Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities

Kreutz, Diego; Feitosa, Eduardo

doi:10.15439/2014f465

Cited by 6 publications

(5 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…C-BAS [520] is a certificate-based AAA (Authentication, Authorization and Accounting) architecture for improving the security control on SDN experimental facilities. Solutions in the spirit of C-BAS can be made highly secure and dependable through hybrid system architectures, which combine different technologies and techniques from distributed systems, security, and fault and intrusion tolerance [522], [523], [524].…”

Section: Flow Aggregationmentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

et al. 2015

Self Cite

View full text Add to dashboard Cite

Abstract-The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution.In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -with a focus on aspects such as resiliency, scalability, performance, security and dependability -as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

show abstract

Section: Flow Aggregationmentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

et al. 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…For 20 clients we achieve a throughput of 26 authentications per second, while around 92 authentication/s for 80 clients. This throughput can easily support an university environment with more than 20k users, which has an average of approximately 40 authentications/s [30]. Yet, if we consider our best case from UFAM-VMs, 995.12 authentications/s, our system, without any further optimizations or more computing power, is capable of supporting an environment (considering the average authentications/s) with more than 200k users.…”

Section: B Performance Of the System In Different Environmentsmentioning

confidence: 97%

“…Lastly, the Oregon's VM was running Ubuntu Server 12.04 LTS. It is worth mentioning that using secure elements (or cryptographic techniques) in public clouds brings additional challenges if we cannot completely trust on the cloud provider (even with a contract establishing confidentiality and privacy guarantees), as we further discuss in [30]. Table III summarizes the main results of our first performance evaluation.…”

Section: B Performance Of the System In Different Environmentsmentioning

confidence: 99%

Increasing the Resilience and Trustworthiness of OpenID Identity Providers for Future Networks and Services

Kreutz¹,

Feitosa²,

Cunha³

et al. 2014

2014 Ninth International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

We introduce a set of tools and techniques for increasing the resilience and trustworthiness of identity providers (IdPs) based on OpenID. To this purpose we propose an architecture of specialized components capable of fulfilling the essential requirements for ensuring high availability, integrity and higher confidentiality guarantees for sensitive data and operations. Additionally, we also discuss how trusted components (e.g., TPMs, smart cards) can be used to provide remote attestation on the client and server side, i.e., how to measure the trustworthiness of the system. The proposed solution outperforms related work in different aspects, such as countermeasures for solving different security issues, throughput, and by tolerating arbitrary faults without compromising the system operations. We evaluate the system behavior under different circumstances, such as continuous faults and attacks. Furthermore, the first performance evaluations show that the system is capable of supporting environments with thousands of users.

show abstract

Section: Rate Limitingmentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

Kreutz¹,

Ramos²,

Verı́ssimo³

et al. 2014

Preprint

Self Cite

View full text Add to dashboard Cite

The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution.In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -with a focus on aspects such as resiliency, scalability, performance, security and dependability -as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment. D. Kreutz and F. Ramos are with the

show abstract

Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and opportunities

Cited by 6 publications

References 32 publications

Software-Defined Networking: A Comprehensive Survey

Software-Defined Networking: A Comprehensive Survey

Increasing the Resilience and Trustworthiness of OpenID Identity Providers for Future Networks and Services

Software-Defined Networking: A Comprehensive Survey

Contact Info

Product

Resources

About