KTH-Applied Information Security Lab is working on the research project entitled “Secure and Authorized Dynamic Group Resource Management ” funded by Higher Education Commission, Pakistan. The project is approved with the proposed budget of 5 Million PKR. This project focuses on a complete holistic solution to problems of dynamic access control within group-centric environment, management of group resources and delegation of rights within groups. The main goal of this project is to provide a product with various features such as dynamic access control, dynamic delegation of access rights, completely encrypted data, dynamic certificate PKI integration, dynamic creation and revocation of groups and access rights in a group-centric environment.
Cloud Computing provides features of flexibility, unlimited storage capacity, easy and quick way to access resources, and overall cost reduction in obtaining services and resources. Despite all these benefits, security of Cloud have become the top most concern for IT and security professionals. Their degree of concern relates to secure processing and data storage, data segregation, recovery & replication of data, long term data viability and many more. In terms of unrestricted shared computing environment, one key issue is to allow secure authorized shared access to certain resources within a group. For an adequate data and application security, Cloud computing demands flexible and reliable access control mechanisms that ensures effective access management strategy for data and other resources hosted on Cloud.
The proposed product will facilitate educational institutions all over Pakistan as well as the security agencies, research community and software houses by providing a comprehensive solution to the problems related to group secure communication. This product will help effectively manage events and tasks in organizations by providing effective requirement based authorization and resource management accompanied with the feature of delegation of rights within groups.
Proposed framework will be developed in the form of a system. Principally, this system will be a group centric system to ensure that users are able to share information within certain groups. This system will enclose an implementation of various group centric access control mechanisms, identity management mechanisms and delegation profile of XACML 3.0.