Learn to use AI like a Pro. Learn More

Understanding Security in Collaborative Cloud Environments

Cloud Computing Security Issues in Collaborative SaaS Cloud

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    This session delves into the intricacies of cloud security, particularly focusing on collaborative SaaS clouds. It unpacks the challenges posed by the interconnected nature of applications across different cloud platforms, emphasizing issues such as co-tenancy, lack of data control, and inadequate security protocols. Through a detailed exploration of stakeholder dynamics, the importance of trust, and role mapping in cloud environments, the discussion highlights the necessity for robust security frameworks and innovative solutions to secure loosely coupled cloud collaborations. It also covers the roles of service providers and customers in maintaining a secure collaborative environment, advocating for standard policies and advanced security measures.

      Highlights

      • The discussion kicks off with an overview of security in collaborative SaaS clouds, emphasizing its growing relevance.🤔
      • Inadequate policies and customer trust are highlighted as key concerns in cloud security.📃
      • Role mapping and permission settings are essential in managing security in cloud collaborations.🔐
      • The session explores dynamic frameworks and innovative solutions for cloud security challenges.✨
      • Understanding both customer and provider responsibilities is crucial in maintaining security in cloud environments.🛡️

      Key Takeaways

      • Collaborative SaaS clouds pose unique security challenges due to interconnected applications.🔗
      • Co-tenancy and lack of data control are major security issues in cloud computing.💡
      • Trust and reputation of service providers are critical in securing cloud environments.🤝
      • Effective role mapping and authorization are crucial for securing multi-domain collaborations.🔒
      • Innovative frameworks and dynamic solutions are needed to address security challenges in loose cloud collaborations.🚀

      Overview

      Cloud computing has revolutionized how businesses operate, but with it comes a complex web of security challenges, especially when it comes to collaborative SaaS clouds. As applications communicate across different cloud platforms, issues like co-tenancy and lack of data control become prevalent, making it imperative for businesses to adopt comprehensive security measures.

        One of the primary strategies discussed is establishing trust and reputation frameworks for service providers. Trust between customers and providers ensures that both parties are protected against potential threats and unauthorized data access. Additionally, role mapping—assigning permissions based on user roles across different domains—emerges as a pivotal component in securing cloud environments.

          Going beyond surface-level solutions, the session emphasizes the need for innovative and dynamic security frameworks tailored to the fluid nature of cloud collaborations. With constant advancements in cloud technology, staying ahead of potential threats through continual assessments and upgrades forms the cornerstone of a secure collaborative cloud strategy.

