The Experts below are selected from a list of 96591 Experts worldwide ranked by ideXlab platform
Tan Hao - One of the best experts on this subject based on the ideXlab platform.
-
Research of Security Infrastructure for Web Services
Journal of Computer Applications, 2006Co-Authors: Tan HaoAbstract:Web Services technology is loosely-coupled and platform-independent,and it simplifies the application integration between different organizations.At the same time,its inherent heterogeneity,dynamic and complexity bring out many Security issues.The Security challenges and threats were analyzed,current Security mechanisms were addressed,including XML encryption and signature,SAML,XACML,XKMS and WS-Security.Finally a Security Infrastructure was presented and its application scene was described to illustrate the coordination between those Security components.
Yuri Demchenko - One of the best experts on this subject based on the ideXlab platform.
-
CCGrid - Defining Intercloud Security Framework and Architecture Components for Multi-Cloud Data Intensive Applications
2017 17th IEEE ACM International Symposium on Cluster Cloud and Grid Computing (CCGRID), 2017Co-Authors: Yuri Demchenko, Cees De Laat, Fatih Turkmen, Mathias SlawikAbstract:This paper presents results of the ongoing development of the Intercloud Security Framework (ICSF), that is a part of the Intercloud Architecture Framework (ICAF), and provides an architectural basis for building Security Infrastructure services for multi-cloud applications. The paper refers to general use case of the data intensive applications that indicate need for multi-cloud applications platforms that will require corresponding multi-cloud Security services. The paper presents analysis of the general multi-cloud use case that helps eliciting the general requirement to ICSF and identifying the Security Infrastructure functional components that would allow using distributed cloud based resources and data sets. The paper defines the main ICSF services and functional components, and explains importance of consistent implementation of the Security Services Lifecycle Management in cloud based applications. The paper provides overview of the cloud compliance standards and their role in cloud Security. The paper refers to the Security Infrastructure development in the CYCLONE project that implements federated identify management, secure logging service, and multi-domain Attribute Based Access Control, Security services lifecycle management. The paper discusses implementation of the Trust Bootstrapping Protocol as an important mechanism to ensure consistent Security in the virtualised inter-cloud environment.
-
Security Infrastructure for dynamically provisioned cloud Infrastructure services
Computer Communications and Networks, 2012Co-Authors: Yuri Demchenko, Canh Ngo, Cees De Laat, Diego Lopez, Antonio Morales, Joan A. Garcia-espinAbstract:This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured Security Infrastructure provisioned on demand as part of the cloud-based Infrastructure. This chapter describes general use cases for provisioning cloud Infrastructure services and the proposed architectural framework that provides a basis for defining the Security Infrastructure requirements. The proposed Security services lifecycle management (SSLM) model addresses specific on-demand Infrastructure service provisioning Security problems that can be solved by introducing special Security mechanisms to allow Security services synchronisation and their binding to the virtualisation platforms’ run-time environment. This chapter describes the proposed dynamically provisioned access control Infrastructure (DACI) architecture and defines the necessary Security mechanisms to ensure consistent Security services operation in the provisioned virtual Infrastructure. In particular, this chapter discusses the design and use of a Security token service for federated access control and Security context management in the generically multi-domain and multi-provider cloud environment.
-
Security Infrastructure for on-demand provisioned cloud Infrastructure services
Proceedings - 2011 3rd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2011, 2011Co-Authors: Yuri Demchenko, Chun Ming Rong, Canh Ngo, Tomasz Wiktor Wlodarczyk, Cees De Laat, Wolfgang ZieglerAbstract:Providing consistent Security services in on-demand provisioned Cloud Infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud Security Infrastructure should address two aspects of the IaaS operation and dynamic Security services provisioning: (1) provide Security Infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic Security services, including creation and management of the dynamic Security associations, as a part of the provisioned composite services or virtual Infrastructures. The first task is a traditional task in Security engineering, while dynamic provisioning of managed Security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required Security mechanisms for secure data management in dynamically provisioned Cloud Infrastructures. The paper refers to the architectural framework for on-demand Infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control Infrastructure (DACI). The paper proposes the Security mechanisms that are required for consistent DACI operation, in particular Security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned Infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and Security context between provisioned services and virtualised platform.
