Đang tải... (xem toàn văn)
The Cloud Networking(CloNe) infrastructure pro-visions elastic, secure, and on-demand virtualized network re-sources to the end user. It incorporates the Network-as-a-Service(NaaS) provisioning model, which enhances network-levelscalability, throughput, and performance. In this paper, we extendthe CloNe architecture by designing, deploying, and integratingan identity management framework, customized for the CloNeinfrastructure. The identity management framework proposedin this paper, is based on the User Managed Access(UMA)protocol. The framework supports authentication, authorization,and identity management of entities in the CloNe infrastructure.Furthermore it enables federated identity management and man-agement of access control policies across different infrastructureproviders.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 Identity Management Framework for Cloud Networking Infrastructure Rajya Deep Dhungana, Alam Mohammad, Sathyanarayanan Rangarajan Fraunhofer AISEC Parkring 4, 85748 Garching, Germany Email: firstname.lastname @aisec.fraunhofer.de Ayush Sharma, Ingmar Schoen Fraunhofer AISEC Parkring 4, 85748 Garching, Germany Email: firstname.lastname @aisec.fraunhofer.de Abstract—The Cloud Networking(CloNe) infrastructure pro- visions elastic, secure, and on-demand virtualized network re- sources to the end user. It incorporates the Network-as-a- Service(NaaS) provisioning model, which enhances network-level scalability, throughput, and performance. In this paper, we extend the CloNe architecture by designing, deploying, and integrating an identity management framework, customized for the CloNe infrastructure. The identity management framework proposed in this paper, is based on the User Managed Access(UMA) protocol. The framework supports authentication, authorization, and identity management of entities in the CloNe infrastructure. Furthermore it enables federated identity management and man- agement of access control policies across different infrastructure providers. Index Terms—Identity management, Cloud networking, Next- Generation networks I. INTRODUCTION The advancements in cloud computing and the development of different cloud provisioning models, namely, Software- as-a-Service(SaaS), Platform-as-a-Service(PaaS), and Infrastructure-as-a-Service(IaaS) have greatly influenced Information Technology during the recent past. Cloud computing enables hosting of multiple tenants on a shared pool of resources, faster development times with elastic and on-demand services, minimal capital expenditure, and usage-based maintenance cost [1]. However, the current cloud computing models lack support for virtualized network resource provisioning, which leads to dependability and reliability issues along the network connecting the cloud user and the cloud provider [2]. The Cloud Networking(CloNe) infrastructure proposed in [2], addresses the above concerns. The CloNe infrastructure in- tegrates virtualized network resource provisioning capabilities into existing IaaS provisioning models. However, the CloNe infrastructure is still in its nascent stages, and suffers from its own set of inherent security challenges. Schoo et al. [3] and Fusenig et al. [4] describe the security challenges of the CloNe infrastructure, which include identity management, authentica- tion, authorization and access control policy management of entities in the CloNe infrastructure. These security challenges can be addressed with the intro- duction of a tightly integrated identity management frame- work into the CloNe architecture. Identity management frame- works enable users to specify their credentials [5] in order to authenticate themselves to a service provider. In cloud ecosystems, cloud-provider controlled access is not viable, because the cloud provider is responsible for managing user identities. If different cloud providers share the credentials of a user, a malicious cloud provider can exploit user identity credentials leading to information misuse [6], [7]. Therefore, it is important to secure and manage identity information of users, by using a well defined cloud-provider independent identity management framework. The main contribution of this paper is the design, deployment, and integration of an identity management framework into the CloNe architecture. The iden- tity management framework is based on the UMA protocol. The framework supports authentication, authorization, and identity management of entities in the CloNe infrastructure. Additionally, it enables federated identity management and management of access control policies across different cloud providers. This paper is organized as follows. Section II describes the related work regarding identity management solutions relevant for the CloNe infrastructure. Section III gives an overview of the CloNe service provisioning infrastructure. Section IV covers the design, deployment, and integration details of the identity management framework into the CloNe architecture. Section V concludes the work and describes future work. II. RELATED WORK There are three primary identity management solutions which can be integrated into the CloNe architecture, namely, OpenID Connect [8], [9], OAuth [10], and UMA [11]. In OAuth 2.0, there is a single authorization manager (AM) associated with one or more resource server(s). The resource server is used to