Managing Access to Service Providers in Federated Identity Environments: A Case Study in a Cloud Storage Service

© 2015 IEEE. Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution

Virtualizing Smartphone Applications to the Cloud

Smartphone technologies have enabled sophisticated pervasive applications for mobile users. Still, many intensive applications perform poorly on smartphones due to the shortage of resources for computation, data storage, network bandwidth, and battery capacity. While such applications can be re-designed with client-server models to benefit from subscribed cloud services, the users are no longer in full control of the entire application execution, which has raised a serious concern. Meanwhile, privacy and security are also important issues, and it is an ongoing debate if public cloud services could be trusted with sensitive data. For mobile users to take full advantage of cloud services, these issues need to be resolved. In this paper, we propose an innovative framework for mobile users to execute existing Android applications on a personal virtual phone safely in the cloud. Instead of using a client-server model, the entire virtual phone is mostly controlled by the user to minimize the intervention from the service provider. Virtualization and encryption are employed to protect against eavesdropping from cloud providers and network attackers. To quickly migrate an Android application between the physical phone and the virtual phone, we use a new application-level checkpointing mechanism and minimize the state of the application