-
CloudCom - Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services
2011 IEEE Third International Conference on Cloud Computing Technology and Science, 2011Co-Authors: Yuri Demchenko, Chun Ming Rong, Canh Ngo, Tomasz Wiktor Wlodarczyk, Cees De Laat, Wolfgang ZieglerAbstract:Providing consistent Security services in on-demand provisioned Cloud Infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud Security Infrastructure should address two aspects of the IaaS operation and dynamic Security services provisioning: (1) provide Security Infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic Security services, including creation and management of the dynamic Security associations, as a part of the provisioned composite services or virtual Infrastructures. The first task is a traditional task in Security engineering, while dynamic provisioning of managed Security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required Security mechanisms for secure data management in dynamically provisioned Cloud Infrastructures. The paper refers to the architectural framework for on-demand Infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control Infrastructure (DACI). The paper proposes the Security mechanisms that are required for consistent DACI operation, in particular Security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned Infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and Security context between provisioned services and virtualised platform.
Lin Chen - One of the best experts on this subject based on the ideXlab platform.
-
G‐PASS: an instance‐oriented Security Infrastructure for Grid travelers
Concurrency and Computation: Practice and Experience, 2006Co-Authors: Lin Chen, Cho-li Wang, Francis C. M. LauAbstract:Grid computing unifies distributed resources via its support for the creation and use of virtual organizations (VOs), where a VO represents a collection of distributed resources to be accessed through predefined resource sharing and coordination policies. We consider a special type of mobile processes, named Grid travelers, which can travel across boundaries of virtual organizations for the detection of resource availability, to negotiate for the approval of access privileges, and to conduct remote execution. A new Security Infrastructure named G-PASS is proposed to guarantee the validity and integrity of the travelers and the critical Security knowledge they collect while traveling, especially while crossing some VOs. G-PASS borrows the idea of passport and custom, as well as the procedures for people’s travel in real life, to provide role-based delegation mapping and access control. We demonstrate the power and feasibility of G-PASS with a simulated mobile agent environment and a distributed ray-tracing application running on multiple VOs. Various Security overheads coming from migration decisions and actual agent or process migration are reported. G-PASS can be installed with GSI as the base, which makes it compatible with the existing Grid middleware.
-
ISSADS - An identity-based model for grid Security Infrastructure
Advanced Distributed Systems, 2005Co-Authors: Xiaoqin Huang, Lin Chen, Linpeng HuangAbstract:In this paper, we propose a grid Security Infrastructure based on identity cryptography. We mainly discuss the grid Security authentication and authorization architecture by using Tate Pairing. We propose a private key generator Security Infrastructure and secure group communication scheme by using non-interaction secret sharing protocol and one round tripartite Diffie-Hellman protocol. Finally, we present the advantages and disadvantages of our ID-based Security Infrastructure comparing with the public key Infrastructure in grid circumstance.
-
ISPEC - An identity-based grid Security Infrastructure model
Information Security Practice and Experience, 2005Co-Authors: Xiaoqin Huang, Lin Chen, Linpeng HuangAbstract:Grid Security is a wide topic, touching many of the core issues in information Security. It is an area that has been overlooked by the established grid community. In this paper, We explore some roles of identity-based cryptography (IBC) in grid circumstance, and propose a grid Security Infrastructure model based on identity cryptography. We mainly discuss the grid Security authentication and authorization architecture, public key Infrastructure based on identity cryptography and Security group communication scheme by using weil pairing. The Security property of our scheme is discussed. Finally, we compare our ID-based Security Infrastructure with the public key Infrastructure in grid circumstance.
-
G-PASS: Security Infrastructure for grid travelers
Lecture Notes in Computer Science, 2004Co-Authors: Lin Chen, Cho-li Wang, Francis C. M. LauAbstract:Grid travelers are special mobile processes responsible for coordinating resources that are distributed across multiple virtual organizations (VOs). We propose a Security Infrastructure called G-PASS to provide Security support for grid travelers during their trip and credential mapping when crossing VO boundaries. We demonstrate the power and feasibility of G-PASS with a bio-informatics application running on multiple VOs. We report and analyze the overheads incurred in migration decisions and the actual process migrations. G-PASS can be installed with GSI as the base, thus making it compatible with existing grid middleware.
-
GCC - G-PASS: Security Infrastructure for Grid Travelers
Lecture Notes in Computer Science, 2004Co-Authors: Lin Chen, Cho-li Wang, Francis C. M. LauAbstract:Grid travelers are special mobile processes responsible for coordinating resources that are distributed across multiple virtual organizations (VOs). We propose a Security Infrastructure called G-PASS to provide Security support for grid travelers during their trip and credential mapping when crossing VO boundaries. We demonstrate the power and feasibility of G-PASS with a bio-informatics application running on multiple VOs. We report and analyze the overheads incurred in migration decisions and the actual process migrations. G-PASS can be installed with GSI as the base, thus making it compatible with existing grid middleware.
Linpeng Huang - One of the best experts on this subject based on the ideXlab platform.
-
ISSADS - An identity-based model for grid Security Infrastructure
Advanced Distributed Systems, 2005Co-Authors: Xiaoqin Huang, Lin Chen, Linpeng HuangAbstract:In this paper, we propose a grid Security Infrastructure based on identity cryptography. We mainly discuss the grid Security authentication and authorization architecture by using Tate Pairing. We propose a private key generator Security Infrastructure and secure group communication scheme by using non-interaction secret sharing protocol and one round tripartite Diffie-Hellman protocol. Finally, we present the advantages and disadvantages of our ID-based Security Infrastructure comparing with the public key Infrastructure in grid circumstance.
-
ISPEC - An identity-based grid Security Infrastructure model
Information Security Practice and Experience, 2005Co-Authors: Xiaoqin Huang, Lin Chen, Linpeng HuangAbstract:Grid Security is a wide topic, touching many of the core issues in information Security. It is an area that has been overlooked by the established grid community. In this paper, We explore some roles of identity-based cryptography (IBC) in grid circumstance, and propose a grid Security Infrastructure model based on identity cryptography. We mainly discuss the grid Security authentication and authorization architecture, public key Infrastructure based on identity cryptography and Security group communication scheme by using weil pairing. The Security property of our scheme is discussed. Finally, we compare our ID-based Security Infrastructure with the public key Infrastructure in grid circumstance.
Cees De Laat - One of the best experts on this subject based on the ideXlab platform.
-
CCGrid - Defining Intercloud Security Framework and Architecture Components for Multi-Cloud Data Intensive Applications
2017 17th IEEE ACM International Symposium on Cluster Cloud and Grid Computing (CCGRID), 2017Co-Authors: Yuri Demchenko, Cees De Laat, Fatih Turkmen, Mathias SlawikAbstract:This paper presents results of the ongoing development of the Intercloud Security Framework (ICSF), that is a part of the Intercloud Architecture Framework (ICAF), and provides an architectural basis for building Security Infrastructure services for multi-cloud applications. The paper refers to general use case of the data intensive applications that indicate need for multi-cloud applications platforms that will require corresponding multi-cloud Security services. The paper presents analysis of the general multi-cloud use case that helps eliciting the general requirement to ICSF and identifying the Security Infrastructure functional components that would allow using distributed cloud based resources and data sets. The paper defines the main ICSF services and functional components, and explains importance of consistent implementation of the Security Services Lifecycle Management in cloud based applications. The paper provides overview of the cloud compliance standards and their role in cloud Security. The paper refers to the Security Infrastructure development in the CYCLONE project that implements federated identify management, secure logging service, and multi-domain Attribute Based Access Control, Security services lifecycle management. The paper discusses implementation of the Trust Bootstrapping Protocol as an important mechanism to ensure consistent Security in the virtualised inter-cloud environment.
