Cloud Computing Access Controls (Case Study)

/ Miguel Bigueur

Moving-to-cloud.pngIntroduction:

Cloud providers are tasked with providing cohesive trust and security relationships. In many cases, cloud users and cloud service providers belong to different trust domains. Due to the inherent nature of cloud computing’s multi-tenant and virtualization features, unique security and access privileges present challenges due shared resources among potentially untrusted tenants. As a result, privacy, trust, and access control, are critical issues that must be dealt with in cloud computing.

Findings:

Relationships between users and resources are dynamic in cloud and inter-cloud systems, in that, they are innately ad-hoc. As a result users and resource providers are not held within the same security domain. Users are normally identified by their attributes or “characteristics” and not predefined identities. In these instances, traditional based identity access control models aren’t effective, therefore, decisions must be performed based on specific attributes.

In cloud-based systems, autonomous domains have separate sets of security policies requiring access control mechanisms to be flexible in order to support various kinds of domains and policies. Attribute Based Access Control (ABAC) has become increasingly important with the development of large distributed cloud systems.

Risks:

Vast technical advancements have been made in regards to the size and scalability of cloud based services that allow organizations to store massive amounts of user data creating the necessity to provide strong security protocols within the cloud. Some security risks associated with information assurance within cloud infrastructure include:

  1. Secured data transfers
  2. Secured software interfaces
  3. Secured data storage
  4. Secured user access control
  5. Secured separation of data

Deployment models

  1. Public Cloud
    1. Provided off premise to the general public. Computing resources are shared with provider’s other customers.
  2. Private Cloud
    1. Cloud infrastructure for a single organization only. May be managed by the organization or a third party, on or off premise.

Cloud computing hypervisors, which conduct administrative services, could potentially be compromised by Zero Day attacks. Once cloud based services have been compromised, malware could easily be deployed causing system wide damage.

A vast number of online media services utilize cloud-based platforms to deliver service to their subscribers. Netflix uses Amazon Web Service (AWS) to deliver content, which is one of the leading online cloud service providers. Dropbox, Sendspace, and Yousendit are examples of online cloud storage service that utilize the IaaS service model from cloud service providers.

All these services store sensitive personal information in the cloud making it an attractive target for criminal hackers. Since public cloud deployments share computing resources with other discrete customer services, including Netflix and other high target services, we propose the use of a private cloud platform.

To overcome problems inherent with public switched data transmissions, end user accountability mechanisms are used. Conceptually, private user data is encrypted prior to being sent into the cloud thus forming a secured communications link between the sender and receiver. Accountability has become a core component of cloud communications which helps increase trust relationships.

Recommendation:

We propose deploying Attribute Based Access Controls (ABAC) across all of our cloud services to institute policies for sensitivity of credentials. ABAC will allow us to maintain autonomy without disrupting efficient collaboration while providing an automated trust negotiation that is auditable on an as needed basis.

ABAC generally extends role based access controls with the following features:

  1. Delegation of attribute authority
  2. Decentralization of attributes
  3. Interference of attributes

We propose instituting private cloud deployments due to the unpredictable and dynamic computing needs of our services that require direct control over their environments. Private cloud infrastructure is directly suited to our needs due to mission-critical workloads, security concerns, uptime requirements, and management demands.

In addition to providing direct control over scalability and management of resources the private cloud offers hosted services to a limited number of people residing behind a firewall, which minimizes the security concerns we have in regards to cloud computing.

References:

Aluvalu, R., & Muddana, L. (2014, December). A Survey on Access Control Models in Cloud Computing. Retrieved September, 2016, from https://www.researchgate.net/publication/271470956_A_Survey_on_Access_Control_Models_in_Cloud_Computing

 Khan, A. R. (2012, May). ACCESS CONTROL IN CLOUD COMPUTING ENVIRONMENT. Retrieved September, 2016, from https://www-google-com.cobalt.champlain.edu/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwiEyJSD35HPAhUK0WMKHbzFCfgQFghXMAM&url=http%3A%2F%2Fwww.arpnjournals.com%2Fjeas%2Fresearch_papers%2Frp_2012%2Fjeas_0512_699.pdf&usg=AFQjCNGkmxlF2pHBQrIeeAPCXVn5Y-TqAg

Bigelow, S. J., & Rouse, M. (2015, March). Private cloud (internal cloud or corporate cloud). Retrieved September 16, 2016, from http://searchcloudcomputing.techtarget.com/definition/private-cloud

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.