host the resources requested by the users. The AM manages the access control policies for different resources stored at a single or multiple resource server(s). During the authentication and authorization process, a resource server accepts access tokens only from its own AM. However, the resource servers must be co-located(within the same ad- IIT'13 1569698969 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 Fig. 1. CloNe Infrastructure ministrative domain) with the AM [10]. Therefore, OAuth 2.0 can not be integrated into the multi-provider and multi-domain CloNe infrastructure [11]. OpenID Connect is used to support trusted claims provided by third party identity providers. Although OpenID Connect provides authentication, authorization and access control, it does not provide a complete identity management framework [8]. It does not supports the identity management of multiple resource servers and therefore does not address the secu- rity challenges of the CloNe infrastructure [3], [4]. On the other hand, the UMA protocol provides a complete identity management framework and the ability to manage multiple resource servers by using multiple AMs. Furthermore, UMA uses a four entity model [12], which maps seamlessly with the CloNe architecture, as described in Section IV. Therefore in this paper, UMA is used as the core protocol of the identity management framework. III. CLONE OVERVIEW The CloNe infrastructure described in [2], proposes a multi- provider and multi-level virtualized network resource provi- sioning infrastructure. The infrastructure offers virtualized net- work resource provisioning in an elastic, on-demand, reliable, and dependable manner. The primary roles involved in the CloNe infrastructure include the infrastructure service user, infrastructure service, distributed infrastructure service, and internal/external infras- tructure provider. The infrastructure service acts as a cloud provider/broker with registered entries for multiple external infrastructure providers. Each service request life-cycle com- mences when the infrastructure service user submits a service request to the infrastructure service. The infrastructure service accepts the abstract service request and translates it into a concrete service request. The concrete service request is then sent to the distributed infrastructure service component de- ployed within its own administrative domain. The distributed infrastructure service component then further translates the concrete service request into resource specifications, which are then forwarded to the internal infrastructure provider. The resource management module, which is a part of the internal infrastructure provider, is responsible for accepting the resource specifications and further deploying them on the underlying resource set. Figure 1, depicts the CloNe service provisioning infrastructure. The detailed service request trans- lation process is described in Sharma et al. [13]. However, cloud service providers regularly experience vary- ing resource loads and faults, which could lead to service in- terruptions. To detect and account the faults on the underlying resource set, the CloNe infrastructure employs a fault man- agement module. For example, consider a scenario whereby an internal infrastructure provider experiences resource faults, and as a result is unable to provision a service request. In this scenario, the infrastructure service requires the distributed infrastructure service components deployed in external admin- istrative domains to provide a listing of the services which can be provisioned by their respective infrastructure providers, and under which service constraints. The infrastructure service then chooses a 1-N (one to many) set of external infrastructure providers which can successfully satisfy the service request provided by the infrastructure ser- vice user. The infrastructure service then conveys the remote reference information of the selected external infrastructure providers to the distributed infrastructure service component deployed in its own administrative domain. The distributed infrastructure service component deployed in its administrative 2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 Fig. 2. Enhanced CloNe infrastructure domain carries out remote reference resolution of the chosen external distributed infrastructure service components. Follow- ing this, the internal and external infrastructure providers to- gether initiate the provisioning of services to the infrastructure service user. IV. IDENTITY MANAGEMENT FRAMEWORK As described in [3], [2], identity management, authentica- tion, authorization and access control policy management are some of the major security challenges that affect the CloNe service provisioning infrastructure. These security challenges can be addressed with the help of a tightly integrated identity management framework. Additionally, the framework must also support multiple service providers and multiple levels in the service hierarchy which are essential features of the CloNe provisioning infrastructure. The current section describes the design, deployment, and integration details of the UMA iden- tity management framework. A. Design and integration of UMA into the CloNe architecture The UMA protocol is an identity management protocol which has been built on top of OAuth [10]. It introduces a new access