Please use this identifier to cite or link to this item: http://openarchive.nure.ua/handle/document/11859
Title: Mechanisms of ensuring security in Keystone service
Authors: Kuzminykh, I.
Fliustikova, M.
Keywords: security
mechanism
identification
Keystone
vulnerability
Issue Date: 2019
Publisher: ХНУРЕ
Citation: Kuzminykh I. Mechanisms of ensuring security in Keystone service / Kuzminykh I., Fliustikova M. // Проблеми телекомунікацій. – 2019. – Вип. 2(25). – С. 78-96. – Режим доступу: http://pt.nure.ua/wp-content/uploads/2020/02/192_kuzminykh_keystone.pdf
Abstract: User authentication is one of the most important aspects in the area of cloud services, followed by the storing of sensitive information about customers. A number of solutions exist for authentication, security, and privacy provisioning in cloud, while cloud identity management systems aim to simplify and harmonise access. This paper presents an investigation into the security problems associated with cloud identity and access management system (IAMS), using the Keystone identity service within OpenStack as an example. In order to analyse the existing challenges, the paper expands security provisioning into authentication management, authorization management, personal data protection, privacy and confidentiality, as well as logging and auditing and considers the security mechanisms required for any cloud IAMS for each one of these categories. The paper also investigates some of the existing and potential attacks against the Keystone service, then follows with recommendations and mechanisms for enhancing the security. The vulnerabilities in cloud IAMS show that most systems support at most a subset of security provisioning mechanisms or have their own flaws; in addition, there are no unified international standards in this cloud identity systems area for cloud and service providers. The identified list of attacks and the associated mitigation mechanisms will help to provide the identity and access management system with the protection of identity credentials in the cloud system. The provided results can help with further researching mechanisms aiming to ensure personal data confidentiality and integrity.
URI: http://openarchive.nure.ua/handle/document/11859
Appears in Collections:Кафедра інфокомунікаційної інженерії (ІКІ)

Files in This Item:
File Description SizeFormat 
192_kuzminykh_keystone.pdf524.06 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.