MODEL BASED SECURITY FOR CLOUD SERVICES
First Claim
1. A method for applying a security scheme to a network environment within which an application is to be instantiated comprising:
- creating a security scheme based upon an application service model corresponding to an application which is to be instantiated within the network environment; and
applying the security scheme to the network environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.
115 Citations
20 Claims
-
1. A method for applying a security scheme to a network environment within which an application is to be instantiated comprising:
-
creating a security scheme based upon an application service model corresponding to an application which is to be instantiated within the network environment; and applying the security scheme to the network environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for applying a security scheme to a network environment within which an application is to be instantiated comprising:
a security component configured to; create a security scheme based upon an application service model corresponding to an application which is to be instantiated within the network environment; and apply the security scheme to the network environment. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A method for applying a security scheme to a network environment within which an application is to be instantiated comprising:
-
creating a security scheme based upon an application service model corresponding to an application which is to be instantiated within the network environment, wherein the security scheme comprises; a network filter security configured to isolate resources of a virtual machine in which the application is to be instantiated; a virtual machine security configured to define resource access of a virtual machine within which the application is to be instantiated based upon the application service model; an operating system security configured to define access to system resources based upon the application service model; a file security configured to define access to files, directories, and volume resources based upon the application service model; a file resource management security configured to define file size limitations based upon the application service model; an endpoint security configured to define access to one or more network endpoints based upon the application service model; a virtual account security configured to restrict the application from accessing operating system specific operations and resources not specified in the application security model; a process security configured to define at least one of memory access, CPU limits, and global object access within the virtual machine based upon the resource allocation plan; and an application security configured to; restrict access to operating system resources; and restrict execution of privileged operations specified within the application service model; and applying the security scheme to the network environment.
-
Specification