Dynamic Access Control Infrastructure for On-demand Provisioned Cloud Services
Size: px
Start display at page:

Download "Dynamic Access Control Infrastructure for On-demand Provisioned Cloud Services"

Transcription

1 Dynamic Access Control Infrastructure for On-demand Provisioned Cloud Services Canh Ngo SNE Group, University of Amsterdam OGF-ISOD 33 September 19-21, 2011 Lyon, 2011

2 Agenda Introduction Scenario Motivation Proposals on Security Infrastructure for Ondemand Provisioned Cloud Services Security Reference Model Trust Relationship Model Dynamic Access Control Infrastructure Implementations Summary 2

3 Introduction Scenario Virtual security domain Company A Cloud IaaS Multi-provider Multi-tenant Service Lifecycle Management Company B Company C Cloud Provider 1 Cloud Provider 2 Virtual Resource from Cloud Prov 1 Virtual Resource from Cloud Prov 2 3

4 Introduction Motivation Security context management issues: Integrate with service lifecycles Context delivery and synchronization of isolated operations among multiple tenants Binding end-users operations to separate customers/tenants Trust Management Trust model proposal Trust establishment protocols: establish trust-path/trust-chain between end-users and virtualized resources through supply-chain of providers Bootstrapping protocols for trusted virtualized devices Identity and Access Control Management Authorization policy management: synchronization of policies & reconfigurable resources Identity management, access control Support for virtual security domains across multiple Cloud providers Delegation: Security services/tools delegation for customers/tenants 4

5 Security for On-demand Provisioned Cloud Services Security Reference Model Common Security Service Interface (CSSI) proposal Common Security Service Layer Dynamic Access Control Infrastructure (DACI) proposal Trust model proposal, trust establishment protocols, bootstrapping processes Authentication & Identity Man. Trust Management (Dynamic trust establishment, Bootstrapping) SLA Management Authorization & Policy Man. Security Context Management Security Service Lifecycle Management (SSLM) 5

6 Security for On-demand Provisioned Cloud Services Trust Relationship Model Trust model using cryptographic-based with trust transitivity VIO1 VIO2 Building trust-paths from end-users to virtualized resources Trust-path establishment protocols Bootstrapping for trusted virtualized resources Dynamic Security Association PIP1 VIP1 VIP2 VIP3 PIP2 PIP3 PIP4 PIP: Physical Infrastructure Provider VIP: Virtual Infrastructure Provider VIO: Virtual Infrastructure Operator Static trust link Dynamic trust link Virtual Resource End-user 6

7 Security for On-demand Provisioned Cloud Services Dynamic Access Control Infrastructure Common Security Service Interface (CSSI) SecurityGateway Consolidate a common interface to access security services DACS instance[i] DACI Management Authentication Authority SAML-XACML Layer Authz-token Svc DACI Configuration DACI Monitoring Attr DB Attribute Authority Identity Management Service PIP (Authz Ctx Hdlr) PDP Obligation Handler PAP Authorization Service Authz-token Authority Authz Token Service DACS Man. Service DACI Policy Management DACI Context Management DACI Trust Management DACS Trust Manager Provisioned security services (DACS) DACI: Dynamic Access Control Infrastructure DACS: Dynamic Access Control Services Update authz-policies upon reconfiguring Virtual Infrastructure Dynamic Trust Establishment: DSA, Bootstrapping 7

8 Implementation GAAA-ISOD Toolkit Library Features Dynamic authorization policies: auto generate XACML authz-policies by predefined templates PEP: Common Security Service Interface (CSSI): facilitate integrations of virtualized security services to resources Security token service: XML-based AuthzToken & AuthzTicket, persistent caches, digital signatures Authentication (SAML, X.509, User/Password) Authorization (PDP, PEP, PAP) Security Token OpenSAML SunXACML BouncyCastle (Java crypto library) 8

