[go: up one dir, main page]
Skip to main content

Advertisement

Springer Nature Link
Log in

A Metric-Based Approach to Assess Risk for “On Cloud” Federated Identity Management

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. The term actors are used in accordance with definitions in [6].

References

  1. Mell, P., Grance, T.: The NIST definition of cloud computing. National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (2009). Accessed 15 June 2012

  2. Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing, pp. 109–116. Bangalore, India (2009)

  3. Harauz, J., Kaufman, L.M., Potter, B.: Data security in the world of cloud computing. IEEE Secur. Priv. 7(4), 61–64 (2009)

    Article  Google Scholar 

  4. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  5. Gopalakrishnan, A.: Cloud computing identity management. SETLabs Brief 7(7), 45–55 (2009)

    Google Scholar 

  6. Hardjono, T., Rutkowski, M. (eds.): Identity in the Cloud—Use Cases Version 1.0, Draft Version 0.1q. http://docs.oasis-open.org/id-cloud/IDCloud-usecases/v1.0/IDCloud-usecases-v1.0.pdf (2011). Accessed 15 June 2012

  7. Cloud Computing Use Case Discussion Group: Cloud computing use cases, Tech. Rep. Version 4.0. http://bit.ly/gjxdL7 (2010). Accessed 15 June 2012

  8. Cloud Computing Use Case Discussion Group: Moving to the Cloud, Version 1.0. http://bit.ly/fuAkKF (2010). Accessed 15 June 2012

  9. Open Cloud Manifesto: Open Cloud Manifesto. http://www.opencloudmanifesto.org/ (2009). Accessed 15 June 2012

  10. Arias, P., Almenárez, F., Marín, A., Díaz., D.: Enabling SAML for dynamic identity federation management. In.: Proceedings of Wireless and Mobile Networking Conference, pp. 173–184. Gdansk, Poland (2009)

  11. Cabarcos, P.A.: Risk assessment for better identity management in pervasive environments. In: Proceedings of IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 389–390 (2011)

  12. Buyya, R., Broberg, J., Goscinski, A.: Cloud Computing: Principles and Paradigms. Wiley, New York, NY, USA (2011)

    Book  Google Scholar 

  13. Boehm, B.W.: Software risk management: principles and practices. IEEE Softw. 8(1), 32–42 (1991)

    Article  Google Scholar 

  14. Jansen, W.: Directions in security metrics research. National Institute of Standards and Technology (NIST) Interagency Report, NISTIR 7564 (2009)

  15. Maler, E., Reed, D.: The venn of identity: options and issues in federated identity management. IEEE Secur. Priv. 6(2), 16–23 (2008)

    Article  Google Scholar 

  16. OpenID: OpenID Authentication 2.0. http://openid.net/specs/openid-authentication-2_0.html (2007). Accessed 15 June 2012

  17. Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

  18. Liberty Alliance: Liberty Alliance ID-FF 1.2 Specifications. http://www.projectliberty.org. Accessed 15 June 2012

  19. Cantor, S., Moreh, J., Philpott, R. Maler, E. (eds.): Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005

  20. Kantara Initiative. http://kantarainitiative.org/. Accessed 15 June 2012

  21. Terena TF-EMC2: REFEDs Federation Survey. https://refeds.terena.org/index.php/Federations. Accessed 15 June 2012

  22. Hirsch, F., Philpott, R., Maler, E. (eds.): Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (2005)

  23. Gómez, F., Girao, J., Martínez, G.: TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems. Comput. Netw. Special Issue Manag. Emerg. Comput. Environ. 54(16), 2899–2912 (2010)

    Google Scholar 

  24. Díaz-Sánchez, D., Marín López, A., Almenárez Mendoza, F., Campo Vázquez, C., García-Rubio, C.: Context awareness in network selection for dynamic environments. Telecommun. Syst. 36(1), 49–60 (2007)

    Article  Google Scholar 

  25. Burr, W.E., Dodson, D.F., Polk, W.T.: NIST Special Publication 800-63 Version 1.0.2, Electronic Authentication Guidelines. National Institute of Standards and Technology (NIST) (2006)

  26. Tiffany, E., Madsen, P., Cantor, S. (eds.): Level of Assurance Authentication Context Profiles for SAML 2.0. Working Draft 01 (2008)

  27. Kemp, J., Cantor, S., Mishra, P., Philpott, R., Maler, E. (eds.): Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (2005)

  28. Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)

    Article  MATH  Google Scholar 

  29. Calvo, T., Kolesárová, A., Komorníková, M., Mesiar, R.: Aggregation operators: properties, classes and construction methods. In: Calvo, T., Mayor, G., Mesiar, R. (eds.) Aggregation Operators. New Trends and Applications, pp. 3–104. Physica-Verlag, Heidelberg (2001)

