SlideShare a Scribd company logo

01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]

Download as PPTX, PDF
A
Awais Shibli

This document discusses a research project on developing an extensible access control framework for cloud-based applications. It is being conducted by the KTH Applied Information Security Lab in collaboration with NUST. The project aims to address authorization and access control issues in cloud computing. It involves developing software requirements, architecture design documents, implementing attribute-based access control and other models, and testing the framework on OpenStack cloud instances. Progress updates and future milestones are provided over nine project quarters.

1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensible Access Control Framework for Cloud hosted Applications Introduction & Briefing Funded By: National ICT R&D Principal Investigator Organization: NUST- SEECS
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Session Agenda 1. KTH-AIS Lab Profile 2. Project Management 3. Technical Methodology 4. Implementation Perspective 2
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab KTH-AIS Lab Research Profile
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline KTH-AIS Lab Profile  Background  Aims & Scope  Research Areas/Profile  Research Projects 4
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Background • SEECS Applied Information Security (AIS) Lab is a joint effort of:  NUST School of Electrical Engineering and Computer Science (SEECS), Pakistan  Royal Institute of Technology (KTH), Sweden • Founded in August 2010 5
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Research Aims • Design and development of innovative security solutions to satisfy the privacy needs of industries and academia • Bridge the gap between cutting edge research and information security problems • Create high-tech workforce by providing appropriate training to undergraduate and post- graduate students 6
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Research Areas  Cloud Computing Security - SecaaS  Secure Unstructured Databases  Secure Group Communications  Secure Physical Access control  Smart Cards & Security Protocols  Secure Mobile Applications  Secure and Trusted infrastructure  Security in Open Distributed Systems 8
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensible Access Control Framework for Cloud Based Applications  Funded by National ICT R&D  Status: 3rd quarter in progress (Due Date: Feb 15, 2014)  Project Cost: 13 Million  Duration: 2 Years  Research Area: Cloud Computing Security  Workforce: 11 Team Members including MS and BS degree holders  Direct Beneficiary: Educational Institutes, Cloud Community, IT industry  Principal Investigator: Dr. Awais Shibli  Co-principal Investigator: Dr. Arshad Ali 9
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Management
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline Managerial Aspects of Project  Team Introduction  Execution Phases  Milestones Achieved  1st Quarter Deliverables  2nd Quarter Deliverables  3rd Quarter Deliverables 11
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Team Introduction 1. Dr. Muhammad Awais Shibli – Principal Investigator 2. Dr. Arshad Ali – Co-principal Investigator 3. Ms. Rahat Masood – Team Lead 4. Ms. Arjumand Fatima – Professional Researchers 5. Ms. Yumna Ghazi – Professional Researchers 6. Mr. Fowz Masood –Technical Writer/ Project Coordinator 7. Ms. Umme Habiba – Research Assistant 8. Ms. Ayesha Kanwal – Research Assistant 12
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Team Introduction Group 01 1. Mr. Salman Ansari – Development Assistant 2. Mr. Ummair Asghar – Development Assistant Group 02 1. Mr. Sadiq Alvi– Development Assistant 2. Mr. Junaid Bin Sarfraz – Development Assistant Group 03 1. Mr. Jawad Hussain– Development Assistant 2. Mr. Amir Hamza– Development Assistant 13 FGAC Model UCON Model ABAC Model
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 1-3 • Report 1: “A Literature Survey on Authorization Issues in Cloud Computing: Challenges, Opportunities & Impact”. • Report 2: “Comparative Analysis of Access Control Systems on Cloud”. • One publication in highly rated conference. 14 • Submission of chapter entitled “Access Control as a Service in Cloud: Challenges, Impact and Strategies” in Springer Book – (accepted, under publication) • Submission of Journal Paper entitled “The Prospectives of Cloud Authorization Towards Effective Benchmarking and Appraisal” – Under Review • Submission of two Technical Reports 1st Quarter Milestones Achieved (Progress so far)
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Book Chapter “Access Control as a Service in Cloud: Challenges, Impact and Strategies”  Publisher: Springer  Book Name: Continued Rise of the Cloud: Advances and Trends in Cloud Computing  Contribution: Issues associated with authorization services in Cloud along with comprehensive solution of Access Control as a Service (ACaaS)  Authors: Awais Shibli, Rahat Masood, Umme Habiba, Ayesha Kanwal, Yumna Ghazi, Rafia Mumtaz  Expected Publication Date : 2014 15
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Journal Paper “The Prospectives of Cloud Authorization”  Journal: Frontiers of Computer Science – Springer  Reviews Received: Oct 22, 2013  Revised Manuscript Submitted: Dec 18, 2013  Contribution: i) Systematic analysis of the existing authorization solutions in Cloud, ii) derive the general shortcomings of the extant access control techniques, iii) enumerated the features for an ideal access control mechanisms for the Cloud  Authors: Rahat Masood, Awais Shibli, Yumna Ghazi, Dr. Arshad Ali 16
