Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015.

Published byEgbert Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015."— Presentation transcript:

1 1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015

2 2 World-Leading Research with Real-World Impact! Why Multi Cloud? Collaboration of organizations across clouds. Organizations with resources across multiple clouds.

3 3 World-Leading Research with Real-World Impact! Scope of Contribution Cloud Federation IaaS SaaS Peer-to-Peer Circle-of-Trust Authorization Federation Authentication Federation Service Trust Coupling PaaS Platform HomogenousHeterogeneous

4 4 World-Leading Research with Real-World Impact! Multi Cloud Collaboration Cloud Federation Service (IaaS, PaaS, SaaS)  Heterogeneous: Google account (Open ID 2.0) Heterogeneous within google.  Homogenous: Eduroam federated network access. Platform  Heterogeneous: OpenStack federation with AWS.  Homogenous: Keystone to Keystone federation. Trust  Circle-of-Trust: Alliance of institutions for sharing scientific data such as CERN.  Peer-to-Peer: Best Buy federating with Rackspace. Coupling  Identity Federation: SAML, OAuth, OpenID, SSO.  Authorization Federation: SAML, OAuth.

5 5 World-Leading Research with Real-World Impact! Trust Framework Trust BidirectionalUnidirectional TransitiveNon-Transitive Unilateral Bilateral Circle-of-Trust Peer-to-Peer Coupling Initiation Direction Transitivity

6 6 World-Leading Research with Real-World Impact! Concept of Trust

7 7 World-Leading Research with Real-World Impact! Administrative Realms

8 8 World-Leading Research with Real-World Impact! Multi Cloud Trust Three trust scopes based on administrative realms in cloud:  Cross Cloud Trust Sharing cloud infrastructure resources, such as services.  Cross Domain Trust Sharing domain resources such as projects.  Cross Project Trust Sharing project resources such as VMs.

9 9 World-Leading Research with Real-World Impact! Cloud Trust Enables sharing cloud resources, services and domains.  Set of domains shared between clouds with trust type (for domain trust).  Sharing services by creating private domains for service allocation. Trust relation in Cloud Trust is Peer-to-Peer, bilateral, bidirectional, non- transitive.

10 10 World-Leading Research with Real-World Impact! Domain Trust Enabling cross cloud access by assigning users to PRPs between trusted domains. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive.

11 Enabling cross cloud access to service instances by assigning users to PRPs between trusted projects. Trust relations are Peer-to-Peer, unilateral, unidirectional, non-transitive. 11 World-Leading Research with Real-World Impact! Project Trust

12 12 World-Leading Research with Real-World Impact! Related Work RBAC extensions  ROBAC (collaboration ins not supported).  GB-RBAC (group does own users). Role Based delegation models  Delegation chains lacks dynamicity of trust in cloud federation environments. Multi-tenant trust models in single cloud.  MT-RBAC (Multi-Tenant RBAC).  CTTM (Cross Tenant Trust model).  OSAC-DT (OpenStack Access Control with Domain Trust).

13 13 World-Leading Research with Real-World Impact! Conclusion & Future Work Multi-cloud trust model  Cloud trust.  Domain trust.  Project trust. Trust framework & trust types  Four types of trust applicable to administrative realms in cloud. Implementation in single cloud  Partial implementation of domain-trust in single cloud OpenStack. Future Work  Cloud trust implementation.  Implementation in federated OpenStack clouds.  Project trust implementation.  Hierarchical multi-domain model.  Attribute based models.

Download ppt "1 World-Leading Research with Real-World Impact! Authorization Federation in IaaS Multi Cloud Navid Pustchi, Ram Krishnan and Ravi Sandhu SCC 2015."

Similar presentations

Institute for Cyber Security

Institute for Cyber Security
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, 2013 © Ravi Sandhu World-Leading.

1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
Institute for Cyber Security Multi-Tenant Access Control for Cloud Services World-Leading Research with Real-World Impact! 1 PhD Dissertation Defense Bo.

Institute for Cyber Security Multi-Tenant Access Control for Cloud Services World-Leading Research with Real-World Impact! 1 PhD Dissertation Defense Bo.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013

1 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013
Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,

Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.

Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.

11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.

Secure Information and Resource Sharing in CloudSecure Information and Resource Sharing in Cloud References OSAC-SID Model [1]K. Harrison and G. White.
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!

1 A Role Based Administration Model For Attribute Xin Jin, Ram Krishnan, Ravi Sandhu SRAS, Sep 19, 2012 World-Leading Research with Real-World Impact!
Effectively and Securely Using the Cloud Computing Paradigm.

Effectively and Securely Using the Cloud Computing Paradigm.
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.

Similar presentations

Ads by Google