            Chapters

            • 00:00 - 02:30: Introduction to Cloud Security Scenario In this chapter titled 'Introduction to Cloud Security Scenario', the discussion focuses on cloud computing with a specific emphasis on various aspects of cloud security through a scenario-based approach. The speaker indicates that the session will continue from previous discussions, aiming to delve into cloud security topics and scenarios.
            • 02:30 - 05:00: Collaborative SaaS Cloud Security Issues This chapter discusses the role of security in collaborative SaaS (Software as a Service) cloud environments. It outlines various security aspects specific to SaaS clouds, particularly focusing on situations where multiple SaaS clouds communicate with each other. The chapter anticipates an increase in such inter-cloud communications, emphasizing the need for robust security measures to protect data and processes across different cloud platforms.
            • 05:00 - 07:30: PhD Scholar's Contribution The chapter titled 'PhD Scholar's Contribution' delves into the collaborative nature of Software as a Service (SaaS) cloud applications. It emphasizes the application-level collaboration between different stakeholders who utilize various cloud services. The focus of the discussion is on the security aspects involved in such inter-cloud and application-level collaborations within the SaaS framework.
            • 07:30 - 10:00: General Security Concerns in Cloud Computing This chapter discusses the complex security issues associated with cloud computing. It introduces the work of a PhD scholar, highlighting the broader aspects of security that should be considered. This content is especially beneficial for those interested in research or further study in cloud security.
            • 10:00 - 12:30: Trust and Responsibility in Cloud Services The chapter discusses security issues in collaborative Software as a Service (SaaS) cloud environments. It focuses on unique security challenges in cloud computing, particularly co-tenancy, where multiple applications or users reside on the same physical infrastructure. Co-tenancy is identified as a significant concern, and the chapter likely explores the implications of this for trust and responsibility in cloud services.
            • 12:30 - 15:00: Collaboration in Multi-Domain Cloud Systems The chapter discusses the issue of control in multi-domain cloud systems, particularly when data and applications are outsourced to the cloud. It highlights the loss of direct control by users once they offload their data and applications onto a cloud platform, with control largely being in the hands of the service provider. This shift in control is noted as a unique characteristic of such cloud platforms.
            • 15:00 - 17:30: Security Mechanisms in Tightly and Loosely Coupled Systems The chapter discusses security mechanisms in both tightly and loosely coupled systems. It emphasizes the role of service providers in controlling security measures and highlights the constraints regarding data protection and exposure to external applications. The focus is on understanding how data should be secured and the extent to which it can be exposed to outside systems.
            • 17:30 - 20:00: Challenges in SaaS Cloud Delivery Model The chapter discusses the various challenges associated with the SaaS (Software as a Service) cloud delivery model. Key issues include inadequate policies and practices, insufficient security controls, and the necessity of establishing trust relationships when using cloud services to serve clients. These concerns highlight the intricacies and risks businesses face when relying on cloud-based applications.
            • 20:00 - 22:30: Framework for Selecting Trustworthy CSPs This chapter discusses the requirements for determining trust in cloud service providers (CSPs). It highlights the need for a strong framework that benefits both stakeholders: the customers and the providers. Trust is a bilateral issue, emphasizing that not only do customers need to trust providers, but providers also need to trust their consumers.
            • 22:30 - 25:00: Role of Access Control in Cloud Security The chapter discusses the critical role of access control in ensuring cloud security, emphasizing the importance of safeguarding against malicious customers. While cloud service providers typically operate with integrity, offering their services for legitimate use, there exists the potential for certain customers to exploit these services for malicious purposes. This underscores the need for robust access control mechanisms to prevent unauthorized access and activities that could compromise the cloud environment.
            • 25:00 - 27:30: Dynamic Detection and Removal of Access Conflicts The chapter discusses dynamic detection and removal of access conflicts, particularly in the context of information security responsibilities. It highlights various literature on the subject, especially focusing on the differences in responsibility layers within Infrastructure as a Service (IaaS) environments, up to the hypervisor, and then to the operating system or guest operating systems.
            • 27:30 - 30:00: Conclusion on Collaborative SaaS Cloud Security This chapter discusses the responsibilities of cloud service providers and consumers, particularly in a Software-as-a-Service (SaaS) environment. It addresses the varying levels of responsibility based on the type of cloud service model: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and SaaS. In IaaS, the provider's responsibility is up to the hypervisor level. In PaaS, it extends up to the platform or solution stack. In SaaS, the responsibility reaches the application interface. The chapter emphasizes the delineation of responsibilities when using applications like APIs for word processing, illustrating that the provider's duties are limited to certain levels, while beyond that, it's up to the consumer to manage their own security and application interaction.

