A Client-Centric ASM-Based Approach to Identity Management in Cloud Computing

  • Mircea Boris Vleju
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7518)

Abstract

We introduce the concept of an identity management machine (based on ASM) to mitigate problems regarding identity management in cloud computing. We decompose the client to cloud interaction into three distinct scenarios and introduce a set of ASM rules for each of them. We first consider a direct client to cloud interaction where the identity information stored on the client side is mapped to the identity created on the cloud provider’s IdM system. To enhance privacy we then introduce the concept of real, obfuscated and partially obfuscated identities. Finally we take advantage of the increase in standardization in IdM systems defining the rules necessary to support authentication protocols such as OpenID. Our solution makes no supposition regarding the technologies used by the client and the cloud provider. Through abstract functions we allow for a distinct separation between the IdM system of the client and that of the cloud or service provider. Since a user is only required to authenticate once to our system, our solution represents a client centric single sign-on mechanism for the use of cloud services.

Keywords

cloud computing abstract state machine identity management client centric 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Brad, A.M.: New threats in cloud computing - with focus on identity and access management. Master’s thesis, Johannes Kepler Universität Linz (July 2010)Google Scholar
  2. 2.
    Vleju, M.B.: New threats in cloud computing - with focus on cloud misuse and cloud vulnerabilities from the client side. Master’s thesis, Johannes Kepler Universität Linz (July 2010)Google Scholar
  3. 3.
    Brunette, G., Mogull, R.: Security Guidance for critical areas of focus in Cloud Computing V2. 1. CSA (Cloud Security Alliance), USA (2009), http://www.cloudsecurityalliance.org/guidance/csaguide.v21
  4. 4.
    Fahmy, H.: New threats in cloud computing - ensuring proper connection and database forensics from the client side. Master’s thesis, Johannes Kepler Universität Linz (July 2010)Google Scholar
  5. 5.
    Alpár, G., Hoepman, J.H., Siljee, J.: The identity crisis. security, privacy and usability issues in identity management. CoRR abs/1101.0427 (2011)Google Scholar
  6. 6.
    Dhamija, R., Dusseault, L.: The seven flaws of identity management: Usability and security challenges. IEEE Security Privacy 6(2), 24–29 (2008)CrossRefGoogle Scholar
  7. 7.
    Ahn, G.J., Ko, M., Shehab, M.: Privacy-enhanced user-centric identity management. In: IEEE International Conference on Communications, ICC 2009, pp. 1–5 (June 2009)Google Scholar
  8. 8.
    Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 51–65 (May 2007)Google Scholar
  9. 9.
    Zhang, Y., Chen, J.L.: Universal identity management model based on anonymous credentials. In: 2010 IEEE International Conference on Services Computing (SCC), pp. 305–312 (July 2010)Google Scholar
  10. 10.
    Alrodhan, W., Mitchell, C.: Addressing privacy issues in cardspace. In: Third International Symposium on Information Assurance and Security, IAS 2007, pp. 285–291 (August 2007)Google Scholar
  11. 11.
    Oppliger, R., Gajek, S., Hauser, R.: Security of microsoft’s identity metasystem and cardspace. In: Communication in Distributed Systems (KiVS), 2007 ITG-GI Conference, February 26 - March 2, pp. 1–12 (2007)Google Scholar
  12. 12.
    Cameron, K., Posch, R., Rannenberg, K.: Proposal for a Common Identity Framework: A User-Centric Identity Metasystem (2008)Google Scholar
  13. 13.
    Börger, E., Stärk, R.F.: Abstract State Machines. A Method for High-Level System Design and Analysis. Springer (2003)Google Scholar
  14. 14.
    Bakken, D., Rarameswaran, R., Blough, D., Franz, A., Palmer, T.: Data obfuscation: anonymity and desensitization of usable data sets. IEEE Security Privacy 2(6), 34–41 (2004)CrossRefGoogle Scholar
  15. 15.
    The Open Group Identity Management Work Area: Identity management. White Paper (March 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mircea Boris Vleju
    • 1
  1. 1.Christian-Doppler Laboratory for Client-Centric Cloud Computing (CDCC)Hagenberg im MühlkreisAustria

Personalised recommendations