud computing does not escape to this universal rule. Then, it is important to consider the security of the cloud. As a solution to protect the cloud from security issues [1, 2, 3, 4], we think that IDSs integrated in the cloud remains among the best solution. We will also present an architecture based IDS that respects multi-tenancy architecture. The objective behind integrating multi-tenancy aspect in our solution is to give tenants the ability to configure some parts of the application, such as the color of the user interface or business rules, but they can't customize the application's code. This means that although tenants an using the same building blocks in their configuration, the appearance or workflow of the application may be different for two tenants. Also, the Service Level Agreement (SLA) of each tenant can differ. In fact, we contend that multi-tenancy is a requirement for any cloud architecture because of four key benefits. First, High security: there are 3 key components that define the degree of isolation between multiple tenants in a data center: access policies, application deployment and data access and protection. Second, Economy: software development and maintenance costs are shared between the tenants. Third, Service assurance and faster updates: with multi-tenancy, the provider has to make updates once. In contrast with single-tenancy, an architecture in which each customer has their own software instance and may be given access to application code. Fourth, Efficiency and flexibility: A SaaS provider can run one instance of its application on one instance of a database and provide web access to multiple customers. Each tenant's data is Isolated and remains invisible to other tenants [11].

查看原文本刊更多论文

基于多租户IDS的云计算架构

对于用户来说，云计算比传统的本地计算更便宜，因为它为用户提供了可访问性和可靠性选项，并为提供商提供了可扩展的销售。但是，就像生活中的大多数事情一样，好处伴随着风险。这只是一个知道是否利大于弊的问题，反之亦然。不幸的是，云计算并没有逃脱这一普遍规则。然后，考虑云的安全性是很重要的。作为保护云不受安全问题影响的解决方案[1,2,3,4]，我们认为集成在云中的ids仍然是最佳解决方案之一。我们还将介绍一个基于IDS的体系结构，它尊重多租户体系结构。在我们的解决方案中集成多租户方面的目的是让租户能够配置应用程序的某些部分，例如用户界面的颜色或业务规则，但他们不能自定义应用程序的代码。这意味着，尽管租户在其配置中使用相同的构建块，但两个租户的应用程序的外观或工作流可能不同。此外，每个租户的服务水平协议(SLA)也可以不同。事实上，我们认为多租户是任何云架构的必要条件，因为它有四个关键优势。首先，高安全性:有3个关键组件定义了数据中心中多个租户之间的隔离程度:访问策略、应用程序部署以及数据访问和保护。第二，经济:软件开发和维护成本由租户共同承担。第三，服务保证和更快的更新:对于多租户，提供商必须进行一次更新。与单租户相比，单租户是一种体系结构，其中每个客户都有自己的软件实例，并且可以访问应用程序代码。第四，效率和灵活性:SaaS提供商可以在数据库的一个实例上运行其应用程序的一个实例，并向多个客户提供web访问。每个租户的数据是隔离的，并且对其他租户保持不可见[11]。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 National Security Days (JNS3)

自引率

0.00%

发文量