            Cloud Computing Security Issues in Collaborative SaaS Cloud Transcription

            • 00:00 - 00:30 hello so we will be ah continuing our ah discussion on cloud computing today we will talk ah about a ah some aspects of a cloud security rather we will look at a sort of a ah a scenario
            • 00:30 - 01:00 ah where ah um where how this security plays a role and what are the different aspects this is primarily with the ah ah saas a type of cloud more of ah collaborating saas clouds so this ah what we are looking that ah you had presently or in ah near future that lot ah ah this sort of ah clouds ah will be communicating between each other that means in other sense
            • 01:00 - 01:30 this ah a this consumer or different stakeholders having their application in the in the cloud will be communicating with other applications in other cloud so in other sense so it it is a collaborative sas cloud or collaborative ah collaboration at the application level of the cloud so todays ah discussion will be looking at one of this what are different security aspects when we collaborate between each other we will see
            • 01:30 - 02:00 that there are very tricky issues of each comes into play so this one of the this approach this is work of ah one of my ah phd scholar ah a goes he ah his work will be describing but we will be looking at more broader aspects that how things should be there so this will be good to for ah many of you ah who are looking at ah some some sort of a ah um research or some sort of a more studying into these aspects of the things so it is
            • 02:00 - 02:30 ah security issues in collaborative saas cloud ah so as a just to recap if you look the look at the security issues in cloud computing so which are typically or unique to this cloud is one is ah co ah tenancy right number of applications are residing or different user are residing in the same physical infrastructure so co tenancy is a major issue ah and lack
            • 02:30 - 03:00 of control on outsource data and applicants that is another ah typically or uniqueness of this type of ah cloud ah platform right so we have ah once i off load my ah data and application on or outsourced in in a cloud then ah we dont have much control over that things or ah our control is decided by the provider right the whatever we i can control
            • 03:00 - 03:30 or whatever the handlers i am having for the control is primarily decided the by the ah service provider so these are this in other sense if we look at the security point of view this this is a constraint of how ah how my ah data and you need to be secured what is the what is the how much it is exposed to the external other applications and other
            • 03:30 - 04:00 type of ah users and all those things there are other general ah concern like inadequate policies and practices that is another ah concerned and insufficient security control as we are looking talking about so customers use cloud services to serve their clients so ah customers and can use a cloud services to ah serve their clients so running the applications on those cloud services needs to establish trust relationships right so it is there is
            • 04:00 - 04:30 requirement that how much i trust this service provider so there is a major requirement for that and there are this can be beneficial for ah both the stakeholders the customer and ah provider so it is not only the provider ah how the customer trust the provider there is a question of how much ah whom i am if i am a service cloud service provider if ah the customers for me or the consumer of the service services should be also trust out
            • 04:30 - 05:00 this so there should not be malicious customer who will create a problem out of the things it is not always that the ah it is um not that thing because the cloud service provider their business is selling the services so they may not be malicious or they may not have any malicious instead ah any malicious intend however you can in the process you can have some malicious customers which are usually the scenario who can use the services use the platform to ah attack or peep into
            • 05:00 - 05:30 others data and type of things so ah if i ah this is a thing which is ah available in its a various literature we have also seen that if you look at the security responsibilities ah in case of ias the responsibility up to the hypervisor end after that it is ah having the operating system or the guest operating system so and so forth it goes to
            • 05:30 - 06:00 the tenant right so the providers responsibility up to ah hypervisor in case of paas cloud provider responsibility is up to that platform or that were are the solutions stack is there in case of a saas it is responsibility goes up to the interface application interface right so its the things like if i am using a say ah a api for what processing so it is up to that level ah the responsibility of providers coming to play for the for the consumer
            • 06:00 - 06:30 its its its up to that ah up to that application level the services are there this ah security are handled by the provider so we can see that at various type of clouds we have different type of ah um level of security so in case of a saas there is lot of things which depend on the ah on the providers send like i am ah if i am using a say what processing service or any any type of ah text service so as i am using that api somebody else also
            • 06:30 - 07:00 maybe using that api so it is the same application level i can have different instances which are working for different type of things so saas cloud base collaboration so ah what ah broadly we try to mean that api for sharing resources and information service consumer or customers human users applications organization domains
            • 07:00 - 07:30 and ah anybody service provider are the cloud vendor saas cloud saas clouds centric collaboration so they are ah there are some of the essential things like data sharing issues ah problems ah handled like interdisciplinary approaches human to be taken to handle different type of issues so common concerned is integrity of the data shared across multiple user may be compromised ah things right a as as there is a the data
