Change search
ReferencesLink to record
Permanent link

Direct link
Authentication and Authorization Systems in Cloud Environments
KTH, School of Information and Communication Technology (ICT).
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The emergence of cloud computing paradigm offers attractive and innovative computing services through resource pooling and virtualization techniques. Cloud providers deliver various types of computing services to customers according to a pay-per-use economic model. However, this technology shift introduces a new concern for enterprises and businesses regarding their privacy and security. Security as a Service is a new cloud service model for the security enhancement of a cloud environment. This is a way of centralizing security solutions under the control of professional security specialists. Identity and access control services are one of the areas of cloud security services, and sometimes, are presented under the term Identity as a Service.

This master thesis research is focused on identity-security solutions for cloud environments. More specifically, architecture of a cloud security system is designed and proposed for providing two identity services for cloud-based systems: authentication and authorization. The main contribution of this research is to design these services using service-oriented architectural approach, which will enable cloud-based application service providers to manage their online businesses in an open, flexible, interoperable and secure environment.

First, the architecture of the proposed services is described. Through this architecture all system entities that are necessary for managing and providing those identity services are defined. Then, the design and specification of each service is described and explained. These services are based on existing and standardized security mechanisms and frameworks. As a demonstration, a prototype system of an authorization service is implemented and tested based on the designed authorization solution. The implementation is done using Web Service technology respective to the service-oriented design approach. It is shown that both services are at least computationally secure against potential security risks associated with replay attacks, message information disclosure, message tampering, repudiation and impersonation.

The designed security system ensures a secure and reliable environment for cloud-based application services which is very easy to deploy and exploit on cloud-based platforms.

Place, publisher, year, edition, pages
2012. , 64 p.
Trita-ICT-EX, 2012:203
National Category
Engineering and Technology
URN: urn:nbn:se:kth:diva-102870OAI: diva2:557150
Educational program
Master of Science - Software Engineering of Distributed Systems
Available from: 2012-10-22 Created: 2012-09-27 Last updated: 2012-10-22Bibliographically approved

Open Access in DiVA

fulltext(1923 kB)2256 downloads
File information
File name FULLTEXT01.pdfFile size 1923 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Information and Communication Technology (ICT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 2256 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 902 hits
ReferencesLink to record
Permanent link

Direct link