Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Cyber Security Cross-Tenant Trust Models in Cloud Computing Bo Tang and Ravi Sandhu IRI Aug 14-16, 2013 San Francisco, CA © ICS at UTSA World-Leading.

Published byRosamund Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Institute for Cyber Security Cross-Tenant Trust Models in Cloud Computing Bo Tang and Ravi Sandhu IRI Aug 14-16, 2013 San Francisco, CA © ICS at UTSA World-Leading."— Presentation transcript:

1 Institute for Cyber Security Cross-Tenant Trust Models in Cloud Computing Bo Tang and Ravi Sandhu IRI Aug 14-16, 2013 San Francisco, CA © ICS at UTSA World-Leading Research with Real-World Impact! 1

2 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Discussion © ICS at UTSA World-Leading Research with Real-World Impact! 2

3 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Discussion © ICS at UTSA World-Leading Research with Real-World Impact! 3

4 Cloud Computing  Shared infrastructure  [$$$] -----> [$|$|$]  Multi-Tenancy  Virtually dedicated resources  Data Locked-in  Collaborations can only be achieved through desktop.  E.g.: create/edit Word documents in Dropbox.  A suitable fine-grained cross-tenant access control model is essential © ICS at UTSA World-Leading Research with Real-World Impact! 4 Source:http://blog.box.com/2011/06/box-and-google-docs-accelerating-the-cloud-workforce/

5 Industry Solutions  Microsoft and IBM: Fine-grained data sharing in SaaS using DB schema  Only feasible in DB  NASA: RBAC + OpenStack (Nebula)  Lacks ability to support multi-org collaborations  Salesforce (Force.com): Single Sign-On + SAML  Focus on authentication and simple authorization  Heavy management of certificates © ICS at UTSA World-Leading Research with Real-World Impact! 5 Source:http://msdn.microsoft.com/en-us/library/aa479086.aspx http://nebula.nasa.gov/blog/2010/06/03/nebulas-implementation-role-based-access-control-rbac/ http://wiki.developerforce.com/page/Single_Sign-On_with_SAML_on_Force.com

6 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Discussion © ICS at UTSA World-Leading Research with Real-World Impact! 6

7 Motivation © Bo Tang World-Leading Research with Real-World Impact! 7 Figure 1. A car renting example of cross-tenant accesses

8 On-Demand Self-Service  Centralized facility  Resource pool  Multi-tenancy  Unilateral and automatic provisioning as needed  Dynamically assigned virtual resources  Temporary users and tenants © Bo Tang World-Leading Research with Real-World Impact! 8

9 Scope and Assumptions  Standardized APIs  Cross-tenant accesses are functionally available  Authenticated Users  Removable assumptions:  One Cloud Service o But extensible to multi-cloud  Two Tenant Trust (rather than federation)  Unidirectional Trust Relations (like follow in Twitter)  Unilateral Trust Relations (trustor or trustee) © Bo Tang World-Leading Research with Real-World Impact! 9

10 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Discussion © ICS at UTSA World-Leading Research with Real-World Impact! 10

11 Tenant Trust Relations  Tenant Trust (TT) relation is not partial order  It is  Reflexive: A ⊴ A  But not transitive: A ⊴ B ∧ B ⊴ C ⇏ A ⊴ C  Neither symmetric: A ⊴ B ⇏ B ⊴ A  Nor anti-symmetric: A ⊴ B ∧ B ⊴ A ⇏ A ≡ B © Bo Tang World-Leading Research with Real-World Impact! 11

12 Trust Types  Four potential trust types:  Type-α: trustor can give access to trustee.  Type-β: trustee can give access to trustor.  Type-γ: trustee can take access from trustor.  Type-δ: trustor can take access from trustee. o No meaningful use case, since the trustor holds all the control of the cross-tenant assignments of the trustee’s permissions. © Bo Tang World-Leading Research with Real-World Impact! 12

13 Formalized CTTM Model © Bo Tang World-Leading Research with Real-World Impact! 13 Figure 2. Cross-Tenant Trust Management model

14 CTTM Authz. Assignments  AA ⊆ U × P, a many-to-many user-to-permission assignment relation, also written as “←”, requiring that u ← p only if permOwner(p) ≡ userOwner(u) ∨ permOwner(p) ⊴ α userOwner(u) ∨ userOwner(u) ⊴ β permOwner(p) ∨ permOwner(p) ⊴ γ userOwner(u), where only one of the ⊴ requirements can apply depending on the nature of TT.  Example: Bob@UTSA ← discount%AVIS © Bo Tang World-Leading Research with Real-World Impact! 14

15 Role-Based CTTM © Bo Tang World-Leading Research with Real-World Impact! 15 Figure 3. Role-Based Cross-Tenant Trust Management model

16 RB-CTTM Authz. Assignments  UA ⊆ U × R, is a many-to-many user-to-role assignment relation;  PA ⊆ P × R, is a many-to-many permission-to-role assignment relation requiring that (p, r) ∈ PA only if permOwner(p) ≡ roleOwner(r) ∨ permOwner(p) ⊴ α roleOwner(r) ∨ roleOwner(r) ⊴ β permOwner(p) ∨ permOwner(p) ⊴ γ roleOwner(r), where only one of the ⊴ requirements can apply depending on the nature of TT; © Bo Tang World-Leading Research with Real-World Impact! 16