  30. Zadeh, L.A.: Fuzzy sets. Inform. Control 8(3), 338–353 (1965)

    Article  MathSciNet  MATH  Google Scholar 

  31. Klir, G.J., Yuan, B.: Fuzzy Sets and Fuzzy Logic—Theory and Applications. Prentice-Hall, Inc., Englewood Cliffs, NJ, USA (1995)

    MATH  Google Scholar 

  32. Cantor, S. (ed.): SAML V2.0 Metadata Profile for Algorithm Support Version 1.0. OASIS Committee Draft (2010)

  33. Bernstein, D., Vij, D.: Intercloud security considerations. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 537–544. Indianapolis, Indiana, USA (2010)

  34. Almulla, S.A., Yeun, C.Y.: Cloud computing security management. In: Proceedings of 2nd International Conference on Engineering Systems Management and Its Applications, pp. 1–7. Sharjah, United Arab Emirates (2010)

  35. Rimal, B.P., Jukan, A., Katsaros, D., Goeleven, Y.: Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Comput. 9(1), 3–26 (2011)

    Google Scholar 

  36. Goodner, M., Nadalin, A. (eds.): Web Services Federation Language (WS-Federation) Version 1.2, OASIS Web Services Federation (WSFED) TC (2009)

  37. Hammer-Lahav, E. (ed.): The OAuth 1.0 Protocol. http://tools.ietf.org/html/draft-hammer-oauth-10 (2010). Accessed 15 June 2012

  38. Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security—trends and research directions. In: Proceedings of the 7th IEEE World Congress on Services, pp. 524–531. Washington DC, USA (2011)

  39. Catteddu, D., Hogben, G.: Cloud computing: benefits, risks and recommendations for Information security. Technical Report, European Network and Information Security Agency (2009)

  40. Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. Information Technology Laboratory. National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications (2011). Accessed 15 June 2012

  41. The Cloud Security Alliance (CSA): security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (2011). Accessed 15 June 2012

  42. Habib, S.M., Ries, S., Muhlhauser, M.: Cloud computing landscape and research challenges regarding trust and reputation. In: Proceedings of the Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, pp. 410–415. Xi’an, China (2010)

  43. Palson Kennedy, R., Gopal, T.V.: Assessing the risks and opportunities of cloud computing—defining identity management systems and maturity models. In: Proceedings of the IEEE 2nd International Conference on Trendz in Information Sciences & Computing, pp. 138–142. Chennai, India (2010)

  44. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 693–702. Indianapolis, USA (2010)

  45. Casola, V., Rak, M., Villano, U.: Identity federation in cloud computing. In: Proceedings of the IEEE 6th International Conference on Information Assurance and Security, pp. 253–259. Atlanta, USA (2010)

  46. Celesti, A., Tusa, F., Villari, F.M., Puliafito, A.: Security and cloud computing: intercloud identity management infrastructure. In: Proceedings of the 19th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 253–259. Larissa, Greece (2010)

  47. Ates, M., Ravet, S., Ahmat, A.M., Fayolle, J.: An identity-centric internet: identity in the cloud, identity as a service and other delights. In: Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 555–560. Vienna, Austria (2011)

  48. ETSI GS INS-004V 1.1.1, Group specification: identity and access management for networks and services; Dynamic federation negotiation and trust management in IdM systems (2010-11)

  49. Almenarez, F., Marín, A., Díaz, D., Cortés, A., Campo, C., García, C.: Trust management for multimedia P2P applications in autonomic networking. Ad Hoc Netw. 9(4), 687–697 (2011)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported in part by the Spanish Ministry of Science and Innovation under the project CONSEQUENCE (TEC2010-20572-C02-01). The authors would like to thank the anonymous reviewers for their valuable comments and suggestions to improve the quality of this paper.

Author information

Authors and Affiliations

  1. Department of Telematics Engineering, University Carlos III of Madrid, Avda. de la Universidad, 30, 28911, Leganés, Madrid, Spain

    Patricia Arias-Cabarcos, Florina Almenárez-Mendoza, Andrés Marín-López, Daniel Díaz-Sánchez & Rosa Sánchez-Guerrero

Authors
  1. Patricia Arias-Cabarcos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florina Almenárez-Mendoza
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrés Marín-López
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Daniel Díaz-Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rosa Sánchez-Guerrero
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Patricia Arias-Cabarcos.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Arias-Cabarcos, P., Almenárez-Mendoza, F., Marín-López, A. et al. A Metric-Based Approach to Assess Risk for “On Cloud” Federated Identity Management. J Netw Syst Manage 20, 513–533 (2012). https://doi.org/10.1007/s10922-012-9244-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-012-9244-2

Keywords

Search

Navigation