Rohit Ranchal

An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing

Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entities that use it. In cloud computing, entities may have multiple accounts associated with different SPs, or one SP. Sharing PIIs of the same entity across services along with associated attributes can lead to mapping of PIIs to the entity. We propose an entity-centric approach for IDM in the cloud. The approach is based on: (1) active bundles—each including a payload of PII, privacy policies and a virtual machine that enforces the policies and uses a set of protection mechanisms to protect themselves, (2) anonymous identification to mediate interactions between the entity and cloud services using entity’s privacy policies. The main characteristics of the approach are: it is independent of third party, gives minimum information to the SP and provides ability to use identity data on untrusted hosts.

Protection of Identity Information in Cloud Computing without Trusted Third Party

Cloud computing allows the use of Internet-based services to support business processes and rental of IT-services on a utility-like basis. It offers a concentration of resources but also poses risks for data privacy. A single breach can cause significant loss. The heterogeneity of “users” represents a danger of multiple, collaborative threats. In cloud computing, entities may have multiple accounts associated with a single or multiple service providers (SPs). Sharing sensitive identity information (that is, Personally Identifiable information or PII) along with associated attributes of the same entity across services can lead to mapping of the identities to the entity, tantamount to privacy loss. Identity management (IDM) is one of the core components in cloud privacy and security and can help alleviate some of the problems associated with cloud computing. Available solutions use trusted third party (TTP) in identifying entities to SPs. The solution providers do not recommend the usage of their solutions on untrusted hosts. We propose an approach for IDM, which is independent of TTP and has the ability to use identity data on untrusted hosts. The approach is based on the use of predicates over encrypted data and multi-party computing for negotiating a use of a cloud service. It uses active bundle—which is a middleware agent that includes PII data, privacy policies, a virtual machine that enforces the policies, and has a set of protection mechanisms to protect itself. An active bundle interacts on behalf of a user to authenticate to cloud services using user’s privacy policies.

An End-to-End Security Auditing Approach for Service Oriented Architectures

Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement of multiple service providers in a service request. The interactions of independent service domains in SOA could violate service policies or SLAs. In addition, users in SOA systems have no control on what happens in the chain of service invocations. Although the establishment of trust across all involved partners is required as a prerequisite to ensure secure interactions, still a new end-to-end security auditing mechanism is needed to verify the actual service invocations and its conformance to the expected service orchestration. In this paper, we provide an efficient solution for end-to-end security auditing in SOA. The proposed security architecture introduces two new components called taint analysis and trust broker in addition to taking advantages of WS-Security and WS-Trust standards. The interaction of these components maintains session auditing and dynamic trust among services. This solution is transparent to the services, which allows auditing of legacy services without modification. Moreover, we have implemented a prototype of the proposed approach and verified its effectiveness in a LAN setting and the Amazon EC2 cloud computing infrastructure.

Incorporating attacker capabilities in risk estimation and mitigation

The risk exposure of a given threat to an information system is a function of the likelihood of the threat and the severity of its impacts. Existing methods for estimating threat likelihood assume that the attacker is able to cause a given threat, that exploits existing vulnerabilities, if s/he has the required opportunities (e.g., sufficient attack time) and means (e.g., tools and skills), which is not true; often, s/he can perform an attack and cause the related threat only if s/he has the ability to access related resources (objects) of the system that allow to do so. This paper proposes a risk estimation method that incorporates attacker capabilities in estimating the likelihood of threats as conditions for using the means and opportunities, demonstrates the use of the proposed risk estimation method through two examples: video conferencing systems and connected vehicles, shows that changing attacker capabilities changes the risks of the threats, and compares the uncertainty of experts in evaluating the likelihood of threats considering and not considering attacker capabilities for two experiments. The results of the experiments suggest that experts are less uncertain about their estimations of threat likelihoods when they consider attacker capabilities.

A Case for Societal Digital Security Culture

Information and communication technology systems, such as remote health care monitoring and smart mobility applications, have become indispensable parts of our lives. Security vulnerabilities in these systems could cause financial losses, privacy/safety compromises, and operational interruptions. This paper demonstrates through examples, that technical security solutions for these information systems, alone, are not sufficient to protect individuals and their assets from attacks. It proposes to complement (usable) technical solutions with Societal Digital Security Culture (SDSC): collective knowledge, common practices, and intuitive common behavior about digital security that the members of a society share. The paper also suggests a set of approaches for improving SDSC in a society and demonstrates using a case study how the suggested approaches could be integrated to compose a plan for improving SDSC.

