Using Externals IdPs on OpenStack: A Security Analysis of OpenID Connect, Facebook Connect, and OpenStack Authentication
作者: Glauber C. Batista , Charles C. Miers , Guilherme P. Koslovski , Mauricio A. Pillon , Nelson Mimura Gonzalez
关键词:
摘要: The installation and configuration of cloud environments has increasingly become automated therefore simple. For instance, solutions such as RedHat RDO Mirantis Fuel facilitate the deployment popular computational clouds like OpenStack. Despite advances in usability, effort is still required to create manage multiple users. This particular relevance when dealing with sensitive information, a somewhat common case for private clouds. To alleviate this burden, many have adopted federated Single Sign-On (SSO) mechanisms authenticating their users more transparent manner. In work we analyze practical security an OpenStack IaaS combined either OpenID Connect (using Google IdP) or Facebook IdP). criteria used analysis comprise ability provide data encryption, risks involved use external IdP, improper access control. We identify potential issues regarding these propose approaches fix them.
sci-hub.se 参考文章(21)
Bart van Delft, Martijn Oostdijk, A Security Analysis of OpenID Policies and Research in Identity Management. pp. 73- 84 ,(2010) , 10.1007/978-3-642-17303-5_6
Carl Pulley, Ibad Kureshi, Stephen Bonner, Yvonne James, Violeta Holmes, John Brennan, Using OpenStack to improve student experience in an H.E. environment science and information conference. pp. 888- 893 ,(2013)
Zeljko Obrenovic, Bart den Haak, Integrating User Customization and Authentication: The Identity Crisis ieee symposium on security and privacy. ,vol. 10, pp. 82- 85 ,(2012) , 10.1109/MSP.2012.119
Abhilasha Bhargav-Spantzely, Jan Camenisch, Thomas Gross, Dieter Sommer, User centricity Proceedings of the second ACM workshop on Digital identity management - DIM '06. ,vol. 15, pp. 1- 10 ,(2006) , 10.1145/1179529.1179531
Rasib Hassan Khan, Jukka Ylitalo, Abu Shohel Ahmed, OpenID authentication as a service in OpenStack information assurance and security. pp. 372- 377 ,(2011) , 10.1109/ISIAS.2011.6122782
Serge Egelman, My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect human factors in computing systems. pp. 2369- 2378 ,(2013) , 10.1145/2470654.2481328
Marlon Cordeiro Domenech, Eros Comunello, Michelle Silva Wangham, Identity management in e-Health: A case study of web of things application using OpenID connect international conference on e-health networking, applications and services. pp. 219- 224 ,(2014) , 10.1109/HEALTHCOM.2014.7001844
David W. Chadwick, George L. Inman, Kristy W.S. Siu, Mohammad Sadek Ferdous, Leveraging social networks to gain access to organisational resources Proceedings of the 7th ACM workshop on Digital identity management - DIM '11. pp. 43- 52 ,(2011) , 10.1145/2046642.2046653
L. Lynch, Inside the Identity Management Game IEEE Internet Computing. ,vol. 15, pp. 78- 82 ,(2011) , 10.1109/MIC.2011.119
Moo Nam Ko, Gorrell P. Cheek, Mohamed Shehab, Ravi Sandhu, Social-Networks Connect Services IEEE Computer. ,vol. 43, pp. 37- 43 ,(2010) , 10.1109/MC.2010.239