Future Work - Conclusions and Future Work

7. Conclusions and Future Work

7.2. Future Work

In this research a cloud security system has been designed for managing authentication and authorization services applying quite new cloud service paradigm, such as Security as a Service. As such, there is a need to do more comprehensive observations and activities within this area and here are some of them:

 Cloud-based security service providers deal with end-users whose privacy should not be violated at all. Although the system promises that from theoretical perspective according to the applied security techniques and approaches, there is a need to conduct focused practical activities within this area in order to see the real picture of the security system robustness against potential privacy vulnerabilities.

At the same time all security credentials are stored in the central security system, which makes it possible to link and trace end-user activities by cloud identity service provider.

 Centralization of the identity services for a cloud environment represents another two issues: single point of failure and single target of attack. Therefore, there is a need to conduct extra work related to data replication and protection for solving those mentioned problems.

 Security evaluation of the proposed security services is based on security considerations associated only with communication channel level security risks.

That is why there is a necessity to make additional security evaluations against security issues associated with other system aspects, such as hardware, software, etc.

 System performance should be evaluated in a scalable environment in order to measure how responsive it is in case of large amount of service requests. This will also show how resistant the system is against denial of service attacks.

 The proposed system supports delivery of only two identity services. Therefore, more identity service features can be added, such as single log out, session refreshment, etc.

 The prototype implementation has some limitations: user can be assigned only one role at a time, there is no policy set concept applied for this system, and there is no separately implemented Policy Information Point service. Therefore, more features can be added to the prototype authorization system. Besides, a prototype of authentication system can be implemented according to the designed system.

55 | P a g e

Bibliography

[1] National Institute of Standards and Technology (NIST), “The NIST Definition of Cloud Computing.” Sep-2011.

[2] B. Sosinsky, Cloud Computing Bible, 1st ed. Wiley, 2011.

[3] P. Kalagiakos and P. Karampelas, “Cloud Computing learning,” in 2011 5th International Conference on Application of Information and Communication Technologies (AICT), 2011, pp. 1 –4.

[4] W. Liu, “Research on cloud computing security problem and strategy,” in 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet), 2012, pp. 1216 –1219.

[5] Cloud Security Alliance, “Top Threats to Cloud Computing V1.0.” Mar-2010.

[6] K. Popovic and Z. Hocenski, “Cloud computing security issues and challenges,” in 2010 Proceedings of the 33rd International Convention MIPRO, 2010, pp. 344 –349.

[7] X. Tan and B. Ai, “The issues of cloud computing security in high-speed railway,” in 2011 International Conference on Electronic and Mechanical Engineering and Information Technology (EMEIT), 2011, vol. 8, pp. 4358 –4363.

[8] Cloud Security Alliance, “Security Guidance for Critical Areas of Focus in Cloud Computing V 3.0.” 2011.

[9] M. Hamdi, “Security of cloud computing, storage, and networking,” in 2012 International Conference on Collaboration Technologies and Systems (CTS), 2012, pp. 1 –5.

[10] Cloud Security Alliance, “Security as a Service.” 2011.

[11] Cloud Security Alliance, “Security as a Service: Defined Categories of Service.” 2011.

[12] Y. Demchenko, C. Ngo, C. de Laat, T. W. Wlodarczyk, C. Rong, and W. Ziegler, “Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services,” in 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom), 2011, pp. 255 –263.

[13] S. Ramgovind, M. M. Eloff, and E. Smith, “The management of security in Cloud computing,” in Information Security for South Africa (ISSA), 2010, 2010, pp. 1 –7.

[14] M. Ates, S. Ravet, A. M. Ahmat, and J. Fayolle, “An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and Other Delights,” in 2011 Sixth International Conference on Availability, Reliability and Security (ARES), 2011, pp. 555 –560.

[15] H. Lee, I. Jeun, and H. Jung, “Criteria for Evaluating the Privacy Protection Level of Identity Management Services,” in Third International Conference on Emerging Security

Information, Systems and Technologies, 2009. SECURWARE ’09, 2009, pp. 155 –160.

[16] K. PEFFERS, T. TUUNANEN, M. A. ROTHENBERGER, and S. CHATTERJEE, “A Design Science Research Methodology for Information Systems Research,” Journal of Management Information Systems, vol. 24, no. 3, pp. 45–77, Winter 2007.

[17] The White House, Washington, “National Strategy for Trusted Identities in Cyberspace.”

Apr-2011.

[18] Federal Identity, Credentialing, and Access Management, “Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile.” 16-Dec-2011.

[19] A. Celesti, F. Tusa, M. Villari, and A. Puliafito, “Three-Phase Cross-Cloud Federation Model:

The Cloud SSO Authentication,” in 2010 Second International Conference on Advances in Future Internet (AFIN), 2010, pp. 94 –101.

[20] Organization for the Advancement of Structured Information Standards (OASIS),

“Reference Model for Service Oriented Architecture v 1.0.” 12-Oct-2006.

[21] World Wide Web Consortium (W3C), “Web Services Architecture.” 11-Feb-2004.

56 | P a g e [22] S. Graham, D. Davis, S. Simeonov, G. Daniels, P. Brittenham, Y. Nakamura, P. Fremantle, D.

Koenig, and C. Zentner, Building Web Services with Java: Making Sense of XML, SOAP, WSDL, and UDDI, 2nd ed. Sams, 2004.