            • 07:30 - 08:00 is being shared across or the basic ah platform is share across multiple users so there may be a compromises and there may be a chance of being compromised and how do i choose a ideal vendor or a service provider is one of the major challenge if there a number of provider then how do i choose the provider so as am i send this is work of my one of my phd student ah is ah doctor nirnay ghosh who worked on this ah area and we will be
            • 08:00 - 08:30 taking some part of his work ah to describe and the more we will be taking the challenges ah we taken up in this ah particular problem so it will be ah good to look at those a type of things so type of collaboration in multi ah domain ah or cloud systems is tightly coupled or federated ah can be one way of looking at it ah where i have strong connectivity between this ah type of federating clouds or they
            • 08:30 - 09:00 are loosely coupled systems so that they there are federally cloud but they are loosely coupled system so i have instances in different cloud may be in the same cloud but they are loosely coupled so they ah they are not very strongly coupled so there are various changes securing loosely coupled collaboration in cloud environment is a major ah problem and ah security mechanisms mainly proposed for tightly coupled systems
            • 09:00 - 09:30 so what loosely coupled there are not much security mechanism so whenever you look for the security mechanism as we discuss earlier it send to in phenomena so there is the the requirement is goes hand in hand so in turn it comes to be more tightly coupled thing restriction in the existing authentication authorization mechanisms in cloud there is another ah problem that the type of ah each mechanisms you are having at in the present day cloud may be a restrictive to having those secretive phenomena in place so there are a lot of ah challenges and which motivates or i i ah if you look at in the
            • 09:30 - 10:00 other way these are the motivation for ah having research or study in this area like saas cloud delivery model so maximum ah lack of control right so whole control on the service provider end so these has the minimal that the control on the consumer end no active data stream audit trails outage reports are directly available to the things whatever
            • 10:00 - 10:30 is provided by the ah consumer need to be looked into so major concern in uses of the cloud services so broad scope address security issues in the cloud we need to address so there is a ah concept of cloud marketplace coming up like that rapidly growing due to recent ah advancements so we have a ah typically a cloud market place where numbers of providers number of consumers there is a economic model is
            • 10:30 - 11:00 goes on i am not talking about a cloud economics talking about that where you go for better services ah not only pricing quality of services better a sale is better security and things are there so availability of multiple service provider is a major challenge ah of choosing that which service provider we need to look at ah like ah so there is inconsistent in service and a guarantees no standard clauses so there is a ah selecting an ideal saas cloud provider and ah is a issue and how to if i after selection
            • 11:00 - 11:30 what are the different other security challenges can come up so there are other ah things like online collaborations are becoming pretty popular right ah there are several security issues i ah finding a ideal provider relevance of todays context there is a loosely coupled collaboration dynamic data information sharing like if you look
            • 11:30 - 12:00 at ah any ah e marketplace or look at any type of ah service provider like ah what we see that ah any any type of things where you purchase and ah over online purchase selection etcetera even ah your travel booking centers so there are different parties which are being connected and mostly they are loosely coupled there are parties who are provider of the products there are parties who are provider of the financials ah area like credit card
            • 12:00 - 12:30 debit card to other types of services there are parties who are courier services and type of things then they are being connected over in a loosely couple doing so our goal is to select an ideal saas cloud provider and securing loosely coupled ah collaboration in its environments so what are the different aspects so what are what they looking for a typical approach for that it is not like that that there are there are cannot be other approaches but what way we can go into this particular problem
            • 12:30 - 13:00 so if you look at our one of the objective is to ah whether we can developed a framework like as as i mentioned that in this particular work we developed a framework or sel a selcsp selecting a trustworthy and competent collaboration service provider right ah so there can be ah different ah csps in set of csps and registered in that particular
            • 13:00 - 13:30 ah some sort of a central authority and the customer requesting to select a saas provider for business outsourcing and it recommends that csp particular k or cspi is the base suited for its requirement looking primarily at the security aspects right so that is the ah goal of the thing there can be there after the selection there can be select the request for accessing the local resource so once i once i select the
            • 13:30 - 14:00 ah particular csps then we want to look at the select request for accessing local resources within the cloud for anonymous user because we do not know who are the users such that both access risk and the security uncertainty due to the information sharing are kept low so our objective is to that ah access risk and security uncertain c ah for information sharing should be kept ah low or minimum so ah if i have ah that different ah customer
