Date of Completion

7-10-2018

Embargo Period

7-9-2019

Keywords

Security; Access Control; RBAC; MAC; DAC; Security Policy Integration; Service Integration; Cloud Computing; Application Programmer Interface; Service Oriented Architecture

Major Advisor

Dr. Steven A. Demurjian

Associate Advisor

Dr. Reda Ammar

Associate Advisor

Dr. Swapna Gokhale

Associate Advisor

Dr. Thomas Agresta

Field of Study

Computer Science and Engineering

Degree

Doctor of Philosophy

Open Access

Open Access

Abstract

Cloud computing has emerged as a de facto approach throughout society, commercial and government sectors, and research/academic communities. In the last decade, many organizations have considered outsourcing their IT service to the cloud where the services would have better availability and quality. However, this requires mobile and desktop clients for different stakeholders, in a domain such as healthcare, to obtain information from multiple systems, that may be: operating with different paradigms (e.g., cloud services, programming services, web services); utilize alternate cloud service providers; and, employ diverse security/access control techniques. This raises two main problems: services integration and security policies integration. The services integration problem focuses on the difficulties that occur when a client is trying to access services that could be operating with different types of APIs. The security policies integration problem occurs since the alternate cloud service providers may have different access control capabilities, making it difficult for the client developer to realize a cohesive security solution. In order to address these two problems, this dissertation presents a Framework for Secure and Interoperable Cloud Computing (FSICC) that provides a set of global cloud services for use by clients and systems with access control provided by RBAC, MAC, and DAC. The work presented herein involves five research areas: Architectural Blueprints for Supporting FSICC that contain options for connecting clients and systems with FSICC; an Integrated RBAC, MAC, and DAC Model for Cloud Computing via a Unified Cloud Computing Access Control Model (UCCACM) that contains a set of definitions necessary for supporting the work on FSICC; Security Mapping/Enforcement Algorithms for Global Security Policy Generation and Global API Generation which includes Security Policies and Services Registration, Global Services Generation, and Global Security Policy Generation; a SOA-Based Security Engineering Process (SSEP) for FSICC that is utilized to combine security policies from different systems into one global security policy in which SSEP also includes a process for security enforcement code generation; and, Dynamic Enforcement via Intercepting Process involves a set of programmatic mechanisms that are able to intercept a service call from a client to a FSICC global service to perform security enforcement checks.

COinS