Authors: Xianqing Yu; Mladen Alan Vouk; Young-Hyun Oh
Addresses: Department of Computer Science, North Carolina State University, Raleigh, NC, USA ' Department of Computer Science, North Carolina State University, Raleigh, NC, USA ' IBM, Research Triangle Park, NC, USA
Abstract: Multi-cloud system may be cost-efficient and practical to integrate resources of multiple clouds. However, different clouds are usually managed by different organisations with different security policies and management platforms. When some components of a multi-cloud system are compromised, attackers can potentially have a high privilege that impacts the rest of system. We analysed the threats to overall system when some components of the multi-cloud system in a public cloud are compromised. We developed a model we call SECross for fine-grain database access policy for SECross components, and the method for users to access computing machines. We analysed how SECross resists various potential attacks when any of SECross components are compromised.
Keywords: multi-cloud; security policy; database; access control; authentication; authorisation.
International Journal of Cloud Computing, 2018 Vol.7 No.3/4, pp.323 - 335
Received: 11 Aug 2017
Accepted: 16 May 2018
Published online: 20 Sep 2018 *