Using Software Containers for Privileged Access Management in Cloud Environments

A Novel Approach to Handle Access Management for Cloud-based Networks

  • Marleen Steinhoff Munich University of Applied Sciences, Munich, Germany
Keywords: Cloud security, container, privileged access management, cloud computing, third-party access

Abstract

This paper presents a novel approach for privileged access and session management using containers. Current solutions are built using proxies, proxy suites or jump servers, but they do not cater for third party remote access security requirements, have additional vulnerabilities and have scalabilty limitations.

The novelty of the solution proposed in this paper is a global orchestrator that instantiates a purpose-built container adapted to the virtual network functions’ system. Every container has a logging function, a pre-defined time-to-live and one-time-credentials. This approach is secure because the containers isolate different connections, privileges are restricted, permissions are always time-limited and the provider has full control over the sessions. The solution brings several other security enhancements, discussed in this paper.

Downloads

Download data is not yet available.

Author Biography

Marleen Steinhoff, Munich University of Applied Sciences, Munich, Germany

Marleen Steinhoff is a bachelor student at the Munich University of Applied Sciences since autumn 2017 and will receive her B.Sc. in Information Systems and Management in March 2021. She worked as an intern at Rakuten Mobile Inc. in Tokyo, Japan on access management for cloud-based 5G networks. Since September 2020, she acquires experience in incidence response automation while working at Siemens. Her bachelor thesis at Siemens covers the handling of cyber security playbooks for the automation of incidence response in networks.

References

R. Kneuper, “Software Processes and Life Cycle Models. An Introduction to Modelling, Using and Managing Agile, Plan-Driven and Hybrid Processes”, Springer, 2018, ISBN 978-3-319-98844-3.

M. Steinhoff, “About problems and requirements with privileged access and authorization management in cloud-based multi-tenant networks”, 2020, In: Proceeding: International Symposium on 5G & Beyond for Rural Upliftment 2020. e-ISBN: 9788770222174 doi: https://doi.org/10.13052/rp-9788770222174.

Verizon, “2019 Data Breach Investigations Report”, 2019.

H. Schulze, “2019 Cloud Security Report”, ISC2, 2019.

Gartner, “Magic Quadrant for Privileged Access Management”, 2018. ID G00356017

CyberArk, “Privileged Access Security”, version 11.2, 2020. Url = https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Introducing-the-Privileged-Account-Security-Solution-Intro.html, 2020-02-21.

BeyondTrust, “Prvileged Remote Access”, 2020. Url = https://www.beyondtrust.com/de/remote-access, 2020-02-21.

Centrify, “Centrify Privileged Access Service”, 2020. Url = https://www.centrify.com/privileged-access-management/privileged-access-service/, 2020-02-21.

SSH Communications Security Inc., “PrivX® – lean, modern privileged access management”, 2020. Url = https://www.ssh.com/products/privx, 2020-02-27.

SSH Communications Security Inc., “Web Access Architecture”, 2020. Url = https://help.ssh.com/support/solutions/articles/36000166941-web-access-architecture, 2020-02-27.

Ping Identity, “PingAccess. Access security for apps and APIs”, 2020, Url = https://www.pingidentity.com/en/software/pingaccess.html 2020-02-27

OWASP, “Owasp Top 10”, report, OWASP foundation, 2017.

Cloud Security Alliance, “Top Threats to Cloud Computing: Egregious Eleven”, Report, 2019.

D. Catteddu, G. Hogben, “Cloud computing - benefits, risks and recommendations for information security, report, ENISA, 2012.

M. Iorga, “Challenging security requirements for us government cloud computing adoption, 2012.

Published
2021-02-06
Issue
Section
WWRF44