1 / 25

Enhancing security in federated cloud environment using the risk based access control

Enhancing security in federated cloud environment using the risk based access control. 2012-Fowz Masood-NUST-MS-CCS-23. Supervisor: Dr. Awais Shibli Committee Members: Dr. Abdul Ghafoor , Ms. Hirra Anwar, Ms. Rahat Masood. Agenda. Introduction Cloud federation

iorwen
Download Presentation

Enhancing security in federated cloud environment using the risk based access control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Enhancing security in federated cloud environment using the risk based access control 2012-Fowz Masood-NUST-MS-CCS-23 Supervisor: Dr. AwaisShibli Committee Members: Dr. Abdul Ghafoor, Ms. Hirra Anwar, Ms. RahatMasood

  2. Agenda Introduction Cloud federation Challenges in cloud computing Trust issue in cloud Literature review Limitations Problem statement Proposed architecture Roadmap Industrial survey Response from international community References

  3. Overview of Cloud Computing On-demand Self Services Broad Network Access Rapid Elasticity Measured Services Resource Pooling Infrastructure-as-a-service Software-as-a-service Platform-as-a-service Hybrid Private Community Public Reference: http://cloudblueprint.wordpress.com/cloud-taxonomy/

  4. Cloud Federation Home Cloud Cloud service provider 1 Cloud Federation Cloud service provider 3 Cloud service provider 2 Foreign Cloud Foreign Cloud • Different CSPs form a federation • Benefits • Cloud burst • Load balancing • Global unity • Better resource management

  5. Issues in cloud * Michael A. Davis. (2012, August) Information Week. [Online]. http://www.informationweek.com/global-cio/security/dont-trust-cloud-security/240005687** John Naughton. (2013, September) The Guardian. [Online]. http://www.theguardian.com/technology/2013/sep/15/edward-snowden-nsa-cloud-computing*** The Notorious Nine: Cloud Computing Top Threats in 2013”[Online]https://cloudsecurityalliance.org • Recently conducted survey* shows: • The Edward Snowden - NSA scandal** has also raised many questions in people’s mind. • Due Diligence***.

  6. Trust issues in cloud Building user trust in cloud computing is one the top issues Warwick Ashford “Security in the cloud: Top nine issues in building users' trust” [Online], April 2011http://www.computerweekly.com/feature/Security-in-the-cloud-Top-nine-issues-in-building-users-trust

  7. Cont’d Cloud computing is missing the transparency. Chris Paoli, “Enterprises Have Cloud Trust Issues” [Online], Aug 2012http://redmondmag.com/articles/2012/08/08/cloud-trust-issues.aspx

  8. Literature Survey

  9. 1 * N Trust Establishment within Dynamic Collaborative Clouds AtulGohad, Praveen S. Rao“1 * N Trust Establishment within Dynamic Collaborative Clouds” Cloud Computing in Emerging Markets (CCEM), 2012 IEEE International Conference • A central entity CSB is used for establishing the trust • Secure tokens are generatedand used • Pros: • CSB has to manage all theCSPs • Better security • Cons: • Complex framework • Single point of failure • Model relies on certificates, which is itself a slow process

  10. A Cloud Trust Model in a Security Aware Cloud • A cloud trust model has been proposed, in which two levels of hierarchy are added • Internal trust relies on TPM and key management • Contracted trust is based on SPS and CSP enters into this trust layer by negotiating the desired security • Pros: • Enhances the security • Cons: • TPM needs hardware modification • Key management is a cumbersometask • No continuous monitoring • Additional layers will make over allsystem slow Hiroyuki Sato, Atsushi Kanai, ShigeakiTanimoto“A Cloud Trust Model in a Security Aware Cloud” Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on, July 2010

  11. SLA-Based Trust Model for Cloud Computing Mohammed Alhamad, Tharam Dillon, Elizabeth Chang “SLA-Based Trust Model for Cloud Computing” 13th International Conference on Network-Based Information Systems 2010 • Authors have used service level agreement (SLA) to calculate the trustworthiness • Both functional and nonfunctional requirements are catered for trust establishment • Pros: • Best possible CSP will be provided on the demand of client • Cons: • Trust level changes • SLA parameters itself are not enough

  12. The privacy-aware access control system using attribute-and role-based access control in private cloud EiEi Mon, Thinn Thu Naing“The privacy-aware access control system using attribute-and role-based access control in private cloud” Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference • Authors have merged RBAC and ABAC to make a new enhanced access controlcalled ARBAC. • Pros: • Improves the overallsecurity of cloud • Cons: • Computationally expensive, slow

  13. Risk-Aware RBAC Sessions Khalid ZamanBijon, Ram Krishnan, and Ravi Sandhu“Risk-Aware RBAC Sessions” 8th International Conference, ICISS 2012, Guwahati, India, December 15-19, 2012 • Authors have incorporated therisk parameter in a RBACsession. • Pros: • Robust. • Better security as its dynamicin nature • Cons: • Parameters for risks were notexplained • Testing & evaluation is notprovided

  14. Research Findings • Trust models: • Trust models are fixed. • One time check only. • Detective in nature rather being preventive. • Cryptographic techniques are computationally expensive. • Require third party for verification. • Access Control: • Cloud’s dynamic nature demands a flexible A.C. However, traditional A.C mechanisms are based on static policies which makes them too rigid to handle the complex situations.

