Visible to the public CloudSec: A Novel Approach to Verifying Security Conformance at the Bottom of the Cloud

TitleCloudSec: A Novel Approach to Verifying Security Conformance at the Bottom of the Cloud
Publication TypeConference Paper
Year of Publication2017
AuthorsLiu, X., Xia, C., Wang, T., Zhong, L.
Conference Name2017 IEEE International Congress on Big Data (BigData Congress)
ISBN Number978-1-5386-1996-4
KeywordsBig Data, big data analysis, big data security metrics, cloud computing, Cloud Modeling, cloud service behaviors, cloud service provider, cloud service security conformance, cloud storage service, CloudBeh model, CloudBeh performance metrics conformance, CloudSec, Computational modeling, contracts, CSP, Data analysis, Measurement, Metrics, model checking, openstack, pubcrawl, quality of service, real cloud scenarios, Resiliency, Scalability, SecSLA model, security, Security Conformance, security constraints, security of data, security SLA, storage management, UPPAAL, Virtual machining

In the process of big data analysis and processing, a key concern blocking users from storing and processing their data in the cloud is their misgivings about the security and performance of cloud services. There is an urgent need to develop an approach that can help each cloud service provider (CSP) to demonstrate that their infrastructure and service behavior can meet the users' expectations. However, most of the prior research work focused on validating the process compliance of cloud service without an accurate description of the basic service behaviors, and could not measure the security capability. In this paper, we propose a novel approach to verify cloud service security conformance called CloudSec, which reduces the description gap between the cloud provider and customer through modeling cloud service behaviors (CloudBeh Model) and security SLA (SecSLA Model). These models enable a systematic integration of security constraints and service behavior into cloud while using UPPAAL to check the conformance, which can not only check CloudBeh performance metrics conformance, but also verify whether the security constraints meet the SecSLA. The proposed approach is validated through case study and experiments with a cloud storage service based on OpenStack, which illustrates CloudSec approach effectiveness and can be applied in real cloud scenarios.

Citation Keyliu_cloudsec:_2017