دانلود رایگان مقاله ارزیابی شکست امنیتی SSO در سرویسهای ابری

Abstract

Business use of cloud computing services is motivated by ease of use and potential financial cost reductions. Service failure may occur when the service provider does not protect information or when the use of the services becomes overly complex and difficult. The benefits of cloud computing also bring optimization challenges for the information owners who must assess service security risks and the degree to which new human behaviors are required. In this research, we look at the risk of identity theft when ease of service access is provided through a single sign-on (SSO) authorization, asking: What are the optimal behavioral expectations for a cloud service information owner? Federated identity management provides well-developed design literature on strategies for optimizing human behaviors in relation to the new technologies. We briefly review the literature and then propose a working solution that optimizes the trade-off between disclosure risk, human user risk, and service security.

8. Conclusion

In this research we set out to answer the question: What are the optimal behavioral expectations for a cloud service information owner? We assumed that there are many users but that some users hold a rightful ownership responsibility for the information transacted in a cloud. We have also assumed that human behavior fits the five properties in the cited usability literature and therefore expectations can be established in relation to the criteria. Other parties involved with the cloud transaction of information are custodians and as such they hold other expectations. Together the parties must trust one another within the designated roles of the system and perform as expected. All parties must expect to negotiate and give up some of their maximum requirements to gain a satisfying user experience. Behavior and protection from failure is optimized in such a negotiated situation.