BlueShield: A Layer 2 Appliance for Enhanced Isolation and Security Hardening among Multi-tenant Cloud Workloads

2012 IEEE Fifth International Conference on Utility and Cloud Computing Pub Date : 2012-11-05 DOI:10.1109/UCC.2012.21

Saurabh Barjatiya, P. Saripalli

{"title":"BlueShield: A Layer 2 Appliance for Enhanced Isolation and Security Hardening among Multi-tenant Cloud Workloads","authors":"Saurabh Barjatiya, P. Saripalli","doi":"10.1109/UCC.2012.21","DOIUrl":null,"url":null,"abstract":"Enhanced Isolation and Security (EIS) in a cloud are of significant concern. Many organizations are hesitant in migrating to a cloud based infrastructure due to the perceived limitations with EIS. Earlier, we had presented the quantitative risk and impact assessment framework (QUIRC) [1]. QUIRC can be used to assess the security risks associated with the cloud computing platforms. In the present work, design and implementation of Blue Shield is presented. Blue Shield is a Layer2 appliance for an EIS hardening among multi-tenant cloud workloads. Blue Shield architecture provides EIS, significantly reducing the threats faced by the tenants in a cloud environment. EIS provided by Blue Shield is validated using a proof of concept implementation. Then shortcomings of the various present approaches in addressing the identified security threats are explained. It is shown that the present security applications, deployed in a non-cloud environment, do not require modification during migration to Blue Shield based clouds. Furthermore, the proposed design provides high level of protection among the VMs in the same VLAN.","PeriodicalId":122639,"journal":{"name":"2012 IEEE Fifth International Conference on Utility and Cloud Computing","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Fifth International Conference on Utility and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UCC.2012.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Enhanced Isolation and Security (EIS) in a cloud are of significant concern. Many organizations are hesitant in migrating to a cloud based infrastructure due to the perceived limitations with EIS. Earlier, we had presented the quantitative risk and impact assessment framework (QUIRC) [1]. QUIRC can be used to assess the security risks associated with the cloud computing platforms. In the present work, design and implementation of Blue Shield is presented. Blue Shield is a Layer2 appliance for an EIS hardening among multi-tenant cloud workloads. Blue Shield architecture provides EIS, significantly reducing the threats faced by the tenants in a cloud environment. EIS provided by Blue Shield is validated using a proof of concept implementation. Then shortcomings of the various present approaches in addressing the identified security threats are explained. It is shown that the present security applications, deployed in a non-cloud environment, do not require modification during migration to Blue Shield based clouds. Furthermore, the proposed design provides high level of protection among the VMs in the same VLAN.

查看原文本刊更多论文

BlueShield:用于在多租户云工作负载中增强隔离和安全加固的第2层设备

云中的增强隔离和安全性(EIS)非常值得关注。由于EIS的局限性，许多组织在迁移到基于云的基础设施时犹豫不决。此前，我们提出了定量风险和影响评估框架(QUIRC)[1]。QUIRC可用于评估与云计算平台相关的安全风险。本文介绍了蓝盾系统的设计与实现。Blue Shield是用于在多租户云工作负载中进行EIS加固的第2层设备。蓝盾架构提供EIS，大大减少了云环境中租户面临的威胁。蓝盾公司提供的环境影响评估系统是通过概念验证来验证的。然后解释了目前解决已确定的安全威胁的各种方法的缺点。结果表明，目前部署在非云环境中的安全应用程序在迁移到基于蓝盾的云时不需要修改。此外，所提出的设计在同一VLAN中的vm之间提供了高水平的保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 IEEE Fifth International Conference on Utility and Cloud Computing

自引率

0.00%

发文量