A Zero Trust-Based Identity and Access Management Framework for Cross-Cloud Federated Networks
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V5I2P104Keywords:
Zero Trust Architecture (ZTA), Identity and Access Management (IAM), Federated Identity, Policy Enforcement Point (PEP), Policy Decision Point (PDP), Trust BrokerAbstract
Multi-cloud and hybrid environments are gradually becoming a part of companies that are increasingly using the enterprise cloud. Ensuring unified Identity and Access Management (IAM) throughout distributed platforms proves to be a significant challenge, which demands secure management. Conventional IAM systems, which are usually anchored on perimeter-based frameworks, do not accommodate the dynamics of the federated identity, interoperability of trusts, and dynamic access in a cross-cloud environment. In the proposed paper, the researcher suggests designing a detailed Zero Trust architecture for IAM in cross-cloud federated networks. The framework combines strategies aimed at integrating federated identity providers (IdPs), Policy Enforcement Points (PEPs), and Policy Decision Points (PDPs) with a centralized trust broker stratum which allows continuous authentication, switching policies, and policy decision points. Through the utilization of Zero Trust Architecture (ZTA), it is presumed that the proposed model does not trust anything and that every access request needs to be authenticated, authorized, and encrypted, no matter its source. The system will use trust score computation, behavioural modelling and Multi-Factor Authentication (MFA) to implement least-privilege access to cloud providers like AWS, Azure and Google Cloud. Cross-cloud testbed and a prototype implementation show enhanced performance as compared to traditional IAM models, such as limited access latency, increased breach resistance, and lower authorization failure rates. The effectiveness of the framework to prevent identity spoofing, lateral movement, and unauthorized access and retain compliance and scalability is confirmed by experimental results. The architecture below is the proposed architecture of a progressive IAM solution to secure contemporary, federated cloud environments
References
[1] Aldosary, M., & Alqahtani, N. (2021). Federated identity management (FIdM) systems limitations and solutions. arXiv preprint arXiv:2104.14018.
[2] Rehan, H. Zero-Trust Architecture for Securing Multi-Cloud Environments.
[3] Mohammed, K. H., Hassan, A., & Yusuf Mohammed, D. (2018). Identity and access management system: a web-based approach for an enterprise.
[4] Malik, A. A., Anwar, H., & Shibli, M. A. (2015, December). Federated identity management (FIM): Challenges and opportunities. In the 2015 Conference on Information Assurance and Cyber Security (CIACS) (pp. 75-82). IEEE.
[5] Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., & Doss, R. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE Access, 10, 57143-57179.
[6] Pöhn, D., & Hommel, W. (2020, August). An overview of limitations and approaches in identity management. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-10).
[7] Rodigari, S., O'Shea, D., McCarthy, P., McCarry, M., & McSweeney, S. (2021, September). Performance analysis of zero-trust multi-cloud. In 2021 IEEE 14th International Conference on Cloud Computing (CLOUD) (pp. 730-732). IEEE.
[8] Enhancing Cloud Security with Federated Identity Management, online. https://itfix.org.uk/enhancing-cloud-security-with-federated-identity-management/
[9] Kang, H., Liu, G., Wang, Q., Meng, L., & Liu, J. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25(12), 1595.
[10] Ahmed, M., & Petrova, K. (2020). A zero-trust federated identity and access management framework for cloud and cloud-based computing environments.
[11] Ahmed, K. E. U., & Alexandrov, V. (2011). Identity and Access Management in Cloud Computing. In Cloud Computing for Enterprise Architectures (pp. 115-133). London: Springer London.
[12] Manne, T. A. K. (2023). Implementing Zero Trust Architecture in Multi-Cloud Environments. International Journal of Computing and Engineering, 4(3), 1-9.
[13] Applying Zero Trust to Multi-Cloud Environments, pomerium, 2023. online. https://www.pomerium.com/blog/applying-zero-trust-to-multi-cloud
[14] Al-Khouri, A. M. (2011). Optimizing identity and access management (IAM) frameworks. International Journal of Engineering Research and Applications, 1(3), 461-477.
[15] Aldosary, M., & Alqahtani, N. (2021). A survey on federated identity management systems, limitations and solutions. International Journal of Network Security & Its Applications (IJNSA) Vol. 13.
[16] Latif, R., Afzaal, S. H., & Latif, S. (2021). A novel cloud management framework for trust establishment and evaluation in a federated cloud environment. The Journal of Supercomputing, 77(11), 12537-12560.
[17] Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero trust: Applications, challenges, and opportunities. arXiv preprint arXiv:2309.03582.
[18] Theodorakopoulos, G., & Baras, J. S. (2006). On trust models and trust evaluation metrics for ad hoc networks. IEEE Journal on Selected Areas in Communications, 24(2), 318-328.
[19] Ometov, A., Bezzateev, S., Mäkitalo, N., Andreev, S., Mikkonen, T., & Koucheryavy, Y. (2018). Multi-factor authentication: A survey. Cryptography, 2(1), 1.
[20] George, A. T., Neve, H. R., & Muraleedharan, N. (2023, December). A trust score calculation approach for a trust access system. In 2023 IEEE 20th India Council International Conference (INDICON) (pp. 392-397). IEEE.
