Balancing Utility and Security: Securing Cloud Federations of Public Entities

Suzic, Bojan; Prünster, Bernd; Ziegler, Dominik; Marsalek, Alexander; Reiter, Andreas

doi:10.1007/978-3-319-48472-3_60

Cited by 11 publications

(10 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This architecture relies on RBAC model and supports both federated and loosely coupled collaboration models. Suzic et al [3] provides an XACML-based approach for federated cloud environments. [1] propose a proxy multicloud computing framework supporting dynamic and runtime collaborations between cloud-based services.…”

Section: Initializementioning

confidence: 99%

See 1 more Smart Citation

A Distributed Access Control System for Cloud Federations

Alansari

Paci

Sassone

2017

2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS)

View full text Add to dashboard Cite

Abstract-Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations' concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations' privacy concerns should be alleviated by providing mechanisms that allow organizations to control which users from other federated organizations can access which data. We propose a novel identity and access management system for cloud federations. The system allows federated organizations to enforce attribute-based access control policies on their data in a privacy-preserving fashion. Users are granted access to federated data when their identity attributes match the policies, but without revealing their attributes to the federated organization owning data. The system also guarantees the integrity of the policy evaluation process by using blockchain technology and Intel SGX trusted hardware. It uses blockchain to ensure that users identity attributes and access control policies cannot be modified by a malicious user, while Intel SGX protects the integrity and confidentiality of the policy enforcement process. We present the access control protocol, the system architecture and discuss future extensions.

show abstract

Section: Initializementioning

confidence: 99%

“…Few access control frameworks to support secure data sharing in cloud federations have been recently proposed [2], [3], [1]. However the proposed frameworks do no support identity attributes privacy and do not guarantee the integrity of the policy evaluation process.…”

Section: Introductionmentioning

confidence: 99%

A Distributed Access Control System for Cloud Federations

Alansari

Paci

Sassone

2017

2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS)

View full text Add to dashboard Cite

show abstract

“…FaaS offers a service that allows clouds to create and manage cloud federations. To securely managing federated data and inter-cloud interactions, FaaS includes the distributed access control system based on XACML introduced in [12] and shown in Figure 1.…”

Section: B Access Control Systems For Cloud Federationsmentioning

confidence: 99%

Decentralised Runtime Monitoring for Access Control Systems in Cloud Federations

Ferdous

Margheri

Paci

et al. 2017

2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS)

View full text Add to dashboard Cite

Abstract-Cloud federation is an emergent cloud-computing paradigm where partner organisations share data and services hosted on their own clouds platforms. In this context, it is crucial to enforce access control policies that satisfy the data protection and privacy requirements of the partner organisations. However, due to the distributed nature of cloud federations, the access control system alone does not guarantee that its deployed components cannot be circumvented while processing access requests. Therefore, in order to promote accountability and transparency of access control decisions in federated clouds, we present a decentralised runtime monitoring architecture based on a blockchain technology. The logging components and data of the proposed infrastructure are deployed on the blockchain. This guarantees that the runtime monitoring components and the access logs cannot be compromised by malicious users to disguise their actions. We evaluate the performance of the runtime monitoring infrastructure with respect to detecting policy violations, and the cost of deploying the logging components and data on the blockchain.

show abstract

“…Most of all, the platform is conceived to be deployed in a distributed manner on top of all members, thus to avoid any centralised control and component. The DS component offers a state-of-the-art attribute-based access control system distributed across all the member clouds [7]. By relying on the expressiveness of attributes, which are provided by a federated identity manager (IDM), the DS is transparently connected with security-preserving data sharing services: data anonymisation (ANM) and masking (DM), and secure data computation service (SMC).…”

Section: Faas: a Cloud Federation Solutionmentioning

confidence: 99%

A Distributed Infrastructure for Democratic Cloud Federations

Margheri

Ferdous

Yang

et al. 2017

2017 IEEE 10th International Conference on Cloud Computing (CLOUD)

View full text Add to dashboard Cite

Abstract-Cloud federation is a novel concept that has been drawing attention from research and industry. However, there is a lack of solid proposal that can be widely adopted in practice to guarantee adequate governance of federations, especially in the Public Sector contexts due to legal requirements.In this paper, we propose an innovative governance approach that ensures distributed and democratic control in cloud federations. Starting from FaaS, a recent cloud federation proposal, we propose a blockchain infrastructure for the federation registry that implements the proposed governance approach.

show abstract

Balancing Utility and Security: Securing Cloud Federations of Public Entities

Cited by 11 publications

References 21 publications

A Distributed Access Control System for Cloud Federations

A Distributed Access Control System for Cloud Federations

Decentralised Runtime Monitoring for Access Control Systems in Cloud Federations

A Distributed Infrastructure for Democratic Cloud Federations

Contact Info

Product

Resources

About