Dagstuhl Seminar 11492
Secure Architectures in the Cloud
( Dec 04 – Dec 09, 2011 )
Permalink
Organizers
- Sabrina De Capitani di Vimercati (University of Milan, IT)
- Wolter Pieters (TU Delft, NL)
- Christian W. Probst (Technical University of Denmark - Lyngby, DK)
- Jean-Pierre Seifert (TU Berlin, DE)
Contact
- Andreas Dolzmann (for scientific matters)
- Susanne Bach-Bernhard (for administrative matters)
Press/News
Schedule
In cloud computing, data storage and processing are offered as a service, and the data resides outside the control of the owner. It is often argued that clouds improve security, as the providers have more security expertise than their (smaller) customers. However, despite theoretical breakthroughs in cryptography, there is little consensus on how we can provide architectural solutions guaranteeing that cloud data remains confidential, uncorrupted, and available. Also, it is unclear to what extent parties can be held accountable in case something goes wrong. In this seminar, we search for architectures, modelling approaches and mechanisms that can help in providing guarantees for cloud security. The main question is which cloud-specific security architectures should and could be devised, and how they can be matched to security policies. The seminar brings together researchers from different communities to propose integrated solutions and research directions that transcend disciplines.
Four main topics are suggested for the seminar:
- Data protection
Data outside the data owner’s control implies that privacy and even integrity can be put at risk, and that adequate access control must be in place. In this context, cloud implementations have to conform to existing legal standards, but they also challenge these. For example, new approaches have emerged for identifying persons and roles and linking them to access privileges, such as identity-, attribute-, claims- and data-based access control. We will discuss challenges of the cloud to the notions of identity, privacy and accountability, their legal, ethical, and architectural implications, and possible solutions. - Simulating physical constraints in the cloud
In the cloud, we cannot easily enforce where data is stored and how long, and from where it is accessed. Location-based access control aims at limiting access to specific locations, thereby seemingly putting physical limitations back in place. Measures proposed include use of GPS, trusted platform modules (TPMs), but also physically unclonable functions (PUFs). Also, data could be moved away from attacks. With respect to time, mechanisms have been proposed to assure deletion of data in the cloud (e.g. Vanish, Ephemerizer). We will assess to which extent these approaches are sufficient to simulate physical constraints, and which extensions are possible. - Misuse detection
Many methods have been proposed for intrusion detection, penetration testing and digital forensics. Are these sufficient for cloud environments? The seminar will identify necessary adaptations to system and threat models as well as security metrics, to adequately indicate which attacks are possible and which are actually happening, and thereby reduce cybercrime. - Splitting the clouds
Public clouds, containing data from different parties, are not deemed suitable for particularly sensitive information. This means that decisions will have to be made about which data to put in the cloud and which data not, which security properties to outsource and which not, and how to make sure that the entire system conforms to the security requirements. The seminar will propose suitable architectures for “splitting the clouds”. For example, in “security-as-a-service”, not only IT infrastructure is rented, but also the security that is added to it. For authentication this seems to work pretty well, but how far can this concept be stretched to other security properties such as confidentiality and integrity?
Processing encrypted data was discussed in the parallel seminar 11491 Secure Computing in the Cloud. This report covers the results of the seminar on Secure Architectures in the Cloud, abstracts of presentations, and proceedings of the working groups. The topics have been restructured during the seminar, and we will refer back to the topics originally proposed where appropriate. Several follow-up initiatives have been assigned to the participants.
- Arosha Bandara (The Open University - Milton Keynes, GB)
- Sören Bleikertz (IBM Research GmbH - Zürich, CH) [dblp]
- Travis Breaux (Carnegie Mellon University - Pittsburgh, US)
- Julien Bringer (Morpho, SAFRAN Group, FR)
- Sven Bugiel (TU Darmstadt, DE)
- Lizzie Coles-Kemp (Royal Holloway University of London, GB) [dblp]
- Sabrina De Capitani di Vimercati (University of Milan, IT)
- Trajce Dimkov (University of Twente, NL) [dblp]
- Sebastian Graf (Universität Konstanz, DE)
- Fabio Massacci (University of Trento, IT) [dblp]
- Toni Mastelic (TU Wien, AT)
- Sjouke Mauw (University of Luxembourg, LU) [dblp]
- Anna Monreale (University of Pisa, IT)
- Sebastian Pape (TU Dortmund, DE) [dblp]
- Wolter Pieters (TU Delft, NL) [dblp]
- Christian W. Probst (Technical University of Denmark - Lyngby, DK) [dblp]
- Peter Y. A. Ryan (University of Luxembourg, LU) [dblp]
- Matthias Schunter (INTEL ICRI - Darmstadt, DE) [dblp]
- Radu Sion (Stony Brook University, US) [dblp]
- André Van Cleeff (University of Twente, NL)
- Marcel Waldvogel (Universität Konstanz, DE) [dblp]
- Martijn Warnier (TU Delft, NL) [dblp]
- Marianne Winslett (University of Illinois - Urbana-Champaign, US)
Classification
- security / cryptography
- modelling / simulation
- sw-engineering
Keywords
- cloud computing
- security architectures
- security modelling
- cryptology