Abstract
Cloud computing is emerging as an attractive, cost effective computing paradigm. However, many of the applications require high assurance, attribution and formal access control processes including defense, banking, credit, content distribution, etc. Current implementations of cloud services do not meet high assurance requirements. The high assurance requirement presents many challenges to normal computing and some rather precise requirements that have developed from high assurance issues for web service applications. The challenges of high assurance associated with cloud computing are primarily in five areas. The first is virtualization and the loss of attribution that accompanies a highly virtualized environment. The second is the loss of ability to perform end-to-end communications. The third is the extent to which encryption is needed and the need for a comprehensive key management process for public key infrastructure, as well as session and other cryptologic keys. The fourth is in monitoring and logging for attribution, compliance and data forensics. The fifth is in cloud content storage. We explore each of these challenges and discuss how they may be able to be overcome. Our view of high assurance and the issues associated with web services is shaped by our work with DoD and the Air Force, but applies to a broader range of applications, including content delivery and rights management.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Simpson WR, Chandersekaran C (2011) High assurance challenges for cloud computing. In: Proceedings of the world congress on engineering and computer science 2011, Lecture notes in engineering and computer science, vol I. San Francisco, Oct 2011, pp 61–66
Jansen W, Grance T (2011) NIST SP 800-144 Draft: guidelines on security and privacy in public cloud computing, security division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, Jan 2011. http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf
Mell P, Grance T (2011) NIST SP 800-145 Draft: cloud computing, computer security division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930, Jan 2011. http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
Cloud Security Alliance (2009) Security guidance for critical areas of focus in cloud computing V2.1, Dec 2009, https://cloudsecurityalliance.org/csaguide.pdf
OASIS Identity Federation (2011) Liberty alliance project, Available at http://projectliberty.org/resources/specifications.php. Accessed 19 Feb 2011
OASIS profiles for the OASIS security assertion markup language (SAML) V2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. Accessed 19 Feb 2011
Standard for Naming Active Entities on DoD IT Networks, Version 3.5, Sept 23, 2010
Remarks-Debra Chrapaty, Corporate Vice President, Global Foundation Services, Microsoft Mgt Summit, Las Vegas, May 2008. http://www.microsoft.com/Presspass/exec/debrac/mms2008.mspx. Accessed 19 Feb 2011
Plesser A (2008) Executive producer, Beet.tv, cloud computing is hyped and overblown, Forrester’s Frank Gillett.Big Tech Companies have “Cloud Envy”. http://www.beet.tv/2008/09/cloud-computing.html, Sept 26, 2008. Accessed 19 Feb 2011
Catteddu D, Hogben G, European Network Information Security Agency (ENISA) (2009) Cloud computing risk assessment, Nov 2009. http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
Simpson WR, Chandersekaran C, Trice A (2008) A persona-based framework for flexible delegation and least privilege. In: Electronic digest of the 2008 system and software technology conference, Las Vegas, Nevada, May 2008
Simpson WR, Chandersekaran C, Trice A (2008) Cross-domain solutions in an era of information sharing. In: The 1st international multi-conference on engineering and technological innovation (IMET 2008), vol I. Orlando, FL, pp 313–318
Simpson WR, Chandersekaran C (2009) Information sharing and federation. In: The 2nd international multi-Conference on engineering and technological innovation (IMETI 2009), vol I. Orlando, FL, pp 300–305
Chandersekaran C, Simpson WR (2010) A SAML framework for delegation, attribution and least privilege. In: The 3rd international multi-Conference on engineering and technological innovation (IMETI 2010), vol 2. Orlando, FL, pp 303–308
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Simpson, W.R., Chandersekaran, C. (2013). Co-Existance of High Assurance and Cloud Based Computing. In: Kim, H., Ao, SI., Rieger, B. (eds) IAENG Transactions on Engineering Technologies. Lecture Notes in Electrical Engineering, vol 170. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-4786-9_16
Download citation
DOI: https://doi.org/10.1007/978-94-007-4786-9_16
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-4785-2
Online ISBN: 978-94-007-4786-9
eBook Packages: EngineeringEngineering (R0)