9 Implementation GEYSERS Project Based on GAAATK-ISOD toolkit WP3-dev: Logical Infrastructure Composition Layer (LICL) FUSE ESB env, OSGi bundles Packages: AAI (AuthN/Z for LICL, NCP+), DACI (AuthN/Z provisioning for Cloud IaaS) WP4-dev: NCP+ AAI web services SecurityGateway AuthnSvc AuthzSvc TokenSvc DACI Policy Man. DACI Man. DACI Trust DACI Context DACS AAI for LICL (eu.geysers.licl.aai.*) DACI GAAA-ISOD Toolkit 9

10 Implementation DACS Integration using SecurityGateway library Isolate tenants/subscribers by Reservation Id (VI-GRI) CSSI Client VR service CSSI CSSI/GAAPI Policy Enforcement Point SecurityGateway Library AuthN AuthZ TokenSvc Identity Management Service Authorization Service DACS instance Security Token Service 10

11 Summary Future work Trust modeling across virtual security domains SSLM bootstrapping protocols for virtual devices: Trusted Computing Platform Architecture (TCPA) Trusted Platform Module (TPM) Federated virtualized Identity and Access Control Management GAAA-ISOD toolkit implementations with SSLM supports for on-demand infrastructure services provisioning 11

12 Thank you Any questions? 12

Similar documents

Security Framework for Virtualised Infrastructure Services Provisioned On-demand

Security Framework for Virtualised Infrastructure Services Provisioned On-demand 2011 Third IEEE International Conference on Coud Computing Technology and Science Security Framework for Virtualised Infrastructure Services Provisioned On-demand Canh Ngo 1, Peter Membrey 2, Yuri Demchenko

More information

Access Control Infrastructure for On-Demand Provisioned Virtualised Infrastructure Services

Access Control Infrastructure for On-Demand Provisioned Virtualised Infrastructure Services Access Control Infrastructure for On-Demand Provisioned Virtualised Infrastructure Services Yuri Demchenko University of Amsterdam y.demchenko@uva.nl Canh Ngo University of Amsterdam T.C.Ngo@uva.nl Cees

More information

Defining InterCloud Architecture (for Cloud based Infrastructure Services provisioned on-demand) and Cloud Security Infrastructure

Defining InterCloud Architecture (for Cloud based Infrastructure Services provisioned on-demand) and Cloud Security Infrastructure Defining InterCloud Architecture (for Cloud based Infrastructure Services provisioned on-demand) and Cloud Security Infrastructure Yuri Demchenko SNE Group, University of Amsterdam Cloud Federation Workshop,

More information

Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model

Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam ISOD BoF at TNC2011 16 May 2011, Prague ISOD BoF @ TNC2011

More information

Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model

Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam Cloud Security Workshop, OGF31 23 March 2011, Taipei Cloud IaaS

More information

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations

More information

Defining Generic Architecture. Cloud Infrastructure as a Service (IaaS) Provisioning Model. for

Defining Generic Architecture. Cloud Infrastructure as a Service (IaaS) Provisioning Model. for Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko, Cees de Laat SNE Group, University of Amsterdam ISGC2011 Conference 22-25 March 2011, Taipei

More information

Defining Generic Architecture for Cloud Infrastructure as a Service Model

Defining Generic Architecture for Cloud Infrastructure as a Service Model Defining Generic Architecture for Cloud Infrastructure as a Service Model Yuri Demchenko 1 University of Amsterdam Science Park 904, Amsterdam, The Netherlands E-mail: y.demchenko@uva.nl Cees de Laat University

More information

Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model

Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam Cloud Security Workshop 10-11 January 2011, Stavanger 1 Outline

More information

DEFINING GENERIC ARCHITECTURE FOR CLOUD IAAS PROVISIONING MODEL

DEFINING GENERIC ARCHITECTURE FOR CLOUD IAAS PROVISIONING MODEL DEFINING GENERIC ARCHITECTURE FOR CLOUD IAAS PROVISIONING MODEL Yuri Demchenko, Cees de Laat System and Network Engineering Group, University of Amsterdam, Amsterdam, The Netherlands y.demchenko@uva.nl,