            • 14:00 - 14:30 in different domain like ah a domain one domain two domain three and they are collaborating in some somewhere other say we we need to have some some sort of a mechanisms here we worked on a fuzzy inference system which ah keeps a that so requesting domain collaborate request and set up permissions right and say request reputation request are reputation
            • 14:30 - 15:00 local object security level like ah and set up permission authorized for the collaboration so it is its may so happen that i i i request for set of operations and then i based on the ah basic policy engine and ah based on requester any ah reputation and local objects security level i grant a set up ah permission authorized for the collaboration right
            • 15:00 - 15:30 so it is ah if if some sort of a analogy we try to do like like ah i i want to access some some ah a particular ah office or type of things and then based on the based on my reputation or credential i maybe given access to different type of things like i can be said that you can enter the campus you can enter the launch but you cannot enter the
            • 15:30 - 16:00 ah actual office with based on my reputation another type of credential i may be allowed to inter the actual office but however i cannot enter the say ah computing system lab or the where actual labs are there so it based on your level of authority and your requirement and requesting domain you go on things like i go to a bank and if i am just going to deposits some check or some documents then i go somewhere if i want to look at ah meet the manager i go to some other level of accessibility and type of things
            • 16:00 - 16:30 and it depends that my requirement type of things or in other sense if this miss access one misses or access role are decided by the by the my requesting role and what is the permissible things for different type of objects like if if my accessing a particular section of the thing is a if they if will take a object then based on needs access policy i be i need to be filter so in case of a collaborative cloud then when the customer comes with a type of request based on its reputation another type of access
            • 16:30 - 17:00 policies on the objects it has been granted a set of things it not likely that whatever the ah particular customer has requested everything has been permitted but a subset of that as can be permitted based on its reputation so other objective can be formulate a heuristic to look at that idrm problem inter domain role mapping problem ah such that minimal access ah privilege is granted so that is that is ah that is a problem for
            • 17:00 - 17:30 different type of things like if i say from organizing a i want to access something at organization b then the role of organization the the role i am having in organization a need to be map to a equivalent ah ah role in the other organizations right like i am accessing as a financial organization from organization say one two another some as some
            • 17:30 - 18:00 data in the organization two and here i am accessing as a say a manager of level one and that data in order to which is equivalent to manager of level two they are so then my role need to be map to that particular level otherwise i cannot access the thing so this is a this is a roll mapping problem is a ah is a problem which is there already and when need to look at it is there in this type of collaborating cloud also
            • 18:00 - 18:30 so here also ah we try to say that requesting domain collaborating request authorized a set of permissions and based on some heuristic for solving the idrm problem ah we will see that this is ah a hard problem and so we need to have a some greedy research based algorithm and try to have a mapped a set up roles with a minimal excess permissions so minimal excess permission which it tries to say that i need to given that level of permission which that
            • 18:30 - 19:00 minimal set of permission which i need to which is the which is required to execute the things suppose i want to read a document so i can be given only read permission i can be given read and right permission ah so the minimal said maybe the reading the thing right so so that it is no x excess permission are no excess permissions are given to the thing and another objective may be a distributed secure collaborative framework which uses only local information to dynamically detect
            • 19:00 - 19:30 and remove excess conflicts there is another major challenge in in in any type of loosely coupled this systems so how i can have a dynamic ah framework with a only local informations now i i want to excess organization one from or a organization one running into cloud instance in a cloud ah say in cloud providers cs csp one want to access another data in csp two of another organization then ah i may not have all the
            • 19:30 - 20:00 information of this either the csp or the excess write of the things so i need to i need to look at my local resources or local information and try to have the maximum security in other sense when you have a loosely coupled things you may not carry all the credentials whatever it is having into collaborative so you should be ah there should be a mechanisms or there should be a way or there should be an approached that how i map it into the into my way of looking at it so here also we tried a requesting domain
            • 20:00 - 20:30 collaborating request with a set of roles activation of multiple roles in the users sessions right and access conflicts due to the cyclic cycle generation there can if there there is a cycle generation there can be a access conflict that means some document one way i am not able to access due to my my ah particular role in a particular organization but if it is goes to a cycle like an reach to this type of things so there can be access conflicts so i need to have a conflict detection and conflict remover and then i should have
