UNIL, XiTrust, ATOS, IRT, UNI PASSAU
This document is D2.2 “Domain independent generic security models” of task T2.2 “Refine and analyse domain independent generic requirements and security goals”. D2.2 is one of four main deliverables from work package WP2 “Use cases and re-quirements”. In addition to the “Legal, social and HCI2 requirements” of D2.1, and the detailed description of the use cases on which the new PRISMACLOUD cloud security functions will be demonstrated (D2.3 “Use case specification”), and the “Risk and threat analysis with security requirements” of D2.5, this document devel-ops the generic situations in cloud usage, where security and privacy problems occur—and where the PRISMACLOUD functions can be applied to mitigate those problems. The situations are specifically regarded from a cloud customer or end user perspective.
We start with an assessment on how security and privacy is regarded in current cloud services and applications. To this goal, current cloud ontologies and refer-ence architectures are being analysed, and the privacy policies, the privacy guaran-tees, and other security options of the major cloud providers investigated in depth and compared in a synoptic table. This analysis is followed by an exploration of ma-jor security benefits and security risks in cloud computing. The analysis of the cur-rent situation frames the context for the presentation of eight cloud security pat-terns of situations, which occur over again in public cloud environments—situations where the end user security or privacy is challenged and often compromised. The eight cloud security patterns describe situations where the application of PRISMACLOUD cryptographic primitives can significantly improve the security of the end user, or protect his/her privacy better than current solutions.
The cloud security patterns shall be re-used in the “Security and privacy by de-sign” task of WP7 “Composition of next-generation secure cloud services” to pro-vide guidance for the scientists and engineers working on the development and implementation of the cryptographic primitives, as well as to communicate the po-tential and the capabilities of the PRISMACLOUD crypto primitives to end users.
Download the full version [PDF]