  15. Problem Statement The performance of a CSP in a cloud federation can deteriorate over the time, in this case the existing trust and access control schemes fail to provide an appropriate security solution.

  16. Existing work Trust service provider Trust evaluation module Foreign Cloud Home Cloud Trust protocol Trust management module Trust management module Customer Ayesha Kanwal“Establishment and propagation of trust in federated cloud environment” October 2012

  17. Abstract Diagram

  18. Proposed Architecture Cloud Service Provider 2 Cloud Service Provider 3 2 - Service Request 3 – Service reply (Yes/No) 4 - If yes, Request for trust parameters 5 – Trust parameters Send + User credential request Cloud Service Provider 1 6 - If R.S <= R.T, grant access Risk based access control Risk Engine 1 - Client Request Risk threshold Risk score PIP PEP PDP

  19. Technologies and Standards Security assertion mark-up language (SAML) Java Open stack Identity creditable and access management

  20. Roadmap

  21. Industrial Survey CERN and Rackspace are probing the possibility of true federated hybrid clouds built on OpenStack.

  22. Community Response I believe that your idea of confidentiality, integrity and availability is very interesting. Actually, I think you can explore many possibilities these three concepts. I can’t think right now how could you fit SLA in the analysis, however it could be very interesting.

  23. THANKYOU

  24. References [1] Khalid ZamanBijon, Ram Krishnan, Ravi Sandhu, “Risk-Aware RBAC Sessions”, 8th International Conference, ICISS 2012, Guwahati, India, December 15-19, 2012. [2] Liang Chen, Jason Crampton, “Risk-Aware Role-Based Access Control”, 7th International Workshop, STM 2011, Copenhagen, Denmark, June 27-28, 2011. [3] Kandala, S, Sandhu, R., Bhamidipati, V., “An Attribute Based Framework for Risk-Adaptive Access Control Models”, Availability, Reliability and Security (ARES), 2011 Sixth International Conference, 2011. [4] David Brossard “XACML 101 – a quick intro to Attribute-based Access Control with XACML”, [web] www.webframer.eu, September 30, 2010. [5] Jaehong Park Inst. for Cyber Security, Univ. of Texas at San Antonio, San Antonio, TX, USA Dang Nguyen ; Sandhu, R., “A provenance-based access control model”, Privacy, Security and Trust (PST), 2012 Tenth Annual International Conference on, 16-18 July 2012. [6] Yuan Cheng ; Inst. for Cyber Security, Univ. of Texas at San Antonio, San Antonio, TX, USA ; Jaehong Park ; Sandhu, R., “Relationship-Based Access Control for Online Social Networks: Beyond User-to-User Relationships”, Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Conference on Social Computing (SocialCom), 3-5 Sept. 2012. [7] DimitriosZissis, DimitriosLekkas , “Addressing cloud computing security issues”, Future Generation Computer Systems, March 2012. [8] Sandeep K. Sood, “A combined approach to ensure data security in cloud computing”, Journal of Network and Computer Applications, November 2012.

  25. Refrences [9] M Singhal, Univ. of California, Merced, Merced, CA, USA S Chandrasekhar GeTingjian R. Sandhu R Krishnan Ahn Gail-Joon Elisa Bertino, Purdue University, IN USA “Collaboration in multicloud computing environments: Framework and security issues”, Computer (Volume:46 , Issue: 2 ), Feb. 2013. [10] Mohammed Alhamad, Tharam Dillon, Elizabeth Chang “SLA-Based Trust Model for Cloud Computing” 13th International Conference on Network-Based Information Systems 2010 [11] AtulGohad, Praveen S. Rao“1 * N Trust Establishment within Dynamic Collaborative Clouds” Cloud Computing in Emerging Markets (CCEM), 2012 IEEE International Conference [12] Hiroyuki Sato, Atsushi Kanai, ShigeakiTanimoto“A Cloud Trust Model in a Security Aware Cloud” Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on, July 2010 [13] EiEi Mon, Thinn Thu Naing“The privacy-aware access control system using attribute-and role-based access control in private cloud” Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference [14] Marcela Roxana Farcasescu “Trust Model Engines in cloud computing” 2012 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing [15] Monoj Kumar Muchahari, Smriti Kumar Sinha “A New Trust Management Architecture for Cloud Computing Environment”, 2012 International Symposium on Cloud and Services Computing [16] Vijay VaradharajanUdayaTupakula“TREASURE: Trust Enhanced Security for Cloud Environments ” 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

More Related