            • 20:30 - 21:00 a conflict free collaboration request right so this sort of mechanisms we need to look into so one is the selection of trustworthy and competent saas cloud provider for collaboration ah so there are challenges of most of the reported works have not presented so there are several challenges objective is the model trust model trust reputation competence of the service provider so there are we are looking at three component trust reputation competence so they are very much interlinked but again
            • 21:00 - 21:30 there are they have some distinct property so how much it is trusted whether it is competent to do that and how what is it reputation right ah of doing a particular things or security type of things so there are again challenges if you look at the slas because someone may argue that the slas tries to cover this like majority of the cloud providers guaranteed availability of services right consumer not only demand
            • 21:30 - 22:00 availability of guarantee but also other performance related assurance which are equally business critical so i am not only looking at the availability as a consumer but also that assurances that this will be done this type of ah in timeframe or in a up to the compensation present day clouds slas ah contain nonstandard clauses regarding assurance and compensation following a violation so there are compensation of the penalty scheme they follow some nonstandard
            • 22:00 - 22:30 present nonstandard in the since there is no standardize mechanism across the cloud thing so one again a establish a standard set of parameters for cloud slas since it reduces the perception risk of the outsourced services so there should be way to reduce the perception resource so this is again a we try to look at a framework whether there are different customer so interaction rating and ah temporal matrices are complete
            • 22:30 - 23:00 computed so trust estimation reputation estimation trust worthy the compu worthiness of the computation then risk estimation and risk computation on the other hand what we have recommendation and standard security controls which drives the slas managers and this all this with the service provider there are a slas right they provides somes level of slas then competence estimation competence computation one side that we calculate trust worthiness another side competence risk estimation risk computation of the particular things and interests in
            • 23:00 - 23:30 risk out of that we try to find out interaction these between for different service provider so there are ah different flow of these ah is ah selcsp framework that is ah a one is risk estimation and can be relational risk direct interaction trust estimation same thing we want to put in it in the flow chat the second is recommending access request from
            • 23:30 - 24:00 anonymous users for authorization so one is that ah risk based access control right so though we have heard about other type of access control i role based access control this we term as a risk base access control so gives access to a subjects even though they lack proper permissions right so i i have i i dont have to have the whole set of permissions which are fully coupled so can whether i can give the access with some amount
            • 24:00 - 24:30 of risk involving it right it is ah not thats binary stop on or off but ah those sort of things goal balance between the accesses risk an security uncertainty due to information sharing right flexible compared to the binary ah mls so that is little bit of as we are talking about ah that instead of binary i take care of little
            • 24:30 - 25:00 bit of risk right so challenges computing security uncertainty is not a fully addressed stuff right so how to i look at computing ah security uncertainty right authorization in existing risk base ah access control system based on risk threshold sold and operational needs right operational need not is quantified it is difficult to quantified operational risk did discards many request ah which potentially maximize information sharing right
            • 25:00 - 25:30 so ah um so in order to reduce it we discards ah many request which prove purse potentially maximize the information sharing ah so that my overall ah risk come down so in other sense in order to reduce the risk we try to reduce the collaboration itself right so that it is one of the looking at it so there is a distributed frame work as ah we used a file
            • 25:30 - 26:00 fuzzy ah inference system to look at it and ah it it tries to find out a distributed racking to the thing the next one is mapping authorize permission into local roles right so inter domain roll mapping thing idrm so we what you have the finds a minimal set of roles which in compasses the requested permission set no polynomial time solutions are available greedy search based heuristics sub optimal solutions challenges
            • 26:00 - 26:30 they are may exist multiple minimal role set right so that there can be existing minimum multiple minimal role set they are may not exist here any roles set which exactly map to the all permissions so there are different type of ah problems or challenges so two variant of a idrms are there one is idrm safety and idrm availability so idrm availability and safety objective to formulate a novel heuristic generate better solution to idrm availability
            • 26:30 - 27:00 is problem minimize the number of ability permission so here also if you look at the distributed role mapping framework so i have a set of permission access request handler and we have local domains role set roll permission align ah assignment that role to permission set so which are set of permissions and heuristic based idea availability problem solver what we try to ah formulate or propose and which
            • 27:00 - 27:30 keeps a set of role which is a minimal set up role and finally there is ah the other aspect of ah dynamic detection and removal of access conflict so this is another major problem whenever we have multiple collaborations so there may be a chance that ah you may there may be a cyclic ah access ah cycle and it may lead to accessing some objects which are other way a particular ah subject is not suppose
            • 27:30 - 28:00 to access right like ah if you look at this ah cyclic inheritance conflict like this viewer this particular things is not allow to write or as editor permission but i can have access to another domain which has a right permission that is a allowed from they are to another editing which has a reading permission so in other sense i cannot right to this this
            • 28:00 - 28:30 particular subject cannot write to this particular object but i can have a cyclic way of this so inheritance cyclic way and write to this so in other sense i have done a ah conflicting situations which other way i am not supposed to do there can be violation of sod constant so sod constant is the separation of duty really like ah i can say ah a typical analogy
            • 28:30 - 29:00 like ah say in a bank the person who is issuing a demand draft cannot verify the demand draft like i am i am in the issue counter so if i am issuing the thing ah issuing the draft then the verification i cannot do the same thing right so there should be ah has to be a separate things so it is a separation of duties ah has to be there sod what we to popularly
            • 29:00 - 29:30 known as a sod constant which is they are in any security information security mechanisms so here also we can see there may be a conflict in the sod constant itself like here i can have a ah right on the things and i can have another channel with having ah this editor writing on their these editor there is a communication here so i can basically though there is a sod constant i communicate between through a different channel right so there is there
            • 29:30 - 30:00 can be a violation of things these things happens whenever there is a multiple ah communicating partner and specially when they are loosely coupled that means you do not know the whole ah security scenario of the other things or security settings of the other party so here also we try to for a particular distributed security collaborative frame work which takes
            • 30:00 - 30:30 a set of roles and ah based on ah collaborating request processing modules and conflict detection and conflict remover module come up with a set of ah a scenario which will be complete so role sequence interoperation request pair of a entry from the domain exist from a providing roles right role sequence order success of entry and exist role so i can have a safe role cycle unsafe role cycle so it as we understand it has too think one
            • 30:30 - 31:00 is that role a detection that is there if there if there is a conflict they are need to detection it has to part detection of the inheritance conflict detection of the sod constant violation so this to need to be detected what and other is the now we need to remove the things then once detected that ah those conflicts need to be removed so one is that ah two cases may arise exactly match role set exist so r back ah hybrid hierarchy or
            • 31:00 - 31:30 ah there can be no exactly exactly role set ah exists right i can ah so i can have a virtual role into the things so i can create a dummy role and look at it like ah if you look at cyclic redundancy inheritance the cyclic inheritance conflict removal role for exactly match roles
            • 31:30 - 32:00 ah what we do here so instead of this after the conflict removal we create a collaborating role see here it was basically it was a cycle to end up in this editor whereas here inheritance conflict removal for no exactly match role so as there is no exactly match role of looking at it so we create a another sub roll or a new roll which which is fall back
            • 32:00 - 32:30 now this viewer there is no way of going to this particular editor so that i am not going a there is no conflict similarly for conflict removal also ah we can have a to sod constraint ah removal thing here also we have so this was our earlier scenario where this editor rights here and this viewer ah this editor can right has access to these and to and finally
            • 32:30 - 33:00 it goes to this editor one and took though there as sod so there is a chance of a cycle which violates this sod so here also if there is no exact match we created a collaborating role right so it collaborating role of the editor two so editor two c and its ends up there so there is no sod violence in between the editor one and editor two right so that means what we are trying to look at that in in doing so we may ah may in the ah
            • 33:00 - 33:30 or may basically formulate a scenario where this ah where there is healthy collaborations between the things without security violences so this is a typical approach we try to show that how secure collaborated in the sass cloud can be possible and definitely this is a very brief overview but that is good enough or it will help you those who are interested
            • 33:30 - 34:00 in this sort of research see there is in need of infrastructure is minimal but however you can basically work on a this sort of ah problem right so one is that selection of the trustworthy and competent cloud provider and after the selection we have the recommending access request from the anonymous users for authorization then mapping of authorized permission to the local roles and detect ah dynamic detection removal the access control conflicts like there can be cyclic ah inheritance problem
            • 34:00 - 34:30 conflict or sod type of ah conflict can be there which can be it so what we try today ah what we discussed today is that looking at one of the one of the very tricky issue of security where collaborating saas cloud in a in a loosely coupled way so what are the major what are the typical security issues can come up and how to approach those problem to address is there can be different other approaches ah you can find in the literature
            • 34:30 - 35:00 and even you can think of other approaches but this is a typical way of looking at it and this is a problem ah which is very much ah part intent and which has very much true for todays cloud scenario collaborating cloud scenario thank you