Skip to main content
SpringerLink
Log in

An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments

  • Conference paper
  • First Online:
Economics of Grids, Clouds, Systems, and Services (GECON 2016)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10382))

  • 819 Accesses

Abstract

Contemporary multi-cloud application deployments require increasingly complex security architectures, especially within federated environments. However, increased complexity often leads to higher efforts and raised costs for managing and securing those applications. This publication establishes an economical and comprehensive security architecture that is readily instantiable, pertinent to concrete users’ requirements, and builds upon up-to-date protocols and software. We highlight its feasibility by applying the architecture within the CYCLONE innovation action, deploying federated Bioinformatics applications within a cloud production environment. At last, we put special emphasis on the reduced management efforts to highlight the economic benefit of following our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.cyclone-project.eu/deliverables.html.

  2. 2.

    https://github.com/cyclone-project/.

  3. 3.

    http://openid.net/specs/openid-authentication-2_0.html.

  4. 4.

    Basically, relying parties use HTTP redirection to request an access token from the resource server. If users accept this request, the resource server issues a token that allows relying parties access to users’ resources (see 4.1 of [2]).

  5. 5.

    For a comprehensive discussion, see http://oauth.net/articles/authentication.

  6. 6.

    See http://jwt.io and [4].

  7. 7.

    http://saml.xml.org/saml-specifications.

  8. 8.

    http://shibboleth.net/.

  9. 9.

    https://simplesamlphp.org/.

  10. 10.

    http://keycloak.jboss.org/.

  11. 11.

    http://www.linux-pam.org/.

  12. 12.

    https://www.oasis-open.org/committees/xacml/.

  13. 13.

    https://wiki.moonshot.ja.net/.

  14. 14.

    We use this term as “Federated Identity Provider” would be ambiguous: “provider of a federated identity” or “identity provider in a federation”?.

  15. 15.

    More details at https://github.com/cyclone-project/cyclone-python-pam.

  16. 16.

    https://wiki.edugain.org/IDP_Attribute_Profile:_recommended_attributes.

  17. 17.

    See: https://www.elastic.co/guide/en/logstash/current/input-plugins.html.

  18. 18.

    See: https://github.com/cyclone-project/cyclone-logging.

  19. 19.

    https://cloud.france-bioinformatique.fr/cloud/.

  20. 20.

    https://technical.edugain.org/show_entity_details.php?entity_row_id=213.

  21. 21.

    https://wiki.edugain.org/Data_Protection_Code_of_Conduct_Cookbook.

  22. 22.

    https://github.com/pingidentity/mod_auth_openidc.

  23. 23.

    Currently 1206 SPs, see https://technical.edugain.org/entities.

  24. 24.

    https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html.

  25. 25.

    https://www.owasp.org/index.php/Application_Threat_Modeling.

  26. 26.

    https://www.owasp.org/index.php/Application_Threat_Modeling#DREAD.

  27. 27.

    https://msdn.microsoft.com/en-us/library/ff648644.aspx (see Table 3.6).

  28. 28.

    https://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html.

  29. 29.

    https://wiki.shibboleth.net/confluence/display/CONCEPT/ECP.

  30. 30.

    https://github.com/cyclone-project.

References

  1. Demchenko, Y., de Laat, C., Lopez, D.R., Garcia-Espin, J.A.: Security services lifecycle management in on-demand infrastructure services provisioning. In: Qiu, J. (ed.) Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom 2010). IEEE, Piscataway, NJ (2010)

    Google Scholar 

  2. Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749 (Proposed Standard), October 2012. http://www.ietf.org/rfc/rfc6749.txt

  3. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)

    Google Scholar 

  4. Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519 (Proposed Standard), updated by RFC 7797, May 2015. http://www.ietf.org/rfc/rfc7519.txt

  5. Membrey, P., Chan, K.C.C., Ngo, C., Demchenko, Y., de Laat, C.: Trusted virtual infrastructure bootstrapping for on demand services. In: Seventh International Conference on Availability, Reliability and Security, Prague, ARES 2012, Czech Republic, 20–24 August 2012, pp. 350–357 (2012)

    Google Scholar 

  6. Ngo, C., Membrey, P., Demchenko, Y., de Laat, C.: Policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures. In: Proceedings of the Seventh International Conference on Availability, Reliability and Security (ARES2012). IEEE, Piscataway, NJ (2012)

    Google Scholar 

  7. Slawik, M.: The trusted cloud transfer protocol. In: IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2 (2014)

    Google Scholar 

  8. Slawik, M., Ermakova, T., Repschläger, J., Küpper, A., Zarnekow, R.: Securing medical SaaS solutions using a novel end-to-end encryption protocol. In: Avital, M., Leimeister, J.M., Schultze, U. (eds.) ECIS 2014 Proceedings. AIS Electronic Library (2014)

    Google Scholar 

  9. Slawik, M., Zilci, B.I., Demchenko, Y., Aznar Baranda, J.I., Branchat, R., Loomis, C., Lodygensky, O., Blanchet, C.: CYCLONE: unified deployment and management of federated, multi-cloud applications. In: Proceedings of the 5th Workshop on Network Infrastructure Services, pp. 453–457 (2015)

    Google Scholar 

Download references

Acknowledgements

The authors wish to thank the members of the bioinformatics platforms Centre Léon Bérard (Lyon, France) and IFB-MIGALE (Jouy-en-Josas, France) to provide their bioinformatics applications as respective use cases “Biomedical data analysis” and “Bacterial genomes analysis”. This work is supported by the CYCLONE Horizon 2020 Innovation Action CYCLONE (http://www.cyclone-project.eu), funded by the European Commission under grant number 644925.

Author information

Authors and Affiliations

  1. Telekom Innovation Laboratories, Service-centric Networking, Technische Universität Berlin, Berlin, Germany

    Mathias Slawik, Begüm Ilke Zilci & Axel Küpper

  2. System and Network Engineering, University of Amsterdam, Amsterdam, The Netherlands

    Yuri Demchenko & Fatih Turkmen

  3. CNRS, UMS 3601; Institut Français de Bioinformatique, IFB-core, Avenue de la Terrasse, 91190, Gif-sur-Yvette, France

    Christophe Blanchet & Jean-François Gibrat

Authors
  1. Mathias Slawik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Begüm Ilke Zilci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Axel Küpper
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuri Demchenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fatih Turkmen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Christophe Blanchet
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jean-François Gibrat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mathias Slawik .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Zaragoza, Zaragoza, Spain

    José Ángel Bañares

  2. Harokopio University, Tavros, Greece

    Konstantinos Tserpes

  3. Seoul National University, Seoul, Korea (Republic of)

    Jörn Altmann

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Slawik, M. et al. (2017). An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments. In: Bañares, J., Tserpes, K., Altmann, J. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2016. Lecture Notes in Computer Science(), vol 10382. Springer, Cham. https://doi.org/10.1007/978-3-319-61920-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61920-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61919-4

  • Online ISBN: 978-3-319-61920-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation