An intrusion tolerant identity provider with user attributes confidentiality

• Published in: Journal of information security and applications Vol. 63; p. 103045
• Main Authors: Barreto, Luciano, Fraga, Joni, Siqueira, Frank
• Format: Journal Article
• Language: English
• Published: Elsevier Ltd 01.12.2021
• Subjects: Cloud computing; Cloud federation; Identity provider; Secure storage; Cloud computing; Cloud federation; Identity provider; Secure storage
• ISSN: 2214-2126
• DOI: 10.1016/j.jisa.2021.103045

This paper describes the architectural model of an intrusion-tolerant identity provider (IdP-IT) for large distributed systems such as clouds, computational grids or collaborative networks. Like any service available on the Internet, Identity Providers are subject to attacks that can result in intrusions that would be catastrophic for the security of information and resources of a distributed system. Usually these systems are built on clusters (or private clouds) systems. But this does not prevent attacks with malicious behaviour deployments. Our approach was developed for cloud federation, and at first, we developed the virtualization-based Intrusion Tolerant Identity Provider framework so we could reconfigure its external interfaces to each attack detection. Protocols have been extended to allow detection and system reconfiguration. In a second step we extend the previous model with memorization of user attributes and credentials on a cloud federation. For this extension we have developed a secure memory mechanism in these resources, usually considered unsafe for sensitive information. The developed mechanisms allows the correct functioning of these providers even under malicious attacks.