More information

Logical Infrastructure Composition Layer and enhanced Network Control Plane EU-FP7 GEYSERS project

Logical Infrastructure Composition Layer and enhanced Network Control Plane EU-FP7 GEYSERS project Overview Logical Infrastructure Composition Layer and enhanced Network Control Plane EU-FP7 GEYSERS project Joan A. García-Espín i2cat (Barcelona.ES) ISOD BoF OGF30 October 26th, 2010 Grant agreement n

More information

Entitlements Access Management for Software Developers

Entitlements Access Management for Software Developers Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications

More information

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture

DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network

More information

INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR

INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR MANISHANKAR.S Assistant Professor Amrita Vishwa Vidhyapeetham Mysore Email: manishankar1988@gmail.com Abstract: Security has remained

More information

GEYSERS Project Update

GEYSERS Project Update GEYSERS Project Update ISOD RG Meeting OGF31-21 March 2011, Taipei Grant agreement n 248657 GEYSERS Architecture LICL Architecture Outline GEYSERS Service Delivery Framework and VI replanning stage Suggested

More information

Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns

Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Craig Lee, The Aerospace Corporation On behalf of Yuri Demchenko, Craig Lee, Canh Ngo, Cees de Laat

More information

COMPARATIVE STUDY OF VARIOUS EXISTING SECURITY SCENARIOS IN CLOUD COMPUTING ENVIRONMENT

COMPARATIVE STUDY OF VARIOUS EXISTING SECURITY SCENARIOS IN CLOUD COMPUTING ENVIRONMENT Volume 3, No. 9, September 2012 Journal of Global Research in Computer Science REVIEW ARTICAL Available Online at www.jgrcs.info COMPARATIVE STUDY OF VARIOUS EXISTING SECURITY SCENARIOS IN CLOUD COMPUTING

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

Securing Enterprise: Employability and HR

Securing Enterprise: Employability and HR 1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation

More information

Access Control Framework of Personal Cloud based on XACML

Access Control Framework of Personal Cloud based on XACML Access Control Framework of Personal Cloud based on XACML 1 Jun-Young Park, 2 Young-Rok Shin, 3 Kyoung-Hun Kim, 4 Eui-Nam Huh 1First Author, 2 Kyung Hee University, {parkhans, shinyr}@khu.ac.kr 3 Gangdong

More information

Trusted Multi-Tenant Infrastructure

Trusted Multi-Tenant Infrastructure Trusted Multi-Tenant Infrastructure February 14 th 2011 Copyright 2011 - Trusted Computing Group Trusted Multi-Tenant Infrastructure Workgroup Market Observations: Multi-Tenant security is an end-to-end

More information

Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns

Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Yuri Demchenko, Canh Ngo, Cees de Laat System and Network Engineering University of Amsterdam Amsterdam,

More information

SAML:The Cross-Domain SSO Use Case

SAML:The Cross-Domain SSO Use Case SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397

More information

Usage Control in Cloud Systems

Usage Control in Cloud Systems Usage Control in Cloud Systems Paolo Mori Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche Pisa Italy Agenda Examples of usage of Cloud services Usage Control Model Policy Language

More information

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar

OpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar OpenNebula Open Souce Solution for DC Virtualization C12G Labs Online Webinar What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized Environments I m using virtualization/cloud,

More information

Cloud Security and Data Protection

Cloud Security and Data Protection Cloud Security and Data Protection Cloud Strategy Partners, LLC Sponsored by: IEEE Educational Activities and IEEE Cloud Computing Course Presenter s Biography This IEEE Cloud Computing tutorial has been

More information

goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services

goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services Data Protection and Security Considerations in an egovernment Cloud in Germany Dr. Klaus-Peter Eckert Public Sector Cloud Forum

More information

Autonomic Cloud Workflows and Cloud Federation

Autonomic Cloud Workflows and Cloud Federation Autonomic Cloud Workflows and Cloud Federation Dr. Craig A. Lee, Senior Scientist, lee@aero.org The Aerospace Corporation GSAW, March 18, 2013 The Aerospace Corporation 2013 Introduction NIST Definition

