Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Cloud Service Feature Driven Security Policies for Virtualized Infrastructures

NIST Authors in Bold

Author(s): Ramaswamy Chandramouli;
Title: Cloud Service Feature Driven Security Policies for Virtualized Infrastructures
Published: July 19, 2011
Abstract: With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming into focus. In this paper, we take up the example of a Public Infrastructure as a Service (Iaas) cloud provider who provides storage and computing services through a data center with a virtualized infrastructure. In order to provide the needed security assurance for its IaaS cloud offering, the cloud provider needs to implement various security measures as part of the infrastructure configuration. A precursor to developing security measures is a comprehensive security policy. Now these policies are directly related to the features and functions that the IaaS cloud provider provides as part of its offering. The focus of this paper is to illustrate an approach for derivation of security policies for the virtualized infrastructure used by an IaaS cloud provider based on its service feature set.
Proceedings: World Multi-Conference on Systemics, Cybernetics and Informatics 2011 (WMSCI 2011)
Pages: 6 pp.
Location: Orlando, FL
Dates: July 19-22, 2011
Keywords: cloud computing, Infrastructure as a Service, public cloud, security policy
Research Areas: Information Technology, Computer Security, Cybersecurity