Security strategies for cloud identity management - a study

  • Authors

    • Anilkumar Chunduru SCOPE, Vellore Institute of Technology
    • Sumathy S SITE, Vellore Institute of Technology
    2018-05-12
    https://doi.org/10.14419/ijet.v7i2.10410
  • Cloud Security, Identity Access Management, Single Sign-on (SSO), Privacy, Open Id Connect, Federated Identity Management
  • Abstract

    Emphasis on security for providing Access Control in Cloud computing environment plays a significant role. Cloud computing provides number of benefits such as resource sharing, low speculation and large storage space. Huge amount of information stored in cloud can be accessed from anywhere, anytime on pay-per use basis. Resources in cloud should be accessed only by the authorized clients. Access Control in cloud computing has become a critical issue due to increasing number of users experiencing dynamic changes. Authentication, authorization and approval of the access ensuring liability of entities from login credentials including passwords and biometric scan is essential. Also, the federated authentication management is secured. Current approaches require large-scale distributed access control in cloud environment. Data security and access control are the drawbacks in existing access control schemes. Due to the drawbacks in existing access control schemes such as privacy of information when susceptible information is stored in intermediary service provider a federated identity access management is essential. Access control applications majorly concentrate on Healthcare, Government Organizations, Commercial, Critical Infrastructure and Financial Institutions. This review illustrates a detailed study of access control models in cloud computing and various cloud identity management schemes.

  • References

    1. [1] Y. Yang, X. Chen, G. Wang, and L. Cao, “An Identity and Access Management Architecture in Cloud,†2014 Seventh Int. Symp. Comput. Intell. Des, vol. 2, pp. 200–203, 2014. https://doi.org/10.1109/ISCID.2014.221.

      [2] A. Bhargav-Spantzel and S. W. Deutsch, “Platform capability based identity management for scalable and secure cloud service access,†2012 IEEE Globecom Work. GC Wkshps 2012, pp. 763–768, 2012.

      [3] Novell, “Identity and Access Management in the Cloud,†Cloud Secur. Alliance Res. Pap., pp. 3–19, 2010.

      [4] N. K. Shukla, “IDENTITY & ACCESS MANAGEMENT.â€

      [5] A. Pereira, J. Sobral, and C. Westphall, “Towards scalability for federated identity systems for cloud-Based environments,†2014 6th Int. Conf. New Technol. Mobil. Secur. - Proc. NTMS 2014 Conf. Work., 2014.

      [6] V. Nirmala, “Hierarchical Identity Role based proxy re-encryption scheme for cloud computing,†pp. 19–22, 2013. https://doi.org/10.1109/ICACCS.2013.6938719.

      [7] Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., & Waidner, M. (2004). Privacy-enhancing identity management. Information security technical report, 9(1), 35-44. https://doi.org/10.1016/S1363-4127(04)00014-7.

      [8] Weingärtner, R., & Westphall, C. M. (2014). Enhancing privacy on identity providers. SECURWARE 2014, 93.

      [9] Landwehr, C., Boneh, D., Mitchell, J. C., Bellovin, S. M., Landau, S., & Lesk, M. E. (2012). Privacy and cybersecurity: The next 100 years. Proceedings of the IEEE, 100 (Special Centennial Issue), 1659-1673. https://doi.org/10.1109/JPROC.2012.2189794.

      [10] Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud-computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47 (1), 7. https://doi.org/10.1145/2593512.

      [11] M. Kunz, M. Hummer, L. Fuchs, M. Netter, and G. Pernul, “Analyzing recent trends in enterprise identity management,†Proc. - Int. Work. Database Expert Syst. Appl. DEXA, pp. 273–277, 2014. https://doi.org/10.1109/DEXA.2014.62.

      [12] W. Bin Huang, W. T. Su, and C. S. Liang, “A threshold-based key generation approach for ciphertext-policy attribute-based encryption,†Int. Conf. Ubiquitous Futur. Networks, ICUFN, vol. 2015–Augus, pp. 908–913, 2015. https://doi.org/10.1109/ICUFN.2015.7182677.

      [13] K. Yang, Z. Liu, X. Jia, and X. S. Shen, “Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach,†IEEE Trans. Multimed., vol. 18, no. 5, pp. 940–950, 2016. https://doi.org/10.1109/TMM.2016.2535728.

      [14] H. Zheng, J. Qin, J. Hu, and Q. Wu, “Threshold Attribute-Based Signcryption in Standard Model,†Proc. - 2nd IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2015 - IEEE Int. Symp. Smart Cloud, IEEE SSC 2015, pp. 187–193, 2016.

