Paper Info
Title
Using Externals IdPs on OpenStack: A Security Analysis of OpenID Connect, Facebook Connect, and OpenStack Authentication.
Abstract
The installation and configuration of cloud environments has increasingly become automated and therefore simple. For instance, solutions such as RedHat RDO and Mirantis Fuel facilitate the deployment of popular computational clouds like OpenStack. Despite the advances in usability, effort is still required to create and manage multiple users. This is of particular relevance when dealing with sensitive information, a somewhat common case for private clouds. To alleviate this burden, many clouds have adopted federated Single Sign-On (SSO) mechanisms for authenticating their users in a more transparent manner. In this work we analyze the practical security of an OpenStack IaaS cloud when combined with either OpenID Connect (using Google as IdP) or Facebook Connect (using Facebook as IdP). The criteria used in the analysis comprise the ability to provide data encryption, the risks involved in the use of an external IdP, and improper access control. We identify potential issues regarding these solutions and we propose approaches to fix them.
Year
Venue
Field
2018
AINA
Authentication,OpenID Connect,Computer security,Computer science,Usability,Computer network,Encryption,Security analysis,Access control,Information sensitivity,Cloud computing
DocType
Citations 
PageRank 
Conference
0
0.34
References 
Authors
0
6
Name
Order
Citations
PageRank
Glauber Cassiano Batista100.34
Charles Christian Miers232.77
Guilherme Koslovski35611.30
Maurício Aronne Pillon477.59
Nelson Mimura Gonzalez583.60
Marcos A. Simplício, Jr.615815.04