Abstract
Cloud Computing is a technology which aims to provide on-demand scalable services over the Internet via Cloud vendors to multi-tenant organizations. Enterprises are interested to move their on-premises infrastructure into cloud computing. However they are still concerned about the security risks implied by the act of embedding their resources within the cloud computing environment.
First, this research presents the fundamentals of Cloud Computing. Afterwards, the technical security aspects in Cloud Computing are classified from two perspectives: web applications security issues and virtualization security issues. Both security issues include the threats implied with their mitigation techniques, which consolidates the request to provide an adequate Identity and Management architecture for Cloud Computing.
Further, this paper addresses the Identity and Access Management (IAM) security category of the Cloud Computing field, which includes the security requirements, the standards of interest and the current Identity and Access Management solutions.
A trusted Identity and Access Management architecture for cloud services assumes establishing the list of the security requirements and using the suitable standards. The paper also relates an evaluation of the existing Identity Access Management solutions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mell, P., Grance, T.: The NIST definition of Cloud Computing. (online) National Institute of Standards and Technology (NIST) (2009), http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc (accesssed October 2, 2010)
Chen, X., Wills, G.B., Gilbert, L., Bacigalupo, D.: Using Cloud for Research: A Technical Review (online) JISC (2010), http://tecires.ecs.soton.ac.uk/docs/TeciRes_Technical_Report.pdf (accessed November 10, 2010)
Rittinghouse, J.W., Ransome, J.F.: Cloud Computing Implementation, Management and Security. CRC Press, Boca Raton (2010)
CSA, Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 (online) Cloud Security Alliance (2009), http://www.cloudsecurityalliance.org/csaguide.pdf (accessed October 14, 2010)
CPNI, Information Security Briefing Cloud Computing (online) Centre for the Protection of National Infrastructure (2010), http://www.cpni.gov.uk/Docs/cloud-computing-briefing.pdf (accessed October 2, 2010)
Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical Security Issues in Cloud Computing. In: IEEE International Conference on Cloud Computing (Cloud 2009), Bangalore, pp. 109–116 (2009)
Gruschka, N., Iacono, L.L.: Vulnerable Cloud: SOAP Message Security Validation Revisited. In: IEEE International Conference on Web Services, ICWS 2009, Los Angeles, pp. 625–631 (2009)
IBM, IBM Point of View: Security and Cloud Computing (online) (2009a), ftp://public.dhe.ibm.com/common/ssi/ecm/en/tiw14045usen/TIW14045USEN_HR.PDF (accessed October 2, 2010)
Kandukuri, B.R., Paturi, R.V., Rakshit, A.: Cloud Security Issues. In: IEEE International Conference on Services Computing, Bangalore, pp. 517–520 (2009)
Andrei, T.: Cloud Computing Challenges and Related Security Issuess. A Survey Paper (online) (2009), http://www1.cse.wustl.edu/~jain/cse571-09/ftp/cloud/index.html (accessed May 21, 2011)
Gruschka, N., Jensen, M.: Attack Surfaces: A taxonomy for Attacks on Cloud, vol. 5(7), (32) (2010), http://download.hakin9.org/en/Securing_the_Cloud_hakin9_07_2010.pdf (accessed October 20, 2010)
Ramgovind, S., Eloff, M.M., Smith, E.: The management of security in Cloud Computing. In: Information Security for South Africa (ISSA), pp. 1-7 (2010)
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and Privacy in Cloud Computing: A Survey. In: 2010 Sixth International Conference on Semantics Knowledge and Grid (SKG), pp. 105–112 (2010)
Jing, X., Jian-Jun, Z.: A Brief Survey on the Security Model of Cloud Computing. In: 2010 Ninth International Symposium on Distributed Computing and Applications to Business Engineering and Science (DCABES), pp. 475–478 (2010)
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Petterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkely View of Cloud Computing. Technical Report No. UCB/EECS-2009-28, Berkely Electrical Engineering and Computing Science, University of California, Berkely (2009)
RSA, The Role of Security in Trustworthy Cloud Computing. White Paper (2009)
Identity Federation in a Hybrid Cloud Computing Environment Solution Guide, Juniper Networks, Inc. (online) (2009), http://www.juniper.net/us/en/local/pdf/implementation-guides/8010035-en.pdf (accessed February 20, 2011)
