Enhancing trust in federated cloud environment using the risk based access control - PowerPoint PPT Presentation

Loading...

PPT – Enhancing trust in federated cloud environment using the risk based access control PowerPoint presentation | free to download - id: 5d41ea-MzY1Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Enhancing trust in federated cloud environment using the risk based access control

Description:

Enhancing trust in federated cloud environment using the risk based access control 2012-Fowz Masood-NUST-MS-CCS-23 Supervisor: Dr. Awais Shibli – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 26
Provided by: acer472
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Enhancing trust in federated cloud environment using the risk based access control


1
Enhancing trust in federated cloud environment
using the risk based access control
  • 2012-Fowz Masood-NUST-MS-CCS-23

Supervisor Dr. Awais Shibli Committee Members
Dr. Abdul Ghafoor, Ms. Hirra Anwar, Ms. Rahat
Masood
2
Agenda
  • Introduction
  • Cloud federation
  • Challenges in cloud computing
  • Trust issue in cloud
  • Literature review
  • Limitations
  • Problem statement
  • Proposed architecture
  • Roadmap
  • Industrial survey
  • Response from international community
  • References

3
Overview of Cloud Computing
Broad Network Access
Rapid Elasticity
Measured Services
On-demand Self Services
Resource Pooling
Infrastructure-as-a-service
Software-as-a-service
Platform-as-a-service
Hybrid
Private
Community
Public
Reference http//cloudblueprint.wordpress.com/clo
ud-taxonomy/
4
Cloud Federation
  • Different CSPs form a federation
  • Benefits
  • Cloud burst
  • Load balancing
  • Global unity
  • Better resource management


Home Cloud
Cloud service provider 1
Cloud Federation
Cloud service provider 3
Cloud service provider 2
Foreign Cloud
Foreign Cloud
5
Issues in cloud
  • Recently conducted survey shows
  • The Edward Snowden - NSA scandal has also
    raised many questions in peoples mind.
  • Due Diligence.

Michael A. Davis. (2012, August) Information
Week. Online. http//www.informationweek.com/gl
obal-cio/security/dont-trust-cloud-security/240005
687 John Naughton. (2013, September) The
Guardian. Online. http//www.theguardian.com/te
chnology/2013/sep/15/edward-snowden-nsa-cloud-comp
uting The Notorious Nine Cloud Computing Top
Threats in 2013Online https//cloudsecurityall
iance.org
6
Trust issues in cloud
Building user trust in cloud computing is one the
top issues
Warwick Ashford Security in the cloud Top nine
issues in building users' trust Online, April
2011http//www.computerweekly.com/feature/Securit
y-in-the-cloud-Top-nine-issues-in-building-users-t
rust
7
Contd
Cloud computing is missing the transparency.
Chris Paoli, Enterprises Have Cloud Trust
Issues Online, Aug 2012http//redmondmag.com/a
rticles/2012/08/08/cloud-trust-issues.aspx
8
  • Literature Survey

9
1 N Trust Establishment within Dynamic
Collaborative Clouds
  • A central entity CSB is used for establishing
    the trust
  • Secure tokens are generatedand used
  • Pros
  • CSB has to manage all theCSPs.
  • Better security.
  • Cons
  • Complex framework
  • Single point of failure
  • Model relies on certificates, which is itself a
    slow process

Atul Gohad, Praveen S. Rao1 N Trust
Establishment within Dynamic Collaborative
Clouds Cloud Computing in Emerging Markets
(CCEM), 2012 IEEE International Conference
10
A Cloud Trust Model in a Security Aware Cloud
  • A cloud trust model has been proposed, in which
    two additional layers of trust has been added.
  • Pros
  • Enhances the security
  • Cons
  • TPM needs hardware modification.
  • Key management is a cumbersometask.
  • No continuous monitoring.
  • Additional layers will make over allsystem slow.

Hiroyuki Sato, Atsushi Kanai, Shigeaki TanimotoA
Cloud Trust Model in a Security Aware Cloud
Applications and the Internet (SAINT), 2010 10th
IEEE/IPSJ International Symposium on, July 2010
11
SLA-Based Trust Model for Cloud Computing
  • Authors have used service level agreement (SLA)
    to calculate the trustworthiness
  • Both functional and nonfunctional requirements
    are catered for trust establishment
  • Pros
  • Best possible CSP will be provided on the demand
    of client
  • Cons
  • Trust level changes
  • SLA parameters itself are not enough

Mohammed Alhamad, Tharam Dillon, Elizabeth Chang
SLA-Based Trust Model for Cloud Computing 13th
International Conference on Network-Based
Information Systems 2010
12
The privacy-aware access control system using
attribute-and role-based access control in
private cloud
  • To make the system secure both RBAC and ABAC are
    placed
  • Pros
  • Enhances the overallsecurity of cloud
  • Cons
  • Computationally expensive, slow

Ei Ei Mon, Thinn Thu Naing The privacy-aware
access control system using attribute-and
role-based access control in private cloud
Broadband Network and Multimedia Technology
(IC-BNMT), 2011 4th IEEE International Conference
13
Risk-Aware RBAC Sessions
  • Authors have incorporated therisk parameter in a
    RBACsession.
  • Pros
  • Robust.
  • Better security as its dynamicin nature.
  • Cons
  • Parameters for risks were notexplained.
  • Testing evaluation is notprovided.

Khalid Zaman Bijon, Ram Krishnan, and Ravi
SandhuRisk-Aware RBAC Sessions 8th
International Conference, ICISS 2012, Guwahati,
India, December 15-19, 2012
14
Research Findings
  • Trust models
  • Trust models are fixed.
  • One time check only.
  • Detective in nature rather being preventive.
  • Cryptographic techniques are computationally
    expensive.
  • Require third party for verification.
  • Access Control
  • Clouds dynamic nature demands a flexible A.C.
    However, traditional A.C mechanisms are based on
    static policies which makes them too rigid to
    handle the complex situations.

15
Problem Statement
  • The performance of a CSP in a cloud federation
    can deteriorate over the time, in this case the
    existing trust and access control schemes fail to
    provide an appropriate security solution.

16
Existing work
Trust service provider
SLA-monitor module
Feedback collection module
Identity provider
Trust evaluation module
Foreign Cloud
Home Cloud
Trust protocol
Trust management module
Trust management module
Customer
Ayesha Kanwal Establishment and propagation of
trust in federated cloud environment October 2012
17
Abstract Diagram
18
Proposed Architecture
Cloud Service Provider 2
Cloud Service Provider 3
2 - Service Request
3 Service reply (Yes/No)
4 - If yes, Request for trust parameters
5 Trust parameters Send User credential
request
Cloud Service Provider 1
6 - If R.S lt R.T, grant access
Risk based access control
Risk Engine
1 - Client Request
Risk threshold
Risk score
PDP
PIP
PEP
19
Technologies and Standards
  • Security assertion mark-up language (SAML)
  • Java
  • Open stack
  • Identity creditable and access management

20
Roadmap
Milestones Duration
Preliminary study and research Done
Implementation
Risk based access control implementation 2 month
Configuration of cloud 20 days
Deploying the R.A.C in cloud 20 days
Testing and evaluation 1.5 month
Initial thesis draft 1 month
Final documentation 1 month
21
Industrial Survey
22
Community Response
  1. I believe that your idea of confidentiality,
    integrity and availability is very interesting.
    Actually, I think you can explore many
    possibilities these three concepts.
  2. I cant think right now how could you fit SLA in
    the analysis, however it could be very
    interesting.

23
  • THANKYOU

24
References
  • 1 Khalid Zaman Bijon, Ram Krishnan, Ravi
    Sandhu, Risk-Aware RBAC Sessions, 8th
    International Conference, ICISS 2012, Guwahati,
    India, December 15-19, 2012.
  • 2 Liang Chen, Jason Crampton, Risk-Aware
    Role-Based Access Control, 7th International
    Workshop, STM 2011, Copenhagen, Denmark, June
    27-28, 2011.
  • 3 Kandala, S, Sandhu, R., Bhamidipati, V., An
    Attribute Based Framework for Risk-Adaptive
    Access Control Models, Availability, Reliability
    and Security (ARES), 2011 Sixth International
    Conference, 2011.
  • 4 David Brossard XACML 101 a quick intro to
    Attribute-based Access Control with XACML, web
    www.webframer.eu, September 30, 2010.
  • 5 Jaehong Park Inst. for Cyber Security, Univ.
    of Texas at San Antonio, San Antonio, TX, USA
    Dang Nguyen Sandhu, R., A provenance-based
    access control model, Privacy, Security and
    Trust (PST), 2012 Tenth Annual International
    Conference on, 16-18 July 2012.
  • 6 Yuan Cheng Inst. for Cyber Security, Univ.
    of Texas at San Antonio, San Antonio, TX, USA
    Jaehong Park Sandhu, R., Relationship-Based
    Access Control for Online Social Networks Beyond
    User-to-User Relationships, Privacy, Security,
    Risk and Trust (PASSAT), 2012 International
    Conference on and 2012 International Conference
    on Social Computing (SocialCom), 3-5 Sept. 2012.
  • 7 Dimitrios Zissis, Dimitrios Lekkas ,
    Addressing cloud computing security issues,
    Future Generation Computer Systems, March 2012.
  • 8 Sandeep K. Sood, A combined approach to
    ensure data security in cloud computing, Journal
    of Network and Computer Applications, November
    2012.

25
Refrences
  • 9 M Singhal, Univ. of California, Merced,
    Merced, CA, USA S Chandrasekhar Ge Tingjian R.
    Sandhu R Krishnan Ahn Gail-Joon Elisa Bertino,
    Purdue University, IN USA Collaboration in
    multicloud computing environments Framework and
    security issues, Computer (Volume46 , Issue 2
    ), Feb. 2013.
  • 10 Mohammed Alhamad, Tharam Dillon, Elizabeth
    Chang SLA-Based Trust Model for Cloud Computing
    13th International Conference on Network-Based
    Information Systems 2010
  • 11 Atul Gohad, Praveen S. Rao1 N Trust
    Establishment within Dynamic Collaborative
    Clouds Cloud Computing in Emerging Markets
    (CCEM), 2012 IEEE International Conference
  • 12 Hiroyuki Sato, Atsushi Kanai, Shigeaki
    TanimotoA Cloud Trust Model in a Security Aware
    Cloud Applications and the Internet (SAINT),
    2010 10th IEEE/IPSJ International Symposium on,
    July 2010
  • 13 Ei Ei Mon, Thinn Thu Naing The
    privacy-aware access control system using
    attribute-and role-based access control in
    private cloud Broadband Network and Multimedia
    Technology (IC-BNMT), 2011 4th IEEE International
    Conference
  • 14 Marcela Roxana Farcasescu Trust Model
    Engines in cloud computing 2012 14th
    International Symposium on Symbolic and Numeric
    Algorithms for Scientific Computing
  • 15 Monoj Kumar Muchahari, Smriti Kumar Sinha A
    New Trust Management Architecture for Cloud
    Computing Environment, 2012 International
    Symposium on Cloud and Services Computing
  • 16 Vijay Varadharajan Udaya Tupakula TREASURE
    Trust Enhanced Security for Cloud Environments
    2012 IEEE 11th International Conference on Trust,
    Security and Privacy in Computing and
    Communications
About PowerShow.com