[23] M. Miller, Cloud Computing: Web-Based Applications That Change the Way You Work and Collaborate Online, 1st ed. Que, 2008.

[24] J. Rittinghouse and J. Ransome, Cloud Computing: Implementation, Management, and Security, 1st ed. CRC Press, 2009.

[25] S. Lakshminarayanan, “Interoperable Security Standards for Web Services,” IT Professional, vol. 12, no. 5, pp. 42 –47, Oct. 2010.

[26] N. A. Nordbotten, “XML and Web Services Security Standards,” IEEE Communications Surveys Tutorials, vol. 11, no. 3, pp. 4 –21, quarter 2009.

[27] World Wide Web Consortium (W3C), “XML Signature Syntax and Processing (Second Edition).” 10-Jun-2008.

[28] World Wide Web Consortium (W3C), “XML Encryption Syntax and Processing.” 10-Dec-2002.

[29] World Wide Web Consortium (W3C), “XML Key Management Specification (XKMS).” 30-Mar-2001.

[30] Organization for the Advancement of Structured Information Standards (OASIS), “Web Services Security: SOAP Message Security 1.1.” 01-Feb-2006.

[31] Organization for the Advancement of Structured Information Standards (OASIS), “Web Services Security SOAP Messages with Attachments (SwA) Profile 1.1.” 01-Feb-2006.

[32] Organization for the Advancement of Structured Information Standards (OASIS), “Web Services Security: SAML Token Profile 1.1.” 01-Feb-2006.

[33] A. J. Choudhury, P. Kumar, M. Sain, H. Lim, and H. Jae-Lee, “A Strong User Authentication Framework for Cloud Computing,” in Services Computing Conference (APSCC), 2011 IEEE Asia-Pacific, 2011, pp. 110 –115.

[34] A. G. Revar and M. D. Bhavsar, “Securing user authentication using single sign-on in Cloud Computing,” in 2011 Nirma University International Conference on Engineering (NUiCONE), 2011, pp. 1 –4.

[35] Organization for the Advancement of Structured Information Standards (OASIS), “Security Assertion Markup Language (SAML) V2.0 Technical Overview.” 25-Mar-2008.

[36] Organization for the Advancement of Structured Information Standards (OASIS), “Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0.” 15-Mar-2005.

[37] M. Lorch, D. Kafura, and S. Shah, “An XACML-based policy management and authorization service for globus resources,” in Fourth International Workshop on Grid Computing, 2003.

Proceedings, 2003, pp. 208 – 210.

[38] G.-J. Ahn, H. Hu, J. Lee, and Y. Meng, “Representing and Reasoning about Web Access Control Policies,” in Computer Software and Applications Conference (COMPSAC), 2010 IEEE 34th Annual, 2010, pp. 137 –146.

[39] A. L. Pereira, “RBAC for High Performance Computing Systems Integration in Grid Computing and Cloud Computing,” in 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum (IPDPSW), 2011, pp. 914 –921.

[40] Organization for the Advancement of Structured Information Standards (OASIS),

“eXtensible Access Control Markup Language (XACML) Version 3.0.” 10-Aug-2010.

[41] Organization for the Advancement of Structured Information Standards (OASIS), “XACML Profile for Role Based Access Control (RBAC).” 13-Feb-2004.

57 | P a g e [42] Organization for the Advancement of Structured Information Standards (OASIS), “Profiles

for the OASIS Security Assertion Markup Language (SAML) V2.0.” 15-Mar-2005.

[43] National Institute of Standards and Technology (NIST), “Federal Information Processing Standards (FIPS) 196: Entity Authentication Using Public Key Cryptography.” 18-Feb-1997.

[44] Organization for the Advancement of Structured Information Standards (OASIS), “Security Assertion Markup Language (SAML) 2.0 profile of XACML v2.0.” 01-Feb-2005.

58 | P a g e

Appendix A

The WSDL file for the PDP Web Service Interface:

<!--

Published by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2.1 (tags/2.2.1-7242; 2012-08-03T12:35:22+0000) JAXWS-RI/2.2.7 JAXWS/2.2 svn-revision#unknown.

-->

<!--

Generated by JAX-WS RI at http://jax-ws.dev.java.net. RI's version is Metro/2.2.1 (tags/2.2.1-7242; 2012-08-03T12:35:22+0000) JAXWS-RI/2.2.7 JAXWS/2.2 svn-revision#unknown.

59 | P a g e

60 | P a g e

61 | P a g e

62 | P a g e

</operation>

</portType>

<wsp:PolicyReference URI="#PDPServiceProviderPortBindingPolicy"/>

<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>

<soap:operation soapAction=""/>

<input>

<wsp:PolicyReference URI="#PDPServiceProviderPortBinding_requestXACML_Authorization_Decision_Inp ut_Policy"/>

<soap:body use="literal"/>

</input>

<wsp:PolicyReference URI="#PDPServiceProviderPortBinding_requestXACML_Authorization_Decision_Out put_Policy"/>

<soap:body use="literal"/>

</output>

<soap:fault name="IOException" use="literal"/>

</fault>

</operation>

</binding>

<soap:address location="http://130.237.215.216:8080/PDPService/PDPServiceProvider"/>

</port>

</service>

</definitions>

63 | P a g e

<Description> this a policy for manager role </Description>

64 | P a g e

In document Authentication and Authorization Systems in Cloud Environments (Page 54-64)