Loading [a11y]/accessibility-menu.js

A Framework for Authentication and Authorization Credentials in Cloud Computing | IEEE Conference Publication | IEEE Xplore

- Donate
- Personal Sign In

ADVANCED SEARCH

Conferences >2013 12th IEEE International ...

A Framework for Authentication and Authorization Credentials in Cloud Computing

Download PDF
Download References
Request Permissions
Save to
Alerts

Abstract:

Security is a key concern when adopting cloud technology. Cloud solutions include not only issues inherited from related technologies, such as virtualization and distribu...Show More

Metadata

Abstract:

Security is a key concern when adopting cloud technology. Cloud solutions include not only issues inherited from related technologies, such as virtualization and distributed computing, but also new concerns associated to complexity of the cloud ecosystem, composed by the cloud entities and their interactions. One of the concerns is related to authentication and authorization in the cloud in order to provide robust mechanisms to identify entities and establish their permissions and roles in the cloud, controlling resource usage and promoting accounting and isolation. This paper identifies the state of the art in terms of credential management focusing on the cloud ecosystem. It proposes a credential classification and a framework for studying and developing solutions in this context, unifying concepts related to cloud deployment models, service types, entities and lifecycle controls.

Published in: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Date of Conference: 16-18 July 2013

Date Added to IEEE Xplore: 12 December 2013

Electronic ISBN:978-0-7695-5022-0

ISSN Information:

DOI: 10.1109/TrustCom.2013.63

Conference Location: Melbourne, VIC, Australia

References is not available for this document.

I. Introduction

Security is essential to consolidate cloud computing as a widely adopted solution and to promote the integration of services and resources throughout multiple clouds and distributed environments [1]. It is important to ensure privacy and isolation of data and resources considering various levels of granularity, features which can be addressed by employing adequate mechanisms for authentication and authorization [2], [3].

Select All

1.

M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica et al., "A view of cloud computing," Comm. of the ACM, vol. 53, no. 4, pp. 50-58, 2010.

CrossRef Google Scholar

2.

H. Li, Y. Dai, L. Tian, and H. Yang, "Identity-based authentication for cloud computing," Cloud Computing, pp. 157-166, 2009.

CrossRef Google Scholar

3.

W. Jansen, "Cloud hooks: Security and privacy issues in cloud computing," in System Sciences (HICSS), 2011 44th Hawaii Int. Conf. on. IEEE, 2011, pp. 1-10.

4.

A. Celesti, F. Tusa, M. Villari, and A. Puliafito, "How to enhance cloud architectures to enable cross-federation," in Cloud Computing (CLOUD), 2010 IEEE 3rd Int. Conf. on. IEEE, 2010, pp. 337-345.

5.

P. Mell and T. Grance, "The NIST Definition of Cloud Computing," National Institute of Standards and Technology, www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf, Tech. Rep. 15, July 2009.

6.

R. Geambasu, S. Gribble, and H. Levy, "Cloudviews: Communal data sharing in public clouds," in Workshop on Hot Topics in Cloud Computing (HotCloud), 2009.

7.

L.-J. Zhang and Q. Zhou, "CCOA: Cloud Computing Open Architecture," in Web Services, 2009. ICWS 2009. IEEE International Conference on, july 2009, pp. 607-616.

8.

B. Sotomayor, R. Montero, I. Llorente, and I. Foster, "Virtual Infrastructure Management in Private and Hybrid Clouds," Internet Computing, IEEE, vol. 13, no. 5, pp. 14-22, sept.-oct. 2009.

9.

D. Hubbard, and M. Sutton, "Top threats to cloud computing," Cloud Security Alliance, Tech. Rep., March 2010. [Online]. Available: cloudsecurityalliance.org/research/ projects/top-threats-to-cloud-computing/

10.

J. Kinsella, "5 (more) key cloud security issues," Sep 2012. [Online]. Available: http://www.csoonline.com/article/ 717307/5-more-key-cloud- security-issues

11.

Sensage, "Log management and SIEM crucial for private cloud security."

12.

J. Bloomberg, "Why Public Clouds are More Secure than Private Clouds," Feb 2012. [Online]. Available: http://www.zapthink.com/2012/02/07/ why-public-clouds-are-more-secure-than-private-clouds/

13.

C. Metz, "AAA protocols: authentication, authorization, and accounting for the Internet," Internet Computing, IEEE, vol. 3, no. 6, pp. 75-79, Nov/Dec 1999.

14.

W. MacGregor, W. Dutcher, and J. Khan, "An Ontology of Identity Credentials," NIST special publication 800-103, 2006.

15.

J. Reid, J. Nieto, E. Dawson, and E. Okamoto, "Privacy and trusted computing," in Database and Expert Systems Applications, 2003. Proceedings. 14th International Workshop on. IEEE, 2003, pp. 383-388.

16.

M. Benantar, Access Control Systems-Security, Identity Management and Trust Models. Springer, 2006.

17.

E. Bertino and K. Takahashi, Identity Management Concepts, Technologies and Systems. Artech House, 2011.

18.

A. Pfitzmann and M. Hansen, "A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management," 2009.

19.

M. Bishop, Computer Security: Art and Science. Addison-Wesley Professional, 2002.

20.

ITU-T, "NGN identity management framework," 2009.

21.

J. E. Brezak, C. P. V. Dyke, J. M. Hawkins, and K. U. Schutz, "Credential Management-Patent number 7210167," 2007.

22.

PRIME, "Privacy and Identity Management for Europe," 2008.

23.

L. Badger and R. Bohn, "US Government Cloud Computing Technology Roadmap Volume II," National Institute of Standards and Technology, Tech. Rep., Nov 2011.

24.

P. Windley, Digital identity. OReilly Media, Incorporated, 2005.

25.

U. Fragoso-Rodriguez, M. Laurent-Maknavicius, and J. Incera-Dieguez, "Federated identity architectures," in Work in progress session, Annual Computer Security Application Conference, 2006.

26.

A. Gopalakrishnan, "Cloud computing identity management," SETLabs briefings, vol. 7, no. 7, pp. 45-54, 2009.

27.

C. Satchell, G. Shanks, S. Howard, and J. Murphy, "Knowing me-knowing you. end user perceptions of digital identity management systems," in Proceedings of the 14th European Conference on Information System, 2006.

28.

W. Jansen and T. Grance, "Guidelines on Security and Privacy in Public Cloud Computing," National Institute of Standards and Technology, Tech. Rep., December 2011.

29.

CSA, "Security guidance for critical areas of focus in cloud computing," Cloud Security Alliance, Tech. Rep., December 2009.

30.

D. Cattedu and G. Hogben, "Cloud computing risk assessment," ENISA, Tech. Rep., 2009, enisa.europa.eu/act/rm/files/deliverables/cloud- computingrisk-assessment.

References is not available for this document.