Olden, E.: Architecting a Cloud-Scale Identity Fabric. Computer 44(3), 52–59 (2011)
Furlani, C.M.: Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud (online) National Institute of Standards and Technology, NIST (2010), http://www.nist.gov/director/ocla/testimony/upload/Cloud-Computing-testimony-FINAL-with-Bio.pdf (accessed October 2, 2010)
Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud Computing and Grid Computing 360-Degree Compared. In: Grid Computing Environments Workshop, GCE 2008, pp. 1–10 (2008)
VMware and SAVVIS, Securing the Cloud A Review of Cloud Computing, Security Implications and Best Practices (online) VMware (2009), http://www.savvis.net/en-US/Info_Center/Documents/Savvis_VMW_whitepaper_0809.pdf (accessed October 15, 2010)
Jaeger, T., Schiffman, J.: Outlook: Cloudy with a chance of Security Challenges and Improvements. IEEE Security & Privacy 8(1), 77–80 (2010)
Cloud Computing Use Case Discussion Group, Cloud Computing Use Cases White Paper Version 4.0. (online) Cloud Computing Use Case Discussion Group (2010), http://opencloudmanifesto.org/Cloud_Computing_Use_Cases_Whitepaper-4_0.pdf (accessed November 6, 2010)
McMillan, R.: Cisco CEO: Cloud Computing a ‘Security nightmare (online) (2009), http://www.csoonline.com/article/490368/cisco-ceo-cloud-computing-a-security-nightmare (accessed October 20, 2010)
Shah, D., Patel, D.: Dynamic and Ubiquitous Security Architecture for Global SOA. In: The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, Valencia, Spain, pp. 482–487 (2008)
Geric, S.: Security of Web Services based Service-oriented Architectures. In: Proceeding of the 33rd International Convention, MIPRO 2010, Opatija, Croatia, pp. 1250–1255 (2010)
Nordbotten, N.A.: XML and Web Services Security Standards. IEEE Communications Surveys & Tutorials 11(3), 4–21 (2009)
Sachdeva, S., Machome, S., Bhalla, S.: Web Services Security Issues in Healthcare Applications. In: 9th IEEE/ACIS International Conference on Computer and Information Science (ICIS), Yamagata, pp. 91–96 (2010)
Douligeris, C., Ninios, G.P.: Security in Web Services. In: Dougligeris, C., Serpanos, D. (eds.) Network Security: Current Status and Future Directions, ch. 11, pp. 179–204. Wiley, IEEE Press Publisher (2007)
W3C, Web Services Architecture, W3C Working Group Note (online) World Wide Web Consortium (2004), http://www.w3.org/TR/ws-arch/#id2260892 (accessed January 20, 2011)
CA Software, CA SOA Security Manager: Securing SOA / Web Services Based IT Architectures (online) CA (2007), http://www.ca.com/files/technologybriefs/34499-ca-soa-sm-tech-brf_162833.pdf (accessed February 17, 2011)
Wynn, R.: Securing the Cloud: Is it a Paradigm Shift in Information Security. Hacking IT Security Magazine 5(7) (2010)
Wrenn, G.: CISSP, ISSEP, Unisys Secure Cloud Addressing the Top Threats of Cloud Computing, (online) (2010), White Paper, http://www.unisys.com/unisys/unisys/inc/pdf/whitepapers/38507380-000.pdf (accessed October 17, 2010)
CSA, Top Threats to Cloud Computing V1.0 (online) Cloud Security Alliance (2010), https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (accessed July 27, 2011)
ENISA, Cloud Computing Bnefits, Risks and Recommendations for Information Security (online) European Network and Information Security Agency (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport (accessed July 27, 2011)
Jamil, D., Zaki, H.: Security Issues in Cloud Computing and Countermeasures. International Journal of Engineering Science and Technology (IJEST) 3(4) (2011) ISSN: 0975-5462
Grobauer, B., Walloschek, T., Stocker, E.: Understanding Cloud-Computing Vulnerabilities. IEEE Security & Privacy 9(2), 50–57 (2011)
Elastic Security, Amazon EC2 ‘broad character’ support and Security impact on third party tools such as Elastic Detector (online), http://elastic-security.com/2011/02/18/amazon-ec2-broad-character-support-and-security-impact-on-third-party-tools-such-as-elastic-detector/ (accesssed July 30, 2011)
Cisco and VMware, DMZ Virtualization Using VMware vSphere 4 and the Cisco Nexus 1000V Virtual Switch (online) (2009), http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf (accessed October 20, 2010)
Trend Micro, Cloud Computing Security (online) A Trend Micro White Paper (2009), http://www.whitestratus.com/docs/making-vms-cloud-ready.pdf (accessed October 20, 2010)
Discretix Technologies Ltd., n.d. Introduction to Side Channel Attacks (online), http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf (accessed October 25, 2010)
Ristenpart, T., Tromer, E., Schacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party compute Clouds. In: ACM Conference on Computer and Communications Security, Chicago (2009)
CSA, Domain 12: Guidance for Identity & Access Management V2.1 (online) Cloud Security Alliance (2010b), http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf (accessed November 3, 2010)
OASIS, Service Provisioning Markup Language (SPML) Version 1.0 (online) OASIS (2003a), http://www.oasis-open.org/committees/download.php/4137/os-pstc-spml-core-1.0.pdf (accessed November 4, 2010)
Harding, P.: State of Cloud Identity. In: 2nd Annual Cloud Identity Summit, San Francisco (2011)
Mortimore, C., Harding, P., Madsen, P., Smarr, J.: Simple Cloud Identity Management: Core Schema 1.0 –draft1 (online) (2011), http://www.simplecloud.info/specs/draft-scim-core-schema-01.html (accessed September 10, 2011)
Lynch, L.: Inside the Identity Management Game. IEEE Internet Computing 15(5), 78–82 (2011)
Ping Identity, The Primer: Nuts and Bolts of Federated Identity Management White Paper (online) Ping Identity Corporation (2010a), http://secprodonline.com/~/media/SEC/Security%20Products/Whitepapers/2008/06/Ping%20Identity_WP_PrimerFIM%20pdf.ashx (accessed February 10, 2011)
Ping Identity, SAML 101 White paper (online) Ping Identity Corporation (2010b), https://www.pingidentity.com/unprotected/upload/SAML-101.pdf (accesed February 10, 2011)
OASIS, Security Assertion Markup Language (SAML) V2.0 Technical Overview (online) OASIS (2008), http://www.oasis-open.org/committees/download.php/20645/sstc-saml-tech-overview-2%200-draft-10.pdf (accessed November 10, 2010)
Buecker, A., Ashley, P., Readshaw, N.: Federated Identity and Trust Management. International Bussiness Machines (IBM), Redpaper (2008)
OASIS, SAML V2.0 Executive Overview (online) OASIS (2005a), http://www.oasis-open.org/committees/download.php/13525/sstc-saml-exec-overview-2.0-cd-01-2col.pdf (accessed November 10, 2010)
Majava, J., Biasiol, A., Van der Maren, A.: Report on comparison and assessment of eID management solutions interoperability (online) European Communities (2007), http://ec.europa.eu/idabc/servlets/Doceb29.pdf?id=29620 (accessed February 10, 2011)
OAuth, n.d., OAuth Community Site (online), http://oauth.net/ (accessed September 10, 2011)
Wu, W., Zhang, H., Li, Z.: Open Social based Collaborative Science Gateways. In: 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 554–559 (2011)
Sun Microsystems, Inc., Sun’s XACML Implementation Programmer’s Guide for Version 1.2 (online) Sun Microsystems (2004), http://sunxacml.sourceforge.net/guide.html (accessed February 7, 2011)
Bertino, E., Martino, L.D., Paci, E., Squicciarini, A.C.: Security for Web Services and Service-Oriented Architecture. Springer, Heidelberg (2010) ISBN 978-3-540-87741-7
Lakshminarayanan, S.: Interoperable Security Standards for Web Services. IEEE IT Professional 12(5), 42–47 (2010)
Goulding, J.T., Broberg, J., Gardiner, M.: Identity and access management for the cloud: CA’s strategy and vision (online) CA, Inc., White paper (2010), http://www.ca.com/files/WhitePapers/iam_cloud_security_vision_wp_236732.pdf (accessed August 11, 2011)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34, 1–11 (2011)
Fischer International Identity, LLC, Identity as a Service (IAAS) Technology, White paper (2009)
Fischer International Identity, LLC, Product Overview Introducing Fischer Identity, White paper (2009)
IBM Corporation, IBM Tivoli Access Management for Cloud and SOA environments (online) (2010), ftp://public.dhe.ibm.com/common/ssi/ecm/en/tis14053usen/TIS14053USEN_HR.PDF (accessed August 11, 2011)
Novell, Novell Cloud Security Service 1.0 SP2 (online) Novell (2011), http://www.novell.com/documentation/novellcloudsecurityservice/ (accessed May 21, 2011)
Novell, Annexing the Cloud Novell Cloud Security Service (online) Novell (2010), http://www.asiacloudforum.com/system/files/WP_Novell_annexing_cloud_security.pdf (accessed May 21, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Lonea, A.M., Tianfield, H., Popescu, D.E. (2013). Identity Management for Cloud Computing. In: Balas, V., Fodor, J., Várkonyi-Kóczy, A. (eds) New Concepts and Applications in Soft Computing. Studies in Computational Intelligence, vol 417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28959-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-28959-0_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28958-3
Online ISBN: 978-3-642-28959-0
eBook Packages: EngineeringEngineering (R0)