More information

Vorgangsname 28.02. 30.04. 02.01. 29.02. 30.04. 01.11. 31.12. 28.02. M30 M30 M14 M20

Vorgangsname 28.02. 30.04. 02.01. 29.02. 30.04. 01.11. 31.12. 28.02. M30 M30 M14 M20 1 APPENDIX (SECTION 6) - GANTT Work plan 2 3 EMI Project 4 Project Duration (M1-M36) 5 EMI 1 Release Candidates/Code Freeze (M10) 6 EMI 1 Release (M12) 7 EMI 2 Feature Freeze () 8 EMI 2 Release Candidates/Code

More information

OpenNebula Open Souce Solution for DC Virtualization

OpenNebula Open Souce Solution for DC Virtualization 13 th LSM 2012 7 th -12 th July, Geneva OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision

More information

The Great Office 365 Adventure

The Great Office 365 Adventure COURSE OVERVIEW The Great Office 365 Adventure Duration: 5 days It's no secret that Microsoft has been shifting its development strategy away from the SharePoint on-premises environment to focus on the

More information

OpenNebula Open Souce Solution for DC Virtualization

OpenNebula Open Souce Solution for DC Virtualization OSDC 2012 25 th April, Nürnberg OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

Integrating XACML into JAX-WS and WSIT

Integrating XACML into JAX-WS and WSIT Integrating XACML into JAX-WS and WSIT Prof. Dr. Eric Dubuis Berner Fachhochschule Biel May 25, 2012 Overview Problem and Motivation Enforcing the Access Policy JAX-WS Handler Framework WSIT Validators

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure

More information

White Paper The Identity & Access Management (R)evolution

White Paper The Identity & Access Management (R)evolution White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management

More information

CLOUD AWARE LARGE SCALE DISTRIBUTED SOA. Christophe Hamerling EBM WebSourcing @chamerling

CLOUD AWARE LARGE SCALE DISTRIBUTED SOA. Christophe Hamerling EBM WebSourcing @chamerling CLOUD AWARE LARGE SCALE DISTRIBUTED SOA Christophe Hamerling EBM WebSourcing @chamerling Christophe Hamerling @EBM WebSourcing SOA Research Engineer Cloud Activity Leader Open Source Developper Petals

More information

Sentinet for BizTalk Server SENTINET

Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication

More information

Trusted Virtual Infrastructure Bootstrapping for On Demand Services.

Trusted Virtual Infrastructure Bootstrapping for On Demand Services. Trusted Virtual Infrastructure Bootstrapping for On Demand Services. Abstract As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways

More information

Software and Cloud Security

Software and Cloud Security 1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and

More information

Security Architecture for Open Collaborative Environment

Security Architecture for Open Collaborative Environment Security Architecture for Open Collaborative Environment Yuri Demchenko¹, Leon Gommans¹, Cees de Laat¹, Bas Oudenaarde¹, Andrew Tokmakoff², Martin Snijders², Rene van Buuren² ¹ Universiteit van Amsterdam,

More information

GOA365: The Great Office 365 Adventure

GOA365: The Great Office 365 Adventure BEST PRACTICES IN OFFICE 365 DEVELOPMENT 5 DAYS GOA365: The Great Office 365 Adventure AUDIENCE FORMAT COURSE DESCRIPTION STUDENT PREREQUISITES Professional Developers Instructor-led training with hands-on

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

Adding Federated Identity Management to OpenStack

Adding Federated Identity Management to OpenStack Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination

More information

Biometric Single Sign-on using SAML Architecture & Design Strategies

Biometric Single Sign-on using SAML Architecture & Design Strategies Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand

More information

A MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS

A MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS A MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS Eric H. Nielsen, Ph.D. VP Platform Architecture CA Technologies e.h.nielsen@ieee.org For IEEE Software Technology Conference STC 2014 April 3, 2014 Long Beach,

