• DocumentCode
    1973315
  • Title

    Security-Aware Resource Allocation in Clouds

  • Author

    Al-Haj, Saeed ; Al-Shaer, Ehab ; Ramasamy, HariGovind V.

  • Author_Institution
    Dept. of Software & Inf. Syst., Univ. of North Carolina Charlotte, Charlotte, NC, USA
  • fYear
    2013
  • fDate
    June 28 2013-July 3 2013
  • Firstpage
    400
  • Lastpage
    407
  • Abstract
    Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.
  • Keywords
    authorisation; cloud computing; computability; constraint satisfaction problems; reachability analysis; resource allocation; virtual machines; CSP; IaaS clouds; SMT solvers; access control requirements; cloud VM; cloud customers; cloud virtual machines; constraint satisfaction problem; defense-in-depth; enterprise IT applications; infrastructure-as-a-service; reachability requirements; residual risks; satisfiability modulo theories; security configurations manageability; security groups; security-aware resource allocation framework; Access control; Boolean functions; Data structures; Measurement; Resource management; Virtual machining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Services Computing (SCC), 2013 IEEE International Conference on
  • Conference_Location
    Santa Clara, CA
  • Print_ISBN
    978-0-7695-5026-8
  • Type

    conf

  • DOI
    10.1109/SCC.2013.36
  • Filename
    6649721