Abstract
Contemporary multi-cloud application deployments require increasingly complex security architectures, especially within federated environments. However, increased complexity often leads to higher efforts and raised costs for managing and securing those applications. This publication establishes an economical and comprehensive security architecture that is readily instantiable, pertinent to concrete users’ requirements, and builds upon up-to-date protocols and software. We highlight its feasibility by applying the architecture within the CYCLONE innovation action, deploying federated Bioinformatics applications within a cloud production environment. At last, we put special emphasis on the reduced management efforts to highlight the economic benefit of following our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
Basically, relying parties use HTTP redirection to request an access token from the resource server. If users accept this request, the resource server issues a token that allows relying parties access to users’ resources (see 4.1 of [2]).
- 5.
For a comprehensive discussion, see http://oauth.net/articles/authentication.
- 6.
See http://jwt.io and [4].
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
We use this term as “Federated Identity Provider” would be ambiguous: “provider of a federated identity” or “identity provider in a federation”?.
- 15.
More details at https://github.com/cyclone-project/cyclone-python-pam.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
Currently 1206 SPs, see https://technical.edugain.org/entities.
- 24.
- 25.
- 26.
- 27.
https://msdn.microsoft.com/en-us/library/ff648644.aspx (see Table 3.6).
- 28.
- 29.
- 30.
References
Demchenko, Y., de Laat, C., Lopez, D.R., Garcia-Espin, J.A.: Security services lifecycle management in on-demand infrastructure services provisioning. In: Qiu, J. (ed.) Proceedings of the IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom 2010). IEEE, Piscataway, NJ (2010)
Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749 (Proposed Standard), October 2012. http://www.ietf.org/rfc/rfc6749.txt
Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)
Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 7519 (Proposed Standard), updated by RFC 7797, May 2015. http://www.ietf.org/rfc/rfc7519.txt
Membrey, P., Chan, K.C.C., Ngo, C., Demchenko, Y., de Laat, C.: Trusted virtual infrastructure bootstrapping for on demand services. In: Seventh International Conference on Availability, Reliability and Security, Prague, ARES 2012, Czech Republic, 20–24 August 2012, pp. 350–357 (2012)
Ngo, C., Membrey, P., Demchenko, Y., de Laat, C.: Policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures. In: Proceedings of the Seventh International Conference on Availability, Reliability and Security (ARES2012). IEEE, Piscataway, NJ (2012)
Slawik, M.: The trusted cloud transfer protocol. In: IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2 (2014)
Slawik, M., Ermakova, T., Repschläger, J., Küpper, A., Zarnekow, R.: Securing medical SaaS solutions using a novel end-to-end encryption protocol. In: Avital, M., Leimeister, J.M., Schultze, U. (eds.) ECIS 2014 Proceedings. AIS Electronic Library (2014)
Slawik, M., Zilci, B.I., Demchenko, Y., Aznar Baranda, J.I., Branchat, R., Loomis, C., Lodygensky, O., Blanchet, C.: CYCLONE: unified deployment and management of federated, multi-cloud applications. In: Proceedings of the 5th Workshop on Network Infrastructure Services, pp. 453–457 (2015)
Acknowledgements
The authors wish to thank the members of the bioinformatics platforms Centre Léon Bérard (Lyon, France) and IFB-MIGALE (Jouy-en-Josas, France) to provide their bioinformatics applications as respective use cases “Biomedical data analysis” and “Bacterial genomes analysis”. This work is supported by the CYCLONE Horizon 2020 Innovation Action CYCLONE (http://www.cyclone-project.eu), funded by the European Commission under grant number 644925.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Slawik, M. et al. (2017). An Economical Security Architecture for Multi-cloud Application Deployments in Federated Environments. In: Bañares, J., Tserpes, K., Altmann, J. (eds) Economics of Grids, Clouds, Systems, and Services. GECON 2016. Lecture Notes in Computer Science(), vol 10382. Springer, Cham. https://doi.org/10.1007/978-3-319-61920-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-61920-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61919-4
Online ISBN: 978-3-319-61920-0
eBook Packages: Computer ScienceComputer Science (R0)