More information

End-to-End Security Policy Auditing and Enforcement in Service Oriented Architecture. Progress Report: January 2014 and Related Research

End-to-End Security Policy Auditing and Enforcement in Service Oriented Architecture. Progress Report: January 2014 and Related Research End-to-End Security Policy Auditing and Enforcement in Service Oriented Architecture Progress Report: January 2014 and Related Research Agenda Motivation REST/SOA Monitoring Framework Demo Future Work

More information

Service Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008

Service Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 Service Oriented Networks Security David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 While empowering new business models, SON leads to a proliferation of application networks

More information

GEMBus based Services Composition Platform for Cloud PaaS

GEMBus based Services Composition Platform for Cloud PaaS GEMBus based Services Composition Platform for Cloud PaaS Yuri Demchenko 1, Canh Ngo 1, Pedro Martínez-Julia 2, Elena Torroglosa 2, Mary Grammatikou 3, Jordi Jofre 4, Steluta Gheorghiu 4, Joan A. Garcia-Espin

More information

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies

More information

White paper. Planning for SaaS Integration

White paper. Planning for SaaS Integration White paper Planning for SaaS Integration KEY PLANNING CONSIDERATIONS: Business Process Modeling Data Moderling and Mapping Data Ownership Integration Strategy Security Quality of Data (Data Cleansing)

More information

The OpenNebula Cloud Platform for Data Center Virtualization

The OpenNebula Cloud Platform for Data Center Virtualization CloudOpen 2012 San Diego, USA, August 29th, 2012 The OpenNebula Cloud Platform for Data Center Virtualization Carlos Martín Project Engineer Acknowledgments The research leading to these results has received

More information

Authentication and Authorization Systems in Cloud Environments

Authentication and Authorization Systems in Cloud Environments Authentication and Authorization Systems in Cloud Environments DAVIT HAKOBYAN Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:203 Abstract The emergence of cloud computing paradigm offers

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

Next Challenges in Optical Networking Research: Contribution from the CaON cluster for HORIZON 2020

Next Challenges in Optical Networking Research: Contribution from the CaON cluster for HORIZON 2020 Next Challenges in Optical Networking Research: Contribution from the CaON cluster for HORIZON 2020 Dimitra Simeonidou: dsimeo@essex.ac.uk, Sergi Figuerola: sergi.figuerola@i2cat.net + CaON projects CaON

More information

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010

Oracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010 Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Oracle Reference Architecture and Oracle Cloud

Oracle Reference Architecture and Oracle Cloud Oracle Reference Architecture and Oracle Cloud Anbu Krishnaswamy Anbarasu Enterprise Architect Social. Mobile. Complete. Global Enterprise Architecture Program Safe Harbor Statement The following is intended

More information

Architectural Principles for Secure Multi-Tenancy

Architectural Principles for Secure Multi-Tenancy Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop

More information

Single Sign On In A CORBA-Based

Single Sign On In A CORBA-Based Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:

More information

Microsoft Azure for IT Professionals 55065A; 3 days

Microsoft Azure for IT Professionals 55065A; 3 days Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Microsoft Azure for IT Professionals 55065A; 3 days Course Description This

More information

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com Security

More information

SOA and SaaS - new challenges

SOA and SaaS - new challenges SOA and SaaS - new challenges Andre Grübel Business Technology Capgemini Loeffelstrasse 44-46 70597 Stuttgart andre.gruebel@capgemini.com Abstract: SOA is moving towards Software as a Service (SaaS), which

More information

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management

XACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management A Business Case for Fine-Grained Authorization and Centralized Policy Management Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity &

More information

Defining Inter-Cloud Architecture for Interoperability and Integration

Defining Inter-Cloud Architecture for Interoperability and Integration Defining Inter-Cloud Architecture for Interoperability and Integration 1 Yuri Demchenko, 1 Canh Ngo, 1,2 Marc X. Makkes, 1,2 Rudolf Strijkers, 1 Cees de Laat 1 University of Amsterdam System and Network

