Institute for Cyber Security Authorization Federation in MultiTenant
Institute for Cyber Security Authorization Federation in Multi-Tenant Multi-Cloud Iaa. S Navid Pustchi Dissertation Defense Department of Computer Science University of Texas San Antonio Advisor: Dr. Ravi Sandhu Co-Advisor: Dr. Ram Krishnan Dr. Gregory B. White Dr. Matthew Gibson Dr. Palden Lama 1
“Moving” to Cloud Flexibility Reliability Mobility World-Leading Research with Real-World Impact! Accessibility Security 2
Why Federation ? Ø Large organization with multiple tenants Ø Distinct organizations’ federation Service Provider CERN Software Development Tenant Acme Financial Tenant World-Leading Research with Real-World Impact! 3
Why Multi-Cloud? London Private Cloud Ø Federation consist of multiple clouds or multiple tenants. Amazon Public Cloud ACME Multi-Cloud Shanghai Private Cloud World-Leading Research with Real-World Impact! 4
Problem & Thesis Statement Ø Problem Statement Current access control models provided by cloud platforms are not sufficient to cultivate effective peer-to-peer and circle-of-trust federation between tenants in a cloud or across multiple cloud platforms. Prior role-based and attribute-based access control models in distributed systems are not effectively applicable to cloud Iaa. S. Ø Thesis Statement The problem of authorization federation in multi-tenant cloud Iaa. S can be partially solved by integrating multiple types of peer-to-peer and circle-of-trust relations between tenants in cloud and multi-cloud environments into rolebased and attribute-based access control models. World-Leading Research with Real-World Impact! 5
What is Cloud Federation? Ø Multi-Cloud, Federation of multiple cloud service providers (public or private) within different administrative domains (Cloud and Domain) to provide complex services at specified service model (Infrastructure, Platform and Software). Multi-Cloud Deployment Hybrid Cloud Broker Seamless Communication Cloud Federation Inter-Cloud Broker Ø Cloud Federation, Federation of cloud service providers and identity providers in order to share their services and resources based on trust agreements. Ø Hybrid Cloud, “A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities. ” World-Leading Research with Real-World Impact! 6
Federation in Cloud Federation Service Heterogeneous Homogeneous Platform Heterogeneous Homogeneous Trust Circle-of-Trust Identity Peer-to-Peer World-Leading Research with Real-World Impact! Authentication Authorization 7
Service in Cloud Federation Ø Service v Heterogeneous o Google account (Open ID 2. 0) Heterogeneous within google. Heterogeneous Service Federation v Homogeneous o Eduroam federated network access. o Open. Stack Federation. Homogeneous Service Federation World-Leading Research with Real-World Impact! 8
Platform in Cloud Federation Heterogeneous Platform Federation Amazon Public AWS Cloud Ø Platform ICS Private Open. Stack Cloud v Heterogeneous o Open. Stack federation with AWS. v Homogeneous o Keystone to Keystone federation. Homogeneous Platform Federation Rackspace Public Open. Stack Cloud ICS Private Open. Stack Cloud World-Leading Research with Real-World Impact! 9
Peer-to-Peer vs Circle-of-Trust Ø Peer-to-Peer Federation Tenant A Tenant C Tenant E Tenant B v Trust between a pair of tenants. v Specific set of actions between tenants. v Only trusted tenant. Ø Circle-of-Trust Federation v Trust between a group of tenants. v Similar policies and rules. v Acceptance of all tenants in the circle. Tenant D Tenant F World-Leading Research with Real-World Impact! 10
Authentication vs Authorization Ø Authentication Federation v Authenticating users (services and applications) in a cloud service provider other than their registered identity provider. v SAML, OAuth, Open. ID, SSO. Ø Authorization Federation v Determining federated users’ permissions to access federated resources and services. v SAML, OAuth. v Authorization federation is dependent on authenticated users. What permissions she should be granted? (Authorization Federation) Is the user the one she claims to be? (Authentication Federation) World-Leading Research with Real-World Impact! 11
Scope of Contribution Cloud Federation Service Saa. S Platform Trust Identity Iaa. S Homogeneous Circle-of-Trust Heterogeneous Peer-to-Peer Authentication World-Leading Research with Real-World Impact! Authorization 12
Scope of Contributed Models Cloud Iaa. S Multi-Tenant Multi-Cloud Multi-Tenant Cloud Peer-to-Peer MC MT-RBAC Circle-of-Trust Heterogeneous Homogeneous World-Leading Research with Real-World Impact! Peer-to-Peer MT-ABAC 13
Administrative Domains Ø Cloud Domain v Administration of services (compute, storage, network, and identity) and tenant domains. v Cloud bursting. Ø Tenant Domain v Administration of resources (users, groups and projects in Open. Stack). v Resource federation (cross-tenant access). World-Leading Research with Real-World Impact! 14
Peer-to-Peer Federation Models Cloud Iaa. S Multi-Tenant Multi-Cloud Multi-Tenant Cloud Peer-to-Peer MC MT-RBAC Circle-of-Trust Heterogeneous Homogeneous World-Leading Research with Real-World Impact! Peer-to-Peer MT-ABAC 15
Peer-to-Peer Federation Trust Peer-to-Peer Trust Initiation Bilateral Direction Transitivity Bidirectional Transitive Unilateral Unidirectional Non-transitive Ø Tenant-Trust v Unilateral, Unidirectional, and Non-Transitive. World-Leading Research with Real-World Impact! 16
P 2 P Trust Types Use Case Ø UTSA and Bo. A contract v Bo. A employees can get UTSA courses at discounted rates. v UTSA students can get student accounts at Bo. A. v Bo. A can select courses for its employee students at UTSA World-Leading Research with Real-World Impact! Bo. A 17
P 2 P Trust Types Use Case Ø UTSA and Bo. A contract v Bo. A employees can get UTSA courses at discounted rates. o UTSA can assign Bo. A employees to courses. v UTSA students can get student accounts at Bo. A. v Bo. A can select courses for its employee students at UTSA World-Leading Research with Real-World Impact! Bo. A 18
P 2 P Trust Types Use Case Ø UTSA and Bo. A contract v Bo. A employees can get UTSA courses at discounted rates. o Bo. A can assign employees to UTSA courses. v UTSA students can get student accounts at Bo. A. v Bo. A can select courses for its employee students at UTSA World-Leading Research with Real-World Impact! Bo. A 19
P 2 P Trust Types Use Case Ø UTSA and Bo. A contract v Bo. A employees can get UTSA courses at discounted rates. v UTSA students can get student accounts at Bo. A. v Bo. A can select courses for its employee students at UTSA World-Leading Research with Real-World Impact! Bo. A 20
P 2 P Trust Types Use Case Ø UTSA and Bo. A contract v Bo. A employees can get UTSA courses at discounted rates. v UTSA students can get student accounts at Bo. A. v Bo. A can select courses for its employee students at UTSA World-Leading Research with Real-World Impact! Bo. A 21
Multi-Cloud MT-RBAC World-Leading Research with Real-World Impact! 22
Keystone to Keystone Federation Open. Stack Paris Summit, Keystone to Keystone Federation, https: //www. openstack. org/summit/openstack-paris-summit-2014/sessionvideos/presentation/keystone-to-keystone-federation, (2014) World-Leading Research with Real-World Impact! 23
Multi-Cloud MT-RBAC Open. Stack Cloud 1 Domain A Cloud 2 Project. Role-Pair Domain B domain_admin Project. Role-Pair World-Leading Research with Real-World Impact! 24
OATT U Auth O A Association World-Leading Research with Real-World Impact! Access Decision 25
World-Leading Research with Real-World Impact! 26
Contributed Models Cloud Iaa. S Multi-Tenant Multi-Cloud Multi-Tenant Cloud Peer-to-Peer MC MT-RBAC Circle-of-Trust Heterogeneous Homogeneous World-Leading Research with Real-World Impact! Peer-to-Peer MT-ABAC 27
Circle-of-Trust Federation Trust Ø Homogeneous Circles v Multilateral, Bidirectional, Transitive. Ø Heterogeneous Circles v Multilateral, Unidirectional, Non-Transitive. World-Leading Research with Real-World Impact! 28
Co. T Trust Types Use Case Ø UT System Co. T Federation. v UT system students can take courses at any UT campus. v Students can access to libraries in UT system. UTA UTD UTSA UT World-Leading Research with Real-World Impact! 29
Co. T Trust Types Use Case Ø UT System Co. T Federation. v UT system students can take courses at any UT campus. o UTSA can assign students in UT to its courses. UTA UTD UTSA UT World-Leading Research with Real-World Impact! 30
Co. T Trust Types Use Case Ø UT System Co. T Federation. v Students can access to libraries in UT system. o UTA can assign its students to libraries in UT system. UTA UTD UTSA UT World-Leading Research with Real-World Impact! 31
World-Leading Research with Real-World Impact! 32
Ø Heterogeneous circle of Bo. A, Chase, UTSA, Geico, Allstate. v Each tenant can make user-role assignment based on its type to a domain. v UTSA can assign its students to discounted insurance offers and student accounts. UTSA University domain Geico Bo. A Insurance domain Bank domain Chase Allstate World-Leading Research with Real-World Impact! 33
World-Leading Research with Real-World Impact! 34
Questions ? Ø Peer-to-Peer Policy v Multi-cloud multi-tenant role-based model. v Multi-tenant attribute-based model. Ø Circle-of-Trust Policy v Multi-tenant role-based access control model in circle. v Multi-tenant role-centric attribute-based access control model. Ø Implementation v Federated-cloud role-based tenant trust. World-Leading Research with Real-World Impact!
- Slides: 35