Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.6.1247

Proposal of Security Requirements for the Cloud Storage Virtualization System  

Yeo, Youngmin (Center for Information Security Technologies(CIST), Korea University)
Lee, Chanwoo (Center for Information Security Technologies(CIST), Korea University)
Moon, Jongsub (Center for Information Security Technologies(CIST), Korea University)
Abstract
The security vulnerabilities of cloud storage virtualization environments are different from those of the existing computer system and are difficult to be protected in the existing computer system environment. Therefore we need some technical measures to address this issue. First of all, the technology used in cloud storage virtualization environment needs to be thoroughly analyzed, and also, we should understand those security requirements of various stakeholders in the view of cloud storage service and perform the research on security guidelines of the research security requirements. In this paper, we propose security requirements based on layers and roles of cloud storage virtualization. The proposed security requirements can be a basement for development of solution of cloud storage virtualization security.
Keywords
Virtualization; Storage Virtualization; Security Requirements; Standardization;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Sung-jae Jung and Yu-mi Bae, "Trend analysis of Threats and Technologies for Cloud Security," Journal of Security Engineering, 10(2), pp. 119-212, Apr. 2013.
2 L. Lindsay and O.L. Grand, "Cloud computing - Reference architecture," CT-CCA-o-022, Sep. 2013.
3 Storage virtualization, http://en.wikipedia.org/wiki/Storage_virtualization
4 P. Massiglia and F. Bunn, Virtual Storage Redefined: Technologies and Applications for storage Virtualization, VERITAS Software Corporation, pp. 1-5, Jan. 2003.
5 Dong-wook Choi, Du-ho Kim, Jeong-ho Kang, Sung-woo Cho and Jong-min Park, Actual Cloud Virtualization Construction Technology, HanbitMedia, pp. 35-37, Sep. 2012.
6 Yeong-cheol Kim, Myeong-hun Cha, Sang-min Lee and Yeong-gyun Kim, "Trends of Storage Virtualization Technologies on Cloud Computing," Electronics and Telecommunications Trends, 24(4), pp. 69-78, Aug. 2009.
7 Ndrive, http://ndrive.naver.com/index.nhn
8 S. Ghemawat, H. Gobioff and S. Leung, "The Google file system," In proc. of ACM Symp. on Operating sysytems principles, Aug. 2003.
9 Hadoop, http://hadoop.apache.org/
10 F. Bunn, N. Simpson, R. Peglar and G. Nagle, "Storage Virtualization," The SNIA Technical Tutorial, Oct. 2003.
11 E. Hibbard and M. Jeffrey, "Cloud Computing Overview & Vocabulary," CT-CCV-o-037, Oct. 2013.
12 F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger and D. Leaf, "Cloud Computing Reference Architecture," NIST SP 500-292, Sep. 2011.
13 D. Chisnall, The Definitive Guide to the Xen Hypervisor, Prentice Hall, pp. 3-26, Nov. 2007.
14 B. Sosinsky, Cloud Computing Bible, Wiley, pp. 45-64, Jan. 2011.
15 Soon-ki Jeong, Man-hyun Chung, Jae-ik Cho, Tae-shik Shon and Jong-sub Moon, "A Research on Cloud Architecture and Funtion for Virtualization Security of Cloud Computing," Journal of Security Engineering, 8(5), pp. 627-643, Nov 2012.
16 Z. Lin, H. Tian, "X.ccsec: Security framework for cloud computing," TD 0251 Rev.2, Apr. 2013.
17 Data Confidentiality, http://msdn.microsoft.com/en-us/library/ff650720.as-px
18 Data Encryption, http://msdn.micros-oft.com/en-us/library/dn149025(v=bts.80).aspx
19 M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica and M. Zaharia, "Above the Clouds: A Berkeley View of Cloud Computing," UCB/EECS-2009-28, UC Berkeley Reliable Adaptive Distributed Systems Laboratory, Feb. 2009.
20 Young-su Min, Hong-yeon Kim and Young-gyun Kim, "Distributed File System Technology for Cloud Computing," Communications of KIISE, 27(5), pp. 86-94, May. 2009.
21 Data Origin Authentication, http://m-sdn.microsoft.com/en-us/library/ff648434.aspx
22 In-hyuk Kim, Tae-hyoung Kim, Jung-han Kim, Byoung-hong Lim and Young-ik Eom, "Trends of Virtualization Technology Application for System Security," Review of KIISC, 19(2), pp. 26-34, Apr. 2009.
23 Access Control, http://msdn.microsoft.com/en-us/library/windows/desktop/aa374860(v=vs.85).aspx
24 Data Integrity, http://msdn.microsoft.com/en-us/library/aa291812(v=vs.71).aspx
25 Availability, http://msdn.microsoft.com/en-us/library/aa292462(v=vs.71).aspx
26 T. Haeberlen and L. Dupre, "Cloud Computing Benefits, risks and recommendations for information security," Enisa, Dec. 2012.
27 W. Jansen and T. Grance, "Guidelines on Security and Privacy in Public Cloud Computing," NIST SP 800-144, Dec. 2011.
28 J.D Meier and P. Enfield, "Azure Security Notes Lessons Learned from Exploring Microsoft Azure and the Cloud Security Space," Microsoft, Nov. 2010.
29 Chan-woo Lee, Sang-kon Kim, Youngmin Yeo and Jong-sub Moon, "Proposal of Security Requirements based on Layers and Roles for the Standardization of Cloud Computing Security Technology," Journal of Security Engineering, 10(4), pp. 473-488, Aug. 2013.
30 D. Merrill, "Security Controls Baseline v1.0," FedRAMP, Nov. 2010.
31 A. Reed, C. Rezek and P. Simmonds, "Security Guidance for Critical Areas of Focus in Cloud Computing v3.0," CSA, Nov. 2011.
32 Network security, http://en.wikipedia.org/wiki/Network_security