A Zero-Trust Federated Identity and Access Management Framework for Cloud and Cloud-based Computing Environments

Identity and Access Management (IAM) is an important aspect of information security. The deployment of cloud computing (CC) and cloud-based computing (CbC) creates a complex information security scenario involving multiple global stakeholders and geographically dispersed infrastructures. Therefore, implementing IAM in CC/CbC requires the consideration and consolidation of multiple factors. A trust-based approach towards information security may not be a credible option for the CC/CbC environment as trust-based relationships among different architectural elements and including human beings may pose an additional security threat to the cloud space. In this paper, we propose a zero-trust framework for federated IAM in CC/CbC. The proposed framework incorporates a decentralised approach towards IAM that aims to minimise any single entity’s controlling power over the digital assets in the CC/CbC space. The critical component of the proposed framework is the decentralised audit log

Workflow Partitioning and Deployment on the Cloud using Orchestra

Orchestrating service-oriented workflows is typically based on a design model that routes both data and control through a single point - the centralised workflow engine. This causes scalability problems that include the unnecessary consumption of the network bandwidth, high latency in transmitting data between the services, and performance bottlenecks. These problems are highly prominent when orchestrating workflows that are composed from services dispersed across distant geographical locations. This paper presents a novel workflow partitioning approach, which attempts to improve the scalability of orchestrating large-scale workflows. It permits the workflow computation to be moved towards the services providing the data in order to garner optimal performance results. This is achieved by decomposing the workflow into smaller sub workflows for parallel execution, and determining the most appropriate network locations to which these sub workflows are transmitted and subsequently executed. This paper demonstrates the efficiency of our approach using a set of experimental workflows that are orchestrated over Amazon EC2 and across several geographic network regions.Comment: To appear in Proceedings of the IEEE/ACM 7th International Conference on Utility and Cloud Computing (UCC 2014

An investigation into the cloud manufacturing based approach towards global high value manufacturing for smes

Considering the high labour costs and intensive competitions in the global market, improving the effective deployment of innovative design and manufacturing and utilisation of all existing technical information, for the full life cycle of the product, is essential and much needed for manufacturing Small and Medium sized Enterprises (SMEs) in particular. Cloud Manufacturing , as a powerful tool supported with ‘big data’, will likely enable SMEs to move towards using dynamic scalability and ‘free’ available data resources in a virtual manner and to provide solution-based, value-added, digital-driven manufacturing service over the Internet. The research presented in this paper aims to develop a cloud manufacturing based approach towards value-added, knowledge/solution driven manufacturing for SMEs, where there are many constraints in engaging responsive high value manufacturing. The paper will present the framework, architecture and key moderator technologies for implementing cloud manufacturing and the associated application perspectives. The paper concludes with further discussion on the potential and application of the approach

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors