Security Architecture for Cloud Computing Platform

Abstract: Cloud computing is an innovation of existing technology which provides long-dreamed vision of computing as utility. The emergence of this novel technology in IT business has decoyed most of organizations in both private and public sector. Although cloud introduces the innovative and cost effective concept of on demand service, pay as you go, and resource allocation, security is often the area of concern in terms of its adoption. The existing security-based solutions for cloud-based platform are either based on single tamper-proof hardware or homomorphic encryption. Hardware-based solution lacks scalability, while homomorphic encryptions are only a theory. Moreover, traditional defense in-depth security mechanism cannot be directly implemented in cloud-based platform due to the varying nature of its service and deployment model. However, the same concept of multi-layered security mechanism can be proposed to secure the cloud-based platform. This Master Thesis research is focused on deriving the generic and secure architecture for cloud computing platform regardless of its services and deployment model. The research focus on delivering seamless access control, authorization, identity and SSO services to end-user. All of the above mentioned services are offered by the components of our central security system. The central security system is the purposed architecture for cloud computing platform, which is based on service oriented architecture where all the security services are provided in terms of web services to end-user. Finally, OpenStack being an open source cloud computing platform is selected as a targeted platform in order to deploy and evaluate security services offered by our central security system.