Secure Partitioning of Cloud Applications, with Cost Look-Ahead
Alessandro Bocci (),
Stefano Forti,
Roberto Guanciale,
Gian-Luigi Ferrari and
Antonio Brogi ()
Additional contact information
Alessandro Bocci: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Stefano Forti: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Roberto Guanciale: Division of Theoretical Computer Science, KTH Royal Institute of Technology, 114 28 Stockholm, Sweden
Gian-Luigi Ferrari: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Antonio Brogi: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Future Internet, 2023, vol. 15, issue 7, 1-38
Abstract:
The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.
Keywords: data confidentiality; trusted execution environments; separation kernels; information-flow security; deployment costs; declarative programming (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:
Downloads: (external link)
https://www.mdpi.com/1999-5903/15/7/224/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/7/224/ (text/html)
Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
HTML/Text
Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:7:p:224-:d:1177270
Access Statistics for this article
Future Internet is currently edited by Ms. Grace You
More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().