1 / 20

Extensible Access Control Framework for Cloud based Applications

Extensible Access Control Framework for Cloud based Applications. Funded by National ICT R&D Introduction & Briefing. Outline of the Talk. Extensible Access Control Framework for Cloud based Applications Team Introduction Access Control as a Service ( ACaaS )

bert
Télécharger la présentation

Extensible Access Control Framework for Cloud based Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Extensible Access Control Framework for Cloud based Applications Funded by National ICT R&D Introduction & Briefing

  2. Outline of the Talk Extensible Access Control Framework for Cloud based Applications Team Introduction Access Control as a Service (ACaaS) Project Overview (Introduction & Briefing) Future Prospects

  3. Extensible Access Control Framework for Cloud based Applications Funded by National ICT R&D Status:2 quarters completed Project Cost: 13 Million Duration: 2 Years Research Area: Cloud Computing Security Workforce: 14 Team Members including MS and BS degree holders Direct Beneficiary: Educational Institutes, Cloud Community, IT industry Principal Investigator: Dr.AwaisShibli Co-principal Investigator: Dr.Arshad Ali

  4. Security Challenges in SaaS Web Application Security SaaS Data Access Data Integrity Data Backup Network Security Data Confidentiality Authentication Data Locality Data Segregation Data Breaches Identity Management & SSO

  5. Security as a Service (SECaaS) for SaaS Cloud Service Consumers SECaaS Email Security aaS Web content filtering aaS Access control aaS Identity aaS Network Security aaS Security assessment aaS Data protection aaS Encryption aaS

  6. Access Control in Cloud(Area of Focus) Access control’s role is to control and limit the actions or operations in the Cloud systems that are performed by a user on a set of resources.

  7. Authorization Issues in Cloud

  8. Challenging Authorization ProblemsCloud Perspective Cloud subscribers often do not have sufficient control over technical access policy decision-making and enforcement in the cloud infrastructure. Most cloud providers do not offer subscriber-configurable policy enforcement points (e.g. based on the OASIS XACML standard). Cloud providers naturally cannot pre-configure subscriber-specific policies for subscribers (because they are subscriber- specific).

  9. Challenging Authorization ProblemsCloud Perspective Managing and creating Cloud subscriber access policies is the biggest challenge around authorization There is no common standard policy specification format adopted yet for cloud. Traditional access control models have some specific parameters suitable only for particular scenarios and granular access control is yet a key requirement. Translating policies into security implementationgets more time-consuming, expensive, and error-prone.

  10. Access Control as a Service (ACaaS) There should be a generic framework for the applications of Cloud consumers that can be customized by consumers according to their own security needs along with the basic security features provided by Cloud providers. This framework should encompasses multiple models and should have the ability to add any access control model within framework based on the security requirements of consumer.

  11. ACaaS for Cloud PEP Attribute Lookup PolicyRequest Trusted Attribute Stores 1 6 PDP 5 PIP 2 3 4

  12. Access Control Challenges in Cloud

  13. Motivation behind Project

  14. Project Statements We aim to provide Access Control-as-a-Service (ACaaS) for Software-as-a-Service (SaaS) layer applications by incorporating variety of reliable and well-known access control models as Cloud based services. Framework will be capable of handling a wide variety of Cloud Service Consumers (CSC) and intends to minimize the chance of data loss and corruption by unauthorized users. Final deliverables include the implementation of an extensible API that is capable of managing and controlling access for SaaS hosted Cloud applications and resources.

  15. Architecture Figure presents the architecture of framework

  16. Detailed Architecture

  17. Project Significance

  18. Common Policy Language Format Comprehensive Authorization Application Customization & Extensibility

  19. State of the Art Technologies OASIS Extensible Access Control Markup Language (XACML 2.0) Security Assertion Markup Language (SAML) Hibernate Java Server Pages (JSF) OpenStack CloudStack Eclipse Java 2 Enterprise Edition (J2EE)

  20. Pleasure in the job puts perfection in the work. --Aristotle

More Related