      [15] C. Ngo, Y. Demchenko, and C. De Laat, “Multi-tenant attribute-based access control for cloud infrastructure services,†J. Inf. Secur. Appl., vol. 27–28, pp. 65–84, 2016.

      [16] I. Ray and M. Kumar, “Towards a location-based mandatory access control model,†Comput. Secur, vol. 25, no. 1, pp. 36–44, 2006. https://doi.org/10.1016/j.cose.2005.06.007.

      [17] T. Jung, X. Y. Li, Z. Wan, and M. Wan, “Rebuttal to "comments on ‘control cloud data access privilege and anonymity with fully anonymous attribute-based encryption"’,’†IEEE Trans. Inf. Forensics Secur, vol. 11, no. 4, p. 868, 2016. https://doi.org/10.1109/TIFS.2015.2509946.

      [18] Bjørner, N., & Jayaraman, K. (2015, February). Checking cloud contracts in microsoft azure. In International Conference on Distributed Computing and Internet Technology (pp. 21-32). Springer, Cham. https://doi.org/10.1007/978-3-319-14977-6_2.

      [19] IBM Corporation, “Safeguarding the cloud with IBM security solutions,†http://www.ibm.com, Tech. Rep., 2013.

      [20] Amazon Web Services, “Security at scale: Logging in AWS,â€http://aws.amazon.com, Tech. Rep., and November 2013.

      [21] A. Ben Fadhel, D. Bianculli, and L. Briand, “GemRBAC-DSL : a High-level Specification Language for Role-based Access Control Policies,†Proc. 21st ACM Symp. Access Control Model. Technol. - SACMAT ’16, pp. 179–190, 2016. https://doi.org/10.1145/2914642.2914656.

      [22] M. Blanc and J. F. Lalande, “Improving mandatory access control for hpc clusters,†Futur. Gener. Comput. Syst., vol. 29, no. 3, pp. 876–885, 2013. https://doi.org/10.1016/j.future.2012.03.020.

      [23] H. Vijayakumar, G. Jakka, S. Rueda, J. Schiffman, and T. Jaeger, “Integrity walls: Finding attack surfaces from mandatory access control policies,†ASIACCS 2012 - 7th ACM Symp. Information, Comput. Commun. Secur, pp. 75–76, 2012. https://doi.org/10.1145/2414456.2414500.

      [24] Alguliev, R. M., & Abdullayeva, F. C. (2013, August). Identity management-based security architecture of cloud computing on multi-agent systems. In Innovative Computing Technology (INTECH), 2013 Third International Conference on (pp. 123-126). IEEE.

      [25] Q. Wang and H. Jin, “Data leakage mitigation for discretionary access control in collaboration clouds,†Proc. 16th ACM Symp. Access Control Model. Technol. - SACMAT ’11, p. 103, 2011. https://doi.org/10.1145/1998441.1998457.

      [26] N. Li and M. V. Tripunitara, “On safety in discretionary access control,†Proc. - IEEE Symp. Secur. Priv., pp. 96–109, 2005.

      [27] V. C. HU, D. R. KUHN, T. XIE, and J. HWANG, “Model Checking for Verification of Mandatory Access Control Models and Properties,†Int. J. Softw. Eng. Knowl. Eng., vol. 21, no. 1, pp. 103–127, 2011. https://doi.org/10.1142/S021819401100513X.

      [28] X. Zhang, M. J. Covington, S. Chen, and R. Sandhu, “SecureBus: towards application-transparent trusted computing with mandatory access control,†ACM Symp. Information, Comput. Commun. Secur, pp. 117–126, 2007.

      [29] T. H. Yuen, J. K. Liu, M. H. Au, X. Huang, W. Susilo, and J. Zhou, “k -times Attribute-Based Anonymous Access Control for Cloud Computing,†vol. 9340, no. c, pp. 1–13, 2014.

      [30] Yu, S., Wang, C., Ren, K., & Lou, W. (2010, March). Achieving secure, scalable and fine-grained data access control in cloud computing. In Infocom, 2010 proceedings IEEE (pp. 1-9). Ieee.

      [31] A. Workflows et al., “Security Constraints in Temporal Role-Based,†Codaspy, pp. 207–218, 2016.

      [32] J. Li, Z. Liao, C. Zhang, and Y. Shi, “A 4D-Role Based Access Control Model for Multitenancy Cloud Platform,†vol. 2016, 2016.

