TY - GEN
T1 - Enforcing end-to-end application security in the cloud (Big Ideas Paper)
AU - Bacon, Jean
AU - Evans, David
AU - Eyers, David M.
AU - Migliavacca, Matteo
AU - Pietzuch, Peter
AU - Shand, Brian
PY - 2010
Y1 - 2010
N2 - Security engineering must be integrated with all stages of application specification and development to be effective. Doing this properly is increasingly critical as organisations rush to offload their software services to cloud providers. Service-level agreements (SLAs) with these providers currently focus on performance-oriented parameters, which runs the risk of exacerbating an impedance mismatch with the security middleware. Not only do we want cloud providers to isolate each of their clients from others, we also want to have means to isolate components and users within each client's application. We propose a principled approach to designing and deploying end-to-end secure, distributed software by means of thorough, relentless tagging of the security meaning of data, analogous to what is already done for data types. The aim is to guarantee that-above a small trusted code base-data cannot be leaked by buggy or malicious software components. This is crucial for cloud infrastructures, in which the stored data and hosted services all have different owners whose interests are not aligned (and may even be in competition). We have developed data tagging schemes and enforcement techniques that can help form the aforementioned trusted code base. Our big idea-cloud-hosted services that have end-to-end information flow control-preempts worries about security and privacy violations retarding the evolution of large-scale cloud computing.
AB - Security engineering must be integrated with all stages of application specification and development to be effective. Doing this properly is increasingly critical as organisations rush to offload their software services to cloud providers. Service-level agreements (SLAs) with these providers currently focus on performance-oriented parameters, which runs the risk of exacerbating an impedance mismatch with the security middleware. Not only do we want cloud providers to isolate each of their clients from others, we also want to have means to isolate components and users within each client's application. We propose a principled approach to designing and deploying end-to-end secure, distributed software by means of thorough, relentless tagging of the security meaning of data, analogous to what is already done for data types. The aim is to guarantee that-above a small trusted code base-data cannot be leaked by buggy or malicious software components. This is crucial for cloud infrastructures, in which the stored data and hosted services all have different owners whose interests are not aligned (and may even be in competition). We have developed data tagging schemes and enforcement techniques that can help form the aforementioned trusted code base. Our big idea-cloud-hosted services that have end-to-end information flow control-preempts worries about security and privacy violations retarding the evolution of large-scale cloud computing.
KW - Application-level virtualisation
KW - Cloud computing
KW - Information flow control
KW - Policy
KW - Publish/subscribe
UR - http://www.scopus.com/inward/record.url?scp=79956318862&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-16955-7_15
DO - 10.1007/978-3-642-16955-7_15
M3 - Conference contribution
AN - SCOPUS:79956318862
SN - 3642169546
SN - 9783642169540
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 293
EP - 312
BT - Middleware 2010 - ACM/IFIP/USENIX 11th International Middleware Conference, Proceedings
T2 - ACM/IFIP/USENIX 11th International Middleware Conference, Middleware 2010
Y2 - 29 November 2010 through 3 December 2010
ER -