• Title of article

    A Metric-Based Approach to Assess Risk for ‘‘On Cloud’’ Federated Identity Management

  • Author/Authors

    Patricia Arias-Cabarcos، نويسنده , , Florina Almena´rez-Mendoza • Andre´s Mar?´n-Lo´pez، نويسنده , , Daniel D?´az-Sa´nchez • Rosa Sa´nchez-Guerrero، نويسنده ,

  • Issue Information
    روزنامه با شماره پیاپی سال 2012
  • Pages
    21
  • From page
    513
  • To page
    533
  • Abstract
    The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidencebased trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics isdefined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning
  • Keywords
    Trust management Cloud computing Risk assessment metrics SAML Federation
  • Journal title
    Journal of Network and Systems Management
  • Serial Year
    2012
  • Journal title
    Journal of Network and Systems Management
  • Record number

    841532