Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In th...Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In the data center network(DCN),short and long flows are sensitive to low latency and high throughput,respectively.The traditional security processing approaches,however,neglect these characteristics and requirements.This paper proposes a fine-grained security enhancement mechanism(SEM)to solve the problem of heterogeneous traffic and reduce the traffic completion time(FCT)of short flows while ensuring the security of multi-tenant traffic transmission.Specifically,for short flows in DCN,the lightweight GIFT encryption method is utilized.For Intra-DCN long flows and Inter-DCN traffic,the asymmetric elliptic curve encryption algorithm(ECC)is utilized.The NS-3 simulation results demonstrate that SEM dramatically reduces the FCT of short flows by 70%compared to several conventional encryption techniques,effectively enhancing the security and anti-attack of traffic transmission between DCNs in cloud computing environments.Additionally,SEM performs better than other encryption methods under high load and in largescale cloud environments.展开更多
Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated tha...Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.展开更多
Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cl...Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cloud services is proposed.It adds the time constraint between trusted tenants,including usable role time constraint based on both calendar and interval time.Analysis shows that the new model strengthens the presentation ability of MT-RBAC model,achieves the finer-grained access control,reduces the management costs and enhances the security of multi-tenant collaboration in cloud computing environment.展开更多
SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Ap...SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Application Software more efficient and convenient, but also reduce the cost of software development, hardware purchase, training and upgrade maintenance, which can relieve the financial pressure of enterprises invisibly, so that enterprises can focus on the business development. Aiming at the personalized demand of Multi-Tenant's tenement, this thesis studies about personalized configuration of data, function, and operation interface, moreover, it shows the method of personalized configuration. It also indicates how to make the Multi-Tenant come true through personalized configuration, and realizes unified management of these applications.展开更多
A data center is an infrastructure that supports Internet service. Cloud comput the face of the Internet service infrastructure, enabling even small organizations to quickly ng is rapidly changing build Web and mobile...A data center is an infrastructure that supports Internet service. Cloud comput the face of the Internet service infrastructure, enabling even small organizations to quickly ng is rapidly changing build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used n a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet nspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for ntelligence flow processing to protect from possible network attacks inside a data center network展开更多
介绍云平台安全整体架构设计,针对多租户虚拟网络环境下租户与租户之间、租户内部和租户对外访问等多种安全访问需求,围绕云网络安全设计具体说明虚拟扩展局域网(Virtual Extensible Local Area Network,VXLAN)、安全组、虚拟防火墙等...介绍云平台安全整体架构设计,针对多租户虚拟网络环境下租户与租户之间、租户内部和租户对外访问等多种安全访问需求,围绕云网络安全设计具体说明虚拟扩展局域网(Virtual Extensible Local Area Network,VXLAN)、安全组、虚拟防火墙等方面的安全防护技术,重点探讨分布式虚拟防火墙和安全虚拟组件两种安全防护系统的特点与优势,为云平台安全防护提供新的思路和解决方案。展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
基金This work is supported by the National Natural Science Foundation of China(62102046,62072056)the Natural Science Foundation of Hunan Province(2022JJ30618,2020JJ2029)the Scientific Research Fund of Hunan Provincial Education Department(22B0300).
文摘Data security and user privacy have become crucial elements in multi-tenant data centers.Various traffic types in the multi-tenant data center in the cloud environment have their characteristics and requirements.In the data center network(DCN),short and long flows are sensitive to low latency and high throughput,respectively.The traditional security processing approaches,however,neglect these characteristics and requirements.This paper proposes a fine-grained security enhancement mechanism(SEM)to solve the problem of heterogeneous traffic and reduce the traffic completion time(FCT)of short flows while ensuring the security of multi-tenant traffic transmission.Specifically,for short flows in DCN,the lightweight GIFT encryption method is utilized.For Intra-DCN long flows and Inter-DCN traffic,the asymmetric elliptic curve encryption algorithm(ECC)is utilized.The NS-3 simulation results demonstrate that SEM dramatically reduces the FCT of short flows by 70%compared to several conventional encryption techniques,effectively enhancing the security and anti-attack of traffic transmission between DCNs in cloud computing environments.Additionally,SEM performs better than other encryption methods under high load and in largescale cloud environments.
文摘Most cloud services are built with multi-tenancy which enables data and configuration segregation upon shared infrastructures.It offers tremendous advantages for enterprises and service providers.It is anticipated that this situation will evolve to foster cross-tenant collaboration supported by Authorization as a service.To realize access control in a multi-tenant cloud computing environment,this study proposes a multi-tenant cloud computing access control model based on the traditional usage access control model by building trust relations among tenants.The model consists of three sub-models,which achieve trust relationships between tenants with different granularities and satisfy the requirements of different application scenarios.With an established trust relation in MT-UCON(Multi-tenant Usage Access Control),the trustee can precisely authorize cross-tenant accesses to the trustor’s resources consistent with constraints over the trust relation and other components designated by the trustor.In addition,the security of the model is analyzed by an information flow method.The model adapts to the characteristics of a dynamic and open multi-tenant cloud computing environment and achieves fine-grained access control within and between tenants.
基金This work was sponsored by Qing Lan Project of JiangSu Province,The Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Nos.17KJB520033,17KJB520032)National Natural Science Foundation of China(No.61772280)。
文摘Multi-tenant collaboration brings the challenge to access control in cloud computing environment.Based on the multi-tenant role-based access control(MT-RBAC)model,a Temporal MT-RBAC(TMT-RBAC)model for collaborative cloud services is proposed.It adds the time constraint between trusted tenants,including usable role time constraint based on both calendar and interval time.Analysis shows that the new model strengthens the presentation ability of MT-RBAC model,achieves the finer-grained access control,reduces the management costs and enhances the security of multi-tenant collaboration in cloud computing environment.
文摘SaaS (Software as a Service)the application mode occurs exactly along with the broadening and convenience of network platform, its core is the application of Multi-Tenant. The Multi-Tenant under SaaS not only makes Application Software more efficient and convenient, but also reduce the cost of software development, hardware purchase, training and upgrade maintenance, which can relieve the financial pressure of enterprises invisibly, so that enterprises can focus on the business development. Aiming at the personalized demand of Multi-Tenant's tenement, this thesis studies about personalized configuration of data, function, and operation interface, moreover, it shows the method of personalized configuration. It also indicates how to make the Multi-Tenant come true through personalized configuration, and realizes unified management of these applications.
基金supported in part by the National Key Basic Research and Development(973)Program of China(Nos.2013CB228206 and 2012CB315801)the National Natural Science Foundation of China(Nos.61233016 and 61140320)+1 种基金supported by the Intel Research Council with the title of "Security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture"Huawei Corp
文摘A data center is an infrastructure that supports Internet service. Cloud comput the face of the Internet service infrastructure, enabling even small organizations to quickly ng is rapidly changing build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used n a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet nspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for ntelligence flow processing to protect from possible network attacks inside a data center network
文摘介绍云平台安全整体架构设计,针对多租户虚拟网络环境下租户与租户之间、租户内部和租户对外访问等多种安全访问需求,围绕云网络安全设计具体说明虚拟扩展局域网(Virtual Extensible Local Area Network,VXLAN)、安全组、虚拟防火墙等方面的安全防护技术,重点探讨分布式虚拟防火墙和安全虚拟组件两种安全防护系统的特点与优势,为云平台安全防护提供新的思路和解决方案。
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
