Access control delegation for the cloud

Cloud computing has become the focus of attention in the industry, from the point of view of both providers and customers, as well as researchers. However, security concerns still impede the widespread adoption of this technology. Most enterprises are particularly worried about the lack of control over their outsourced data since the authentication and authorization systems of Cloud providers are generic and they cannot be easily adapted to the requirements of each individual enterprise. An adaptation process requires the creation of complex protocols, often leading to security problems and “lock-in” conditions. In this paper we present the design of a lightweight solution that overcomes these problems. We have implemented and incorporated this solution in a popular open-source Cloud stack: OpenStack. Our solution eliminates the need for developing complex adaptation protocols, offers data owners the flexibility to switch among Cloud providers, or use multiple, different Cloud providers concurrently, and enhances end-user privacy.

[1]  XiaoFeng Wang,et al.  Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[3]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[4]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[5]  Jukka Ylitalo,et al.  OpenID authentication as a service in OpenStack , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[6]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[7]  Giannis F. Marias,et al.  Access control enforcement delegation for information-centric networking architectures , 2012, CCRV.

[8]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[9]  Javier López,et al.  Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[10]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[11]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..