%0 Conference Proceedings
%T Toward Unified and Flexible Security Policies Enforceable within the Cloud
%+ University of Otago [Dunedin, Nouvelle-Zélande]
%+ University of Auckland [Auckland]
%A Eyers, David
%A Russello, Giovanni
%Z Part 2: Work-in-Progress Papers
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 13th International Conference on Distributed Applications and Interoperable Systems (DAIS)
%C Florence, Italy
%Y Jim Dowling
%Y François Taïani
%I Springer
%3 Distributed Applications and Interoperable Systems
%V LNCS-7891
%P 181-186
%8 2013-06-03
%D 2013
%R 10.1007/978-3-642-38541-4_15
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Security engineering for any given application can usually be done in many different ways. There is often a tradeoff between usability (including efficiency) and the level of protection offered. Typically the risks are assessed by developers, and a particular approach is chosen, with the assumption that the design can stay fixed for some time.Adoption of Cloud computing will challenge the viability of this approach. Beyond the extra difficulties faced when doing security engineering within distributed systems, Cloud providers require a different threat model from self-hosted resources. They are best considered “trusted but curious” even if the curiosity is accidental on the Cloud provider’s part. Some threats from such Cloud providers can be confounded through the use of cryptography, but doing so is overkill in terms of the performance penalty for many applications.To acquire the benefits of Cloud computing while minimising security risks, we believe that application developers should be provided with the ability to dynamically change the security enforcement technology in use by their software, balancing performance and security as they see fit. Recent cryptography research will significantly increase our ability to offer a runtime choice of contrasting security enforcement approaches without needing to modify the security policy. We present our initial research into this area, and outline our vision for the future.
%G English
%Z TC 6
%Z WG 6.1
%2 https://inria.hal.science/hal-01489456/document
%2 https://inria.hal.science/hal-01489456/file/978-3-642-38541-4_15_Chapter.pdf
%L hal-01489456
%U https://inria.hal.science/hal-01489456
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC6
%~ IFIP-WG6-1
%~ IFIP-DAIS
%~ IFIP-DISCOTEC
%~ IFIP-LNCS-7891