C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services

IF 4.1 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Network and Systems Management Pub Date : 2024-01-05 DOI:10.1007/s10922-023-09792-7

Mohamed Oulaaffart, Rémi Badonnel, Olivier Festor

{"title":"C3S-TTP: A Trusted Third Party for Configuration Security in TOSCA-Based Cloud Services","authors":"Mohamed Oulaaffart, Rémi Badonnel, Olivier Festor","doi":"10.1007/s10922-023-09792-7","DOIUrl":null,"url":null,"abstract":"<p>The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.</p>","PeriodicalId":50119,"journal":{"name":"Journal of Network and Systems Management","volume":null,"pages":null},"PeriodicalIF":4.1000,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Systems Management","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10922-023-09792-7","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The large-scale deployment of cloud composite services distributed over heterogeneous environments poses new challenges in terms of security management. In particular, the migration of their resources is facilitated by recent advances in the area of virtualization techniques. This contributes to increase the dynamics of their configuration, and may induce vulnerabilities that could compromise the security of cloud resources, or even of the whole service. In addition, cloud providers may be reluctant to share precise information regarding the configuration of their infrastructures with cloud tenants that build and deploy cloud composite services. This makes the assessment of vulnerabilities difficult to be performed with only a partial view on the overall configuration. We therefore propose in this article an inter-cloud trusted third-party approach, called C3S-TTP, for supporting secure configurations in cloud composite services, more specifically during the migration of their resources. We describe the considered architecture, its main building blocks and their interactions based on an extended version of the TOSCA orchestration language. The trusted third party is capable to perform a precise and exhaustive vulnerability assessment, without requiring the cloud provider and the cloud tenant to share critical configuration information between each other. After designing and formalizing this third party solution, we perform large series of experiments based on a proof-of-concept prototype in order to quantify its benefits and limits.

Abstract Image

查看原文本刊更多论文

C3S-TTP：基于 TOSCA 的云服务配置安全可信第三方

分布在异构环境中的云复合服务的大规模部署给安全管理带来了新的挑战。特别是，虚拟化技术领域的最新进展促进了资源的迁移。这有助于增加其配置的动态性，并可能诱发可能危及云资源甚至整个服务安全的漏洞。此外，云提供商可能不愿意与构建和部署云复合服务的云租户分享有关其基础设施配置的准确信息。这就使得漏洞评估难以在仅了解部分整体配置的情况下进行。因此，我们在本文中提出了一种名为 C3S-TTP 的云间可信第三方方法，用于支持云复合服务中的安全配置，特别是在其资源迁移过程中。我们基于 TOSCA 协调语言的扩展版本，描述了所考虑的架构、主要构建模块及其交互。可信第三方能够执行精确、详尽的漏洞评估，而无需云提供商和云租户共享彼此间的关键配置信息。在设计并正式确定该第三方解决方案后，我们基于概念验证原型进行了大量实验，以量化其优势和局限性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Systems Management 工程技术-电信学

CiteScore

7.60

自引率

16.70%

发文量

审稿时长

>12 weeks

期刊介绍： Journal of Network and Systems Management, features peer-reviewed original research, as well as case studies in the fields of network and system management. The journal regularly disseminates significant new information on both the telecommunications and computing aspects of these fields, as well as their evolution and emerging integration. This outstanding quarterly covers architecture, analysis, design, software, standards, and migration issues related to the operation, management, and control of distributed systems and communication networks for voice, data, video, and networked computing.