Authorization Federation in IaaS Multi Cloud



Similar documents
Institute for Cyber Security. A Multi-Tenant RBAC Model for Collaborative Cloud Services

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

MULTI-TENANT ACCESS CONTROL FOR CLOUD SERVICES

Extending OpenStack Access Control with Domain Trust

2 Authentication and identity management services in multi-platform cloud infrastructure

Adding Federated Identity Management to OpenStack

SECURE CLOUD COMPUTING

Cloud Essentials for Architects using OpenStack

NCTA Cloud Architecture

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED CONCEPTUALIZATION MODEL LANGUAGE SPECIFICATIONS

CLOUD COMPUTING. When It's smarter to rent than to buy

Adding Federated Identity Management to Openstack

Cyber Incident Response

Multi-tenancy authorization models for collaborative cloud services

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

A Survey on Cloud Security Issues and Techniques

Introduction to OpenStack

SINGLE & SAME SIGN-ON ASPECTS

Copyright Pivotal Software Inc, of 10

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Transport SDN - Clearing the Roadblocks to Wide-scale Commercial

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Interoperate in Cloud with Federation

Federated Identity for Cloud Computing and Cross-organization Collaboration

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES

Secure Identity in Cloud Computing

Interoperability & Portability for Cloud Computing: A Guide.

It s All About Cloud Key Concepts, Players, Platforms And Technologies

Single Sign On. SSO & ID Management for Web and Mobile Applications

The Role of Identity Enabled Web Services in Cloud Computing

Cloud Computing Standards: Overview and first achievements in ITU-T SG13.

Security Architecture for Cloud Computing Platform

Identity and Access Management for the Cloud What You Need to Know About Managing Access to Your Clouds

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Cloud Computing for Architects

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Third Party Cloud Services Its Adoption in the New Age

A Novel Cloud Hybrid Access Mechanism for Highly Sensitive Data Exchange

Enabling SSO for native applications

The Future of Cloud Identity Security. Michael Schwartz Founder / CEO Gluu

Security Issues in Cloud Computing

SAVI/GENI Federation. Research Progress. Sushil Bhojwani, Andreas Bergen, Hausi A. Müller, Sudhakar Ganti University of Victoria.


Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

A.Prof. Dr. Markus Hagenbuchner CSCI319 A Brief Introduction to Cloud Computing. CSCI319 Page: 1


EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

AEIJST - June Vol 3 - Issue 6 ISSN Cloud Broker. * Prasanna Kumar ** Shalini N M *** Sowmya R **** V Ashalatha

Domain 12: Guidance for Identity & Access Management V2.1

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

So#ware to Data model

What is Cloud Computing? Tackling the Challenges of Big Data. Tackling The Challenges of Big Data. Matei Zaharia. Matei Zaharia. Big Data Collection

CliQr CloudCenter. Multi-Tenancy

Open Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0

TOP 7 THINGS Every Executive Should Know About Cloud Computing EXECUTIVE BRIEF

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

FREE AND OPEN SOURCE SOFTWARE FOR CLOUD COMPUTING SERENA SPINOSO FULVIO VALENZA

Deploying Your Application On Public Cloud

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Cloud Computing Standards: Overview and ITU-T positioning

Hybrid Cloud Identity and Access Management Challenges

Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

A Requirements Analysis for IaaS Cloud Federation

Safewhere*Identify. Introduction. You just need one system for all your user on-boarding, admin and authentication

Cloud Computing An Elephant In The Dark

Cloud Computing. Technologies and Types

Iaas for Private and Public Cloud using Openstack

T-SYSTEMS Cloud STORY

OpenID Authentication As A Service in OpenStack

Compliance and the Cloud: What You Can and What You Can t Outsource

INDIGO-DataCloud Wupi 4 (Resource Virtualization)

Identity in the Cloud Use Cases Version 1.0

Unleash the IaaS Cloud About VMware vcloud Director and more VMUG.BE June 1 st 2012

Amazon Web Services Demo Tech Exchange. Slides:

The Challenges of Web single sign-on

Transcription:

Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015 1

Why Multi Cloud? Collaboration of organizations across clouds. Organizations with resources across multiple clouds. 2