control protocol for delegation across distributed entities. The protocol further enables the resource users to grant access to their set of resources without sharing their identity credentials. The four principal roles of the UMA protocol are, the requester, the authorizing user, the authorization manager (AM), and the host. The role of the AM is played by the infrastructure service, while the infrastructure provider plays the role of the host. The authorizing user and requester roles are interchangeable, and depend upon the usage scenario. The authorizing user owns the services or resources, which are deployed on the hosts, and are controlled by the AM. The requester sends a service request to the host, which can either provision the service to the requester, or send a negative acknowledgement. The decision to provision or refuse a request, is based upon the set of access control policies deployed by the AM. The infrastructure service, which plays the role of the AM, acts as a policy administration point and policy decision point [14]. On the other hand, the infrastructure provider which plays the role of the host, acts as the policy enforcement point. There are two possible provisioning scenarios in the CloNe infrastructure. The first scenario involves intra-domain provi- sioning of resources, with the use of the internal infrastructure provider. In this scenario, the role of the AM is played by the infrastructure service. The role of the host is played by the in- ternal infrastructure provider, while the role of the authorizing user is played by the distributed infrastructure service. The role of the requester is played by the infrastructure service user. The second scenario involves provisioning of resources across multiple administrative domains. In this scenario, the role of the requester is jointly played by the distributed infrastructure service and internal infrastructure provider. The role of the authorizing user is played by the infrastructure service. The role of the host is played by the 1-N set of (both internal and external, or only external) infrastructure providers, which have been selected by the infrastructure service in order to provision the set of services requested by the infrastructure service user. B. Deployment of the UMA protocol into the CloNe infras- tructure The enhanced CloNe infrastructure which includes the identity management framework is depicted in Figure 2. The framework enables mutual authentication of different entities 3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 Fig. 3. Access token registration involved in the CloNe infrastructure. The core UMA protocol ensures that only authorized entities are provided access to ser- vices and resources provisioned by the infrastructure provider. The UMA deployment into the CloNe infrastructure in- volves three steps for identity management, namely, introduc- tion of distributed infrastructure service to the infrastructure service, granting of access token by the infrastructure service to the requester, and wielding of the access token at the distributed infrastructure service in order to gain access for the requested service or resources. Step 1, involves the introduction of distributed infrastructure service to the infrastructure service. In this step, the infrastruc- ture service grants registration rights to the distributed infras- tructure service, in order to obtain authorization management rights for resources provisioned by the infrastructure service to the infrastructure service user. Once the infrastructure ser- vice grants registration rights to the distributed infrastructure service, the distributed infrastructure service constructs a DIS- meta url, which is then used to retrieve a DIS metadata document from the infrastructure service. The document is used to create authorization end-points for the distributed infrastructure service, and will be used in the generation of an OAuth access token for the distributed infrastructure service. In order to complete the registration process, the distributed infrastructure service has to register as an OAuth client at the infrastructure service and obtain the access rights from the infrastructure service. By using the authorization end-points, the distributed infrastructure service sends its credentials and an OAuth authorization code to the infrastructure service. The infrastructure service validates the OAuth authorization code, which in turn is used to obtain an OAuth access token (also known as a host access token). The OAuth access token allows the distributed infrastructure service to register itself with the infrastructure service, and obtain resource provisioning requests from the infrastructure service. Figure 3, depicts the sequence of steps in the token registration process. The two roles depicted in the sequence diagram are DIS (distributed infrastructure service) and IS (infrastructure service). Step 2, involves the granting of an access token by the infrastructure service to the infrastructure service user. This step supports both static and dynamic registration [15] of the infrastructure service user at the infrastructure service. The infrastructure service user sends its client credentials to the infrastructure service, which evaluates them against its existing access policy. The infrastructure service user can only receive an access token from the