EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Secure Partitioning of Cloud Applications, with Cost Look-Ahead

Alessandro Bocci (), Stefano Forti, Roberto Guanciale, Gian-Luigi Ferrari and Antonio Brogi ()
Additional contact information
Alessandro Bocci: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Stefano Forti: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Roberto Guanciale: Division of Theoretical Computer Science, KTH Royal Institute of Technology, 114 28 Stockholm, Sweden
Gian-Luigi Ferrari: Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Antonio Brogi: Department of Computer Science, University of Pisa, 56127 Pisa, Italy

Future Internet, 2023, vol. 15, issue 7, 1-38

Abstract: The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.

Keywords: data confidentiality; trusted execution environments; separation kernels; information-flow security; deployment costs; declarative programming (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/15/7/224/pdf (application/pdf)
https://www.mdpi.com/1999-5903/15/7/224/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:15:y:2023:i:7:p:224-:d:1177270

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:224-:d:1177270