Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A Monitoring Approach for Policy Enforcement in Cloud Services
Date
2017-06-30
Author
FERNANDO, Ruchith
RANCHAL, Rohit
BHARGAVA, Bharat
Angın, Pelin
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
92
views
0
downloads
Cite This
When clients interact with a cloud-based service, they expect certain levels of quality of service guarantees. These are expressed as security and privacy policies, interaction authorization policies, and service performance policies among others. The main security challenge in a cloud-based service environment, typically modeled using service-oriented architecture (SOA), is that it is difficult to trust all services in a service composition. In addition, the details of the services involved in an end-to-end service invocation chain are usually not exposed to the clients. The complexity of the SOA services and multi-tenancy in the cloud environment leads to a large attack surface. In this paper we propose a novel approach for end-to-end security and privacy in cloud-based service orchestrations, which uses a service activity monitor to audit activities of services in a domain. The service monitor intercepts interactions between a client and services, as well as among services, and provides a pluggable interface for different modules to analyze service interactions and make dynamic decisions based on security policies defined over the service domain. Experiments with a real-world service composition scenario demonstrate that the overhead of monitoring is acceptable for real-time operation of Web services.
Subject Keywords
Service-oriented architecture
,
Cloud services
,
Security policy
,
Monitoring
URI
https://hdl.handle.net/11511/39785
DOI
https://doi.org/10.1109/cloud.2017.82
Conference Name
10th IEEE International Conference on Cloud Computing (CLOUD)
Collections
Department of Computer Engineering, Conference / Seminar
Suggestions
OpenMETU
Core
An Entity-centric Approach for Privacy and Identity Management in Cloud Computing
Angın, Pelin; Ranchal, Rohit; Singh, Noopur; LİNDERMAN, Mark; Ben Othmane, Lotfi; Lilien, Leszek (2010-11-03)
Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entities that use it. In cloud computing, entities may have multiple accounts associated with different SPs, or one SP. Sharing PIIs of the same entity across service...
A Flow Aggregation Method for the Scalable and Efficient Quality of Service Support in Next Generation Networks
Sanli, Mustafa; Schmidt, Şenan Ece; Guran, Hasan Cengiz (2013-12-13)
The services in the Next Generation Network (NGN) will be created on demand by the customers and will require end-to-end Quality of Service (QoS) for each flow. A very significant component for the end-to-end QoS support in the Internet is the packet schedulers in the routers. The complexity of the packet scheduling algorithms increases with the number of flows. As a solution, flow aggregation decreases the number of flows processed by the scheduler. The previous work in the literature proves that if the fl...
A Method to improve the communication between information technology and healthcare professionals during mobile healthcare application development
Erturan, Yusuf Nasuh; Aydın Son, Yeşim; Tokdemir, Gül; Department of Health Informatics (2013)
Mobile healthcare applications constitute alternative tools to increase service quality and effectiveness, decrease time spent on service presentation and therefore they are reforming and changing healthcare service delivery. Achievement in this reform depends on the effectiveness of the developed mobile healthcare applications. Development of effective mobile healthcare applications, on the other hand, requires detailed domain knowledge which normally IT professionals do not have. To provide a solution to ...
An End-to-End Security Auditing Approach for Service Oriented Architectures
AZARMİ, Mehdi; BHARGAVA, Bharat; Angın, Pelin; RANCHAL, Rohit; AHMED, Norman; SİNCLAİR, Asher; LİNDERMAN, Mark; BEN OTHMANE, Lotfi (2012-10-11)
Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement of multiple service providers in a service request. The interactions of independent service domains in SOA could violate service policies or SLAs. In addition, users in SOA systems have no control on what happens...
Implementing Service-Oriented Architecture in Organizations
Choi, Jae; Nazareth, Derek L.; Jain, Hemant K. (2010-03-01)
Service-oriented architecture (SOA) has been promoted as a technology that can enhance information systems agility, interoperability between applications, deployment flexibility, and reusability. As with any new information technology (IT), the decision to adopt SOA cannot be taken lightly, given the nontrivial investment in economic and personnel resources. The complexity associated with industry-wide diffusion, coupled with organization, industry, and environment factors, contributes to a lack of a clear ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
R. FERNANDO, R. RANCHAL, B. BHARGAVA, and P. Angın, “A Monitoring Approach for Policy Enforcement in Cloud Services,” presented at the 10th IEEE International Conference on Cloud Computing (CLOUD), Honolulu, HI, 2017, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/39785.