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Submission of Technical Reports  Report 1: Authorization Issues in Cloud Computing: Challenges, Opportunities & Impact  Report 2: Comparative Analysis of Access Control Systems on Cloud  Contribution: i) highlights Cloud computing challenges and security issues, ii) helps in understanding various authorization issues in Software as a Service (SaaS) layer of the Cloud, iii) analyze existing Cloud based access control systems against NIST defined generic access control evaluation criteria 17
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 18 • Software Requirement specification (SRS) • System Architecture Document • Software Design Document • Seminar “Cloud Computing: Saviour or a Buzzword??” 2nd QuarterElapsed Time Deliverables 4-6 • Detailed Software Requirement Specification (SRS) document. • High-Level Design (architecture) document. • Software Design Specification (SDS) document. • Seminar 1: “Cloud Computing: A Buzzword or a Savior”. Milestones Achieved (Progress so far) Execution Phases
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Requirements, Design & Architecture Documents  Software Requirement Specification (SRS): intended for gathering the technical and operational requirements for the project, provide adequate details regarding the design, requirements, user interfaces and the core functionality.  High-Level Architecture: illustrates the architectural design of the framework, provide adequate detail regarding the architecture and various architectural views/workflows to depict different aspects 19
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Requirements, Design & Architecture Documents  Software Design Specification (SDS): explains in-depth design and architectural details, interaction between the components is explained, describes design strategies, detailed system design, various design views, UML diagrams and deployment architecture 20
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Seminar “Cloud Computing: Buzzword or a Saviour…???”  Agenda: Emergence, Opportunities, Challenges and Future Prospects of Cloud Computing  Date: December 6, 2013  Speakers: Dr. Awais Shibli, Dr. Abdul Ghafoor, Ms. Rahat Masood  Targeted Audience : Open for all Nustians  Sponsors: National ICT R&D Fund  Organizers: KTH-AIS Lab, NUST-SEECS  URL: http://ais.seecs.nust.edu.pk/Seminars.php 21
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Milestones Achieved (Progress so far) • Source Code of Attribute based Access Control (ABAC) Model • ABAC Profile • User Manual & Acceptance Testing Report • Initialization of Cloud Instances in AIS lab (Cloud Configuration Manuals) • Development Manual 3rd Quarter 22
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 7-9 • Version 1.0* will be uploaded on sourcefourge.net.(a) • Report 3: “Unit Testing of ABAC model”. • Initialization of Cloud Instances in AIS lab 10-12 • Test application (financial) hosted on OpenStack. • Version 2.0* will be uploaded on sourcefourge.net.(a) • Report 4: “Unit Testing of UCON and FGAC model”. • Core research idea publication in category A conference/journal. 23
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 13-15 • Report 5: “Unit and Integration Testing Results of Framework w.r.t Access Control Models and Cloud Applications”. • Cloud hosted application with framework integrated. • Workshop 1: “Development and Deployment of Applications in OpenStack”. 16-18 • Version 3.0* will be uploaded on sourceforge.net. (a) • Report 6: “Integration Testing Results on Extensibility of framework”. 24
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 19-21 • Report 7: “Quality Assurance Report on Extensible Access Control Framework”. • Version 4.0** will be uploaded on sourcefourge.net.(a) 22-24 • Report 8: “Performance Results of the Extensible Access Control Framework”. • Paper publication in Category A conference/Journal. • Report 9: “Framework Effects on Cross- domain Cloud Environments.” • Workshop 2: “Demonstration and working of Extensible Access Control Framework”. 25
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Technical Methodology
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline Technical Methodology  Cloud Computing  Challenges of Cloud Computing  Security Challenge  Security as a Service (SecaaS)  Authorization Issues in Cloud  Project Overview (Introduction & Briefing) 27
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Computing…??? • Generally means:  Lots of general purpose hosts  Central management  Distributed data storage  Ability to move applications from system to system  Low-touch provisioning system  Soft failover/redundancy 28
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Characteristics of Cloud Computing Broad Network Access Rapid Elasticity On-demand Self Service Measured Services Resource Pooling 29
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Service Delivery Models Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS) 30
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Software as a Service (SaaS)  Applications are hosted as a service and provided to the Cloud customers.  Eliminate the need for installing and running different soft wares locally. 31
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Reasons for not using Cloud……. 32
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Computing Challenges 33 Security Privacy Lack of knowledge & Expertise Reliability Performance Abuse of Cloud Services Shared Technology IssuesInsufficient due diligence Interoperability Service Delivery & Billing CLOUD Bandwidth Cost Availability
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 34 Notorious-9 - Cloud Challenges 1. Efficiency of Service Provisioning • Usage of development tools & components • Creation of scalable architectures • Resource management and flexibility • Availability of services 2. Effectiveness of Service Usage & Control • Contracts including questions of liability • Control of services by users • Governance/escalation of mechanisms 3. Transparency Of Service Delivery And Billing • Billing including license management • QA by monitoring SLA • Type and location of data processing 4. Compliance With Regulatory Requirements
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 35 Notorious-9 - Cloud Challenges.. 5. Information Security • Identity and Rights management • Privacy and Integrity • Access control, logging and attack prevention • Verification and certification 6. Data Privacy 7. Interoperability • Migration into/out of Cloud • Ability to integrate into on-premise IT • Cloud Federation 8. Portability Between Providers • Service portability • Data portability 9. Ensuring Fair Competition In The Market
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 36 Data Confidentiality Data Integrity Identity Management Virtualization Audit & Compliance Privacy Data Security Data Locality Network Security Cloud Security Challenges Trust Access Control
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab CSA Top Cloud Security threats No. CSA Top Threat 1 Abuse and Nefarious Use of Cloud Computing 2 Insecure Interfaces and APIs 3 Malicious Insiders 4 Data Loss or Leakage 5 Account or Service Hijacking 6 Shared Technology Vulnerabilities 7 Inadequate Infrastructure design and Planning 8 Abuse of Cloud Services 9 Cloud related malware / Denial of Service 37
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab CSA Top Cloud Security threats No. CSA Top Threat 1 Abuse and Nefarious Use of Cloud Computing 2 Insecure Interfaces and APIs 3 Malicious Insiders 4 Data Loss or Leakage 5 Account or Service Hijacking 6 Shared Technology Vulnerabilities 7 Inadequate Infrastructure design and Planning 8 Abuse of Cloud Services 9 Cloud related malware / Denial of Service 38
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security Challenges in SaaS SaaS Data Breaches Network Security Data Integrity Data Segregation Data ConfidentialityAuthentication Data Backup Data Access Web Application Security Data Locality Identity Management & SSO 39
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security as a Service (SECaaS) for SaaS 40 SECaaS Email Security aaS Web content filtering aaS Access control aaS Cloud Service Consumers Identity aaS Network Security aaS Security assessment aaS Encryption aaS Data protection aaS
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control in Cloud (Area of Focus) Access control’s role is to control and limit the actions or operations in the Cloud systems that are performed by a user on a set of resources. 41
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control Issues What access control model is used and how well does it meet a customer requirements? Where do user accounts reside, how are they provisioned and de-provisioned, and how is the integrity of the information protected? What support is provided for delegated administration by policy administration services? Authorization Issues in Cloud 42
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Challenging Authorization Problems Cloud Perspective • Cloud subscribers often do not have sufficient control over technical access policy decision-making and enforcement in the cloud infrastructure. • Most cloud providers do not offer subscriber- configurable policy enforcement points (e.g. based on the OASIS XACML standard). • Cloud providers naturally cannot pre-configure subscriber-specific policies for subscribers (because they are subscriber- specific). 43
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Challenging Authorization Problems Cloud Perspective • Managing and creating Cloud subscriber access policies is the biggest challenge around authorization • There is no common standard policy specification format adopted yet for cloud. • Traditional access control models have some specific parameters suitable only for particular scenarios and granular access control is yet a key requirement. • Translating policies into security implementation gets more time-consuming, expensive, and error-prone. 44
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control as a Service (ACaaS) • There should be a generic framework for the applications of Cloud consumers that can be customized by consumers according to their own security needs along with the basic security features provided by Cloud providers. This framework should encompasses multiple models and should have the ability to add any access control model within framework based on the security requirements of consumer. 45
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Statements We aim to provide Access Control-as-a-Service (ACaaS) for Software-as-a-Service (SaaS) layer applications by incorporating variety of reliable and well-known access control models as Cloud based services. Framework will be capable of handling a wide variety of Cloud Service Consumers (CSC) and intends to minimize the chance of data loss and corruption by unauthorized users. Final deliverables include the implementation of an extensible API that is capable of managing and controlling access for SaaS hosted Cloud applications and resources. 46
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensibility: incorporate multiple access control models pertaining to the needs of Cloud service consumers. Generic: act independently as an access control layer for Cloud application. Open-source access control solution: perform research and analysis on upcoming and existing access control models w.r.t security challenges of Cloud. Manageability: ability for defining, managing, and accessing the access control rules Policy Specification Format: use of Common Access Control Policy Language (XACML) Development and Support for Third Party Plug-ins 47 Project Significance
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Website
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 49 Pleasure in the job puts perfection in the wor --Aristotle

