2,394 research outputs found
A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications
Cloud computing is significantly reshaping the computing industry built
around core concepts such as virtualization, processing power, connectivity and
elasticity to store and share IT resources via a broad network. It has emerged
as the key technology that unleashes the potency of Big Data, Internet of
Things, Mobile and Web Applications, and other related technologies, but it
also comes with its challenges - such as governance, security, and privacy.
This paper is focused on the security and privacy challenges of cloud computing
with specific reference to user authentication and access management for cloud
SaaS applications. The suggested model uses a framework that harnesses the
stateless and secure nature of JWT for client authentication and session
management. Furthermore, authorized access to protected cloud SaaS resources
have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component
and a Policy Activity Monitor (PAM) component have been introduced. In
addition, other subcomponents such as a Policy Validation Unit (PVU) and a
Policy Proxy DB (PPDB) have also been established for optimized service
delivery. A theoretical analysis of the proposed model portrays a system that
is secure, lightweight and highly scalable for improved cloud resource security
and management.Comment: 6 Page
A gap analysis of Internet-of-Things platforms
We are experiencing an abundance of Internet-of-Things (IoT) middleware
solutions that provide connectivity for sensors and actuators to the Internet.
To gain a widespread adoption, these middleware solutions, referred to as
platforms, have to meet the expectations of different players in the IoT
ecosystem, including device providers, application developers, and end-users,
among others. In this article, we evaluate a representative sample of these
platforms, both proprietary and open-source, on the basis of their ability to
meet the expectations of different IoT users. The evaluation is thus more
focused on how ready and usable these platforms are for IoT ecosystem players,
rather than on the peculiarities of the underlying technological layers. The
evaluation is carried out as a gap analysis of the current IoT landscape with
respect to (i) the support for heterogeneous sensing and actuating
technologies, (ii) the data ownership and its implications for security and
privacy, (iii) data processing and data sharing capabilities, (iv) the support
offered to application developers, (v) the completeness of an IoT ecosystem,
and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims
to highlight the deficiencies of today's solutions to improve their integration
to tomorrow's ecosystems. In order to strengthen the finding of our analysis,
we conducted a survey among the partners of the Finnish IoT program, counting
over 350 experts, to evaluate the most critical issues for the development of
future IoT platforms. Based on the results of our analysis and our survey, we
conclude this article with a list of recommendations for extending these IoT
platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer
Communications, special issue on the Internet of Things: Research challenges
and solution
My Private Cloud Overview: A Trust, Privacy and Security Infrastructure for the Cloud
Based on the assumption that cloud providers can be trusted (to a certain extent) we define a trust, security and privacy preserving infrastructure that relies on trusted cloud providers to operate properly. Working in tandem with legal agreements, our open source software supports: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails. Armed with these tools, cloud service providers are then able to offer a reliable privacy preserving infrastructure-as-a-service to their clients
A look at cloud architecture interoperability through standards
Enabling cloud infrastructures to evolve into a transparent platform while preserving integrity raises interoperability issues. How components are connected needs to be addressed. Interoperability requires standard data models and communication encoding technologies compatible with the existing Internet infrastructure. To reduce vendor lock-in situations, cloud computing must implement universal strategies regarding standards, interoperability and portability. Open standards are of critical importance and need to be embedded into interoperability solutions. Interoperability is determined at the data level as well as the service level. Corresponding modelling standards and integration solutions shall be analysed
Cloud Security : A Review of Recent Threats and Solution Models
The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)
Using Microservices to Customize Multi-Tenant SaaS: From Intrusive to Non-Intrusive
Customization is a widely adopted practice on enterprise software applications such as Enterprise resource planning (ERP) or Customer relation management (CRM). Software vendors deploy their enterprise software product on the premises of a customer, which is then often customized for different specific needs of the customer. When enterprise applications are moving to the cloud as mutli-tenant Software-as-a-Service (SaaS), the traditional way of on-premises customization faces new challenges because a customer no longer has an exclusive control to the application. To empower businesses with specific requirements on top of the shared standard SaaS, vendors need a novel approach to support the customization on the multi-tenant SaaS. In this paper, we summarize our two approaches for customizing multi-tenant SaaS using microservices: intrusive and non-intrusive. The paper clarifies the key concepts related to the problem of multi-tenant customization, and describes a design with a reference architecture and high-level principles. We also discuss the key technical challenges and the feasible solutions to implement this architecture. Our microservice-based customization solution is promising to meet the general customization requirements, and achieves a balance between isolation, assimilation and economy of scale
- …