17 RB-CTTM Authz. Assignments (contd.)  RH ⊆ R × R, is a partial order on R called role hierarchy or role dominance relation, also written as “≥”, requiring that r2 ≥ r1 only if roleOwner(r1) ≡ roleOwner(r2) ∨ roleOwner (r1) ⊴ α roleOwner(r2) ∨ roleOwner (r2) ⊴ β roleOwner (r1) ∨ roleOwner (r1) ⊴ γ roleOwner(r2), where only one of the ⊴ requirements can apply depending on the nature of TT; © Bo Tang World-Leading Research with Real-World Impact! 17

18 Feasibility in the Cloud © Bo Tang World-Leading Research with Real-World Impact! 18 Figure 4. Multi-Tenant Authorization as a Service (MTAaaS) Architecture

19 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Discussion © ICS at UTSA World-Leading Research with Real-World Impact! 19

20 Related Work  RBAC  CBAC, GB-RBAC, ROBAC (e.g.: player transfer in NBA)  Require central authority managing collaborations  Delegation Models  dRBAC and PBDM (e.g.: allowing subleasing)  Lacks agility (which the cloud requires)  Grids  CAS, VOMS, PERMIS  Absence of centralized facility and homogeneous architecture (which the cloud has) © ICS at UTSA World-Leading Research with Real-World Impact! 20

21 Related Work (Contd.)  Role-based Trust  RT (Type-α trust relation)  MTAS (Type-β trust relation)  MT-RBAC (Type-γ trust relation)  Suits the cloud (out-sourcing trust) © ICS at UTSA World-Leading Research with Real-World Impact! 21

22 OUTLINE  Introduction  Background and Motivation  Cross-Tenant Trust Model (CTTM)  Tenant Trust Relations  Formalized Model  Role-Based CTTM (RB-CTTM)  Related Work  Conclusion and Future Work © ICS at UTSA World-Leading Research with Real-World Impact! 22

23 Conclusion  Needs of cross-tenant access control  On-demand self-service model  Tenant trust relation and types  CTTM and RB-CTTM models  Formalization  Feasibility in the cloud  Mapping to related work  RT, MTAS and MT-RBAC © ICS at UTSA World-Leading Research with Real-World Impact! 23

24 Future Work  Other models compatible with MTAaaS platform  Implementation MTAaaS in OpenStack © ICS at UTSA World-Leading Research with Real-World Impact! 24

25 Institute for Cyber Security © ICS at UTSA World-Leading Research with Real-World Impact! 25

26 Institute for Cyber Security © ICS at UTSA World-Leading Research with Real-World Impact! 26

Download ppt "Institute for Cyber Security Cross-Tenant Trust Models in Cloud Computing Bo Tang and Ravi Sandhu IRI Aug 14-16, 2013 San Francisco, CA © ICS at UTSA World-Leading."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.

INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security: How to Get There Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.

Institute for Cyber Security ASCAA Principles for Next- Generation Role-Based Access Control Ravi Sandhu Executive Director & Endowed Professor Institute.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010

1 New Trends and Challenges in Computer Network Security Ravi Sandhu Executive Director and Endowed Professor September 2010
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, 2013 © Ravi Sandhu World-Leading.

1 Cloud Computing Prof. Ravi Sandhu Executive Director and Endowed Chair April 12, © Ravi Sandhu World-Leading.
Institute for Cyber Security Multi-Tenant Access Control for Cloud Services World-Leading Research with Real-World Impact! 1 PhD Dissertation Defense Bo.

Institute for Cyber Security Multi-Tenant Access Control for Cloud Services World-Leading Research with Real-World Impact! 1 PhD Dissertation Defense Bo.
Access Control RBAC Database Activity Monitoring.

Access Control RBAC Database Activity Monitoring.
Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,

Secure Cyber Incident Information Sharing UTSA Team Leads Dr. Ram Krishnan, Assistant Professor, ECE Dr. Ravi Sandhu, Executive Director, ICS April 30,
1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.

1 A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC Prof. Ravi Sandhu Executive Director and Endowed Chair DBSEC July 11, 2012.
Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.

Institute for Cyber Security Extending OpenStack Access Control with Domain Trust World-Leading Research with Real-World Impact! 1 Bo Tang and Ravi Sandhu.
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.

11 World-Leading Research with Real-World Impact! Constraints Specification for Virtual Resource Orchestration in Cloud IaaS Constraints Specification.
CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.

CoLaB 22nd December 2005 Secure Access to Service-based Collaborative Workflow for DAME Duncan Russell Informatics Institute University of Leeds, UK.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
A T AXONOMY AND S URVEY OF C LOUD C OMPUTING S YSTEMS Reporter: Steven Chen Date: 2010/10/27 1.

A T AXONOMY AND S URVEY OF C LOUD C OMPUTING S YSTEMS Reporter: Steven Chen Date: 2010/10/27 1.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Similar presentations

Ads by Google