An Entity-centric Approach for Privacy and Identity Management in Cloud Computing

Angın, Pelin
Ranchal, Rohit
Singh, Noopur
Ben Othmane, Lotfi
Lilien, Leszek
Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entities that use it. In cloud computing, entities may have multiple accounts associated with different SPs, or one SP. Sharing PIIs of the same entity across services along with associated attributes can lead to mapping of PIIs to the entity. We propose an entity-centric approach for IDM in the cloud. The approach is based on: (1) active bundles-each including a payload of PII, privacy policies and a virtual machine that enforces the policies and uses a set of protection mechanisms to protect themselves; (2) anonymous identification to mediate interactions between the entity and cloud services using entity's privacy policies. The main characteristics of the approach are: it is independent of third party, gives minimum information to the SP and provides ability to use identity data on untrusted hosts.


A Monitoring Approach for Policy Enforcement in Cloud Services
FERNANDO, Ruchith; RANCHAL, Rohit; BHARGAVA, Bharat; Angın, Pelin (2017-06-30)
When clients interact with a cloud-based service, they expect certain levels of quality of service guarantees. These are expressed as security and privacy policies, interaction authorization policies, and service performance policies among others. The main security challenge in a cloud-based service environment, typically modeled using service-oriented architecture (SOA), is that it is difficult to trust all services in a service composition. In addition, the details of the services involved in an end-to-en...
Doğan, Taha; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2022-2-11)
Cloud Computing is enabled by the virtualization of computing resources to realize users' requests of virtual machines (VMs) and data processing in the scope of Infrastructure as a Service (IaaS) and Software as a Service (SaaS) respectively. The current heterogeneous cloud data centers incorporate hardware accelerators in addition to the conventional servers to offer these services more efficiently. It is an important research problem to allocate heterogeneous physical computing resources to a mixture of ...
An Information security framework for web services in enterprise networks
Sarıkoz, Bahadır Gökhan; Günel Kılıç, Banu; Department of Information Systems (2015)
Web Service, an open standard based on existing Internet protocols, provides a flexible solution to web application integration. It provides faster, more practical and more effective way of solutions for the organizational structures. Online shopping, billing, reservation and other way of standards provided to people mostly depend on web services. On the other hand, it provides corporate identity and functionality of an organization. Since the importance and the necessity of the web services increase day by...
A Quality model for cloud-based enterprise information systems
Şener, Umut; Eren, Pekin Erhan; Department of Information Systems (2016)
Organizations have migrated from on-premise enterprise information systems to Cloud-based Enterprise Information Systems (Cloud-EIS) due to the benefits of cloud computing, such as flexibility, availability on demand, and interdependence in information technology infrastructure. Accordingly, enterprises perceive the significance of the quality of Cloud-EIS for improving their businesses, and they pay more attention to selecting the suitable Cloud-EIS. Having looked at the extensive literature, only a few re...
A Flow Aggregation Method for the Scalable and Efficient Quality of Service Support in Next Generation Networks
Sanli, Mustafa; Schmidt, Şenan Ece; Guran, Hasan Cengiz (2013-12-13)
The services in the Next Generation Network (NGN) will be created on demand by the customers and will require end-to-end Quality of Service (QoS) for each flow. A very significant component for the end-to-end QoS support in the Internet is the packet schedulers in the routers. The complexity of the packet scheduling algorithms increases with the number of flows. As a solution, flow aggregation decreases the number of flows processed by the scheduler. The previous work in the literature proves that if the fl...
Citation Formats
P. Angın, R. Ranchal, N. Singh, M. LİNDERMAN, L. Ben Othmane, and L. Lilien, “An Entity-centric Approach for Privacy and Identity Management in Cloud Computing,” 2010, Accessed: 00, 2020. [Online]. Available: