Engineering & Technology

Tips For Developing Secure And Flexible Management Policy For Multiple Users Over The Cloud

Sep 18, 2019

RESEARCH REPORT

In Brief:

General background

With the ascent of Cloud Computing (CC), a huge number of clients and different applications have looked to speak with one another, swapping sensitive information (Werner, Westphall, & Westphall, 2017). In consequences, for efficiently managing various resources and applications, the use of tools and models is significant for securely managing different user identities as well as avoiding compromising data privacy. For this, most of them suggested a federated identity management process which utilizes the privacy appliances towards assisting in consistence with current legislation. In the section, we analyse the privacy and security issues in cloud identity management and relating the features and challenges. At the end we discuss brief note of recommendation for Developing Secure and Flexible Management Policy for both multiple Users and cloud system.

See also: Security and Privacy Issues over the Cloud Environment
See also: Secure Access Control Framework for Fully Fledged Network Security Control

Significance and need of identity management and fine-grained access control policies

    Generally, the CC improves the managing capability of computing sources through merging the concepts like on-demand use, elasticity and resource allocation in a dynamic manner (Eludiora et al., 2011). However, for multiple users, cloud system and huge amount of data in the field of big data application becomes complex (Subashini & Kavitha, 2011) wherein the concern of privacy issues. In this perspective, Identity and Access Management (IAM) is frequently used towards providing access control facilities and control identity of data. Few of the identity management (IM) tools utilizes with appropriate individualities (S. Singh, Jeong, & Park, 2016) by considering various mechanism for addressing privacy issues. But, till there is an issue like user data leakage, lack of control on the dissemination of personal information are recurring and distribution of unnecessary attributes in cloud environments (Castiglione et al., 2015; A. Singh & Chatterjee, 2015). So, to obtain cloud identity management as well as met the present regulation, the providers should protect the user privacy, data, entities and data throughout their lifecycle. (Indu, Anand, & Bhaskar, 2018; Werner et al., 2017). This identity management procedure will meet the requirement fine-grained access control process and user flexibility of data access.

Figure 1: Overview of Cloud Storage System Based on Characteristics, Need and Challenges

    IM components dealt with the need for authorization and authentication Legillon et al. (2013) in the cloud environment (Oliveira, Trinta, Vieira, & Cortes, 2018). The pictorial representation of Cloud Storage System with respect to the system Characteristics, Need and Challenges are discussed in figure 1.

Authentication (AN)

    The term AN is defined as the process of approving an entity via other entity which is used to ensure whether the application or person is qualified for claiming or accessing data. The common AN approaches are third party authentication, 3D password objects, digital device authentication, multifactor authentication, simple text passwords, biometric authentication and graphical passwords. Nowadays, cloud access consent is granted via the IM system (Butun, Erol-Kantarci, Kantarci, & Song, 2016; Indu et al., 2018).

Authorization (AR)

    Based on the authenticated user’s entitlements, the AR will be disagreeing or permitting access to a particular resource. AR decides like what applications or which user is permitted to make on system and application/user identity data are used for decision making (Khan et al., 2014). The cloud network comprises various service providers in which a single user can access various services at same time whereas each service from various security levels and service provider (Indu et al., 2018).

    For ensuring the valid user’s access (for various services and resources) in IAM system, an access control governance cloud service provider (CSPs) defines the set of policies which is relevant to the access control. To meet the objective of each organization, CSPs should ensure the significant features such as Governance, Risk Management and Compliance (GRC) (Indu et al., 2018; Zhang, Zheng, Li, Li, & Li, 2016).

Identity & access management systems

    First, the term IM is a process of managing, creating using identities and infrastructure which offered support for these processes. Also, it is capable of performing functions like discovery, policy enforcement, information exchange, administration, maintenance, management and data authentication. Each application or person identified through credential that denotes a group of attributes, delivered through reliable resources (Werner et al., 2017).

