Fuzzy sets and fuzzy logic: theory and applications
Fuzzy sets and fuzzy logic: theory and applications
Software Risk Management: Principles and Practices
IEEE Software
Aggregation operators: properties, classes and construction methods
Aggregation operators
The Venn of Identity: Options and Issues in Federated Identity Management
IEEE Security and Privacy
Data Security in the World of Cloud Computing
IEEE Security and Privacy
On Technical Security Issues in Cloud Computing
CLOUD '09 Proceedings of the 2009 IEEE International Conference on Cloud Computing
Security and Cloud Computing: InterCloud Identity Management Infrastructure
WETICE '10 Proceedings of the 2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises
TRIMS, a privacy-aware trust and reputation model for identity management systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation
UIC-ATC '10 Proceedings of the 2010 Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing
Intercloud Security Considerations
CLOUDCOM '10 Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science
Privacy, Security and Trust Issues Arising from Cloud Computing
CLOUDCOM '10 Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science
Architectural Requirements for Cloud Computing Systems: An Enterprise Cloud Approach
Journal of Grid Computing
Cloud Computing Principles and Paradigms
Cloud Computing Principles and Paradigms
Cloud Computing Security--Trends and Research Directions
SERVICES '11 Proceedings of the 2011 IEEE World Congress on Services
An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and Other Delights
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
The cloud computing paradigm is set to become the next explosive revolution on the Internet, but its adoption is still hindered by security problems. One of the fundamental issues is the need for better access control and identity management systems. In this context, Federated Identity Management (FIM) is identified by researchers and experts as an important security enabler, since it will play a vital role in allowing the global scalability that is required for the successful implantation of cloud technologies. However, current FIM frameworks are limited by the complexity of the underlying trust models that need to be put in place before inter-domain cooperation. Thus, the establishment of dynamic federations between the different cloud actors is still a major research challenge that remains unsolved. Here we show that risk evaluation must be considered as a key enabler in evidence-based trust management to foster collaboration between cloud providers that belong to unknown administrative domains in a secure manner. In this paper, we analyze the Federated Identity Management process and propose a taxonomy that helps in the classification of the involved risks in order to mitigate vulnerabilities and threats when decisions about collaboration are made. Moreover, a set of new metrics is defined to allow a novel form of risk quantification in these environments. Other contributions of the paper include the definition of a generic hierarchical risk aggregation system, and a descriptive use-case where the risk computation framework is applied to enhance cloud-based service provisioning.