My private cloud overview


Published on

Granting anyone access to your cloud resources at any time from anywhere

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

My private cloud overview

  1. 1. My Private Cloud Overview David W Chadwick, Matteo Casenove, Stijn F Lievens, Jerry I den Hartog, Andreas Pashalidis, Joseph Alhadeff5 July 2011 IEEE Cloud 2011 1
  2. 2. Project Objectives • Migrate the trust, security and privacy preserving infrastructure from the EC TAS3 project to cloud services. • The TSP infrastructure relies on trusted cloud providers to operate in good faith but this can be checked – trust but verify • Infrastructure is built from legal agreements and open source software services • Software services include: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails5 July 2011 IEEE Cloud 2011 2
  3. 3. LegendIdP=Identity Provider Architectural ComponentsAA=Attribute Authority IdP ServiceDS=Delegation ServiceAuthn=Authentication Directory AA Service DSP/S=Publish-Subscribe Audit Service Authn ServiceCSP=Cloud Service P/S ProviderPEP=Policy Enforcement Point Trust and TrustPDP= Policy Decision Reputation Network Point ServiceAuthz=Authorisation CSP WSC InfrastructureAppln=Application Code Dash Appln PWSC=Web Services Audit E Authz Client P InfrDash=User’s dashboard service TAAS PDP DSTAAS=Trusted Attribute Aggregation Service5 July 2011 IEEE Cloud 2011 3
  4. 4. Progress To Date • Have defined and implemented APIs (in php) for • Federated Identity Management with different Levels of Assurance • Privacy Preserving Delegation of Authority • Granting of Access Rights to Other Account Holders • And built these into a front end Proxy Service to Amazon/Eucalyptus S3 service5 July 2011 IEEE Cloud 2011 4
  5. 5. UK AMF Authz Database IdP 1 Account DB Authz API IdP 2 WAYF … Simple SAMLphp IdP n Authn Proxy API IdP Cloud (SimpleService SAML Other IdPs phpSP) CVS OpenID Facebook Google Twitter Org LDAP Delegation API LEGEND Delegation Issuing = Cloud API Security Services Web Service = External Services = Locally Provided Services
  6. 6. Welcome Screen5 July 2011 IEEE Cloud 2011 6
  7. 7. Login Redirects to Proxy IdP5 July 2011 IEEE Cloud 2011 7
  8. 8. User Logs In via chosen IdP5 July 2011 IEEE Cloud 2011 8
  9. 9. User is shown all the Accounts that his Attributes give him Ownership of, and Opens (or Creates) one5 July 2011 IEEE Cloud 2011 9
  10. 10. User is shown Account Details of Opened Account List of Your Delegates List of Buckets You Own List of Buckets and Files that other Account Owners have shared with you5 July 2011 IEEE Cloud 2011 10
  11. 11. User Opens a Bucket Can view/alter Access Rights Can upload/download files5 July 2011 IEEE Cloud 2011 11
  12. 12. Showing Permissions that You have Granted to Others Permissions given to other Account Holders Permissions given to Contacts Give New Permissions to Others5 July 2011 IEEE Cloud 2011 12
  13. 13. Granting Permissions To Others Granting Public access Granting access to other Account Holders Granting access to Contacts/Delegates5 July 2011 IEEE Cloud 2011 13
  14. 14. Adding a New Contact5 July 2011 IEEE Cloud 2011 14
  15. 15. Next Steps • Define an API for secure auditing and integrate this into system • Implement existing APIs in other cloud services • Define APIs for trust and reputation management5 July 2011 IEEE Cloud 2011 15
  16. 16. Acknowledgements • This research has received funding from • EC’s FP7 under grant agreement n° 216287 (Trusted Architecture for Securely Shared Services) and • UK’s EPSRC under grant ref. n° EP/1034181/1 (My Private Cloud)5 July 2011 IEEE Cloud 2011 16