More Related Content

PPT
HEC Project Proposal_v1.0
Awais Shibli
 
PPT
Energy efficient routing protocol for enhancing network lifetime and performa...
AmairullahKhanLodhi1
 
PPT
Lodhi final viva voce
Amairullah Khan Lodhi
 
PDF
Information Technology in Industry(ITII) - November Issue 2018
ITIIIndustries
 
PDF
Applications of Artificial Neural Networks in Civil Engineering
Pramey Zode
 
PPT
An Ad-hoc Smart Gateway Platform for the Web of Things (IEEE iThings 2013 Bes...
Darren Carlson
 
PDF
June 2020: Top Read Articles in Control Theory and Computer Modelling
ijctcm
 
PDF
Lecture on AI and Machine Learning
Xiaonan Wang
 
HEC Project Proposal_v1.0
Awais Shibli
 
Energy efficient routing protocol for enhancing network lifetime and performa...
AmairullahKhanLodhi1
 
Lodhi final viva voce
Amairullah Khan Lodhi
 
Information Technology in Industry(ITII) - November Issue 2018
ITIIIndustries
 
Applications of Artificial Neural Networks in Civil Engineering
Pramey Zode
 
An Ad-hoc Smart Gateway Platform for the Web of Things (IEEE iThings 2013 Bes...
Darren Carlson
 
June 2020: Top Read Articles in Control Theory and Computer Modelling
ijctcm
 
Lecture on AI and Machine Learning
Xiaonan Wang
 

What's hot (6)

PDF
NO PUBLICATION CHARGES - International Journal of Advanced Smart Sensor Netwo...
ijassn
 
PDF
International Journal of Advanced Smart Sensor Network Systems ( IJASSN )
ijassn
 
PDF
June 2020: Top Read Articles in Advanced Computing
acijjournal
 
PDF
Project report
Saurabh Shanbhag
 
PDF
Recent articles published in VLSI design & Communication Systems
VLSICS Design
 
PDF
2013 2014 ieee dotnet project titles
RICHBRAINTECHNOLOGIES
 
NO PUBLICATION CHARGES - International Journal of Advanced Smart Sensor Netwo...
ijassn
 
International Journal of Advanced Smart Sensor Network Systems ( IJASSN )
ijassn
 
June 2020: Top Read Articles in Advanced Computing
acijjournal
 
Project report
Saurabh Shanbhag
 
Recent articles published in VLSI design & Communication Systems
VLSICS Design
 
2013 2014 ieee dotnet project titles
RICHBRAINTECHNOLOGIES
 
Ad

Viewers also liked (7)

PPTX
Data security authorization and access control
Leo Mark Villar
 
PDF
Fine grained two-factor access control for web-based cloud computing services
Shakas Technologies
 
PPT
An Efficient and Secured Storage Delegated Access Control to Maintain confide...
syeda yasmeen
 
PDF
Advanced Multi-Encryption Technique in Cloud Computing
AM Publications
 
PPT
Distributed, concurrent, and independent access to encrypted cloud databases
Papitha Velumani
 
PPTX
Authentication and Access Control in e-Health Systems in the Cloud Computing
Nafiseh-Kahani
 
PPTX
Fine grained access control for cloud-based services using ABAC and XACML
David Brossard
 
Data security authorization and access control
Leo Mark Villar
 
Fine grained two-factor access control for web-based cloud computing services
Shakas Technologies
 
An Efficient and Secured Storage Delegated Access Control to Maintain confide...
syeda yasmeen
 
Advanced Multi-Encryption Technique in Cloud Computing
AM Publications
 
Distributed, concurrent, and independent access to encrypted cloud databases
Papitha Velumani
 
Authentication and Access Control in e-Health Systems in the Cloud Computing
Nafiseh-Kahani
 
Fine grained access control for cloud-based services using ABAC and XACML
David Brossard
 
Ad

Similar to 01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13] (20)