More information

IONA Security Platform

IONA Security Platform IONA Security Platform February 22, 2002 Igor Balabine, PhD IONA Security Architect Copyright IONA Technologies 2001 End 2 Anywhere Agenda IONA Security Platform (isp) architecture Integrating with Enterprise

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

INDIGO DataCloud. Technical Overview RIA-653549. Giacinto.Donvito@ba.infn.it. INFN-Bari

INDIGO DataCloud. Technical Overview RIA-653549. Giacinto.Donvito@ba.infn.it. INFN-Bari INDIGO DataCloud Technical Overview RIA-653549 Giacinto.Donvito@ba.infn.it INFN-Bari Agenda Gap analysis Goals Architecture WPs activities Conclusions 2 Gap Analysis Support federated identities and provide

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

Building a SaaS Application. ReddyRaja Annareddy CTO and Founder

Building a SaaS Application. ReddyRaja Annareddy CTO and Founder Building a SaaS Application ReddyRaja Annareddy CTO and Founder Introduction As cloud becomes more and more prevalent, many ISV s and enterprise are looking forward to move their services and offerings

More information

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper

Security for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 THE MENDIX APP PLATFORM...

More information

SAFAX. External Clients. TU/e Security Group

SAFAX. External Clients. TU/e Security Group 2016 SAFAX Policy Evaluation Deploy Policy TU/e Security Group Table of Contents Introduction... 2 List of Acronyms and Definitions... 3 List of Acronyms... 3 List of Definitions... 3 General Steps...

More information

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research t Cloud Security Let s Open the Box t Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research Facts about Ericsson Ericsson is a world-leading provider of telecommunication equipment and

More information

BOF4803 Open source identity and access management. 1 October 2012 5:30p San Francisco CA

BOF4803 Open source identity and access management. 1 October 2012 5:30p San Francisco CA Open source identity and access management 1 October 2012 5:30p San Francisco CA slide 2 Expert Panel Ludovic Poitou, ForgeRock Matt Hardin, Symas Pascal Jakobi, Thales Group Shawn McKinney, JoshuaTree

More information

How to Integrate and Extend Oracle CON3755. Gary Williams Principal Curriculum Developer Mobile Cloud Applications October 2014

How to Integrate and Extend Oracle CON3755. Gary Williams Principal Curriculum Developer Mobile Cloud Applications October 2014 How to Integrate and Extend Oracle Cl d A li ti Cloud Applications CON3755 Gary Williams Principal Curriculum Developer Mobile Cloud Applications October 2014 October 2014 Safe Harbor Statement The following

More information

On-demand Provisioning of Workflow Middleware and Services An Overview

On-demand Provisioning of Workflow Middleware and Services An Overview On-demand Provisioning of Workflow Middleware and s An Overview University of Stuttgart Universitätsstr. 8 70569 Stuttgart Germany Karolina Vukojevic-Haupt, Florian Haupt, and Frank Leymann Institute of

More information

Towards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com

Towards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview > Integration

More information

BOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA

BOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA Open Source Identity and Access Management Expert Panel, Part II 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA slide 2 Expert Panel Emmanuel Lécharny, Apache Software Foundation Howard

More information

Manage all your Office365 users and licenses

Manage all your Office365 users and licenses Manage all your Office365 users and licenses Delegate 365 White Paper Authors: Toni Pohl, Martina Grom Version: 1.2 of December 2014 atwork information technology gmbh. All rights reserved. For information

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

Consolidated Technology Services PRIVATE CLOUD SERVICE. March 2014

Consolidated Technology Services PRIVATE CLOUD SERVICE. March 2014 Consolidated Technology Services PRIVATE CLOUD SERVICE March 2014 Topics Service Strategy Features and Benefits Service Options Rates Deployment Strategy Next Steps 2 Private Cloud Service Strategy Transform

More information

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael

More information

Virtual Machine in Data Center Switches Huawei Virtual System

Virtual Machine in Data Center Switches Huawei Virtual System Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From

More information

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT Jamcracker, Inc. 4677 Old Ironsides Drive Santa Clara, CA, USA 95054 www.jamcracker.com Table of

