Access Control in Cloud Security Present by Amelia Tuipulotu Good Morning everyone. Today I will be talking about Access Control in Cloud Security.
Access Control & Cloud Computing What is Cloud Computing? “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” What is an Access Control? Access control is generally a policy or procedure that allows, denies or restricts access to a system First, What is Cloud Computing What is Access control?
Cloud Computer model SaaS PaaS IaaS Using the provider’s applications running on a cloud infrastructure PaaS To deploy onto the cloud infrastructure consumer-created applications IaaS Provision of all resources that Consumer can use. Before we go on to access control let explore cloud in more general so we can have an idea of what access control do for cloud computing. Cloud computing incorporates virtualization, on-demand deployment, Internet delivery of services, and open source software. Cloud Computer has 3 models which is SaaS, PaaS and IaaS.
Cloud computing attacks Denial of Services attacks Side Channel attacks Authentication attacks Man in the middle cryptographic attacks Inside Job attacks Along with the development of cloud applications, the cloud computing attacks are also increased. The main attacks on cloud are: a) Denial of Service (DoS) attacks b) Side Channel attacks c) Authentication attacks d) Man-in-Middle cryptographic attacks e) Inside-job attacks Due to this attacks, we need a better security policy in cloud computing. Access control identify users attempting to access a system unauthorized.
Access control traditional model Application Centric Access Control Application manages its users Require lots of storing memory Username and password storage User Centric Access Control Services Providers contain all users information The Traditional model for access control is application centric Access control. Where each application keeps track of its collection of users and manages them, is not feasible in cloud based architectures. Because in this method we need a lot of memory for storing the user details such as username and password. So cloud requires a user centric access control where every user request to any services provider is bundled with the user identity and entitlement information.
Access control models Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Base Access Control (RBAC) Due to differences in requirements for military and commercial security policies, two distinctive kinds of policies had to be developed, these produced two different access control models which are Mandatory Access Control (MAC), Discretionary Access Control (DAC). These models have a number of flaws, which led to the proposal of other models such as Role-Based Access Control (RBAC). However, we believe these models may not work in cloud computing as each one of them was proposed for a specific environment to fulfil consumers’ security requirements.
Mandatory Access Control Access decisions to a subject is given by Central authority Access Class assign by Mandatory Access Control Access Class Object Classification Subject Clearance In the Mandatory Access Control (MAC) model, a central authority is in command of giving access decisions to a subject that request access to objects or information in objects. In order to secure access to objects and the information that flows between objects, MAC assigns an access class to each subject and object. An access class is a security level that is used to secure the flow of information between objects and subjects with dominance relationship. Object classifications are security labels that are used to classify objects based upon the sensitivity of information they have. Subject clearances are security levels used to reflect the trustworthiness or rules of subjects. Although the mandatory access control model provides protection against information flow and indirect information leakages, it does not guarantee complete secrecy of the information.
Discretionary access control (DAC) Object owners has privilege to set access to the object Less Secure No risk awareness No privileges toward the object No control in information flow The Discretionary Access Control (DAC) model, grants the owners of objects the ability to restrict access to their objects, or information in the objects based upon users’ identities or a membership in certain groups. DAC model is generally less secure than mandatory access control model, so it is used in environments that do not require a high level of protection. Since DAC depends on allowing owners of objects to control access permissions to objects, yet it has many side-effects when it is utilized in cloud computing. For instance, there is no mechanism or method to facilitate the management of improper rights (e.g. risk awareness), which owners of objects can give to users. Occasionally users are required to use privileges that reveal information about objects to third parties. For instance, a user can only read a file in a company, and then s/he can copy the file contents to another file in order to pass it to another user. The DAC does not have the ability to control information flow or deal with Trojan horses that can inherit access permissions. Finally, it is not scalable enough for cloud computing.
Role based access control (RBAC) Control Access to resources naturally RBAC motivation Subject responsibility is important than whom the subject is Subject can have more roles Violation of access security policy For example: Health care system Role-based access control (RBAC) is considered as a natural way to control access to resources in organizations and enterprises. The motivation behind RBAC comes from considering a subject’s responsibility is more important than whom the subject is. In the RBAC model, a subject can have more than one role or be a member of multiple groups. For example, an employee within an organization can be a member in secretaries group and employees group. Despite that, roles can give a subject more rights than s/he necessarily needs to have, with a possibility of having another role which could lead to the violation of the access security police. For example, In a health care system, there is always a sequence of operations will need to be controlled. For example, a doctor in order to give a patient the right treatments, s/he needs to examine the patient’s physical conditions, look at the patient’s medical history and asks for tests or scans. S/he might ask for help from another doctor or transfer some information to another hospital. Each one of the previous operations needs a different set of permissions. Thus, the RBAC may not be able to ensure access for a sequence of operations in cloud computing.
Cloud security risk with access control Privacy Exposure & Data Leakages Failure of security access rights across multiple domain For Example: Personal Health Record Veteran Affairs database Patient-centric Heavy computational key issues A threat from widespread data leakage amongst many, potentially competitor organizations, using the same cloud provider could be caused by human error in applying security access right in multiple domain. For example: Personal Health Record. Since record has move to cloud the possibility of data could be leaked is high if an insider in the cloud provider’s organisation make any mistakes. As a famous Incident happy a department of Veterans Affairs database containing sensitive personal health problems was stolen by an employee who took the data in which the access right to the data was not proper adjust. Therefore, a patient centric system was make to overcome the incident. As multiple owners who encrypted according to their own ways, using different set of cryptographic keys it lead to heavy computational key issues.
Overcome challenges with access control Attribute Based Access Control (ABAC) Three Elements Subject Attributes Object (Resource that need to protect from unauthorised use) Environmental condition attributes Combine Attribute Elements Centralise Policy Attribute Base Therefore, an answer to all challenges, was Attribute based Access Control. With ABAC access is assigned based on attributes or characteristic about the subject making the access request about the file or resource object being requested and environmental conditions. Granular policy can then be established on a combination of these attributes as Title can be an Auditor + Object is financial (which financial can represent by sensitivity) + time of the day which is during work hours can be = to Grant or deny access. ABAC also can centralise policy and applies across all projects, including those that do not yet exit. For example, an attribute base policy.
Attribute base access control Access grant Only if value of Project is identical Only user assigned can access Where access is granted only of the values of the project attribute for both subject and object have an identical match. This single policy would ensure that only users assigned to a project get access to the files for that project.
Attribute base access control Another policy can be established to ensure only Auditor get access to sensitive financial data. The combination of these policies would ensure only the auditors assigned to the project would have access to that clients financial data.
Attribute base access control Linda moves to another project Remove old attributes and assign new one When Linda moves to another project, system admin don’t have to change access policies instead they simply need to remove Linda’s old project attribute and assign new one.
summary Simplify access management Reduce risk due to unauthorised access Centralize auditing and access policy
Thank you & questions