On the design and implementation of an integrated security architecture for cloud with improved resilience

Vijay Varadharajan, Udaya Tupakula

Research output: Contribution to journalArticlepeer-review

13 Citations (Scopus)


In this paper, we propose an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing technologies for securing distributed applications running on virtualised systems. Our security architecture incorporates access control security policies for secure interactions between applications and virtual machines in different physical virtualized servers. It provides intrusion detection and trusted attestation techniques to detect and counteract dynamic attacks in an efficient manner. We demonstrate how this integrated security architecture is used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation of the developed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks. The feedback between the various security components of our security architecture plays a critical role in detecting sophisticated, dynamically changing attacks, thereby increasing the resilience of the overall secure system.

Original languageEnglish
Article number7420656
Pages (from-to)375-389
Number of pages15
JournalIEEE Transactions on Cloud Computing
Issue number3
Publication statusPublished - 1 Jul 2017


  • access control
  • Integrated security architecture
  • intrusion detection
  • resilience
  • trusted computing


Dive into the research topics of 'On the design and implementation of an integrated security architecture for cloud with improved resilience'. Together they form a unique fingerprint.

Cite this