Titulo Estágio
Development of mechanisms for federated access control management in smart city environments
Áreas de especialidade
Comunicações, Serviços e Infraestruturas
Engenharia de Software
Local do Estágio
Laboratório de Comunicações e Telemática (Dep. Eng. Informática, Universidade de Coimbra)
Enquadramento
This master thesis takes place in the scope of an international research project, involving research teams from Portugal and Brasil.
The thesis will address an important research topic in the field of Cloud computing: how to build adequate access control mechanisms for federated cloud environments. More specifically, the objetive is to study, propose and implement mechanisms for federated identity management, access control and security for the FIWARE platform - a reference framework previously developed in the scope of a large European project (http://www.fiware.org).
Objetivo
The work will consist in developing mechanisms for managing access control in federated environments. Although federated identity environments allow a service provider (SP) to trust third party identity providers (IdP) to authenticate its users, authorization related issues still pose a challenge to SP administrators. For example, dealing with access control management of a great number of users from different organizations, in which several authorization scenarios are possible, such as, only a specific group of users of some specific organizations (IdPs) have access to the service. In this context, we would focus on the development of a hierarchical authorization system, in which access control management can be delegated from SP administrators to IdP administrators. The proposal aims to greatly simplify the inclusion of new application into an identity federation.
The developed solution will be applied in the context of the FIWARE smart city platform as a means of case study, and thus, should be generic enough to allow its use for managing access control of different smart city applications.
Plano de Trabalhos - Semestre 1
Phase 1: Study of state-of-the art on federated identity management, access control, and security mechanisms of the FIWARE platform (15/09/2016 – 31/10/2016)
Phase 2: Specification of the first version of the access control mechanism to be developed (20/10/2016 – 15/11/2016)
Phase 3: Implementation of the first version of the access control management application (simple delegation of access control management in the FIWARE platform) (16/11/2016 – 31/12/2016)
Phase 4: Evaluation of the first version of the access control management application (16/12/2016 – 15/01/2017)
Phase 5: Scientific paper writing (16/12/2016 – 31/01/2017)
Phase 6: Writing of first semester report
Plano de Trabalhos - Semestre 2
Phase 7: Specification of the final version of the access control management application including the following mechanisms:
- Support for multiple level delegation and revocation of access control management privileges in the FIWARE platform
- Support for different access control scenarios
- Support for integration with different applications
(01/02/2017 – 28/02/2017)
Phase 8: Implementation of the final version of the access control management application (01/03/2017 – 15/04/2017)
Phase 9: Evaluation of the final version of the access control management application (01/04/2017 – 31/05/2017)
Phase 10: Scientific paper writing (01/04/2017 – 31/05/2017)
Phase 11: Writing of final report (01/05/2017 - 31/07/2017)
Condições
The work will be performed in the LCT Laboratory (Departamento de Engenharia Informática, Universidade de Coimbra), in close collaboration between the research teams from University of Coimbra and Federal University of Rio Grande do Norte.
The work will be co-supervised by:
Prof. Paulo Simões (psimoes@dei.uc.pt), University of Coimbra, Portugal
and
Prof. Carlos Eduardo da Silva (kaduardo@imd.ufrn.br), Federal University of Rio Grande do Norte, Brazil.
Observações
Existe a possibilidade de remunerar o estagiário com uma Bolsa de Investigação, com valores e condições a definir em função do perfil e da disponibilidade do candidato.
Orientador
Paulo Simões
psimoes@dei.uc.pt 📩