-
Security Infrastructure for dynamically provisioned cloud Infrastructure services
Computer Communications and Networks, 2012Co-Authors: Yuri Demchenko, Canh Ngo, Cees De Laat, Diego Lopez, Antonio Morales, Joan A. Garcia-espinAbstract:This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured Security Infrastructure provisioned on demand as part of the cloud-based Infrastructure. This chapter describes general use cases for provisioning cloud Infrastructure services and the proposed architectural framework that provides a basis for defining the Security Infrastructure requirements. The proposed Security services lifecycle management (SSLM) model addresses specific on-demand Infrastructure service provisioning Security problems that can be solved by introducing special Security mechanisms to allow Security services synchronisation and their binding to the virtualisation platforms’ run-time environment. This chapter describes the proposed dynamically provisioned access control Infrastructure (DACI) architecture and defines the necessary Security mechanisms to ensure consistent Security services operation in the provisioned virtual Infrastructure. In particular, this chapter discusses the design and use of a Security token service for federated access control and Security context management in the generically multi-domain and multi-provider cloud environment.
-
Security Infrastructure for on-demand provisioned cloud Infrastructure services
Proceedings - 2011 3rd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2011, 2011Co-Authors: Yuri Demchenko, Chun Ming Rong, Canh Ngo, Tomasz Wiktor Wlodarczyk, Cees De Laat, Wolfgang ZieglerAbstract:Providing consistent Security services in on-demand provisioned Cloud Infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud Security Infrastructure should address two aspects of the IaaS operation and dynamic Security services provisioning: (1) provide Security Infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic Security services, including creation and management of the dynamic Security associations, as a part of the provisioned composite services or virtual Infrastructures. The first task is a traditional task in Security engineering, while dynamic provisioning of managed Security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required Security mechanisms for secure data management in dynamically provisioned Cloud Infrastructures. The paper refers to the architectural framework for on-demand Infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control Infrastructure (DACI). The paper proposes the Security mechanisms that are required for consistent DACI operation, in particular Security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned Infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and Security context between provisioned services and virtualised platform.
-
CloudCom - Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services
2011 IEEE Third International Conference on Cloud Computing Technology and Science, 2011Co-Authors: Yuri Demchenko, Chun Ming Rong, Canh Ngo, Tomasz Wiktor Wlodarczyk, Cees De Laat, Wolfgang ZieglerAbstract:Providing consistent Security services in on-demand provisioned Cloud Infrastructure services is of primary importance due to multi-tenant and potentially multi-provider nature of Clouds Infrastructure as a Service (IaaS) environment. Cloud Security Infrastructure should address two aspects of the IaaS operation and dynamic Security services provisioning: (1) provide Security Infrastructure for secure Cloud IaaS operation, (2) provisioning dynamic Security services, including creation and management of the dynamic Security associations, as a part of the provisioned composite services or virtual Infrastructures. The first task is a traditional task in Security engineering, while dynamic provisioning of managed Security services in virtualised environment remains a problem and requires additional research. In this paper we discuss both aspects of the Cloud Security and provide suggestions about required Security mechanisms for secure data management in dynamically provisioned Cloud Infrastructures. The paper refers to the architectural framework for on-demand Infrastructure services provisioning, being developed by authors, that provides a basis for defining the proposed Cloud Security Infrastructure. The proposed SLA management solution is based on the WS-Agreement and allows dynamic SLA management during the whole provisioned services lifecycle. The paper discusses conceptual issues, basic requirements and practical suggestions for dynamically provisioned access control Infrastructure (DACI). The paper proposes the Security mechanisms that are required for consistent DACI operation, in particular Security tokens used for access control, policy enforcement and authorisation session context exchange between provisioned Infrastructure services and Cloud provider services. The suggested implementation is based on the GAAA Toolkit Java library developed by authors that is extended with the proposed Common Security Services Interface (CSSI) and additional mechanisms for binding sessions and Security context between provisioned services and virtualised platform.
