Decentralised runtime monitoring for access control systems in cloud federations

Cloud federation is an emergent cloud-computing paradigm where partner organisations share data and services hosted on their own cloud platforms. In this context, it is crucial to enforce access control policies that satisfy data protection and privacy requirements of partner organisations. However, due to the distributed nature of cloud federations, the access control system alone does not guarantee that its deployed components cannot be circumvented while processing access requests. In order to promote accountability and reliability of a distributed access control system, we present a decentralised runtime monitoring architecture based on blockchain technology

A distributed infrastructure for democratic cloud federations

Cloud federation is a novel concept that has been drawing attention from research and industry. However, there is a lack of solid proposal that can be widely adopted in practice to guarantee adequate governance of federations, especially in the Public Sector contexts due to legal requirements. In this paper, we propose an innovative governance approach that ensures distributed and democratic control in cloud federations. Starting from FaaS, a recent cloud federation proposal, we propose a blockchain infrastructure for the federation registry that implements the proposed governance approach

FaaS: Federation-as-a-Service

This document is the main high-level architecture specification of the SUNFISH cloud federation solution. Its main objective is to introduce the concept of Federation-as-a-Service (FaaS) and the SUNFISH platform. FaaS is the new and innovative cloud federation service proposed by the SUNFISH project. The document defines the functionalities of FaaS, its governance and precise objectives. With respect to these objectives, the document proposes the high-level architecture of the SUNFISH platform: the software architecture that permits realising a FaaS federation. More specifically, the document describes all the components forming the platform, the offered functionalities and their high-level interactions underlying the main FaaS functionalities. The document concludes by outlining the main implementation strategies towards the actual implementation of the proposed cloud federation solution.Comment: Technical Report Edited by Francesco Paolo Schiavo, Vladimiro Sassone, Luca Nicoletti and Andrea Margher

A Blockchain-based Security-Oriented Framework for Cloud Federation

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality services. Hence, we propose an innovative blockchain- based framework that on the one hand permits secure communication between the members of the federation and the access control systems, while on the other hand provides the quality services to the members by considering the service constraints imposed by them

FaaS: Federation-as-a-Service

This document is the main high-level architecture specification of the SUNFISH cloud federation solution. Its main objective is to introduce the concept of Federation-as-a-Service (FaaS) and the SUNFISH platform. FaaS is the new and innovative cloud federation service proposed by the SUNFISH project. The document defines the functionalities of FaaS, its governance and precise objectives. With respect to these objectives, the document proposes the high-level architecture of the SUNFISH platform: the software architecture that permits realising a FaaS federation. More specifically, the document describes all the components forming the platform, the offered functionalities and their high-level interactions underlying the main FaaS functionalities. The document concludes by outlining the main implementation strategies towards the actual implementation of the proposed cloud federation solution