CMSC 495 UMUC Security Challenges Discussion

For this week’s conference, respond to the following:

• Find an article in an IEEE or ACM journal about security. Read and summarize the article, and give us your reactions to the article. Be sure to include a good citation to the article.
• You are welcome to comment (nicely!) on the postings of other students.

first student to respond to:

I selected an article that discusses security challenges in cloud computing environments. The authors argue that although cloud computing has many benefits, its “unique architectural features also raise various security and privacy concerns” (Takabi, Joshi, and Ahn, 2010). Areas of concern include authentication and identity management, access control and accounting, trust management and policy integration, secure-service management, privacy and data protection, and organizational security management. I’ll discuss the first two.

Authentication and identity management systems are used to manage user authentication. The authors state that interoperability issues could arise from having to use different identity tokens and negotiation protocols. The article is a little dated (2010), but I think the concern here is regarding management of hybrid environments that may have multiple identity management systems. The overly vague solution they mention is user-centric identity management using identifiers or attributes to help define a user.

Access control and accounting systems require fine-grained policies. They should be flexible enough to capture dynamic or context-based access requirements and enforce the principle of least privilege. The recommendation provided is to implement role-based access controls (RBAC). An RBAC system could be used to manage access to resources, while an identity management system could be used to assign roles to users.

H. Takabi, J. B. D. Joshi and G. -J. Ahn, “Security and Privacy Challenges in Cloud Computing Environments,” in IEEE Security & Privacy, vol. 8, no. 6, pp. 24-31, Nov.-Dec. 2010, doi: 10.1109/MSP.2010.186.

second student to respond to:This week I reviewed the article Built-in Security Computer: Deploying Security-First Architecture Using Active Security Processor, which goes over a security-first architecture where an Active Security Processor is integrated into the computer architecture. The current architecture of computer systems lacks security and is vulnerable to threats. The idea is that the ASP would be physically isolated from the CPU with an asymmetric address space which would still allow for the CPU and ASP to run their operating system independently from each other. This method has been shown to be effective in defending against threats with minimal performance impacts.

This article was interesting to me because a lot of our personal information is on the computer, and we want to protect it as much as we can. Usually, people have to download McAfee or Norton to protect their computer, but this system would have a built-in defense from hackers without having to pay a yearly fee.

Reference:

D. Meng, et al.,”Built-in Security Computer: Deploying Security-First Architecture Using Active Security Processor” in IEEE Transactions on Computers, vol. 69, no. 11, pp. 1571-1583, 2020.
doi: 10.1109/TC.2020.3011748