Security policy enforcement framework for cloud-based information processing systems
First Claim
1. A method comprising:
- identifying at least one security policy associated with a given tenant of a cloud service provider;
analyzing the security policy against configuration information characterizing cloud infrastructure of the cloud service provider, the cloud infrastructure comprising physical infrastructure and associated virtualization infrastructure running on the physical infrastructure; and
controlling execution of one or more applications of the given tenant within the cloud infrastructure of the cloud service provider in accordance with the security policy based at least in part on one or more results of the analyzing step;
wherein the identifying, analyzing and controlling steps are implemented in a security policy enforcement framework of a processing platform of the cloud infrastructure; and
wherein the security policy associated with the given tenant comprises one or more tenant-specified rules related to isolation of the given tenant with respect to one or more other tenants of the cloud service provider.
12 Assignments
0 Petitions
Accused Products
Abstract
Cloud infrastructure of a cloud service provider comprises a processing platform implementing a security policy enforcement framework. The security policy enforcement framework comprises a policy analyzer that is configured to identify at least one security policy associated with at least one tenant of the cloud service provider, to analyze the security policy against configuration information characterizing the cloud infrastructure of the cloud service provider, and to control execution of one or more applications of said at least one tenant within the cloud infrastructure in accordance with the security policy, based at least in part on one or more results of the analysis of the security policy. The security policy enforcement framework may be implemented in a platform-as-a-service (PaaS) layer of the cloud infrastructure, and may comprise a runtime controller, an operating system controller, a hypervisor controller and a PaaS controller.
-
Citations
22 Claims
-
1. A method comprising:
-
identifying at least one security policy associated with a given tenant of a cloud service provider; analyzing the security policy against configuration information characterizing cloud infrastructure of the cloud service provider, the cloud infrastructure comprising physical infrastructure and associated virtualization infrastructure running on the physical infrastructure; and controlling execution of one or more applications of the given tenant within the cloud infrastructure of the cloud service provider in accordance with the security policy based at least in part on one or more results of the analyzing step; wherein the identifying, analyzing and controlling steps are implemented in a security policy enforcement framework of a processing platform of the cloud infrastructure; and wherein the security policy associated with the given tenant comprises one or more tenant-specified rules related to isolation of the given tenant with respect to one or more other tenants of the cloud service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 21, 22)
-
-
15. An apparatus comprising:
-
a processing platform comprising at least one processing device having a processor coupled to a memory, said processing platform implementing a security policy enforcement framework for cloud infrastructure of a cloud service provider; wherein the security policy enforcement framework comprises a policy analyzer configured to identify at least one security policy associated with a given tenant of the cloud service provider, to analyze the security policy against configuration information characterizing cloud infrastructure of the cloud service provider, and to control execution of one or more applications of the given tenant within the cloud infrastructure of the cloud service provider in accordance with the security policy based at least in part on one or more results of the analysis of the security policy; wherein the cloud infrastructure comprises physical infrastructure and associated virtualization infrastructure running on the physical infrastructure; and wherein the security policy associated with the given tenant comprises one or more tenant-specified rules related to isolation of the given tenant with respect to one or more other tenants of the cloud service provider. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification