IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v15y2023i7p224-d1177270.html
   My bibliography  Save this article

Secure Partitioning of Cloud Applications, with Cost Look-Ahead

Author

Listed:
  • Alessandro Bocci

    (Department of Computer Science, University of Pisa, 56127 Pisa, Italy)

  • Stefano Forti

    (Department of Computer Science, University of Pisa, 56127 Pisa, Italy)

  • Roberto Guanciale

    (Division of Theoretical Computer Science, KTH Royal Institute of Technology, 114 28 Stockholm, Sweden)

  • Gian-Luigi Ferrari

    (Department of Computer Science, University of Pisa, 56127 Pisa, Italy)

  • Antonio Brogi

    (Department of Computer Science, University of Pisa, 56127 Pisa, Italy)

Abstract

The security of Cloud applications is a major concern for application developers and operators. Protecting users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable Cloud providers. Recently, trusted execution environments (TEEs) emerged in Cloud settings to isolate applications from the privileged access of Cloud providers. Such hardware-based technologies exploit separation kernels, which aim at safely isolating the software components of applications. In this article, we propose a methodology to determine safe partitionings of Cloud applications to be deployed on TEEs. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains. To the best of our knowledge, no previous proposal exists addressing such a problem. We exploit information-flow security techniques to protect the data confidentiality of applications by relying on declarative methods to model applications and their data flow. The proposed solution is assessed by executing a proof-of-concept implementation that shows the relationship among the future partitioning costs, number of domains and execution times.

Suggested Citation

  • Alessandro Bocci & Stefano Forti & Roberto Guanciale & Gian-Luigi Ferrari & Antonio Brogi, 2023. "Secure Partitioning of Cloud Applications, with Cost Look-Ahead," Future Internet, MDPI, vol. 15(7), pages 1-38, June.
    • Handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:224-:d:1177270
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/15/7/224/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/15/7/224/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:15:y:2023:i:7:p:224-:d:1177270. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.