Muhammad Awais Shibli

Cloud Based Secure and Privacy Enhanced Authentication & Authorization Protocol

Abstract Cloud computing is an emerging computing model which facilitates organizations and the IT industry. It helps them to multiply or lessen their resources according to their operational requirements. However, the organizations are reluctant to store their sensitive information on the cloud due to various privacy and identity tracking threats. In the past few years, a lot of research and development efforts have been made to define centralized and federated security mechanisms for the protection of identity information in a cloud environment. However, to the best of our knowledge none of the systems have been designed keeping anonymity as the key component. This paper describes an authentication and authorization protocol which outlines the main features of anonymous communication in the cloud. The solution is an extension of existing standards making it easy to integrate and compatible with existing standards.

Intrusion Detection System in Cloud Computing: Challenges and opportunities

Today, Cloud Computing is the preferred choice of every IT organization since it provides flexible and pay-per-use based services to its users. However, the security and privacy is a major hurdle in its success because of its open and distributed architecture that is vulnerable to intruders. Intrusion Detection System (IDS) is the most commonly used mechanism to detect attacks on cloud. This paper provides an overview of different intrusions in cloud. Then, we analyze some existing cloud based intrusion detection systems (IDS) with respect to their type, positioning, detection time, detection technique, data source and attacks they can detect. The analysis also provides limitations of each technique to evaluate whether they fulfill the security requirements of cloud computing environment or not. We emphasize the deployment of IDS that uses multiple detection methods to cope with security challenges in cloud.

MagicNET: Security System for Development, Validation and Adoption of Mobile Agents

Current research in the area of mobile agents’ security mainly deals with protection and security for agents and agents’ runtime platforms. Mobile agent systems usually do not provide an extensive security methodology for the entire agent’s life cycle, from agent’s creation to its deployment and execution. In this paper we propose a comprehensive secure system for deployment of mobile agents. The system provides methodology that spans a number of phases in agent’s lifetime: it starts from agent creation and ends with agent’s execution. It addresses classification, validation, publishing, discovery, adoption, authentication and authorization of agents. Our system is based on secure web services and uses RBAC XACML policies and SAML protocol.

Cloud authorization: exploring techniques and approach towards effective access control framework

Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, primarily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control requirements in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation results is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate technique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumerate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge — access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorporate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple access control models.

Assessment Criteria for Trust Models in Cloud Computing

Cloud computing is an emerging technology that provides elastic and flexible computing resources to the existing capabilities of business world. Besides several benefits of Cloud computing, there are still many challenging issues such as security and privacy of data stored on Cloud and lack of trust on Cloud service providers. Trust is one of the major barriers in the growth and adoption of Cloud by the IT industry due to absence of any reliable and efficient trust evaluation mechanism. Various trust management models have been proposed, but there exists no criteria to evaluate the effectiveness of these models in Cloud computing. In this regard, we have proposed an assessment criterion for the evaluation of trust models, containing the essential features that are mandatory for trust establishment in Cloud environment. We have also presented a detailed analysis of existing trust models and analyzed them with respect to our proposed assessment criteria. The assessment and analysis of trust models helps the customers to select the most appropriate and reliable model in accordance with their preferences and requirements.

Mobile Agent Middleware for Multimedia Services

Over the past few years, there has been an increased trend of developing applications using mobile agent paradigm. Among them, there are applications that interact with mobile devices; these mobile devices provide connectivity to larger number of users. This increasing number of mobile devices identifies challenges in term of service provision to these devices as they have limited resources in term of computation and storage. In addition to this service, providers also face the challenge of heterogeneity in term of mobile device specifications over a large spectrum of available mobile devices. This paper presents a solution based on mobile agent and introduces the concept of middleware for dynamically discovered, location dependent multimedia services for mobile devices. Mobile agents act on behalf of mobile device over a fixed network performing necessary actions in terms of configuration/reconfiguration, communication, downloading multimedia to mobile device and quality of service handling. Design of a prototype and its implementation has been presented to verify the solution proposed.

Evaluation and establishment of trust in cloud federation

Cloud federation is a future evolution of Cloud computing, where Cloud Service Providers (CSP) collaborate dynamically to share their virtual infrastructure for load balancing and meeting the Quality of Service during the demand spikes. Today, one of the major obstacles in adoption of federation is the lack of trust between Cloud providers participating in federation. In order to ensure the security of critical and sensitive data of customers, it is important to evaluate and establish the trust between Cloud providers, before redirecting the customers requests from one provider to other provider. We are proposing a trust evaluation model and underlying protocol that will facilitate the cloud providers to evaluate the trustworthiness of each other and hence participate in federation to share their infrastructure in a trusted and reliable way.

Assessment Criteria for Cloud Identity Management Systems

Cloud computing offers many benefits to the IT industry by making available the services and resources that helps them to proliferate or decrease their organizational resources automatically on demand. On the other hand, organizations are still uncertain about the security and privacy of their sensitive information (for instance the identity credentials) in the multitenant environment of the Cloud. Many security systems have been devised for the protection of resources in Cloud environments. Identity Management Systems, in this regard, play a vital role in ensuring effective user authentication, provisioning, de-provisioning and access control decisions. Many Cloud IDMSs have been proposed until now claiming to offer flexibility, agility and robustness. However, no comparative analysis of such Cloud based IDMSs has been performed so far, as to the best of our knowledge there exists no specific criteria against which one can evaluate an IDMS on Cloud. This paper proposes an assessment criterion for the evaluation of Cloud based IDMSs, comprising of potential security features that are positively imminent for the assessment of Cloud based IDMSs. Furthermore, analysis of Cloud IDMSs is presented based on the proposed assessment criteria. Potential research directions in the area of Cloud identity management and security are also discussed.

Security Aspects of Virtualization in Cloud Computing

In Cloud computing, virtualization is the basis of delivering Infrastructure as a Service (IaaS) that separates data, network, applications and machines from hardware constraints. Although Cloud computing has been a focused area of research in the last decade, research on Cloud virtualization security has not been extensive. In this paper, different aspects of Cloud virtualization security have been explored. Specifically, we have identified: i) security requirements for virtualization in Cloud computing which can be used as a step towards securing virtual infrastructure of Cloud, ii) attacks that can be launched on Cloud virtual infrastructure, and iii) security solutions to secure the virtualization environment by overcoming the possible threats and attacks.

Usage control model specification in XACML policy language

Usage control model (UCON) is one of the emerging and comprehensive attribute based access control model that has the ability of monitoring the continuous updates in a system making it better than the other models of access control. UCON is suitable for the distributed environment of grid and cloud computing platforms however the proper formulation of this model does not exist in literature in any policy specification standard. It is for this reason that UCON is not widely adopted as an access control model by industry, though research community is now paying attention to make standard policy specification for this model. In this paper we are suggesting the interpretation of UCON model in extensible access control markup language (XACML) which is an OASIS standard of access control policies. We also highlight UCON model features by explaining its core processes and characteristics with respect to the case study of financial application.