Identity and Access Management in the Cloud Federation Environments

Abstract

Cloud Federation is an emerging technology where Cloud Service Providers (CSPs) offering specialized services to customers collaborate in order to reap the real benefits of Cloud Computing. By collaboration, the member CSPs of the federation achieve better resource utilization and Quality of Service (QoS), thereby improving their business prospects. As there are different cloud services available in the cloud federation environment, if all the variety of services have their own authentication mechanisms, the various cloud users will have to log in and verify their credentials each and every time they use a different set of services from the cloud federation. This gives rise to the multiple credentials problem. In the cloud federation environment, the Single Sign-On (SSO) authentication mechanism can be used to verify the legitimate users without requiring them to get authenticated with each service provider separately. In this thesis, we discuss the design and implementation of SSO mechanism in the cloud federation scenario using the CloudSim toolkit. We have used the Fully Hashed Menezes-Qu-Vanstone (FHMQV) protocol for the key exchange and the Symmetric Key Encryption technique AES-256 for encrypting the identity tokens in the cloud federation environment. The analysis of the results shows that the proposed SSO approach reduces the average user response time considerably by solving the multiple credentials problem, besides providing the required security features. When a CSP in the cloud federation runs out of resources, suitable partner needs to be identified for offloading the customer requests for resources, and this is a challenging task due to the lack of global coordination among them. The cloud partner in the federation to which the user request can be transferred, should be selected in such a way that the QoS requirements of the users are not compromised and also the budgetary constraints of the users are taken care of. In this work, we propose the design and implementation of an efficient partner selection mechanism in the cloud federation, using the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) methods, and also considering the trust values of various CSPs in the federation. iThe AHP method is used to calculate the weights of the QoS parameters used in the TOPSIS method which is used to rank the various CSPs in the cloud federation according to the user requirements. Simulation results show the effectiveness of this approach in order to efficiently select the trustworthy partners in large scale federations to ensure the required QoS to the cloud consumers. In this work, we also propose a trust-based framework for the management of dynamic QoS violations, when one CSP requests resources from another CSP in the federation. We have implemented the proposed approach using the CloudSim toolkit, and the analysis of the results shows that by calculating the local trust and the recommended trust values of the CSPs, the dynamic QoS violations can be effectively solved. Thus, the proposed approach improves the performance, responsiveness, efficiency, reputation and the profits of the CSPs in the federation. In this thesis, we have also presented a trust-based approach for the management of dynamic break-glass access in the cloud federation environments. By using the multi-cloud based health care services, the quality of the health care given to patients can be improved, while reducing the overall health care cost. Thus, there should be an effective way to handle access requests to PHR data during emergency situations, when the patients’ information is stored in a cloud federation environment. In this work, we are proposing a trust and risk-based framework for finding the legitimacy of the emergency access requests in the cloud federation environment. The proposed mechanism calculates the risk involved in the access request and takes a suitable access decision by calculating the trust value of the user. We have implemented the proposed approach using the CloudSim toolkit, and the analysis of the results shows that the proposed approach is efficient in dealing with the break-glass access requests in the cloud federation environment. Thus, the approach improves the performance, responsiveness and the efficiency of the healthcare services delivered by the CSPs in the federation environment.