PDF
Cyber Security_Presentation_KTH
Awais Shibli
 
PDF
Thesis_Final_Afnan_27072016_EngD (1)
Dr. Afnan Ullah Khan
 
PDF
Rp059 Icect2012 E694
Sandeep Saxena
 
PPT
Cloud Monitoring And Forensic Using Security Metrics
Sandeep Saxena
 
PPTX
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
PDF
Secure data storage and retrieval in the cloud
eSAT Publishing House
 
PPTX
Sarvi
Sarvesh Sarvi
 
PPT
28_Security-Privacy-in_Cloud_AND_real.ppt
kyogesh5
 
PPT
28_Security-Privacy-inxssudusd_Cloud.ppt
ajinkyajagtap23
 
PPTX
Cloud security: Industry Trends and Research Challenges
Dr. Rajesh P Barnwal
 
PDF
Dr. ritu soni
ijcite
 
PDF
5. ijece guideforauthors 2012 edit sat
IAESIJEECS
 
PDF
Designing Security Architecture Solutions 1st Jay Ramachandran
pianondorman
 
PDF
IRJET- Secure Data Protection in Cloud Computing
IRJET Journal
 
PPTX
ALGORITHMIC APPROACH TO CLOUD DATA SECURITY
Rishank123
 
PDF
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
PPTX
SaaS Security.pptx
chelsi33
 
PPTX
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
 
PDF
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
PDF
Access control data security
rajab ssemwogerere
 
Cyber Security_Presentation_KTH
Awais Shibli
 
Thesis_Final_Afnan_27072016_EngD (1)
Dr. Afnan Ullah Khan
 
Rp059 Icect2012 E694
Sandeep Saxena
 
Cloud Monitoring And Forensic Using Security Metrics
Sandeep Saxena
 
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
Secure data storage and retrieval in the cloud
eSAT Publishing House
 
Sarvi
Sarvesh Sarvi
 
28_Security-Privacy-in_Cloud_AND_real.ppt
kyogesh5
 
28_Security-Privacy-inxssudusd_Cloud.ppt
ajinkyajagtap23
 
Cloud security: Industry Trends and Research Challenges
Dr. Rajesh P Barnwal
 
Dr. ritu soni
ijcite
 
5. ijece guideforauthors 2012 edit sat
IAESIJEECS
 
Designing Security Architecture Solutions 1st Jay Ramachandran
pianondorman
 
IRJET- Secure Data Protection in Cloud Computing
IRJET Journal
 
ALGORITHMIC APPROACH TO CLOUD DATA SECURITY
Rishank123
 
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
SaaS Security.pptx
chelsi33
 
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
 
Iaetsd cloud computing and security challenges
Iaetsd Iaetsd
 
Access control data security
rajab ssemwogerere
 

01_ICT Visit_ Project Briefing and Progress Overview [Dec 26, 13]

  • 1. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensible Access Control Framework for Cloud hosted Applications Introduction & Briefing Funded By: National ICT R&D Principal Investigator Organization: NUST- SEECS
  • 2. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Session Agenda 1. KTH-AIS Lab Profile 2. Project Management 3. Technical Methodology 4. Implementation Perspective 2
  • 3. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab KTH-AIS Lab Research Profile
  • 4. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline KTH-AIS Lab Profile  Background  Aims & Scope  Research Areas/Profile  Research Projects 4
  • 5. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Background • SEECS Applied Information Security (AIS) Lab is a joint effort of:  NUST School of Electrical Engineering and Computer Science (SEECS), Pakistan  Royal Institute of Technology (KTH), Sweden • Founded in August 2010 5
  • 6. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Research Aims • Design and development of innovative security solutions to satisfy the privacy needs of industries and academia • Bridge the gap between cutting edge research and information security problems • Create high-tech workforce by providing appropriate training to undergraduate and post- graduate students 6
  • 7. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Research Areas  Cloud Computing Security - SecaaS  Secure Unstructured Databases  Secure Group Communications  Secure Physical Access control  Smart Cards & Security Protocols  Secure Mobile Applications  Secure and Trusted infrastructure  Security in Open Distributed Systems 8
  • 8. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensible Access Control Framework for Cloud Based Applications  Funded by National ICT R&D  Status: 3rd quarter in progress (Due Date: Feb 15, 2014)  Project Cost: 13 Million  Duration: 2 Years  Research Area: Cloud Computing Security  Workforce: 11 Team Members including MS and BS degree holders  Direct Beneficiary: Educational Institutes, Cloud Community, IT industry  Principal Investigator: Dr. Awais Shibli  Co-principal Investigator: Dr. Arshad Ali 9
  • 9. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Management
  • 10. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline Managerial Aspects of Project  Team Introduction  Execution Phases  Milestones Achieved  1st Quarter Deliverables  2nd Quarter Deliverables  3rd Quarter Deliverables 11
  • 11. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Team Introduction 1. Dr. Muhammad Awais Shibli – Principal Investigator 2. Dr. Arshad Ali – Co-principal Investigator 3. Ms. Rahat Masood – Team Lead 4. Ms. Arjumand Fatima – Professional Researchers 5. Ms. Yumna Ghazi – Professional Researchers 6. Mr. Fowz Masood –Technical Writer/ Project Coordinator 7. Ms. Umme Habiba – Research Assistant 8. Ms. Ayesha Kanwal – Research Assistant 12
  • 12. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Team Introduction Group 01 1. Mr. Salman Ansari – Development Assistant 2. Mr. Ummair Asghar – Development Assistant Group 02 1. Mr. Sadiq Alvi– Development Assistant 2. Mr. Junaid Bin Sarfraz – Development Assistant Group 03 1. Mr. Jawad Hussain– Development Assistant 2. Mr. Amir Hamza– Development Assistant 13 FGAC Model UCON Model ABAC Model
  • 13. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 1-3 • Report 1: “A Literature Survey on Authorization Issues in Cloud Computing: Challenges, Opportunities & Impact”. • Report 2: “Comparative Analysis of Access Control Systems on Cloud”. • One publication in highly rated conference. 14 • Submission of chapter entitled “Access Control as a Service in Cloud: Challenges, Impact and Strategies” in Springer Book – (accepted, under publication) • Submission of Journal Paper entitled “The Prospectives of Cloud Authorization Towards Effective Benchmarking and Appraisal” – Under Review • Submission of two Technical Reports 1st Quarter Milestones Achieved (Progress so far)
  • 14. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Book Chapter “Access Control as a Service in Cloud: Challenges, Impact and Strategies”  Publisher: Springer  Book Name: Continued Rise of the Cloud: Advances and Trends in Cloud Computing  Contribution: Issues associated with authorization services in Cloud along with comprehensive solution of Access Control as a Service (ACaaS)  Authors: Awais Shibli, Rahat Masood, Umme Habiba, Ayesha Kanwal, Yumna Ghazi, Rafia Mumtaz  Expected Publication Date : 2014 15
  • 15. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Journal Paper “The Prospectives of Cloud Authorization”  Journal: Frontiers of Computer Science – Springer  Reviews Received: Oct 22, 2013  Revised Manuscript Submitted: Dec 18, 2013  Contribution: i) Systematic analysis of the existing authorization solutions in Cloud, ii) derive the general shortcomings of the extant access control techniques, iii) enumerated the features for an ideal access control mechanisms for the Cloud  Authors: Rahat Masood, Awais Shibli, Yumna Ghazi, Dr. Arshad Ali 16
  • 16. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Submission of Technical Reports  Report 1: Authorization Issues in Cloud Computing: Challenges, Opportunities & Impact  Report 2: Comparative Analysis of Access Control Systems on Cloud  Contribution: i) highlights Cloud computing challenges and security issues, ii) helps in understanding various authorization issues in Software as a Service (SaaS) layer of the Cloud, iii) analyze existing Cloud based access control systems against NIST defined generic access control evaluation criteria 17
  • 17. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 18 • Software Requirement specification (SRS) • System Architecture Document • Software Design Document • Seminar “Cloud Computing: Saviour or a Buzzword??” 2nd QuarterElapsed Time Deliverables 4-6 • Detailed Software Requirement Specification (SRS) document. • High-Level Design (architecture) document. • Software Design Specification (SDS) document. • Seminar 1: “Cloud Computing: A Buzzword or a Savior”. Milestones Achieved (Progress so far) Execution Phases
