Managing Data Access on Clouds: A Generic Framework for Enforcing Security Policies

TLDR

Providing adequate security in cloud environments is a highly active research area, as malicious behaviors such as denial‑of‑service attacks targeting large‑scale data repositories can drastically degrade performance and evade typical authentication mechanisms. The paper proposes a generic security‑management framework that lets cloud data‑management providers define and enforce complex security policies. The framework detects and stops a wide range of attacks via an expressive policy language and is easily integrated with data‑management systems; its effectiveness was evaluated by preventing a DoS attack on BlobSeer using experiments on the Grid'5000 testbed. Experiments on BlobSeer and the Grid'5000 testbed demonstrate that the framework efficiently protects the storage system and effectively prevents DoS attacks.

Abstract

Providing an adequate security level in Cloud Environments is currently an extremely active research area. More specifically, malicious behaviors targeting large-scale Cloud data repositories (e.g. Denial of Service attacks) may drastically degrade the overall performance of such systems and cannot be detected by typical authentication mechanisms. In this paper we propose a generic security management framework allowing providers of Cloud data management systems to define and enforce complex security policies. This security framework is designed to detect and stop a large array of attacks defined through an expressive policy description language and to be easily interfaced with various data management systems. We show that we can efficiently protect a data storage system by evaluating our security framework on top of the BlobSeer data management platform. We evaluate the benefits of preventing a DoS attack targeted towards BlobSeer through experiments performed on the Grid'5000 testbed.

References

Page 1

	Year	Citations

Page 1