Modeling and analysis of security standards for web services and Cloud computing

Posted on:2014-02-03

Degree:Ph.D

Type:Dissertation

University:Florida Atlantic University

Candidate:Ajaj, Ola

Full Text:PDF

GTID:1458390008456386

Subject:Engineering

Abstract/Summary:

Cloud Computing is a new computing model consists of a large pool of hardware and software resources on remote datacenters that are accessed through the Internet. Cloud Computing faces significant obstacles to its acceptance, such as security, virtualization, and lack of standardization. For Cloud standards, there is a long debate about their role, and more demands for Cloud standards are put on the table. The Cloud standardization landscape is so ambiguous. To model and analyze security standards for Cloud Computing and web services, we have surveyed Cloud standards focusing more on the standards for security, and we classified them by groups of interests. Cloud Computing leverages a number of technologies such as: Web 2.0, virtualization, and Service Oriented Architecture (SOA). SOA uses web services to facilitate the creation of SOA systems by adopting different technologies despite their differences in formats and protocols. Several committees such as W3C and OASIS are developing standards for web services; their standards are rather complex and verbose. We have expressed web services security standards as patterns to make it easy for designers and users to understand their key points. We have written two patterns for two web services standards; WS-SecureConversation, and WS-Federation. This completed an earlier work we have done on web services standards. We showed relationships between web services security standards and used them to solve major Cloud security issues, such as, authorization and access control, trust, and identity management. Close to web services, we investigated Business Process Execution Language (BPEL), and we addressed security considerations in BPEL and how to enforce them. To see how Cloud vendors look at web services standards, we took Amazon Web Services (AWS) as a case-study. By reviewing AWS documentations, web services security standards are barely mentioned. We highlighted some areas where web services security standards could solve some AWS limitations, and improve AWS security process. Finally, we studied the security guidance of two major Cloud-developing organizations, CSA and NIST. Both missed the quality of attributes offered by web services security standards. We expanded their work and added benefits of adopting web services security standards in securing the Cloud.

Keywords/Search Tags:

Web services, Cloud, Standards, AWS

Related items

1	The Design And Realization Of The It Consulting Services Support Platform
2	Comparison of Cloud Security Standards and Cloud Security Control Recommendation System
3	Research On Public Library Digital Information Service Standards
4	Based On Cloud Computing Environments, Virtualization, Resource Management Research
5	Patterns for web services standards
6	A Security Meta Language for using web services security standards
7	Research On The Effectiveness Of Manufacturing Cloud Services And The Optimization Evaluation Algorithm Of Cloud Services Solution In Cloud Manufacturing Environment
8	Design And Simulated Implementation Of Cloud Networking Oriented Cloud Service Negotiation And Allocation Mechanism
9	Research And Development Of Grid System Based On The Standards Of Web Services
10	Cloud Service Recommendation Based On Services Network And Relationships Between Services