      [33] J. T. Goulding, “identity and access management for the cloud : CA Technologies strategy and vision,†no. April, p. 18, 2011.

      [34] Jansen, W., & Grance, T. (2012). Guidelines on security and privacy in public cloud computing.

      [35] E. Ghazizadeh, M. Zamani, J. L. Ab Manan, and A. Pashang, “A survey on security issues of federated identity in the cloud computing,†CloudCom 2012 - Proc. 2012 4th IEEE Int. Conf. Cloud Comput. Technol. Sci., pp. 562–565, 2012. https://doi.org/10.1109/CloudCom.2012.6427513.

      [36] J. Xiong, Z. Yao, J. Ma, X. Liu, Q. Li, and J. Ma, “PRIAM: Privacy preserving identity and access management scheme in cloud,†KSII Trans. Internet Inf. Syst., vol. 8, no. 1, pp. 282–304, 2014. https://doi.org/10.3837/tiis.2014.01.017.

      [37] J. Werner, C. M. Westphall, and C. B. Westphall, “Cloud identity management: A survey on privacy strategies,†Comput. Networks, vol. 122, pp. 29–42, 2017. https://doi.org/10.1016/j.comnet.2017.04.030.

      [38] Authentication, O. (2013). 2.0, OpenID Foundation, 2007.

      [39] Shibboleth Consortium. Shibboleth Home Page.

      [40] M. Hansen et al., “Privacy and identity management,†Secur. Privacy, IEEE, vol. 6, no. 2, pp. 38–45, 2008. https://doi.org/10.1109/MSP.2008.41.

      [41] H. Li, Y. Dai, L. Tian, and H. Yang, “Identity-based authentication for cloud computing,†Cloud Comput., 2009.

      [42] M. Stihler, A. O. Santin, A. L. Marcon Jr., and J. D. S. Fraga, “Integral Federated Identity Management for Cloud Computing,†2012 5th Int. Conf. New Technol. Mobil. Secur, pp. 1–5, 2012.

      [43] M. V. Thomas, A. Dhole, and K. Chandrasekaran, “Single Sign-On in Cloud Federation using CloudSim,†Int. J. Comput. Netw. Inf. Secur, vol. 7, no. 6, pp. 50–58, 2015.

      [44] R. Baldoni, “Federated Identity Management systems in e-government: the case of Italy,†Electron. Gov. an Int. J., 2012.

      [45] H. Xiong, K.-K. R. Choo, and A. V. Vasilakos, “Revocable Identity-Based Access Control for Big Data with Verifiable Outsourced Computing,†IEEE Trans. Big Data, vol. 6, no. 1, pp. 1–1, 2017. https://doi.org/10.1109/TBDATA.2017.2697448.

      [46] K. E. U. Ahmed, V. Alexandrov, Z. Mahmood, and R. Hill, “Cloud Computing for Enterprise Architectures,†Media, pp. 115–133, 2011. https://doi.org/10.1007/978-1-4471-2236-4_6.

      [47] A. Lonea, H. Tianfield, and D. Popescu, “Identity management for cloud computing,†New concepts Appl. soft, 2013.

      [48] A. Gheith, R. Rajamony, and P. Bohrer, “IBM bluemix mobile cloud services,†IBM J., 2016.

      [49] H. Lee, I. Jeun, and H. Jung, “Criteria for evaluating the privacy protection level of identity management services,†Emerg. Secur. Information, 2009.

      [50] C. Kaufman and R. Venkatapathy, “Windows AzureTM Security Overview,†Publ. Aug 2010.

      [51] N. Saravanan and A. Mahendiran, “An implementation of RSA algorithm in google cloud using cloud SQL,†Res. J, 2012.

      [52] R. PaceviÄ and A. KaÄeniauskas, “The development of VisLT visualization service in Openstack cloud infrastructure,†Adv. Eng. Softw, 2017. “G Suite.â€

      [53] H. Chang and E. Choi, “User authentication in cloud computing,†Int. Conf. Ubiquitous Comput, 2011.

      [54] W. Jansen and T. Grance, “Sp 800-144. Guidelines on security and privacy in public cloud computing,†2011.

      [55] S. Carlin and K. Curran, “Cloud computing security,†2011.

  • Downloads

  • How to Cite

    Chunduru, A., & S, S. (2018). Security strategies for cloud identity management - a study. International Journal of Engineering & Technology, 7(2), 732-741. https://doi.org/10.14419/ijet.v7i2.10410

    Received date: 2018-03-21

    Accepted date: 2018-04-26

    Published date: 2018-05-12