More information

The Case for a Reference Framework for Trusted Multi-Tenant Infrastructure

The Case for a Reference Framework for Trusted Multi-Tenant Infrastructure The Case for a Reference Framework for Trusted Multi-Tenant Infrastructure Michael Donovan Chief Technologist HP Enterprise Services Erik Visnyak IA Engineer BAE Systems 09/21/2011 Abstract Learn about

More information

What s New in SharePoint 2016 (On- Premise) for IT Pros

What s New in SharePoint 2016 (On- Premise) for IT Pros What s New in SharePoint 2016 (On- Premise) for IT Pros This article is based on notes taken during a public presentation at the Microsoft Ignite event by presenter Bill Baer. A video of the session can

More information

It s All About Cloud Key Concepts, Players, Platforms And Technologies

It s All About Cloud Key Concepts, Players, Platforms And Technologies It s All About Cloud Key Concepts, Players, Platforms And Technologies 3-day seminar Description Cloud computing has gained a lot of attention in recent years. It has mostly been used for non business

More information

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Dr ITU-T, Chairman of Cloud Computing Working Party, SG 13 Future Networks Orange Labs Networks, Cloud & Future Networks Standard

More information

ITG Software Engineering

ITG Software Engineering IBM WebSphere Administration 8.5 Course ID: Page 1 Last Updated 12/15/2014 WebSphere Administration 8.5 Course Overview: This 5 Day course will cover the administration and configuration of WebSphere 8.5.

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Oracle Cloud 25.09.14. Bjarte Drivenes Enterprise Architect. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Oracle Cloud 25.09.14. Bjarte Drivenes Enterprise Architect. Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle Cloud 25.09.14 Bjarte Drivenes Enterprise Architect Copyright 2014 Oracle and/or its affiliates. All rights reserved. Copyright 2014 Oracle and/or its affiliates. All rights reserved. Agenda Private

More information

Title: Cloud Security, Access Control and Compliance

Title: Cloud Security, Access Control and Compliance HPCS 2015 TUTORIAL IV Title: Cloud Security, Access Control and Compliance http://www.uazone.org/demch/presentations.html hpcs2015tutorial-cloud-security-access-control-compliance-v02.pdf Yuri Demchenko

More information

White Paper. Cloud Native Advantage: Multi-Tenant, Shared Container PaaS. http://wso2.com Version 1.1 (June 19, 2012)

White Paper. Cloud Native Advantage: Multi-Tenant, Shared Container PaaS. http://wso2.com Version 1.1 (June 19, 2012) Cloud Native Advantage: Multi-Tenant, Shared Container PaaS Version 1.1 (June 19, 2012) Table of Contents PaaS Container Partitioning Strategies... 03 Container Tenancy... 04 Multi-tenant Shared Container...

More information

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0 sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary...

More information

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández

DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING Carlos de Alfonso Andrés García Vicente Hernández 2 INDEX Introduction Our approach Platform design Storage Security

More information

Enterprise Access Control Patterns For REST and Web APIs

Enterprise Access Control Patterns For REST and Web APIs Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed

More information

Getting Started Hacking on OpenNebula

Getting Started Hacking on OpenNebula LinuxTag 2013 Berlin, Germany, May 22nd Getting Started Hacking on OpenNebula Carlos Martín Project Engineer Acknowledgments The research leading to these results has received funding from Comunidad de

More information

Open Source Multi-Cloud, Multi- Tenant Automation in the cloud with SlipStream PaaS

Open Source Multi-Cloud, Multi- Tenant Automation in the cloud with SlipStream PaaS Open Source Multi-Cloud, Multi- Tenant Automation in the cloud with SlipStream PaaS A professional open source solution Robert Branchat, SixSq 5 July 2014 Lyon, France Based in Geneva, Switzerland Founded

More information

Sentinet for Windows Azure SENTINET

Sentinet for Windows Azure SENTINET Sentinet for Windows Azure SENTINET Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information