    To ensure the security in IAM, the data’s are approved and managed by the same identity for entire applications. It is used to validate the data users, services or devices as well as have rights to access or deny data. Moreover, it does not need its own authentication or identity to authenticate the data (Indu et al., 2018). The IAM simplifies the management of large-scale distributed systems which minimizes the application workload.

Recommendation

    From the above points, we concluded that there is a need for effective key-based authentication to enhance the performance of flexible management for both multiple users and cloud system.

    Also required authorization policies for multi-party cloud infrastructure data sharing as it offers flexible and dynamic operations.

Summary

    This section summarized and analysed the recent security, mitigations and potential threats aspects in cloud system along with the significance of data access management, identity management, services and security concern. From this we found there is a need for effective IAM mechanism for development of secure and flexible management policies which will enhance the system performance in both security and privacy concern.
References
Butun, I., Erol-Kantarci, M., Kantarci, B., & Song, H. (2016). Cloud-centric multi-level authentication as a service for secure public safety device networks. IEEE Communications Magazine, 54(4), 47–53.
https://doi.org/10.1109/MCOM.2016.7452265

Castiglione, A., De Santis, A., Masucci, B., Palmieri, F., Castiglione, A., Li, J., & Huang, X. (2015). Hierarchical and Shared Access Control. IEEE Transactions on Information Forensics and Security, 11(4), 850–865.
https://doi.org/10.1109/TIFS.2015.2512533

Eludiora, S., Abiona, O., Oluwatope, A., Oluwaranti, A., Onime, C., & Kehinde, L. (2011). A User Identity Management Protocol for Cloud Computing Paradigm. International Journal of Communications, Network and System Sciences, 04(03), 152–163. https://doi.org/10.4236/ijcns.2011.43019

Indu, Anand, R., & Bhaskar, V. (2018). Identity and access management in cloud environment: Mechanisms and challenges. Engineering Science and Technology, an International Journal, 21(4), 574–588.
https://doi.org/10.1016/j.jestch.2018.05.010

Khan, A. N., Kiah, M. L. M., Madani, S. A., Ali, M., Khan, A. ur R., & Shamshirband, S. (2014). Incremental proxy re-encryption scheme for mobile cloud computing environment. The Journal of Supercomputing, 68(2), 624–651.
https://doi.org/10.1007/s11227-013-1055-z

Legillon, F., Melab, N., Renard, D., & Talbi, E.-G. (2013). Cost minimization of service deployment in a multi-cloud environment. In 2013 IEEE Congress on Evolutionary Computation (pp. 2580–2587). IEEE.
https://doi.org/10.1109/CEC.2013.6557880

Oliveira, de C. J., Trinta, F., Vieira, D., & Cortes, O. A. C. (2018). Evolutionary solutions for resources management in multiple clouds: State-of-the-art and future directions. Future Generation Computer Systems, 88, 284–296.
https://doi.org/10.1016/j.future.2018.05.087

Singh, A., & Chatterjee, K. (2015). Identity Management in Cloud Computing through Claim-Based Solution. In 2015 Fifth International Conference on Advanced Computing & Communication Technologies (pp. 524–529). IEEE.
https://doi.org/10.1109/ACCT.2015.89

Singh, S., Jeong, Y.-S., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200–222. https://doi.org/10.1016/j.jnca.2016.09.002 Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1–11.
https://doi.org/10.1016/j.jnca.2010.07.006

Werner, J., Westphall, C. M., & Westphall, C. B. (2017). Cloud identity management: A survey on privacy strategies. Computer Networks, 122, 29–42.
https://doi.org/10.1016/j.comnet.2017.04.030

Zhang, Y., Zheng, D., Li, Q., Li, J., & Li, H. (2016). Online/offline unbounded multi-authority attribute-based encryption for data sharing in mobile cloud computing. Security and Communication Networks, 9(16), 3688–3702.
https://doi.org/10.1002/sec.1574