Whether you want to build the software, run it, grow the community or just learn more about it, there will be content, workshops and design sessions for you to attend at the OpenStack Summit, Oct 15-18 in San Diego. Stick around Friday for the first OpenStack service day, a 1/2 day beach cleanup.

Register now! openstacksummitfall2012.eventbrite.com
Back To Schedule
Thursday, October 18 • 4:10pm - 4:50pm
Platform Attribute Based Identity Management for Trustworthy Cloud Services

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

There is a growing demand from cloud service providers and consumers alike to have better transparency into the system infrastructure and hardware platform used for the services. This impacts the audit and the resultant trustworthiness of the compute environment. Methods purely based on the trusted computing (TC) based solutions have proven to be difficult to implement and scale in the last decade. However there has been continued extensive research in this area to address the challenges because of the increasing unmet need. While the original intentions of TC - to ensure trustworthiness of a platform - still hold, there is an opportunity today to simplify the implementation. The key idea is to include platform attributes in an Attribute-Based Identity Management system (IdM) to have better visibility into the platform and use it to deduce the security state of the system. Incorporating the platform attributes will enable service providers to predict the behavior of the platform and enforce policies to protect digital content. Such a trust model may also reduce the burden on the user and may allow cases for platform credentials to be sufficient avoiding the need for user credentials if they are not needed for the service. This would preserve privacy of the user, provide higher security assurance, audit based risk assessment and help in better usability of the overall cloud system.

In this presentation we will provide an architecture considerations of Platform Attribute based IdM for Cloud Identity Platform. We will show how the access control policies can leverage platform attributes for security decision making as well as a fine granular audit. We will demonstrate how this maps to key real world security, identity management and auditing process from prevalent Standards Initiatives including Cloud Security Alliance, OASIS and Open Data Center Alliance.

We would also show how this model opens doors for extended research in (1) privacy preserving cryptographic primitives that can enforce platform attribute based IdM policies; (2) real world examples of security policies based on Platform Capabilities (with or without user credentials); and (3) Scalable and seamless mutual attestation model in a cloud provider and cloud consumer environment. A better view and understanding of the hardware platform capabilities (beyond just the TPM registers) and how they integrate with an Attribute-based IdM is key to leveraging the transparency and trustworthiness advantages of the proposed model.

avatar for Abhilasha Bhargav-Spantzel

Abhilasha Bhargav-Spantzel

Security Architect, Intel Corporation
Dr. Abhilasha Bhargav-Spantzel is a leading expert in Identity Management and has done extensive research in cryptography and biometrics. She is currently a Security Architect at Intel. She has written 3 book chapters and 30+ ACM and IEEE articles and now leads key initiatives in... Read More →

Thursday October 18, 2012 4:10pm - 4:50pm PDT
Manchester E

Attendees (0)