Title: SECross: securing cross cloud boundary

Authors: Xianqing Yu; Mladen Alan Vouk; Young-Hyun Oh

Addresses: Department of Computer Science, North Carolina State University, Raleigh, NC, USA ' Department of Computer Science, North Carolina State University, Raleigh, NC, USA ' IBM, Research Triangle Park, NC, USA

Abstract: Multi-cloud system may be cost-efficient and practical to integrate resources of multiple clouds. However, different clouds are usually managed by different organisations with different security policies and management platforms. When some components of a multi-cloud system are compromised, attackers can potentially have a high privilege that impacts the rest of system. We analysed the threats to overall system when some components of the multi-cloud system in a public cloud are compromised. We developed a model we call SECross for fine-grain database access policy for SECross components, and the method for users to access computing machines. We analysed how SECross resists various potential attacks when any of SECross components are compromised.

Keywords: multi-cloud; security policy; database; access control; authentication; authorisation.

DOI: 10.1504/IJCC.2018.095402

International Journal of Cloud Computing, 2018 Vol.7 No.3/4, pp.323 - 335

Received: 11 Aug 2017
Accepted: 16 May 2018

Published online: 20 Sep 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article