Trust Framework for the Intercloud

Buzz

Cloud Computing Today

Cloud Computing Today

Desired State

• How do I know who is who?– Not all one enterprise (e.g., AD)– Not a single customer-provider relationship (e.g.,

static provisioning)– Potentially many legitimate participants– Nearly unlimited attackers– Identity work somewhat addresses this, but…

• What does it mean to the visited network to have a particular identity?– Resource access and manipulation– Strong authentication, yet how to do

authorization?

What is Missing?

• P2302 is IEEE Intercloud effort• Simple inter-cloud messaging protocol• Broker services for naming, directories,

and data marshaling• Requires everyone to agree on

everything for every application• Rich individual trust model,

but limited in practice• Huawei-led to last year

Current Attempts: IEEE P2302

P2302 Approaches

Centralized• All requests and data

held by neutral third-party broker

• Looking towards IANA or IGTF as a model or home

• But enterprises do not really trust their data in their own networks, no less in someone else’s

Federated

?• Nice Research

Project

• Work out semantics for cloud federation– Policy-driven

• Provide tailored trustworthy space for cloud computing– Cryptographic foundation for intercloud data

assurance– Tailored directory access for resources and

data

• Goal: Apply to IEEE P2302, IETFSCIM, IRTF SDNRG

Project: Intercloud Identity

• Evaluate state of the art and gap analysis with CBPP, Law Center, Department of Government– Interim Deliverable: Report on gaps

• Prototype peer-to-peer identity management system with tailored trust that meets operational & legal requirements

• Time: 15 months• Budget: $120,000; $65,000 to

get started

Plan: Intercloud Identity

Image Attributions:Nexus 4S by GNUtooiPhone by HereToHelpAll others: Microsoft & their partners