Security Infrastructure for Dynamically Provisioned Cloud Infrastructure Services

S. Pearson and G. Yee (eds.), Privacy and Security for Cloud Computing, Computer Communications and Networks, DOI 10.1007/978-1-4471-4189-1_5, © Springer-Verlag London 2012 Abstract This chapter discusses conceptual issues, basic requirements and practical suggestions for designing dynamically configured security infrastructure provisioned on demand as part of the cloud-based infrastructure. This chapter describes general use cases for provisioning cloud infrastructure services and the proposed architectural framework that provides a basis for defining the security infrastructure requirements. The proposed security services lifecycle management (SSLM) model addresses specific on-demand infrastructure service provisioning security problems that can be solved by introducing special security mechanisms to allow security services synchronisation and their binding to the virtualisation platforms run-time environment. This chapter describes the proposed dynamically provisioned access control infrastructure (DACI) architecture and defines the necessary security mechanisms to ensure consistent security services operation in the provisioned virtual infrastructure. In particular, this chapter discusses the design and use of a security token service for federated access control and security context management in the generically multi-domain and multi-provider cloud environment.