A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing

The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds makes it difficult to guarantee any service level agreements. On the other hand, providing quality of service guarantees to users of mobile and cloud services that involve collaboration of multiple services is contingent on the existence of mechanisms that give accurate performance estimates and security features for each service involved in the composition. In this paper, we propose a distributed service monitoring and dynamic service composition model for network computing, which provides increased resiliency by adapting service configurations and service compositions to various types of changes in context. We also present a greedy dynamic service composition algorithm to reconfigure service orchestrations to meet user-specified performance and security requirements. Experiments with the proposed algorithm and the ease-of-deployment of the proposed model on standard cloud platforms show that it is a promising approach for agile and resilient network computing.

Hierarchical Aggregation of Consumer Ratings for Service Ecosystem

With the wide availability of products and services through popular e-commerce platforms and dozens of similar offerings to choose from, there is a need to accurately assess and evaluate the quality of offerings. Several studies have shown that consumer feedback is an important source of information. This paper presents: (a) consumer Rating as a Service (RaaS) -- a building block service that can be used to add the consumer feedback lifecycle feature in the development of e-commerce platforms, (b) an approach to evaluate the quality of composite offerings based on the aggregation of consumer ratings using the composition structure and component relationships. Benefits of the proposed service include reduced development effort, shorter delivery time and a fine-grained aggregation of consumer ratings for composite offerings even with limited ratings.

Protecting PLM Data Throughout Their Lifecycle

Enterprises operate in a global economy with their operations dispersed across internal processes and external partners. Product Lifecycle Management (PLM) systems play a significant role in modern product development and management. There are multiple stages in product lifecycle that streamline by sharing data among PLM entities. Shared data may contain highly sensitive information such as trade secrets, intellectual property, private organizational or personal information. In large enterprise systems, it is difficult to understand and track data dissemination. Data sharing across global partners complicates and magnifies the problem further. The effect of shared data being leaked is one of the key risks. Existing approaches ensure security within the domain of an organization and don’t address protection in a decentralized environment. We propose an approach for secure data dissemination using the Active Bundle scheme. This approach enables organizations to securely share information in their PLM steps and protects it throughout the product lifecycle.

Building scalable, secure, multi-tenant cloud services on IBM Bluemix

While an infrastructure-as-a-service cloud provides an economic alternative to managing information technology on premises, it does not provide ready-to-use advanced functionalities for solution management. A platform-as-a-service cloud (PaaS), on the other hand, provides application management and offers a catalog of services, which developers can easily use to host their solutions in the cloud. It also provides DevOps capabilities, which facilitate the management of a solution lifecycle. In this paper, we offer insights into the benefits and challenges that developers, who want to develop applications or offer services, would face in using a PaaS. We describe the step-by-step process of developing applications and offering services on IBM Bluemix, which is a PaaS cloud. We identify the key ingredients to achieve service scalability, security, and multi-tenancy. We also demonstrate the entire process through case studies of two Bluemix services: Rating-as-a-Service (RaaS) and the beta release of the Workflow Service .

Privacy-Preserving Data Dissemination in Untrusted Cloud

B2B (business-to-business) systems often use service-oriented architecture (SOA) with decomposed business services. These services can interact and share data among each other. Service might use a cloud – hosted database, such as a non - relational encrypted key – value store. However, the cloud platform hosting the database can be untrusted. Data owner needs to be sure that each service can access only those segments of a shared database for which the service is authorized. Furthermore, data requests can come from a service also hosted by untrusted cloud. Hence, there is a need for designing a cloud enterprise framework that can ensure privacy-preserving data dissemination in SOA and accurately detect data leakages. We design and prototype a solution that ensures privacy – preserving dissemination of data. The solution is based on (a) role-based access control, (b) cryptographic capabilities of clients browser, (c) authentication method, (d) subjects trust level. The prototype enables privacy – preserving dissemination of Electronic Health Records (EHRs) hosted in an untrusted cloud.