Security-aware resource allocation in clouds

Saeed Al-Haj; Ehab Al-Shaer; Hari Govind V. Ramasamy

doi:10.1109/SCC.2013.36

Security-aware resource allocation in clouds

Saeed Al-Haj
, Ehab Al-Shaer
, Hari Govind V. Ramasamy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

25 Scopus citations

Abstract

Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.

Original language	English
Title of host publication	Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013
Pages	400-407
Number of pages	8
DOIs	https://doi.org/10.1109/SCC.2013.36
State	Published - 2013
Externally published	Yes
Event	2013 IEEE 10th International Conference on Services Computing, SCC 2013 - Santa Clara, CA, United States Duration: 27 Jun 2013 → 2 Jul 2013

Publication series

Name	Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013

Conference

Conference	2013 IEEE 10th International Conference on Services Computing, SCC 2013
Country/Territory	United States
City	Santa Clara, CA
Period	27/06/13 → 2/07/13

ASJC Scopus subject areas

Software

Access to Document

10.1109/SCC.2013.36

Cite this

@inproceedings{98d90c2e818d4f40a7e6114499b70a5c,

title = "Security-aware resource allocation in clouds",

abstract = "Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.",

author = "Saeed Al-Haj and Ehab Al-Shaer and Ramasamy, \{Hari Govind V.\}",

year = "2013",

doi = "10.1109/SCC.2013.36",

language = "English",

isbn = "9780768550268",

series = "Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013",

pages = "400--407",

booktitle = "Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013",

note = "2013 IEEE 10th International Conference on Services Computing, SCC 2013 ; Conference date: 27-06-2013 Through 02-07-2013",

}

Al-Haj, S, Al-Shaer, E & Ramasamy, HGV 2013, Security-aware resource allocation in clouds. in Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013., 6649721, Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013, pp. 400-407, 2013 IEEE 10th International Conference on Services Computing, SCC 2013, Santa Clara, CA, United States, 27/06/13. https://doi.org/10.1109/SCC.2013.36

Security-aware resource allocation in clouds. / Al-Haj, Saeed; Al-Shaer, Ehab; Ramasamy, Hari Govind V.
Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013. 2013. p. 400-407 6649721 (Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security-aware resource allocation in clouds

AU - Al-Haj, Saeed

AU - Al-Shaer, Ehab

AU - Ramasamy, Hari Govind V.

PY - 2013

Y1 - 2013

N2 - Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.

AB - Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.

UR - https://www.scopus.com/pages/publications/84891951882

U2 - 10.1109/SCC.2013.36

DO - 10.1109/SCC.2013.36

M3 - Conference contribution

AN - SCOPUS:84891951882

SN - 9780768550268

T3 - Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013

SP - 400

EP - 407

BT - Proceedings - IEEE 10th International Conference on Services Computing, SCC 2013

T2 - 2013 IEEE 10th International Conference on Services Computing, SCC 2013

Y2 - 27 June 2013 through 2 July 2013

ER -

Security-aware resource allocation in clouds

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this