Identity access management for Multi-tier cloud infrastructures

This paper presents a novel architecture to manage identity and access (IAM) in a Multi-tier cloud infrastructure, in which most services are supported by massive-scale data centres over the Internet. Multi-tier cloud infrastructure uses tier-based model from Software Engineering to provide resources in different tires. In this paper we focus on design and implementation of a centralized identity and access management system for the multi-tier cloud infrastructure. First, we discuss identity and access management requirements in such an environment and propose our solution to address these requirements. Next, we discuss approaches to improve performance of the IAM system and make it scalable to billions of users. Finally, we present experimental results based on the current deployment in the SAVI Testbed. We show that our IAM system outperforms the previously proposed IAM systems for cloud infrastructure by factor 9 in throughput when the number of users is small, it handle about 50 times more requests in peak usage. Because our architecture is a combination of Green-thread and load balanced process, it uses less systems resources, and easily scales up to address high number of requests.

[1]  Tingting Zhang,et al.  ID management among clouds , 2009, 2009 First International Conference on Future Information Networks.

[2]  Hai-Bo Shen A Semantic- and Attribute-Based Framework for Web Services Access Control , 2010, 2010 2nd International Workshop on Intelligent Systems and Applications.

[3]  Weiqing Sun,et al.  I-RBAC: Isolation enabled role-based access control , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[4]  A. Karp,et al.  From ABAC to ZBAC : The Evolution of Access Control Models , 2009 .

[5]  Emily Halili,et al.  Apache JMeter , 2008 .

[6]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[7]  Chen Yuan,et al.  Attribute Based Access Control (ABAC)-Based Cross-Domain Access Control in Service-Oriented Architecture (SOA) , 2012, 2012 International Conference on Computer Science and Service System.

[8]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[9]  Elisa Bertino,et al.  Role Based Access Control Models , 2001, Inf. Secur. Tech. Rep..

[10]  Bharat K. Bhargava,et al.  An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[11]  Ted Faber,et al.  Managing Identity and Authorization for Community Clouds , 2012 .

[12]  Chip Elliott,et al.  GENI - global environment for network innovations , 2008, LCN.

[13]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[14]  Aydan R. Yumerefendi,et al.  Beyond Virtual Data Centers : Toward an Open Resource Control Architecture , 2007 .

[15]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[16]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[17]  Gadadhar Sahoo,et al.  Identity Management in Cloud Computing -A Review , 2012 .

[18]  Hristo Koshutanski,et al.  Distributed Identity Management Model for Digital Ecosystems , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[19]  Alberto Leon-Garcia,et al.  SAVI testbed: Control and management of converged virtual ICT resources , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[20]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[21]  Sushil Jajodia,et al.  Intrusion Confinement by Isolation in Information Systems , 2000, J. Comput. Secur..

[22]  Bin Wang,et al.  Identity Federation Broker for Service Cloud , 2010, 2010 International Conference on Service Sciences.