  • 18. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Requirements, Design & Architecture Documents  Software Requirement Specification (SRS): intended for gathering the technical and operational requirements for the project, provide adequate details regarding the design, requirements, user interfaces and the core functionality.  High-Level Architecture: illustrates the architectural design of the framework, provide adequate detail regarding the architecture and various architectural views/workflows to depict different aspects 19
  • 19. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Requirements, Design & Architecture Documents  Software Design Specification (SDS): explains in-depth design and architectural details, interaction between the components is explained, describes design strategies, detailed system design, various design views, UML diagrams and deployment architecture 20
  • 20. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Seminar “Cloud Computing: Buzzword or a Saviour…???”  Agenda: Emergence, Opportunities, Challenges and Future Prospects of Cloud Computing  Date: December 6, 2013  Speakers: Dr. Awais Shibli, Dr. Abdul Ghafoor, Ms. Rahat Masood  Targeted Audience : Open for all Nustians  Sponsors: National ICT R&D Fund  Organizers: KTH-AIS Lab, NUST-SEECS  URL: http://ais.seecs.nust.edu.pk/Seminars.php 21
  • 21. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Milestones Achieved (Progress so far) • Source Code of Attribute based Access Control (ABAC) Model • ABAC Profile • User Manual & Acceptance Testing Report • Initialization of Cloud Instances in AIS lab (Cloud Configuration Manuals) • Development Manual 3rd Quarter 22
  • 22. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 7-9 • Version 1.0* will be uploaded on sourcefourge.net.(a) • Report 3: “Unit Testing of ABAC model”. • Initialization of Cloud Instances in AIS lab 10-12 • Test application (financial) hosted on OpenStack. • Version 2.0* will be uploaded on sourcefourge.net.(a) • Report 4: “Unit Testing of UCON and FGAC model”. • Core research idea publication in category A conference/journal. 23
  • 23. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 13-15 • Report 5: “Unit and Integration Testing Results of Framework w.r.t Access Control Models and Cloud Applications”. • Cloud hosted application with framework integrated. • Workshop 1: “Development and Deployment of Applications in OpenStack”. 16-18 • Version 3.0* will be uploaded on sourceforge.net. (a) • Report 6: “Integration Testing Results on Extensibility of framework”. 24
  • 24. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Execution Phases Elapsed Time Deliverables 19-21 • Report 7: “Quality Assurance Report on Extensible Access Control Framework”. • Version 4.0** will be uploaded on sourcefourge.net.(a) 22-24 • Report 8: “Performance Results of the Extensible Access Control Framework”. • Paper publication in Category A conference/Journal. • Report 9: “Framework Effects on Cross- domain Cloud Environments.” • Workshop 2: “Demonstration and working of Extensible Access Control Framework”. 25
  • 25. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Technical Methodology
  • 26. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Outline Technical Methodology  Cloud Computing  Challenges of Cloud Computing  Security Challenge  Security as a Service (SecaaS)  Authorization Issues in Cloud  Project Overview (Introduction & Briefing) 27
  • 27. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Computing…??? • Generally means:  Lots of general purpose hosts  Central management  Distributed data storage  Ability to move applications from system to system  Low-touch provisioning system  Soft failover/redundancy 28
  • 28. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Characteristics of Cloud Computing Broad Network Access Rapid Elasticity On-demand Self Service Measured Services Resource Pooling 29
  • 29. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Service Delivery Models Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS) 30
  • 30. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Software as a Service (SaaS)  Applications are hosted as a service and provided to the Cloud customers.  Eliminate the need for installing and running different soft wares locally. 31
  • 31. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Reasons for not using Cloud……. 32
  • 32. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud Computing Challenges 33 Security Privacy Lack of knowledge & Expertise Reliability Performance Abuse of Cloud Services Shared Technology IssuesInsufficient due diligence Interoperability Service Delivery & Billing CLOUD Bandwidth Cost Availability
  • 33. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 34 Notorious-9 - Cloud Challenges 1. Efficiency of Service Provisioning • Usage of development tools & components • Creation of scalable architectures • Resource management and flexibility • Availability of services 2. Effectiveness of Service Usage & Control • Contracts including questions of liability • Control of services by users • Governance/escalation of mechanisms 3. Transparency Of Service Delivery And Billing • Billing including license management • QA by monitoring SLA • Type and location of data processing 4. Compliance With Regulatory Requirements
  • 34. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 35 Notorious-9 - Cloud Challenges.. 5. Information Security • Identity and Rights management • Privacy and Integrity • Access control, logging and attack prevention • Verification and certification 6. Data Privacy 7. Interoperability • Migration into/out of Cloud • Ability to integrate into on-premise IT • Cloud Federation 8. Portability Between Providers • Service portability • Data portability 9. Ensuring Fair Competition In The Market
  • 35. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 36 Data Confidentiality Data Integrity Identity Management Virtualization Audit & Compliance Privacy Data Security Data Locality Network Security Cloud Security Challenges Trust Access Control
  • 36. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab CSA Top Cloud Security threats No. CSA Top Threat 1 Abuse and Nefarious Use of Cloud Computing 2 Insecure Interfaces and APIs 3 Malicious Insiders 4 Data Loss or Leakage 5 Account or Service Hijacking 6 Shared Technology Vulnerabilities 7 Inadequate Infrastructure design and Planning 8 Abuse of Cloud Services 9 Cloud related malware / Denial of Service 37
  • 37. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab CSA Top Cloud Security threats No. CSA Top Threat 1 Abuse and Nefarious Use of Cloud Computing 2 Insecure Interfaces and APIs 3 Malicious Insiders 4 Data Loss or Leakage 5 Account or Service Hijacking 6 Shared Technology Vulnerabilities 7 Inadequate Infrastructure design and Planning 8 Abuse of Cloud Services 9 Cloud related malware / Denial of Service 38
  • 38. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security Challenges in SaaS SaaS Data Breaches Network Security Data Integrity Data Segregation Data ConfidentialityAuthentication Data Backup Data Access Web Application Security Data Locality Identity Management & SSO 39
  • 39. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Security as a Service (SECaaS) for SaaS 40 SECaaS Email Security aaS Web content filtering aaS Access control aaS Cloud Service Consumers Identity aaS Network Security aaS Security assessment aaS Encryption aaS Data protection aaS
  • 40. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control in Cloud (Area of Focus) Access control’s role is to control and limit the actions or operations in the Cloud systems that are performed by a user on a set of resources. 41
  • 41. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control Issues What access control model is used and how well does it meet a customer requirements? Where do user accounts reside, how are they provisioned and de-provisioned, and how is the integrity of the information protected? What support is provided for delegated administration by policy administration services? Authorization Issues in Cloud 42
  • 42. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Challenging Authorization Problems Cloud Perspective • Cloud subscribers often do not have sufficient control over technical access policy decision-making and enforcement in the cloud infrastructure. • Most cloud providers do not offer subscriber- configurable policy enforcement points (e.g. based on the OASIS XACML standard). • Cloud providers naturally cannot pre-configure subscriber-specific policies for subscribers (because they are subscriber- specific). 43
  • 43. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Challenging Authorization Problems Cloud Perspective • Managing and creating Cloud subscriber access policies is the biggest challenge around authorization • There is no common standard policy specification format adopted yet for cloud. • Traditional access control models have some specific parameters suitable only for particular scenarios and granular access control is yet a key requirement. • Translating policies into security implementation gets more time-consuming, expensive, and error-prone. 44
  • 44. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Access Control as a Service (ACaaS) • There should be a generic framework for the applications of Cloud consumers that can be customized by consumers according to their own security needs along with the basic security features provided by Cloud providers. This framework should encompasses multiple models and should have the ability to add any access control model within framework based on the security requirements of consumer. 45
  • 45. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Statements We aim to provide Access Control-as-a-Service (ACaaS) for Software-as-a-Service (SaaS) layer applications by incorporating variety of reliable and well-known access control models as Cloud based services. Framework will be capable of handling a wide variety of Cloud Service Consumers (CSC) and intends to minimize the chance of data loss and corruption by unauthorized users. Final deliverables include the implementation of an extensible API that is capable of managing and controlling access for SaaS hosted Cloud applications and resources. 46
  • 46. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Extensibility: incorporate multiple access control models pertaining to the needs of Cloud service consumers. Generic: act independently as an access control layer for Cloud application. Open-source access control solution: perform research and analysis on upcoming and existing access control models w.r.t security challenges of Cloud. Manageability: ability for defining, managing, and accessing the access control rules Policy Specification Format: use of Common Access Control Policy Language (XACML) Development and Support for Third Party Plug-ins 47 Project Significance
  • 47. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Project Website
  • 48. Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab 49 Pleasure in the job puts perfection in the wor --Aristotle

Editor's Notes

  • #30: “ The NIST Definition of Cloud Computing ” Special Publication 800-145
  • #32: S. Subashini and V.Kavitha, “A survey on security issues in service delivery models of cloud computing”, Journal of Network and Computer Applications volume 34, page 1–11, January 2011
  • #34: http://www.cloudtweaks.com/2012/08/top-five-challenges-of-cloud-computing/ http://www.networkworld.com/news/2012/071112-cloud-computing-challenges-260829.html?page=1
  • #35: http://blogs.sap.com/innovation/cloud-computing/top-9-challenges-in-cloud-computing-that-are-slowing-its-adoption-011918
  • #36: http://blogs.sap.com/innovation/cloud-computing/top-9-challenges-in-cloud-computing-that-are-slowing-its-adoption-011918
  • #38: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
  • #39: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf