Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities

Abstract—In our previous work we designed and evaluatedthe feasibility of highly secure and dependable identity providers(IdPs) for the increasing requirements of future IT infrastruc-tures. In this position paper we extend our previous workby analyzing and discussing the benefits of deploying highlysecure and dependable identity providers-as-a-service (IdP-as-a-Service), without compromising the confidentiality of sensitivedata and operations. In order to achieve this goal, we discusssome of the forefront challenges of deploying IdP-as-a-Serviceas a cloud-of-clouds model to ensure important properties suchas the resistance against different types of threats and attacks,arbitrary faults, and make it more realistic to improve the systemavailability up to the three-nines mark. Notwithstanding, the mainopportunities towards IdP-as-a-Service are also analyzed. Wefinish the paper proposing a sustainable business model basedon our previous deployments and results, showing that it can bea win-win opportunity, i.e., both IdP-as-a-Service providers andcustomers can benefit from it.Keywords—identity providers, IdP-as-a-Service, business modeland opportunities, security, dependability, high availability, cloudproviders, multi-cloud, telco cloud, hybrid cloud.

[1]  Miguel Correia,et al.  SCFS: A Shared Cloud-backed File System , 2014, USENIX Annual Technical Conference.

[2]  Eduardo Feitosa,et al.  Increasing the Resilience and Trustworthiness of OpenID Identity Providers for Future Networks and Services , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[3]  David Hylender,et al.  Data Breach Investigations Report , 2011 .

[4]  Konrad Campowsky,et al.  BonFIRE: A Multi-cloud Test Facility for Internet of Services Experimentation , 2012, TRIDENTCOM.

[5]  Louis Goubin,et al.  Protecting AES with Shamir's Secret Sharing Scheme , 2011, CHES.

[6]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[7]  Ian Sommerville,et al.  Decision Support Tools for Cloud Migration in the Enterprise , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[8]  Dave Durkee,et al.  Why cloud computing will never be free , 2010, ACM Queue.

[9]  Radu Sion,et al.  To cloud or not to cloud?: musings on costs and viability , 2011, SOCC '11.

[10]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[11]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[12]  Vyas Sekar,et al.  Verifiable network function outsourcing: requirements, challenges, and roadmap , 2013, HotMiddlebox '13.

[13]  Ajay Kumar,et al.  Cloud computing - An emerging trend in information technology , 2014, 2014 International Conference on Issues and Challenges in Intelligent Computing Techniques (ICICT).

[14]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[15]  Otto Carlos Muniz Bandeira Duarte,et al.  Authentication and Access Control Architecture for Software Defined Networks , 2013 .

[16]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[17]  Jukka Ylitalo,et al.  OpenID authentication as a service in OpenStack , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[18]  Paulo Veríssimo,et al.  Intrusion-tolerant middleware: the road to automatic security , 2006, IEEE Security & Privacy.

[19]  Rick Cattell,et al.  Scalable SQL and NoSQL data stores , 2011, SGMD.

[20]  Guy Pujolle,et al.  A Survey on Identity Management for the Future Network , 2013, IEEE Communications Surveys & Tutorials.

[21]  Ziynet Dayıoğlu Secure Database in Cloud Computing - CryptDB Revisited , 2014 .

[22]  Xu Zhiqun,et al.  Emerging of Telco Cloud , 2013, China Communications.

[23]  Ian Sommerville,et al.  Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[24]  Andrew J. Kornecki,et al.  Studying interrelationships of safety and security for software assurance in cyber-physical systems: Approach based on bayesian belief networks , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[25]  Eduardo Feitosa,et al.  System Design Artifacts for Resilient Identification and Authentication Infrastructures , 2014, ICNS 2014.

[26]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[27]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[28]  Kirstie Hawkey,et al.  Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures , 2012, Computers & security.

[29]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[30]  Artur Rot,et al.  IT security threats in cloud computing sourcing model , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[31]  Miguel Correia,et al.  Clouds-of-Clouds for Dependability and Security: Geo-replication Meets the Cloud , 2013, Euro-Par Workshops.

[32]  Alexandru Iosup,et al.  Performance Analysis of Cloud Computing Services for Many-Tasks Scientific Computing , 2011, IEEE Transactions on Parallel and Distributed Systems.

[33]  Bernhard Ager,et al.  Outsourcing the routing control logic: better internet routing based on SDN principles , 2012, HotNets-XI.

[34]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[35]  James A. Thom,et al.  Cloud Computing Security: From Single to Multi-clouds , 2012, 2012 45th Hawaii International Conference on System Sciences.

[36]  S. LalitMohan,et al.  IDRBT Community Cloud for Indian Banks , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[37]  Antonio Casimiro,et al.  A Trustworthy and Resilient Event Broker for Monitoring Cloud Infrastructures , 2012, DAIS.

[38]  Renato Recio,et al.  Software defined networking to support the software defined environment , 2014, IBM J. Res. Dev..

[39]  Glen Gibb,et al.  Outsourcing network functionality , 2012, HotSDN '12.