My Private Cloud
Lead Research Organisation:
University of Kent
Department Name: Sch of Computing
Abstract
This research is designed to increase - a) the trust that users may have in cloud providers, as well as - b) the control that users will have over their data when it is stored in the cloud. It aims to do this in a number of ways. Firstly existing cloud users can provide their feedback about their existing cloud service providers to a cloud reputation service. This will compute the reputations of the various cloud providers, so that new potential cloud users can query it in order to determine which cloud providers are the most reputable. Then, when a user has chosen a cloud provider that (s)he believes to be trustworthy, the user can set their own fine grained privacy policy on the data that they submit to the cloud. This policy will be stuck to their data so that it is always enforced by the cloud infrastructure. In this way the user has full control over all accesses to and processing of their (possibly very sensitive) data. If their data is moved between cloud providers, then the sticky policy will move with the data, thereby ensuring continuing control by their policy. The privacy protecting infrastructure has built in audit support to allow the cloud provider to send the user summary audit information which will detail who has accessed the user's data, at what time and for what purposes. This provides users with visibility into the cloud, and reassures them that their data is safe. Users may alter their privacy policy at any time, should they decide it is too strict or too lax. Finally, users will be able to delegate access to their data to other users or processes, in order to provide the flexibility that is sometimes needed in workflows and other data access scenarios.The fine grained privacy policies and protocols that are supported by the infrastructure allow requestors to collect their various attributes and roles from multiple issuing authorities (a process termed attribute aggregation), even when they are known by different identities at the different authorities. This mirrors the reality of today's plastic card credentials and allows a new generation of virtual cards to be created. The cloud provider is cryptographically assured that all these different attributes and roles do indeed belong to the same requestor, without the requestor being required to reveal his real name.The fine grained policies also support emergency over-rides, so called Break-The-Glass policies. These allow responsible requestors, who are initially denied access to the data in the cloud, to break the glass and be granted emergency access, in the full knowledge that they will be held accountable and have to answer to their line management at a later time. This is achieved by having an obligation service that can perform pre-defined actions when an authorization decision is made. In the case of break the glass, these obligations might be to email the requestor's line manager, and record the incident in a secure audit trail. One example of Break the glass use is in medical applications, e.g. it allows accident and emergency staff to access a patient's medical records that they otherwise would not be allowed to see.
Planned Impact
The largest group of people to benefit from this research will be all the potential users of cloud computing who currently are too wary about using cloud service providers because they are either unsure of their trustworthiness or they have concerns about the lack of privacy and security of their data once it has been submitted to the cloud. These people will benefit because we will provide them with tools to help them protect the privacy and security of their data, and evidence of the trustworthiness of the cloud provider through: a) access to a reputation service which will inform them about the relative trustworthiness of the cloud providers based on feedback from their existing users b) the ability to set their own privacy policies for protecting their data before submitting it to the cloud c) provision of an audit trail informing them of who accessed their data in the cloud, for what purpose and when d) the ability to update their policy at any time e) the means to provide feedback to others about the trustworthiness of their own cloud provider f) a way to delegate to others (people or processes) access to their data The second group to benefit will be researchers in identity management, privacy, trust and security, who will benefit from the academic papers that will describe our work, and from the open source tools that they can take, adapt, enhance and modify to suit their own research agendas. The economy as a whole will benefit because cloud computing is known to have economic benefits through reduced capital expenditure and pay per use charging. Consequently as the cloud user group grows, the economic benefit to society at large grows.
Organisations
People |
ORCID iD |
| David Chadwick (Principal Investigator) |
Publications
Chadwick D
(2013)
My private cloud - granting federated access to cloud resources
in Journal of Cloud Computing: Advances, Systems and Applications
David Chadwick (Co-Author)
(2011)
Security APIs for the Cloud
| Description | Providing an appropriate GUI for setting security and privacy policies is a very difficult task. Even providing an application dependent GUI, where many of the parameters of the policies are already known, and some can be fixed, it is still very difficult, due to the number of possibilities and combinations that still remain. Providing an application independent security policy GUI where none of the parameters are known or fixed beforehand, is orders of magnitude more difficult. We have had a previous EPSRC research project which researched this topic and which formed the basis of our current natural language GUI. This is capable of creating simple RBAC policies for any application. But this still is not sophisticated enough to cater for all the different policy constructs that may be needed (such as time constraints and arbitrary conditions), nor for all the different ways that users naturally use to specify the same thing. At the same time it is still more difficult to use the application independent constrained natural language GUI than a specially tailored and constrained application dependent GUI. We conclude that constructing application dependent policy GUIs are at the limit of our current computer science abilities, and that much more research is needed into building application independent policy management GUIs. Further work is still required in a number of other areas. Ontologies of attribute types and identity provider classes are needed in order to simplify the security APIs and make them scalable to Internet scale. The API programmer will then be able to ask for classes of attributes from classes of identity provider rather than having to specifically list them all e.g. provide a credit card attribute from a bank rather than a Visa card attribute from HSBC or a MasterCard attribute from Barclays Bank. Providing an implementation of the security APIs in PHP has provided a good initial proof of concept, but one language alone is not sufficient for all cloud developers to use since cloud applications may be developed in other programming languages such as Python, Java or C. Developing security APIs in other languages requires development effort rather than research effort. The current PHP implementation works well and has been stress tested, but it may not be as scalable as some cloud applications require, and certainly some of the existing back end services that it uses, such as LDAP, the PERMIS delegation service, the PDP, and MySQL database may not be as elastic as many cloud applications require. To make the security APIs and their supporting services horizontally and massively scalable is a huge research and development task in itself and should not be underestimated. |
| Exploitation Route | The output is valuable in all commercial, local government and charitable contexts, since the security APIs that were developed are application and sector independent. The output is already being used by a local SME in a cloud product that it is developing. Having easy to use security APIs available to cloud application developers is a major boost to their productivity as well as significantly increasing the security of the applications that they develop. We thus expect them to gain wide acceptance. Our next project will be moving these APIs to Open Stack, a widely available open source cloud infrastructure. We then expect their take up to signficantly increase. The open source code and documentation is already publicly available in the pilot S3 system that we developed. It is available here: Http://www.openpermis.info Anyone is free to download both the code and the documentation. We have publicised the development at two academic conferences (IEEE Cloud and IEEE CloudCom) and at the OpenStack developers meeting. We also publicised it in April 2012 at the European Identity Conference which is primarily attended by commercial people. We will be using the outputs of this project as inputs to further R&D in cloud security APIs, and a follow on EPSRC project which started in May 2012 (under the DAISY call for proposals). |
| Sectors | Digital/Communication/Information Technologies (including Software) |
| Description | We used our findings in our subsequent project "Sticky Policy Based Open Source Security APIs for the Cloud". |
| First Year Of Impact | 2012 |
| Sector | Digital/Communication/Information Technologies (including Software) |
| Description | Data Intensive Systems (DAISY) |
| Amount | £127,000 (GBP) |
| Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
| Sector | Public |
| Country | United Kingdom |
| Start | 05/2012 |
| End | 05/2013 |