• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Services Computing, IEEE Transactions on >Security Middleground for Resource Protection in Measurement Infrastructure-as-a-Service
【24h】

Security Middleground for Resource Protection in Measurement Infrastructure-as-a-Service

机译:测量基础架构即服务中资源保护的安全中间层

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Securing multi-domain network performance monitoring (NPM) systems that are being widely deployed as 'Measurement Infrastructure-as-a-Service' (MIaaS) in high-performance computing is becoming increasingly critical. It presents an emerging set of research challenges in cloud security given that security mechanisms such as policy-driven access to federated NPM services across multiple domains need to be designed carefully to protect MIaaS resources and data. In this paper, we advocate the design of a security middleground between default open/closed access settings and present policy-driven access controls of measurement functions for a multi-domain federation using a MIaaS. Our approach involves an analytical investigation based on a set of custom metrics to compare and contrast the legacy, role-based and more fine-grained, attribute-based access control schemes to design a security middleground. We implement the chosen middleground with a secured middleware, viz., "OnTimeSecure". Our middleware enables 'user-to-service' and 'service-to-service' authentication, and enforces federated authorization entitlement policies for timely orchestration of MIaaS services. Lastly, we evaluate OnTimeSecure in a real multi-domain MIaaS testbed by performing threat modeling and security risk assessments to validate the analysis outcomes and demonstrate its effectiveness for easy integration and sustainable adoption.
机译:保护在高性能计算中被广泛部署为“测量基础设施即服务”(MIaaS)的多域网络性能监控(NPM)系统的安全变得越来越重要。鉴于需要仔细设计安全机制(例如跨多个域的策略驱动的对联合NPM服务的访问),因此它提出了一系列在云安全方面的研究挑战,以保护MIaaS资源和数据。在本文中,我们提倡在默认的打开/关闭访问设置和当前使用MIaaS进行多域联合的测量功能的策略驱动的访问控制之间设计安全中间层。我们的方法涉及基于一组自定义指标的分析调查,以比较和对比基于角色的遗留,更细粒度,基于属性的访问控制方案,以设计安全中间层。我们使用安全的中间件(即“ OnTimeSecure”)来实现所选的中间层。我们的中间件支持“用户到服务”和“服务到服务”身份验证,并实施联合授权权利策略,以便及时编排MIaaS服务。最后,我们通过执行威胁建模和安全风险评估,在真实的多域MIaaS测试平台中评估OnTimeSecure,以验证分析结果并证明其易于集成和可持续采用的有效性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号