An Entity-centric Approach for Privacy and Identity Management in Cloud Computing

Download
2010-11-03
Angın, Pelin
Ranchal, Rohit
Singh, Noopur
LİNDERMAN, Mark
Ben Othmane, Lotfi
Lilien, Leszek
Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entities that use it. In cloud computing, entities may have multiple accounts associated with different SPs, or one SP. Sharing PIIs of the same entity across services along with associated attributes can lead to mapping of PIIs to the entity. We propose an entity-centric approach for IDM in the cloud. The approach is based on: (1) active bundles-each including a payload of PII, privacy policies and a virtual machine that enforces the policies and uses a set of protection mechanisms to protect themselves; (2) anonymous identification to mediate interactions between the entity and cloud services using entity's privacy policies. The main characteristics of the approach are: it is independent of third party, gives minimum information to the SP and provides ability to use identity data on untrusted hosts.

Suggestions

A Monitoring Approach for Policy Enforcement in Cloud Services
FERNANDO, Ruchith; RANCHAL, Rohit; BHARGAVA, Bharat; Angın, Pelin (2017-06-30)
When clients interact with a cloud-based service, they expect certain levels of quality of service guarantees. These are expressed as security and privacy policies, interaction authorization policies, and service performance policies among others. The main security challenge in a cloud-based service environment, typically modeled using service-oriented architecture (SOA), is that it is difficult to trust all services in a service composition. In addition, the details of the services involved in an end-to-en...
EXTENSION OF AN OPEN SOURCE RESOURCE MANAGEMENT TOOL FOR HETEROGENEOUS CLOUD DATA CENTERS: IMPLEMENTATION AND EVALUATION
Doğan, Taha; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2022-2-11)
Cloud Computing is enabled by the virtualization of computing resources to realize users' requests of virtual machines (VMs) and data processing in the scope of Infrastructure as a Service (IaaS) and Software as a Service (SaaS) respectively. The current heterogeneous cloud data centers incorporate hardware accelerators in addition to the conventional servers to offer these services more efficiently. It is an important research problem to allocate heterogeneous physical computing resources to a mixture of ...
An Information security framework for web services in enterprise networks
Sarıkoz, Bahadır Gökhan; Günel Kılıç, Banu; Department of Information Systems (2015)
Web Service, an open standard based on existing Internet protocols, provides a flexible solution to web application integration. It provides faster, more practical and more effective way of solutions for the organizational structures. Online shopping, billing, reservation and other way of standards provided to people mostly depend on web services. On the other hand, it provides corporate identity and functionality of an organization. Since the importance and the necessity of the web services increase day by...
A Flow Aggregation Method for the Scalable and Efficient Quality of Service Support in Next Generation Networks
Sanli, Mustafa; Schmidt, Şenan Ece; Guran, Hasan Cengiz (2013-12-13)
The services in the Next Generation Network (NGN) will be created on demand by the customers and will require end-to-end Quality of Service (QoS) for each flow. A very significant component for the end-to-end QoS support in the Internet is the packet schedulers in the routers. The complexity of the packet scheduling algorithms increases with the number of flows. As a solution, flow aggregation decreases the number of flows processed by the scheduler. The previous work in the literature proves that if the fl...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
Citation Formats
P. Angın, R. Ranchal, N. Singh, M. LİNDERMAN, L. Ben Othmane, and L. Lilien, “An Entity-centric Approach for Privacy and Identity Management in Cloud Computing,” 2010, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/43055.