June 29, 2018 –
Title: A Framework for Secure and Interoperable Cloud Computing with RBAC, MAC, and DAC
Student: Mohammed Baihan
Major Advisor: Dr. Steven A. Demurjian
Associate Advisors: Dr. Reda Ammar, Dr. Swapna Gokhale, and Dr. Thomas Agresta
Date/Time: Friday, June 29th, 2018 at 2:00 pm in ITE 336 room
Cloud computing has emerged as a de facto approach throughout society, commercial and government sectors, and research/academic communities. In the last decade, many organizations have considered outsourcing their IT service to the cloud where the services would have better availability and quality. However, this requires mobile and desktop clients for different stakeholders, in a domain such as healthcare, to obtain information from multiple systems, that may be: operating with different paradigms (e.g., cloud services, programming services, web services); utilize alternate cloud service providers; and, employ diverse security/access control techniques. This raises two main problems: services integration and security policies integration. The services integration problem focuses on the difficulties that occur when a client is trying to access services that could be operating with different types of APIs. The security policies integration problem occurs since the alternate cloud service providers may have different access control capabilities, making it difficult for the client developer to realize a cohesive security solution. In order to address these two problems, this dissertation presents a Framework for Secure and Interoperable Cloud Computing (FSICC) that provides a set of global cloud services for use by clients and systems with access control provided by RBAC, MAC, and DAC. The work presented herein involves five research areas: Architectural Blueprints for Supporting FSICC that contain options for connecting clients and systems with FSICC; an Integrated RBAC, MAC, and DAC Model for Cloud Computing via a Unified Cloud Computing Access Control Model (UCCACM) that contains a set of definitions necessary for supporting the work on FSICC; Security Mapping/Enforcement Algorithms for Global Security Policy Generation and Global API Generation which includes Security Policies and Services Registration, Global Services Generation, and Global Security Policy Generation; a SOA-Based Security Engineering Process (SSEP) for FSICC that is utilized to combine security policies from different systems into one global security policy in which SSEP also includes a process for security enforcement code generation; and, Dynamic Enforcement via Intercepting Process involves a set of programmatic mechanisms that are able to intercept a service call from a client to a FSICC global service to perform security enforcement checks.