Farhan Patwa

Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud

Community clouds provide efficient and secure environments for organizations with similar organization structures or business models to host their systems. Since threat analysis and incident response infrastructure and resources can be rapidly shared on a community cloud, the participating organizations save time and cost in handling cyber incidents. Unfortunately, contemporary cloud platforms are lacking a widely accepted access control model for secure information and resource sharing. Following the recent innovation of Hierarchical Multitenancy in OpenStack community, we propose a hierarchical secure information and resource sharing model in the context of an OpenStack community cloud. Our model enables secure and effective management of information sharing in a community cloud for both routine and cyber incident response needs. We believe this model is applicable in community clouds beyond OpenStack as well.

Access control model for AWS internet of things

Internet of Things (IoT) has received considerable attention in both industry and academia in recent years. There has been significant research on access control models for IoT in academia, while industrial deployment of several cloud-enabled IoT platforms have already been introduced. However, as yet there is no consensus on a formal access control model for cloud-enabled IoT. Currently, most of the cloud-enabled IoT platforms utilize some customized form of Role-Based Access Control (RBAC), but RBAC by itself is insufficient to address the dynamic requirements of IoT. In this paper, we study one of the commercial cloud-IoT platform, AWS IoT, and develop a formal access control model for it, which we call AWS-IoTAC. We do this by extending AWS cloud’s formal access control (AWSAC) model, previously published in the academic literature, to incorporate the IoT specific components. The AWS-IoTAC model is abstracted from AWS IoT documentation and has been formalized based on AWSAC definitions. We show how this model maps to a recently proposed Access Control Oriented (ACO) architecture for cloud-enabled IoT. We demonstrate a smart-home use case in AWS IoT platform, and inspired by this use case, we propose some Attribute-Based Access Control (ABAC) extensions to the AWS-IoTAC model for enhancing the flexibility of access control in IoT.

Community-Based Secure Information and Resource Sharing in AWS Public Cloud

A public cloud provides enterprises and organizations with a secure and efficient environment to deploy their systems. While organizations and companies benefit from moving to cloud platform, it is likely that similar cyber attacks will happen to organizations which share the same cloud platform. One way to mitigate this risk is to share cyber security information among these organizations. Unfortunately, popular public cloud platform AWS is lacking an accepted access control model for cyber security information sharing. We propose an access control model for customers who use AWS platform as their infrastructure platform to securely share cyber attack information. Our model enables secure cyber information sharing and collaborations in public cloud environment on a community basis.

POSTER: Access Control Model for the Hadoop Ecosystem

Apache Hadoop is an important framework for fault-tolerant and distributed storage and processing of Big Data. Hadoop core platform along with other open-source tools such as Apache Hive, Storm, HBase offer an ecosystem to enable users to fully harness Big Data potential. Apache Ranger and Apache Sentry provide access control capabilities to several ecosystem components by offering centralized policy administration and enforcement through plugins. In this work we discuss the access control model for Hadoop ecosystem (referred as HeAC) used by Apache Ranger (release 0.6) and Sentry (release 1.7.0) along with Hadoop 2.x native authorization capabilities. This multi-layer model provides several access enforcement points to restrict unauthorized users to cluster resources. We further outline some preliminary approaches to extend the HeAC model consistent with widely accepted access control models.

Multi-Layer Authorization Framework for a Representative Hadoop Ecosystem Deployment

Apache Hadoop is a predominant software framework to store and process vast amount of data, produced in varied formats. Data stored in Hadoop multi-tenant data lake often includes sensitive data such as social security numbers, intelligence sources and medical particulars, which should only be accessed by legitimate users. Apache Ranger and Apache Sentry are important authorization systems providing fine-grained access control across several Hadoop ecosystem services. In this paper, we provide a comprehensive explanation for the authorization framework offered by Hadoop ecosystem, incorporating core Hadoop 2.x native access control features and capabilities offered by Apache Ranger, with prime focus on data services including Apache Hive and Hadoop 2.x core services. A multi-layer authorization system is discussed and demonstrated, reflecting access control for services, data, applications and infrastructure resources inside a representative Hadoop ecosystem instance. A concrete use case is discussed to underline the application of aforementioned access control points. We use Hortonworks Hadoop distribution HDP 2.5 to exhibit this multi-layer access control framework.

ABAC with Group Attributes and Attribute Hierarchies Utilizing the Policy Machine

Attribute-Based Access Control (ABAC) has received significant attention in recent years, although the concept has been around for over two decades now. Many ABAC models, with different variations, have been proposed and formalized. Besides basic ABAC models, there are models designed with additional capabilities such as group attributes, group and attribute hierarchies and so on. Hierarchical relationship among groups and attributes enhances access control flexibility and facilitates attribute management and administration. However, implementation and demonstration of ABAC models in real-world applications is still lacking. In this paper, we present a restricted HGABAC (rHGABAC) model with user and object groups and group hierarchy. We then introduce attribute hierarchies in this model. We also present an authorization architecture for implementing rHGABAC utilizing the NIST Policy Machine (PM). PM allows to define attribute-based access control policies, however, the attributes in PM are different in nature than attributes in typical ABAC models as name-value pairs. We identify a policy configuration mechanism for our proposed model employing PM capabilities, and demonstrate use cases and their configuration and implementation in PM using our authorization architecture.

Object-Tagged RBAC Model for the Hadoop Ecosystem

Hadoop ecosystem provides a highly scalable, fault-tolerant and cost-effective platform for storing and analyzing variety of data formats. Apache Ranger and Apache Sentry are two predominant frameworks used to provide authorization capabilities in Hadoop ecosystem. In this paper we present a formal multi-layer access control model (called \(\mathrm {HeAC}\)) for Hadoop ecosystem, as an academic-style abstraction of Ranger, Sentry and native Apache Hadoop access-control capabilities. We further extend \(\mathrm {HeAC}\) base model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. Besides inheriting advantages of RBAC, OT-RBAC offers a novel method for combining RBAC with attributes (beyond NIST proposed strategies). Additionally, a proposed implementation approach for OT-RBAC in Apache Ranger, is presented. We further outline attribute-based extensions to OT-RBAC.

An Attribute-Based Access Control Extension for OpenStack and Its Enforcement Utilizing the Policy Machine

Role-Based Access Control (RBAC) has been the dominant access control model in industry since the 1990s. It is widely implemented in many applications, including major cloud platforms such as OpenStack, AWS, and Microsoft Azure. However, due to limitations of RBAC, there is a shift towards Attribute-Based Access Control (ABAC) models to enhance flexibility by using attributes beyond roles and groups. In practice, this shift has to be gradual since it is unrealistic for existing systems to abruptly adopt ABAC models, completely eliminating current RBAC implementations.In this paper, we propose an ABAC extension with user attributes for the OpenStack Access Control (OSAC) model and demonstrate its enforcement utilizing the Policy Machine (PM) developed by the National Institute of Standards and Technology. We utilize some of the PMs components along with a proof-of-concept implementation to enforce this ABAC extension for OpenStack, while keeping OpenStacks current RBAC architecture in place. This provides the benefits of enhancing access control flexibility with support of user attributes, while minimizing the overhead of altering the existing OpenStack access control framework. We present use cases to depict added benefits of our model and show enforcement results. We then evaluate the performance of our proposed ABAC extension, and discuss its applicability and possible performance enhancements.

Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS

To efficiently collaborate in cyber security defense and response, organizations must be able to securely share information and resources. A community in a cloud IaaS, which refers to a group of organizations with common business interests, will utilize cloud IaaS to realize their infrastructure deployments. Communities establish a mechanism to prevent, detect and respond to cyber attacks, and help member organizations in the community recover expeditiously. In this paper, we present an access control model for secure information and resource sharing between organizations in a community-based isolated environment in Microsoft Azure IaaS cloud platform, one of dominant commercial cloud platforms. The model facilitates organizations to share their IT resources with each other in a controlled and secure manner. We formally specify the administrative model and discuss enforcement techniques in the Azure cloud platform.

Object-to-Object Relationship-Based Access Control: Model and Multi-Cloud Demonstration (Invited Paper)

Relationship Based Access Control (ReBAC) has been recognized as a distinctive form of access control since the advent of online social networks (OSNs). In the OSN context, ReBAC typically expresses authorization policy in terms of interpersonal relationship between users. OSN-inspired ReBAC models primarily focus on user-to-user relationships, although some have also considered user-to-resource and resource-to-resource relationships. An OSN has very specific type of resources (photos, comments, notes etc.) which are closely related to users, so it is natural to consider resource relationships in OSNs as occurring through users. However user-independent resource-to-resource (or object-to-object) relationships have been around for decades in information systems. For instance, object-oriented systems maintain inheritance, composition and association relationships among objects, version control systems use derived-from relationships between different versions, and digital content management systems use fundamental-relationships between different media files. To our knowledge no existing ReBAC model considers user-independent generic relationships between objects, as a useful means to express authorization policies. This paper proposes a novel Object-to-Object ReBAC model (OOReBAC) which uses object relationships for controlling access to objects. We build a proof-of-concept implementation of OOReBAC using the open source OpenStack cloud platform and specifically its Swift object storage service.