nach oben

Erschienen in:

2017 | OriginalPaper | Buchkapitel

An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments

verfasst von : Mathias Slawik, Begüm Ilke Zilci, Axel Küpper, Yuri Demchenko, Fatih Turkmen, Christophe Blanchet, Jean-François Gibrat

Erschienen in: Economics of Grids, Clouds, Systems, and Services

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Contemporary multi-cloud application deployments require increasingly complex security architectures, especially within federated environments. However, increased complexity often leads to higher efforts and raised costs for managing and securing those applications. This publication establishes an economical and comprehensive security architecture that is readily instantiable, pertinent to concrete users’ requirements, and builds upon up-to-date protocols and software. We highlight its feasibility by applying the architecture within the CYCLONE innovation action, deploying federated Bioinformatics applications within a cloud production environment. At last, we put special emphasis on the reduced management efforts to highlight the economic benefit of following our approach.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Fault-Tree-Based Service Availability Model in Cloud Environments: A Failure Trace Archive Approach

Nächstes Kapitel Efficient Context Management and Personalized User Recommendations in a Smart Social TV Environment

http://www.cyclone-project.eu/deliverables.html.

https://github.com/cyclone-project/.

http://openid.net/specs/openid-authentication-2_0.html.

Basically, relying parties use HTTP redirection to request an access token from the resource server. If users accept this request, the resource server issues a token that allows relying parties access to users’ resources (see 4.1 of [2]).

For a comprehensive discussion, see http://oauth.net/articles/authentication.

See http://jwt.io and [4].

http://saml.xml.org/saml-specifications.

http://shibboleth.net/.

https://simplesamlphp.org/.

http://keycloak.jboss.org/.

http://www.linux-pam.org/.

https://www.oasis-open.org/committees/xacml/.

https://wiki.moonshot.ja.net/.

We use this term as “Federated Identity Provider” would be ambiguous: “provider of a federated identity” or “identity provider in a federation”?.

More details at https://github.com/cyclone-project/cyclone-python-pam.

https://wiki.edugain.org/IDP_Attribute_Profile:_recommended_attributes.

See: https://www.elastic.co/guide/en/logstash/current/input-plugins.html.

See: https://github.com/cyclone-project/cyclone-logging.

https://cloud.france-bioinformatique.fr/cloud/.

https://technical.edugain.org/show_entity_details.php?entity_row_id=213.

https://wiki.edugain.org/Data_Protection_Code_of_Conduct_Cookbook.

https://github.com/pingidentity/mod_auth_openidc.

Currently 1206 SPs, see https://technical.edugain.org/entities.

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html.

https://www.owasp.org/index.php/Application_Threat_Modeling.

https://www.owasp.org/index.php/Application_Threat_Modeling#DREAD.

https://msdn.microsoft.com/en-us/library/ff648644.aspx (see Table 3.6).

https://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html.

https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP.

https://github.com/cyclone-project.

Demchenko, Y., de Laat, C., Lopez, D.R., Garcia-Espin, J.A.: Security services lifecycle management in on-demand infrastructure services provisioning. In: Qiu, J. (ed.) Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom 2010). IEEE, Piscataway, NJ (2010)

Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749 (Proposed Standard), October 2012. http://www.ietf.org/rfc/rfc6749.txt

Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)

Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519 (Proposed Standard), updated by RFC 7797, May 2015. http://www.ietf.org/rfc/rfc7519.txt

Membrey, P., Chan, K.C.C., Ngo, C., Demchenko, Y., de Laat, C.: Trusted virtual infrastructure bootstrapping for on demand services. In: Seventh International Conference on Availability, Reliability and Security, Prague, ARES 2012, Czech Republic, 20–24 August 2012, pp. 350–357 (2012)

Ngo, C., Membrey, P., Demchenko, Y., de Laat, C.: Policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures. In: Proceedings of the Seventh International Conference on Availability, Reliability and Security (ARES2012). IEEE, Piscataway, NJ (2012)

Slawik, M.: The trusted cloud transfer protocol. In: IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2 (2014)

Slawik, M., Ermakova, T., Repschläger, J., Küpper, A., Zarnekow, R.: Securing medical SaaS solutions using a novel end-to-end encryption protocol. In: Avital, M., Leimeister, J.M., Schultze, U. (eds.) ECIS 2014 Proceedings. AIS Electronic Library (2014)

Slawik, M., Zilci, B.I., Demchenko, Y., Aznar Baranda, J.I., Branchat, R., Loomis, C., Lodygensky, O., Blanchet, C.: CYCLONE: unified deployment and management of federated, multi-cloud applications. In: Proceedings of the 5th Workshop on Network Infrastructure Services, pp. 453–457 (2015)

Titel: An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments
verfasst von: Mathias Slawik
Begüm Ilke Zilci
Axel Küpper
Yuri Demchenko
Fatih Turkmen
Christophe Blanchet
Jean-François Gibrat
Verlag: Springer International Publishing
Buch: Economics of Grids, Clouds, Systems, and Services
Print ISBN: 978-3-319-61919-4

Electronic ISBN: 978-3-319-61920-0

Copyright-Jahr: 2017
DOI: https://doi.org/10.1007/978-3-319-61920-0_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner