A metric-based approach to assess risk for "On cloud" federated identity management

Journal of Network and Systems Management

Volumn 20, Issue 4, 2012, Pages 513-533

  Arias Cabarcos, Patricia ^a   Rez Mendoza, Florina Almená ^a   Marín López, Andrés ^a   Díaz Sánchez, Daniel ^a   Sánchez Guerrero, Rosa ^a  

^a UNIVERSIDAD CARLOS III DE MADRID   (Spain)

Author keywords

Cloud computing; Federation; Risk assessment metrics; SAML; Trust management

Indexed keywords

ASSESSMENT METRICS; CLOUD PROVIDERS; COMPUTING PARADIGM; FEDERATED IDENTITY; FEDERATION; GLOBAL SCALABILITY; IDENTITY MANAGEMENT SYSTEMS; INTER-DOMAIN; RESEARCH CHALLENGES; RISK EVALUATION; RISK QUANTIFICATION; SAML; SECURITY PROBLEMS; SERVICE PROVISIONING; TRUST MANAGEMENT; TRUST MODELS;

ACCESS CONTROL; CLOUD COMPUTING;

RISK ASSESSMENT;

EID: 84867249207     PISSN: 10647570     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10922-012-9244-2     Document Type: Article

References (49)

1. Mell, P., Grance, T.: The NIST definition of cloud computing. National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications/ nistpubs/800-145/SP800-145.pdf (2009). Accessed 15 June 2012
2. Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: Proceedings of the IEEE International Conference on Cloud Computing, pp. 109-116. Bangalore, India (2009)
3. Harauz, J., Kaufman, L.M., Potter, B.: Data security in the world of cloud computing. IEEE Secur. Priv. 7(4), 61-64 (2009)
4. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1-11 (2011)
5. Gopalakrishnan, A.: Cloud computing identity management. SETLabs Brief 7(7), 45-55 (2009)
6. Hardjono, T., Rutkowski, M. (eds.): Identity in the Cloud - Use Cases Version 1.0, Draft Version 0.1q. http://docs.oasis-open.org/id-cloud/IDCloud- usecases/v1.0/IDCloud-usecases-v1.0.pdf (2011). Accessed 15 June 2012
7. Cloud Computing Use Case Discussion Group: Cloud computing use cases, Tech. Rep. Version 4.0. http://bit.ly/gjxdL7 (2010). Accessed 15 June 2012
8. Cloud Computing Use Case Discussion Group: Moving to the Cloud, Version 1.0. http://bit.ly/fuAkKF (2010). Accessed 15 June 2012
9. Open Cloud Manifesto: Open Cloud Manifesto. http://www. opencloudmanifesto.org/(2009). Accessed 15 June 2012
10. Arias, P., Almenárez, F., Marín, A., Díaz., D.: Enabling SAML for dynamic identity federation management. In.: Proceedings of Wireless and Mobile Networking Conference, pp. 173-184. Gdansk, Poland (2009)
11. Cabarcos, P.A.: Risk assessment for better identity management in pervasive environments. In: Proceedings of IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 389-390 (2011)
12. Buyya, R., Broberg, J., Goscinski, A.: Cloud Computing: Principles and Paradigms. Wiley, New York, NY, USA (2011)
13. Boehm, B.W.: Software risk management: principles and practices. IEEE Softw. 8(1), 32-42 (1991)
14. Jansen, W.: Directions in security metrics research. National Institute of Standards and Technology (NIST) Interagency Report, NISTIR 7564 (2009)
15. Maler, E., Reed, D.: The venn of identity: options and issues in federated identity management. IEEE Secur. Priv. 6(2), 16-23 (2008)
16. OpenID: OpenID Authentication 2.0. http://openid.net/specs/openid- authentication-2-0.html (2007). Accessed 15 June 2012
17. Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
18. Liberty Alliance: Liberty Alliance ID-FF 1.2 Specifications. http://www.projectliberty.org. Accessed 15 June 2012
19. Cantor, S., Moreh, J., Philpott, R. Maler, E. (eds.): Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005
20. Kantara Initiative. http://kantarainitiative.org/. Accessed 15 June 2012
21. Terena TF-EMC2: REFEDs Federation Survey. https://refeds.terena.org/ index.php/Federations. Accessed 15 June 2012
22. Hirsch, F., Philpott, R., Maler, E. (eds.): Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (2005)
23. Gómez, F., Girao, J., Martínez, G.: TRIMS, a Privacy-aware Trust and Reputation Model for Identity Management Systems. Comput. Netw. Special Issue Manag. Emerg. Comput. Environ. 54(16), 2899-2912 (2010)
24. Díaz-Sánchez, D., Marín López, A., Almenárez Mendoza, F., Campo Vázquez, C., García-Rubio, C.: Context awareness in network selection for dynamic environments. Telecommun. Syst. 36(1), 49-60 (2007)
25. Burr, W.E., Dodson, D.F., Polk, W.T.: NIST Special Publication 800-63 Version 1.0.2, Electronic Authentication Guidelines. National Institute of Standards and Technology (NIST) (2006)
26. Tiffany, E., Madsen, P., Cantor, S. (eds.): Level of Assurance Authentication Context Profiles for SAML 2.0. Working Draft 01 (2008)
27. Kemp, J., Cantor, S., Mishra, P., Philpott, R., Maler, E. (eds.): Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard (2005)
28. Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9-26 (1990)
29. Calvo, T., Kolesárová, A., Komorníková, M., Mesiar, R.: Aggregation operators: properties, classes and construction methods. In: Calvo, T., Mayor, G., Mesiar, R. (eds.) Aggregation Operators. New Trends and Applications, pp. 3-104. Physica-Verlag, Heidelberg (2001)
30. Zadeh, L.A.: Fuzzy sets. Inform. Control 8(3), 338-353 (1965)
31. Klir, G.J., Yuan, B.: Fuzzy Sets and Fuzzy Logic - Theory and Applications. Prentice-Hall, Inc., Englewood Cliffs, NJ, USA (1995)
32. Cantor, S. (ed.): SAML V2.0 Metadata Profile for Algorithm Support Version 1.0. OASIS Committee Draft (2010)
33. Bernstein, D., Vij, D.: Intercloud security considerations. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 537-544. Indianapolis, Indiana, USA (2010)
34. Almulla, S.A., Yeun, C.Y.: Cloud computing security management. In: Proceedings of 2nd International Conference on Engineering Systems Management and Its Applications, pp. 1-7. Sharjah, United Arab Emirates (2010)
35. Rimal, B.P., Jukan, A., Katsaros, D., Goeleven, Y.: Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Comput. 9(1), 3-26 (2011)
36. Goodner, M., Nadalin, A. (eds.): Web Services Federation Language (WS-Federation) Version 1.2, OASIS Web Services Federation (WSFED) TC (2009)
37. Hammer-Lahav, E. (ed.): The OAuth 1.0 Protocol. http://tools.ietf.org/ html/draft-hammer-oauth-10 (2010). Accessed 15 June 2012
38. Sengupta, S., Kaulgud, V., Sharma, V.S.: Cloud computing security - trends and research directions. In: Proceedings of the 7th IEEE World Congress on Services, pp. 524-531. Washington DC, USA (2011)
39. Catteddu, D., Hogben, G.: Cloud computing: benefits, risks and recommendations for Information security. Technical Report, European Network and Information Security Agency (2009)
40. Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. Information Technology Laboratory. National Institute of Standards and Technology (NIST). http://csrc.nist.gov/publications (2011). Accessed 15 June 2012
41. The Cloud Security Alliance (CSA): security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/ csaguide.v3.0.pdf (2011). Accessed 15 June 2012
42. Habib, S.M., Ries, S., Muhlhauser, M.: Cloud computing landscape and research challenges regarding trust and reputation. In: Proceedings of the Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, pp. 410-415. Xi'an, China (2010)
43. Palson Kennedy, R., Gopal, T.V.: Assessing the risks and opportunities of cloud computing - defining identity management systems and maturity models. In: Proceedings of the IEEE 2nd International Conference on Trendz in Information Sciences & Computing, pp. 138-142. Chennai, India (2010)
44. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Proceedings of the IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 693-702. Indianapolis, USA (2010)
45. Casola, V., Rak, M., Villano, U.: Identity federation in cloud computing. In: Proceedings of the IEEE 6th International Conference on Information Assurance and Security, pp. 253-259. Atlanta, USA (2010)
46. Celesti, A., Tusa, F., Villari, F.M., Puliafito, A.: Security and cloud computing: intercloud identity management infrastructure. In: Proceedings of the 19th IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 253-259. Larissa, Greece (2010)
47. Ates, M., Ravet, S., Ahmat, A.M., Fayolle, J.: An identity-centric internet: identity in the cloud, identity as a service and other delights. In: Proceedings of the 6th International Conference on Availability, Reliability and Security, pp. 555-560. Vienna, Austria (2011)
48. ETSI GS INS-004V 1.1.1, Group specification: identity and access management for networks and services; Dynamic federation negotiation and trust management in IdM systems (2010-11)
49. Almenarez, F., Marín, A., Díaz, D., Cortés, A., Campo, C., García, C.: Trust management for multimedia P2P applications in autonomic networking. Ad Hoc Netw. 9(4), 687-697 (2011)