A domain-divided configurable security model for cloud computing-based telecommunication services

Cloud computing emerges as one of the most promising technologies and is widely used in many fields. Cloud computing has been considered as an appropriate environment for telecommunication services. However, more threats appear in the migration of applications and telecommunication services from a traditional computing environment to a cloud platform. Traditional device-centric security systems are not effective as resources in the cloud are out of the users control. Data storage and processing for a telecommunication service in the cloud can be structured as a data service in PaaS (Platform-as-a-Service) level. Upper-level applications exchange data with the data service. In this paper, we propose a domain-divided security model in which different security policies are separately applied for three domains: the data storage domain, the data processing domain and the data transmission domain. In addition, security policies can be configured for upper-level applications based on their security requirements. Experimental results show that our proposed security model is both practical and lightweight as it can provide differentiated security protection for cloud computing-based telecommunication service with a low overhead.