Microsegmented Cloud Network Architecture Using Open-Source Tools for a Zero Trust Foundation
- URL: http://arxiv.org/abs/2411.12162v1
- Date: Tue, 19 Nov 2024 01:58:40 GMT
- Title: Microsegmented Cloud Network Architecture Using Open-Source Tools for a Zero Trust Foundation
- Authors: Sunil Arora, John Hastings,
- Abstract summary: This paper presents a multi-cloud networking architecture built on zero trust principles and micro-segmentation.
The proposed design includes the multi-cloud network to support a wide range of applications and workload use cases.
- Score: 0.0
- License:
- Abstract: This paper presents a multi-cloud networking architecture built on zero trust principles and micro-segmentation to provide secure connectivity with authentication, authorization, and encryption in transit. The proposed design includes the multi-cloud network to support a wide range of applications and workload use cases, compute resources including containers, virtual machines, and cloud-native services, including IaaS (Infrastructure as a Service (IaaS), PaaS (Platform as a service). Furthermore, open-source tools provide flexibility, agility, and independence from locking to one vendor technology. The paper provides a secure architecture with micro-segmentation and follows zero trust principles to solve multi-fold security and operational challenges.
Related papers
- Authentication and identity management based on zero trust security model in micro-cloud environment [0.0]
The Zero Trust framework can better track and block external attackers while limiting security breaches resulting from insider attacks in the cloud paradigm.
This paper focuses on authentication mechanisms, calculation of trust score, and generation of policies in order to establish required access control to resources.
arXiv Detail & Related papers (2024-10-29T09:06:13Z) - An Intelligent Native Network Slicing Security Architecture Empowered by Federated Learning [0.0]
We propose an architecture-intelligent security mechanism to improve the Network Slicing solutions.
We identify Distributed Denial-of-Service (DDoS) and intrusion attacks within the slice using generic and non-native telemetry records.
arXiv Detail & Related papers (2024-10-04T21:12:23Z) - Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code [6.200058263544999]
IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information.
The proposed framework contains a "control plane" to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies.
We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Istio, and Open Policy Agent to validate the framework.
arXiv Detail & Related papers (2024-06-27T01:03:23Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Software-based Security Framework for Edge and Mobile IoT [0.5735035463793009]
This work focuses on designing secure communication among remote servers and embedded IoT devices.
The proposed approach uses lightweight cryptography, optimizing device performance and security without overburdening their limited resources.
arXiv Detail & Related papers (2024-04-09T16:25:13Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Auto-Split: A General Framework of Collaborative Edge-Cloud AI [49.750972428032355]
This paper describes the techniques and engineering practice behind Auto-Split, an edge-cloud collaborative prototype of Huawei Cloud.
To the best of our knowledge, there is no existing industry product that provides the capability of Deep Neural Network (DNN) splitting.
arXiv Detail & Related papers (2021-08-30T08:03:29Z) - secureTF: A Secure TensorFlow Framework [1.1006321791711173]
secureTF is a distributed machine learning framework based on the onflow for the cloud infrastructure.
SecureTF supports unmodified applications, while providing end-to-end security for the input data, ML model, and application code.
This paper reports on our experiences about the system design choices and the system deployment in production use-cases.
arXiv Detail & Related papers (2021-01-20T16:36:53Z) - Optimizing Resource-Efficiency for Federated Edge Intelligence in IoT
Networks [96.24723959137218]
We study an edge intelligence-based IoT network in which a set of edge servers learn a shared model using federated learning (FL)
We propose a novel framework, called federated edge intelligence (FEI), that allows edge servers to evaluate the required number of data samples according to the energy cost of the IoT network.
We prove that our proposed algorithm does not cause any data leakage nor disclose any topological information of the IoT network.
arXiv Detail & Related papers (2020-11-25T12:51:59Z) - A Privacy-Preserving Distributed Architecture for
Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service.
It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.