Title :
Secure Logical Isolation for Multi-tenancy in cloud storage
Author :
Factor, Michael ; Hadas, David ; Hamama, Aner ; Har´el, Nadav ; Kolodner, Elliot K. ; Kurmus, Anil ; Shulman-Peleg, Alexandra ; Sorniotti, A.
Abstract :
Storage cloud systems achieve economies of scale by serving multiple tenants from a shared pool of servers and disks. This leads to the commingling of data from different tenants on the same devices. Typically, a request is processed by an application running with sufficient privileges to access any tenant´s data; this application authenticates the user and authorizes the request prior to carrying it out. Since the only protection is at the application level, a single vulnerability threatens the data of all tenants, and could lead to cross-tenant data leakage, making the cloud much less secure than dedicated physical resources. To provide security close to physical isolation while allowing complete resource pooling, we propose Secure Logical Isolation for Multi-tenancy (SLIM). SLIM incorporates the first complete security model and set of principles for the safe logical isolation between tenant resources in a cloud storage system, as well as a set of mechanisms for implementing the model. We show how to implement SLIM for OpenStack Swift and present initial performance results.
Keywords :
cloud computing; economies of scale; resource allocation; security of data; storage management; OpenStack Swift; SLIM; cross-tenant data leakage; economies of scale; physical isolation; physical resources; request authorisation; resource pooling; secure logical isolation for multitenancy; security model; storage cloud systems; tenant resources; user authentication; Access control; Cloud computing; Computer architecture; Kernel; Logic gates; Servers;
Conference_Titel :
Mass Storage Systems and Technologies (MSST), 2013 IEEE 29th Symposium on
Conference_Location :
Long Beach, CA
Print_ISBN :
978-1-4799-0217-0
DOI :
10.1109/MSST.2013.6558424
