KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Enhancing the trust in federated cloud environment through risk based access control

Domain:Cloud Security

Status: Completed
Contact Person(s):  Fowz Masood , Awais Shibli

Cloud federation is itself a new concept in cloud domain, which aims to provide better scalability. Different cloud service providers (CSP) join together to form a federation, in which CSPs share different resources and client’s data among each other. Now, there exists a possibility, when one CSP in a federation gets malicious or its performance gets unsatisfactory, to avoid any mishap there must be a way to restrict the privileges given to that specific CSP. This will make sure that other CSPs in federation don’t get affected by malicious CSP. Different trust establishment schemes have been proposed however; currently there is lack of a dynamic mechanism that can alter the privileges of a CSP based on its performance and feedback on the fly.


In this regard, we aim to provide a dynamic trust evaluation framework for cloud domain that will facilitate the CSPs to dynamically change the privileges given to the other CSPs, based on its the trust score that will be composed from two different parameters i.e. performance & feedback. A risk based access control (RAC) will be deployed, unlike traditional access control, RAC is dynamic in nature i.e. it incorporates the risk factor for making decisions. In proposed mechanism, risk will be calculated on fly, if the risk calculated is below the desired risk threshold then all privileges will be given, if not then the system will restrict certain privileges. Proposed mechanism will ensure the security of customer’s data in cloud environment.

 

 

 

Architecture

 


Project Documents:

  1. Absract  (PDF)
  2. Presentation  (PDF)
  3. Publication

      ► "A Novel Authorization Scheme for Cloud Federation"