Doctoral Proposal – Mohammed Baihan

Title: A Framework for Secure and Interoperable Cloud Computing with RBAC, MAC, and DAC for Securing Unified Services in the Cloud

Student: Mohammed Baihan

Major Advisor: Dr. Steven A. Demurjian

Associate Advisors: Dr. Reda Ammar, Dr. Swapna Gokhale, and Dr. Thomas Agresta

Date/Time: Monday, October 30th, 2017 at 3:00 pm in Babbidge 1947 meeting room

Abstract:

Cloud computing has emerged as a de facto approach throughout society, commercial and government sectors, and research/academic communities. In fact, the wide usage of mobile devices means that average users understand the storage and syncing of photos, videos, email, contacts, files, etc., in the cloud. In the last decade, many organizations consider outsourcing their IT services, which provide access to their systems, to the cloud in which such services would have better availability and quality. However, this requires mobile and desktop clients for different stakeholders in a domain (such as healthcare) to obtain information from multiple systems, that may be operating with different paradigms (e.g., cloud services, programming services, web services), use different cloud service providers, and employ different security/access control techniques. In this dissertation proposal, we focus on the healthcare as one emergent application for cloud computing where, in this area, the Center of Medicare and Medicaid Services released the Meaningful Use Stage 3 guidelines that require all health information technology (HIT) systems to have cloud services to access, modify, and exchange health-related data. HIT systems include electronic health records (EHR) and personal health records (PHR). The main issue for healthcare is to ensure that the available services of these HIT systems are carefully authorized to control which application can utilize which service at which time. In order to address this significant security requirement, this dissertation proposes a framework for secure and interoperable cloud computing (FSICC) that unifies services from multiple systems so that applications can be easily built in which the access to such services is controlled via means of Role-based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC). The work proposed herein involves five research areas: Security Requirements and Capabilities for FSICC which defines four security requirements and three security capabilities for FSICC that simplify and enable client access via global resources via standardized system APIs;  An Integrated RBAC, MAC, and DAC Model for Cloud Computing that proposes a Unified Cloud Computing Access Control (UCCAC) model for the FSICC with a single view of global services to applications to be authorized according to RBAC, MAC, and DAC policies; Architectural Blueprints for Supporting FSICC which define the way that interoperability and information exchange of clients and systems can be established via a set of instructional guidelines for their interaction; Security Policy Mapping and Security Enforcement Algorithms Generation which represents a proposed process  for combining security policies (RBAC, MAC and/or DAC) from different systems into one global policy coupled with the generation of security enforcement code; and, Dynamic Enforcement via Intercepting Process which proposes a set of programmatic mechanisms that are able to intercept a service call from a client app to an API in order to perform appropriate security enforcement checks.