A Zero-Trust Federated Identity and Access Management Framework for Cloud and Cloud-based Computing Environments

Identity and Access Management (IAM) is an important aspect of information security. The deployment of cloud computing (CC) and cloud-based computing (CbC) creates a complex information security scenario involving multiple global stakeholders and geographically dispersed infrastructures. Therefore, implementing IAM in CC/CbC requires the consideration and consolidation of multiple factors. A trust-based approach towards information security may not be a credible option for the CC/CbC environment as trust-based relationships among different architectural elements and including human beings may pose an additional security threat to the cloud space. In this paper, we propose a zero-trust framework for federated IAM in CC/CbC. The proposed framework incorporates a decentralised approach towards IAM that aims to minimise any single entity’s controlling power over the digital assets in the CC/CbC space. The critical component of the proposed framework is the decentralised audit log

Network-aware Evaluation Environment for Reputation Systems

Parties of reputation systems rate each other and use ratings to compute reputation scores that drive their interactions. When deciding which reputation model to deploy in a network environment, it is important to find the most suitable model and to determine its right initial configuration. This calls for an engineering approach for describing, implementing and evaluating reputation systems while taking into account specific aspects of both the reputation systems and the networked environment where they will run. We present a software tool (NEVER) for network-aware evaluation of reputation systems and their rapid prototyping through experiments performed according to user-specified parameters. To demonstrate effectiveness of NEVER, we analyse reputation models based on the beta distribution and the maximum likelihood estimation

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Issues and challenges: cloud computing e-Government in developing countries

Cloud computing has become essential for IT resources that can be delivered as a service over the Internet. Many e-government services that are used worldwide provide communities with relatively complex applications and services. Governments are still facing many challenges in their implementation of e-government services in general, including Saudi Arabia, such as poor IT infrastructure, lack of finance, and insufficient data security. This research paper investigates the challenges of e-government cloud service models in developing countries. This paper finds that governments in developing countries are influenced by how the top management deals with the attention to the adoption of cloud computing. Further, organisational readiness levels of technologies, such as IT infrastructure, internet availability and social trust of the adoption of new technology as cloud computing, still present limitations for e-government cloud services adoption. Based on the findings of the critical review, this paper identifies the issues and challenges affecting the adoption of cloud computing in e- government such as IT infrastructure, internet availability, and trust adopted new technologies thereby highlighting benefits of cloud computing-based e-government services. Furthermore, we propose recommendations for developing IT systems focused on trust when adopting cloud computing in e-government services (CCEGov)