A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies; but it also comes with its challenges – such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.

[1]  Gabriel López Millán,et al.  Identity Federations Beyond the Web: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[2]  Ramin Yahyapour,et al.  Policy Engine as a Service (PEaaS): An Approach to a Reliable Policy Management Framework in Cloud Computing Environments , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[3]  I. Indu,et al.  Identity and access management for cloud web services , 2015, 2015 IEEE Recent Advances in Intelligent Computational Systems (RAICS).

[4]  Navneet Singh Patel,et al.  Software as a Service (SaaS): Security issues and Solutions , 2014 .

[5]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[6]  Christopher J. Pavlovski,et al.  Unified framework for multifactor authentication , 2015, 2015 22nd International Conference on Telecommunications (ICT).

[7]  Martin A. Weiss,et al.  U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield [May 19, 2016] , 2016 .

[8]  P. Venkata Krishna,et al.  Enhanced framework for verifying user authorization and data correctness using token management system in the cloud , 2014, 2014 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2014].

[9]  Cezar Reinbrecht,et al.  Gossip NoC -- Avoiding Timing Side-Channel Attacks through Traffic Management , 2016, 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[10]  Weihua Jiang,et al.  A token authentication solution for hadoop based on kerberos pre-authentication , 2014, 2014 International Conference on Data Science and Advanced Analytics (DSAA).

[11]  Faraz Fatemi Moghaddam,et al.  Cloud computing challenges and opportunities: A survey , 2015, 2015 1st International Conference on Telematics and Future Generation Networks (TAFGEN).

[12]  Peter Kulchyski and , 2015 .

[13]  Patricia Moloney Figliola U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield , 2016 .

[14]  Sudha Senthilkumar,et al.  HS-TBAC a highly secured token based access control for outsourced data in cloud , 2015, International Confernce on Innovation Information in Computing Technologies.

[15]  El Hajji Said,et al.  SWOT Analysis of Access Control Models , 2014 .

[16]  Faraz Fatemi Moghaddam,et al.  A scalable and efficient user authentication scheme for cloud computing environments , 2014, 2014 IEEE REGION 10 SYMPOSIUM.

[17]  Edward J. Coyne,et al.  ABAC and RBAC: Scalable, Flexible, and Auditable Access Management , 2013, IT Professional.

[18]  Yu Chin Cheng,et al.  A Token-Based User Authentication Mechanism for Data Exchange in RESTful API , 2015, 2015 18th International Conference on Network-Based Information Systems.

[19]  Qiang Wei,et al.  RBAC-Based Access Control for SaaS Systems , 2010, 2010 2nd International Conference on Information Engineering and Computer Science.

[20]  Yan Yang,et al.  An Identity and Access Management Architecture in Cloud , 2014, 2014 Seventh International Symposium on Computational Intelligence and Design.