Scope of Contribution Cloud Federation Service SaaS PaaS IaaS Platform Homogenous Heterogeneous Trust Circle-of-Trust Peer-to-Peer Coupling Authentication Federation Authorization Federation 3

Multi Cloud Collaboration Cloud Federation Service (IaaS, PaaS, SaaS) Heterogeneous: Google account (Open ID 2.0) Heterogeneous within google. Homogenous: Eduroam federated network access. Platform Trust Heterogeneous: OpenStack federation with AWS. Homogenous: Keystone to Keystone federation. Circle-of-Trust: Alliance of institutions for sharing scientific data such as CERN. Peer-to-Peer: Best Buy federating with Rackspace. Coupling Identity Federation: SAML, OAuth, OpenID, SSO. Authorization Federation: SAML, OAuth. 4

Trust Framework Trust Coupling Circle-of-Trust Peer-to-Peer Initiation Bilateral Unilateral Direction Bidirectional Unidirectional Transitivity Non-Transitive Transitive 5

Concept of Trust Four trust types: TTTTTTTT αα: (Trustor grants inter-cloud access to trustee) If AA αα BB, cloud AA is authorized to assign BB s users to cloud AA s resources. In such trust type, AA controls trust relation existence and cross-cloud assignments. TTTTTTTT ββ: (Trustee grants inter-cloud access to trustor) If AA ββ BB, cloud BB is authorized to assign AA s users to its resources. In such trust type, AA controls trust relation and BB controls cross-cloud assignments. TTTTTTTT γγ: (Trustee takes inter-cloud access to trustor) If AA γγ BB, cloud BB is authorized to assign its users to cloud AA s resources. In such trust type, AA controls trust relation and BB controls cross-cloud assignments. TTTTTTTT δδ: (Trustee controls intra-cloud access to trustor) If AA γγ BB, cloud BB is authorized to assign AA s users to AA s resources. In such trust type, AA controls trust relation and BB controls intra-cloud assignments within AA. 6

Administrative Realms 7

Multi Cloud Trust Three trust scopes based on administrative realms in cloud: Cross Cloud Trust Sharing cloud infrastructure resources, such as services. Cross Domain Trust Sharing domain resources such as projects. Cross Project Trust Sharing project resources such as VMs. 8

Cloud Trust Enables sharing cloud resources, services and domains. Set of domains shared between clouds with trust type (for domain trust). Sharing services by creating private domains for service allocation. Trust relation in Cloud Trust is Peer-to-Peer, bilateral, bidirectional, nontransitive. 9

Domain Trust Enabling cross cloud access by assigning users to PRPs between trusted domains. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive. DD AA DD AA ββ DD BB DD BB UU 1 UU 2 UU 3 UU 4 UU 5 UU 6 PPPPPP 1 PPPPPP 2 PPPPPP 3 PPPPPP 4 PPPPPP 5 PPPPPP 6 10

Project Trust Enabling cross cloud access to service instances by assigning users to PRPs between trusted projects. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive. DD AA PPPPPP 2 γγ PPPPPP 5 DD BB UU 1 UU 2 UU 3 UU 4 UU 5 UU 6 PPPPPP 1 PPPPPP 2 PPPPPP 3 PPPPPP 4 PPPPPP 5 PPPPPP 6 VVVV 1 VVVV 2 VVVV 3 VVVV 4 VVVV 5 VVVV 6 11

Related Work RBAC extensions ROBAC (collaboration ins not supported). GB-RBAC (group does own users). Role Based delegation models Delegation chains lacks dynamicity of trust in cloud federation environments. Multi-tenant trust models in single cloud. MT-RBAC (Multi-Tenant RBAC). CTTM (Cross Tenant Trust model). OSAC-DT (OpenStack Access Control with Domain Trust). 12

Conclusion & Future Work Multi-cloud trust model Cloud trust. Domain trust. Project trust. Trust framework & trust types Four types of trust applicable to administrative realms in cloud. Implementation in single cloud Partial implementation of domain-trust in single cloud OpenStack. Future Work Cloud trust implementation. Implementation in federated OpenStack clouds. Project trust implementation. Hierarchical multi-domain model. Attribute based models. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information