1,556 research outputs found

    Trust Establishment Mechanisms for Distributed Service Environments

    Get PDF
    The aim and motivation of this dissertation can be best described in one of the most important application fields, the cloud computing. It has changed entire business model of service-oriented computing environments in the last decade. Cloud computing enables information technology related services in a more dynamic and scalable way than before – more cost-effective than before due to the economy of scale and of sharing resources. These opportunities are too attractive for consumers to ignore in today’s highly competitive service environments. The way to realise these opportunities, however, is not free of obstacles. Services offered in cloud computing environments are often composed of multiple service components, which are hosted in distributed systems across the globe and managed by multiple parties. Potential consumers often feel that they lose the control over their data, due to the lack of transparent service specification and unclear security assurances in such environments. These issues encountered by the consumers boiled down to an unwillingness to depend on the service providers regarding the services they offer in the marketplaces. Therefore, consumers have to be put in a position where they can reliably assess the dependability of a service provider. At the same time, service providers have to be able to truthfully present the service-specific security capabilities. If both of these objectives can be achieved, consumers have a basis to make well-founded decisions about whether or not to depend on a particular service provider out of many alternatives. In this thesis, computational trust mechanisms are leveraged to assess the capabilities and evaluate the dependability of service providers. These mechanisms, in the end, potentially support consumers to establish trust on service providers in distributed service environments, e.g., cloud computing. In such environments, acceptable quality of the services can be maintained if the providers possess required capabilities regarding different service-specific attributes, e.g., security, performance, compliance. As services in these environments are often composed of multiple services, subsystems and components, evaluating trustworthiness of the service providers based on the service-specific attributes is non-trivial. In this vein, novel mechanisms are proposed for assessing and evaluating the trustworthiness of service providers considering the trustworthiness of composite services. The scientific contributions towards those novel mechanisms are summarised as follows: • Firstly, we introduce a list of service-specific attributes, QoS+ [HRM10, HHRM12], based on a systematic and comprehensive analysis of existing literatures in the field of cloud computing security and trust. • Secondly, a formal framework [SVRH11, RHMV11a, RHMV11b] is proposed to analyse the composite services along with their required service-specific attributes considering consumer requirements and represent them in simplified meaningful terms, i.e., Propositional Logic Terms (PLTs). • Thirdly, a novel trust evaluation framework CertainLogic [RHMV11a, RHMV11b, HRHM12a, HRHM12b] is proposed to evaluate the PLTs, i.e., capabilities of service providers. The framework provides computational operators to evaluate the PLTs, considering that uncertain and conflicting information are associated with each of the PLTs and those information can be derived from multiple sources. • Finally, harnessing these technical building blocks we present a novel trust management architecture [HRM11] for cloud computing marketplaces. The architecture is designed to support consumers in assessing and evaluating the trustworthiness of service providers based on the published information about their services. The novel contributions of this thesis are evaluated using proof-of-concept-system, prototype implementations and formal proofs. The proof-of-concept-system [HRMV13, HVM13a, HVM13b] is a realisation of the proposed architecture for trust management in cloud marketplaces. The realisation of the system is implemented based on a self-assessment framework, proposed by the Cloud Security Alliance, where the formal framework and computational operators of CertainLogic are applied. The realisation of the system enables consumers to evaluate the trustworthiness of service providers based on their published datasets in the CSA STAR. A number of experiments are conducted in different cloud computing scenarios leveraging the datasets in order to demonstrate the technical feasibility of the contributions made in this thesis. Additionally, the prototype implementations of CertainLogic framework provide means to demonstrate the characteristics of the computational operators by means of various examples. The formal framework as well as computational operators of CertainLogic are validated against desirable mathematical properties, which are supported by formal algebraic proofs

    Investigational Analysis of Security Measures Effectiveness in Cloud Computing: A Study

    Get PDF
    In the modern era of business operation, the technical adoption of cloud services are high on rise by the large scale to small scale business establishment on various products and services. Needless to say that with the rise of adoption also gives birth to security concerns as cloud runs on common internet which are also used by trillions of internet-users. There are various means by which introducing a malicious program inside the cloud is not that complicated task for attacker. The various services providers as well as past researcher have introduced some of the potential security features which is claimed to be highly effective. However, accomplishing fail-proof security systems in cloud is never witnessed nor reported by any user or researcher, which clearly specifies that security problems do persist and are on exponential rise. Therefore, this paper discusses about the security issues in cloud supported by brief description of standard security models currently available in cloud. With extensive literatures on the existing security solutions, a significant research gap is explored in robust authentication system in cloud services. Keywords-component; Security, Cloud Computing,attacks, security model

    Data Spaces

    Get PDF
    This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical

    Context-driven Policies Enforcement for Edge-based IoT Data Sharing-as-a-Service

    Get PDF
    Sharing real-time data originating from connected devices is crucial to real-world intelligent Internet of Things (IoT) applications, i.e., based on artificial intelligence/machine learning (AI/ML). Such IoT data sharing involves multiple parties for different purposes and is usually based on data contracts that might depend on the dynamic change of IoT data variety and velocity. It is still an open challenge to support multiple parties (aka tenants) with these dynamic contracts based on the data value for their specific contextual purposes.This work addresses these challenges by introducing a novel dynamic context-based policy enforcement framework to support IoT data sharing (on-Edge) based on dynamic contracts. Our enforcement framework allows IoT Data Hub owners to define extensible rules and metrics to govern the tenants in accessing the shared data on the Edge based on policies defined with static and dynamic contexts. We have developed a proof-of-concept prototype for sharing sensitive data such as surveillance camera videos to illustrate our proposed framework. The experimental results demonstrated that our framework could soundly and timely enforce context-based policies at runtime with moderate overhead. Moreover, the context and policy changes are correctly reflected in the system in nearly real-time.acceptedVersio

    Contribución a la estimulación del uso de soluciones Cloud Computing: Diseño de un intermediador de servicios Cloud para fomentar el uso de ecosistemas distribuidos digitales confiables, interoperables y de acuerdo a la legalidad. Aplicación en entornos multi-cloud.

    Get PDF
    184 p.El objetivo del trabajo de investigación presentado en esta tesis es facilitar a los desarrolladores y operadores de aplicaciones desplegadas en múltiples Nubes el descubrimiento y la gestión de los diferentes servicios de Computación, soportando su reutilización y combinación, para generar una red de servicios interoperables, que cumplen con las leyes y cuyos acuerdos de nivel de servicio pueden ser evaluados de manera continua. Una de las contribuciones de esta tesis es el diseño y desarrollo de un bróker de servicios de Computación llamado ACSmI (Advanced Cloud Services meta-Intermediator). ACSmI permite evaluar el cumplimiento de los acuerdos de nivel de servicio incluyendo la legislación. ACSmI también proporciona una capa de abstracción intermedia para los servicios de Computación donde los desarrolladores pueden acceder fácilmente a un catálogo de servicios acreditados y compatibles con los requisitos no funcionales establecidos.Además, este trabajo de investigación propone la caracterización de las aplicaciones nativas multiNube y el concepto de "DevOps extendido" especialmente pensado para este tipo de aplicaciones. El concepto "DevOps extendido" pretende resolver algunos de los problemas actuales del diseño, desarrollo, implementación y adaptación de aplicaciones multiNube, proporcionando un enfoque DevOps novedoso y extendido para la adaptación de las prácticas actuales de DevOps al paradigma multiNube

    Data Spaces

    Get PDF
    This open access book aims to educate data space designers to understand what is required to create a successful data space. It explores cutting-edge theory, technologies, methodologies, and best practices for data spaces for both industrial and personal data and provides the reader with a basis for understanding the design, deployment, and future directions of data spaces. The book captures the early lessons and experience in creating data spaces. It arranges these contributions into three parts covering design, deployment, and future directions respectively. The first part explores the design space of data spaces. The single chapters detail the organisational design for data spaces, data platforms, data governance federated learning, personal data sharing, data marketplaces, and hybrid artificial intelligence for data spaces. The second part describes the use of data spaces within real-world deployments. Its chapters are co-authored with industry experts and include case studies of data spaces in sectors including industry 4.0, food safety, FinTech, health care, and energy. The third and final part details future directions for data spaces, including challenges and opportunities for common European data spaces and privacy-preserving techniques for trustworthy data sharing. The book is of interest to two primary audiences: first, researchers interested in data management and data sharing, and second, practitioners and industry experts engaged in data-driven systems where the sharing and exchange of data within an ecosystem are critical

    A Blockchain-based Decentralized Electronic Marketplace for Computing Resources

    Get PDF
    AbstractWe propose a framework for building a decentralized electronic marketplace for computing resources. The idea is that anyone with spare capacities can offer them on this marketplace, opening up the cloud computing market to smaller players, thus creating a more competitive environment compared to today's market consisting of a few large providers. Trust is a crucial component in making an anonymized decentralized marketplace a reality. We develop protocols that enable participants to interact with each other in a fair way and show how these protocols can be implemented using smart contracts and blockchains. We discuss and evaluate our framework not only from a technical point of view, but also look at the wider context in terms of fair interactions and legal implications

    Aggregated capability assessment (AgCA) for CAIQ enabled Cross-Cloud Federation

    Get PDF
    Cross-Cloud Federation (CCF) enables resource exchange among multiple, heterogeneous Cloud Service Providers (CSPs) to support the composition of services (workflow) hosted by different providers. CCF participation can either be fixed, or the types of services that can be used are limited to reduce the potential risk of service failure or secure access. Although many service selection approaches have been proposed in literature for cloud computing, their applicability to CCF i.e. cloud-to-cloud interaction, has not been adequately investigated. A key component of this cloud-to-cloud paradigm involves assessing the combined capability of contributing participants within a federation and their connectivity. A novel Aggregated Capability Assessment (AgCA) approach based on using the Consensus Assessment Initiative Questionnaire from Cloud Security Alliance is proposed for CCF. The proposed mechanism is implemented as a component of a centralized broker to enhance the quality of the selection process for participants within a federation. Our experimental results show that AgCA is a useful tool for partner selection in a dynamic, heterogeneous and multilevel cloud federation
    • …
    corecore