infrastructure service if it satisfies the trusted claim requests according to the access policy of the infrastructure service. Otherwise, the authorization request is rejected. Furthermore, if the requester sends a resource request to the distributed infrastructure service, it is redirected to the infrastructure service interface managed by the infrastructure service. Step 3, involves wielding of the access token at the dis- tributed infrastructure service to gain access of the requested service or resources. The distributed infrastructure service receives the access token, and validates the token locally, or requests the infrastructure service for its validation. The resource can only be accessed if the token has been success- fully validated by the distributed infrastructure service or the infrastructure service. Figure 4, depicts the sequence of steps in the token request and validation process. V. CONCLUSION AND FUTURE WORK This paper describes the design, deployment, and integration of an identity management framework into the CloNe architec- ture. The UMA protocol forms the backbone of the identity 4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 60 61 Fig. 4. Access token request and validation management framework. The protocol integrates seamlessly with the multi-domain and multi-level CloNe architecture, due to its open design and four entity model. The framework enables mutual authentication of different entities involved in the CloNe infrastructure. The core UMA protocol ensures that only authorized entities are provided access to services and resources provisioned by the infrastructure provider. Ad- ditionally, the proposed identity management framework en- ables federated identity management amongst different service providers. Future work includes the integration of an assurance and auditing mechanism in order to ensure policy compliance amongst the different participating entities of the CloNe in- frastructure. ACKNOWLEDGMENT The authors would like to express their gratitude to the European Commission for its funding through the “Scalable and Adaptive Internet Solutions”, SAIL Project (FP7-ICT- 2009-5-257448). The authors would like to thank Peter Schoo from Fraunhofer AISEC, Munich, Germany; Anand Kannan from KTH University, Sweden; and Monica Verma from Siemens-CERT for their valuable comments and suggestions regarding the CloNe architecture and the identity management frameworks. Additionally the authors would like to thank Eve Maler, Chair of UMA Work group, for her inputs on the UMA protocol. REFERENCES [1] S. Dhar, “From outsourcing to Cloud computing: Evolution of IT services,” in Technology Management Conference (ITMC), 2011 IEEE International, june 2011, pp. 434–438. [2] Murray, Paul, “D-5.2 (D-D.1) Cloud Network Architecture Description,” European Commission’s 7th Framework Program, Tech. Rep., 2011. [3] P. Schoo, V. Fusenig, V. Souza, M. Melo, P. Murray, H. Debar, H. Medhioub, and D. Zeghlache, “Challenges for Cloud Networking Security,” in MONAMI, 2010, pp. 298–313. [4] V. Fusenig and A. Sharma, “Security architecture for cloud networking,” in Computing, Networking and Communications (ICNC), 2012 Interna- tional Conference on, 30 Jan 2012-feb. 2 2012, pp. 45–49. [5] R. Ranchal, B. Bhargava, L. Othmane, L. Lilien, A. Kim, M. Kang, and M. Linderman, “Protection of Identity Information in Cloud Computing without Trusted Third Party,” in Reliable Distributed Systems, 2010 29th IEEE Symposium on, 31 2010-nov. 3 2010, pp. 368–372. [6] Gopalakrishnan, Anu, “SET Lab Briefings: Cloud Comput- ing Identity Management,” Infosys Labs, Tech. Rep. 7, 2009. [Online]. Available: http://www.infosys.com/infosys- labs/publications/documents/cloud-computing.pdf [7] R. Gellman, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing,” 2009. [8] “OpenID Foundation Website,” July 2012. [Online]. Available: http://openid.net/ [9] K. Cameron, “Identity Web blog,” July 2012. [Online]. Available: http://www.identityblog.com/?=p685 [10] Hardt, Dick, “The OAuth 2.0 Authorization Framework,” RFC 6749, October 2012. [Online]. Available: http://tools.ietf.org/html/rfc6749 [11] T. Hardjono, “User-Managed Access (UMA) Core Protocol draft- hardjono-oauth-umacore-04,” Network Working Group, IETF, Internet- Draft 4, March 2012. [12] Hardjono, Thomas, “User-Managed Access (UMA) Core Protocol draft- hardjono-oauth-umacore-05A,” Networking Working Group IETF, Inter- net Draft 5, June 2012. [13] Sharma, Ayush and Kannan, Anand and Fusenig, Volker and Schoen, In- gmar, “Bridging the security drawbacks of virtualized network resource provisioning model,” in 1st European Workshop on Dependable Cloud Computing EWDCC 2012, May 2012. [14] R. Yavatkar, D. Pendarakis, and R. Guerin, “A Framework for Policy- based Admission Control,” United States, 2000. [15] T. Hardjono, M. Machulak, E. Maler, and C. Scholz, “OAuth Dynamic Client Registration Protocol draft-hardjono-oauth-dynreg-03,” Network Working Group, IETF, Internet Draft 3, April 2012. [Online]. Available: http://tools.ietf.org/html/draft-hardjono-oauth-dynreg-03 5 . independent identity management framework. The main contribution of this paper is the design, deployment, and integration of an identity management framework. the CloNe infrastructure in- volves three steps for identity management, namely, introduc- tion of distributed infrastructure service to the infrastructure