Skip to main content
SpringerLink
Log in

Challenges for Cloud Networking Security

  • Conference paper
Mobile Networks and Management (MONAMI 2010)

Included in the following conference series:

Abstract

Cloud computing is widely considered as an attractive service model since the users commitments for investment and operations are minimised, and costs are in direct relation to usage and demand. However, when networking aspects for distributed clouds are considered, there is little support and the effort is often underestimated. The project SAIL is addressing cloud networking as the combination of management for cloud computing and vital networking capabilities between distributed cloud resources involved to improve the management of both. This position paper presents new security challenges as considered in SAIL for ensuring legitimate usage of cloud networking resources and for preventing misuse.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SAIL project website (2010), http://www.sail-project.eu/

  2. Provos, N., Rajab, M.A., Mavrommatis, P.: Cybercrime 2.0: When the cloud turns dark. Queue 7(2), 46–47 (2009)

    Article  Google Scholar 

  3. McCarthy, J.: MIT Centennial Speech of 1961 cited in Architects of the Information Society. In: Garfinkel, S.L. (ed.) Thirty-five Years of the Laboratory for Computer Science. MIT, Cambridge (1999)

    Google Scholar 

  4. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing. Tech. Rep. UCB/EECS-2009-28, EECS Department, University of California, Berkeley (2009)

    Google Scholar 

  5. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: XEN and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)

    Chapter  Google Scholar 

  6. VMware (2010), http://www.vmware.com

  7. Edwards, A., Fischer, A., Lain, A.: Diverter: A new approach to networking within virtualized infrastructures. Tech. Rep. HPL-2009-231, HP Laboratories (2009)

    Google Scholar 

  8. Amazon elastic block store (2010), http://aws.amazon.com/ebs/

  9. Intel virtualization (2010), http://www.intel.com/technology/virtualization/

  10. AMD Virtualization (AMD-V) Technology (2010), http://sites.amd.com/us/business/it-solutions/virtualization/Pages/amd-v.aspx

  11. Fraser, D.: The canadian response to the USA Patriot Act. IEEE Security Privacy 5(5), 66–68 (2007)

    Article  Google Scholar 

  12. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Union, L201, 0037–0047 (2002)

    Google Scholar 

  13. Amazon virtual private cloud (2010), http://aws.amazon.com/vpc/

  14. Pallis, G., Vakali, A.: Insight and perspectives for content delivery networks. Commun. ACM 49(1), 101–106 (2006)

    Article  Google Scholar 

  15. Chowdhury, N.M.K., Boutaba, R.: A survey of network virtualization. Computer Networks 54(5), 862–876 (2010)

    Article  MATH  Google Scholar 

  16. Bavier, A., Feamster, N., Huang, M., Peterson, L., Rexford, J.: In VINI veritas: realistic and controlled network experimentation. In: SIGCOMM 2006: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 3–14. ACM, New York (2006)

    Chapter  Google Scholar 

  17. Feamster, N., Gao, L., Rexford, J.: How to lease the internet in your spare time. SIGCOMM Comput. Commun. Rev. 37(1), 61–64 (2007)

    Article  Google Scholar 

  18. Schaffrath, G., Werle, C., Papadimitriou, P., Feldmann, A., Bless, R., Greenhalgh, A., Wundsam, A., Kind, M., Maennel, O., Mathy, L.: Network virtualization architecture: proposal and initial prototype. In: VISA 2009: Proceedings of the 1st ACM Workshop on Virtualized Infrastructure Systems and Architectures, pp. 63–72. ACM, New York (2009)

    Chapter  Google Scholar 

  19. FEDERICA: Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures (2010), http://www.fp7-federica.eu/

  20. Wang, Y., Keller, E., Biskeborn, B., van der Merwe, J., Rexford, J.: Virtual routers on the move: live router migration as a network-management primitive. SIGCOMM Comput. Commun. Rev. 38(4), 231–242 (2008)

    Article  Google Scholar 

  21. Brunette, G., Mogul, R.: Security guidance for critical areas of focus in cloud computing v2.1. Cloud Security Alliance (2009)

    Google Scholar 

  22. Streitberger, W., Ruppel, A.: Cloud computing security - protection goals, taxonomy, market review. Tech. rep., Institute for Secure Information Technology SIT (2010)

    Google Scholar 

  23. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM, New York (2009)

    Google Scholar 

  24. Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: XeNA: an access negotiation framework using XACML. Annals of Telecommunications 64(1), 155–169 (2009)

    Article  Google Scholar 

  25. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM, New York (2009)

    Google Scholar 

  26. Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (2003)

    Google Scholar 

  28. XEN networking blog (2010), http://wiki.xensource.com/xenwiki/XenNetworking

  29. Chinni, S., Hiremane, R.: Virtual machine device queues (VMDq) - white paper (2010), http://software.intel.com/file/1919

  30. Pci-sig single root i/o virtualization (sr-iov) support in intel virtualization technology for connectivity - white paper (2008), http://www.intel.com/network/connectivity/solutions/SR-IOV-046NTL_Whitepaper_061308.pdf

  31. Uhlig, R., Neiger, G., Rodgers, D., Santoni, A., Martins, F., Anderson, A., Bennett, S., Kagi, A., Leung, F., Smith, L.: Intel virtualization technology. Computer 38(5), 48–56 (2005)

    Article  Google Scholar 

  32. Price, M., Partners, A.: The Paradox of Security in Virtual Environments. Computer 41(11), 22–28 (2008)

    Article  Google Scholar 

  33. King, S.T., Chen, P.M., Wang, Y.M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: Implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, pp. 314–327 (2006)

    Google Scholar 

  34. CA Community Blog: Zeus ”in-the-cloud” (2009), http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institute for Secure Information Technology SIT, Garching near Munich, Germany

    Peter Schoo & Volker Fusenig

  2. Ericsson Research, Stockholm, Sweden

    Victor Souza

  3. Portugal Telecom Inovaçāo, Aveiro, Portugal

    Márcio Melo

  4. HP Labs, Bristol, United Kingdom

    Paul Murray

  5. Institut Telecom, Telecom SudParis, France

    Hervé Debar, Houssem Medhioub & Djamal Zeghlache

Authors
  1. Peter Schoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Volker Fusenig
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Victor Souza
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Márcio Melo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Paul Murray
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Houssem Medhioub
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Djamal Zeghlache
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. European Research Centre, Huawei Technologies Düsseldorf GmbH, 10587, Berlin, Germany

    Kostas Pentikousis

  2. University of Cantabria, Santander, Spain

    Ramón Agüero

  3. Network Planning and Mobile Communications Laboratory, Department of Communications Engineering, University of Cantabria, 39005, Santander, Spain

    Marta García-Arranz

  4. Network Management and Optimal Design Laboratory, School of Electrical and Computer Engineering, National Technical University of Athens, 10682, Athens, Greece

    Symeon Papavassiliou

Rights and permissions

Reprints and permissions

Copyright information

© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Schoo, P. et al. (2011). Challenges for Cloud Networking Security. In: Pentikousis, K., Agüero, R., García-Arranz, M., Papavassiliou, S. (eds) Mobile Networks and Management. MONAMI 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 68. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21444-8_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21444-8_26

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21443-1

  • Online ISBN: 978-3-642-21444-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation