Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

Towards a framework for enhancing user trust in cloud computing

Cloud computing is one of the latest appealing technological trends to emerge in the Information Technology (IT) industry. However, despite the surge in activity and interest, there are significant and persistent concerns about cloud computing, particularly with regard to trusting the platform in terms of confidentiality, integrity and availability of user data stored through these applications. These factors are significant in determining trust in cloud computing and thus provide the foundation for this study. The significant role that trust plays in the use of cloud computing was considered in relation to various trust models, theories and frameworks. Cloud computing is still considered to be a new technology in the business world, therefore minimal work and academic research has been done on enhancing trust in cloud computing. Academic research which focuses on the adoption of cloud computing and, in particular, the building of user trust has been minimal. The available trust models, frameworks and cloud computing adoption strategies that exist mainly focus on cost reduction and the various benefits that are associated with migrating to a cloud computing platform. Available work on cloud computing does not provide clear guidelines for establishing user trust in a cloud computing application. The issue of establishing a reliable trust context for data and security within cloud computing is, up to this point, not well defined. This study investigates the impact that a lack of user trust has on the use of cloud computing. Strategies for enhancing user trust in cloud computing are required to overcome the data security concerns. This study focused on establishing methods to enhance user trust in cloud computing applications through the theoretical contributions of the Proposed Trust Model by Mayer, Davis, and Schoorman (1995) and the Confidentiality, Integrity, Availability (CIA) Triad by Steichen (2010). A questionnaire was used as a means of gathering data on trust-related perceptions of the use of cloud computing. The findings of this questionnaire administered to users and potential users of cloud computing applications are reported in this study. The questionnaire primarily investigates key concerns which result in self-moderation of cloud computing use and factors which would improve trust in cloud computing. Additionally, results relating to user awareness of potential confidentiality, integrity and availability risks are described. An initial cloud computing adoption model was proposed based on a content analysis of existing cloud computing literature. This initial model, empirically tested through the questionnaire, was an important foundation for the establishment of the Critical Success Factors (CSFs) and therefore the framework to enhance user trust in cloud computing applications. The framework proposed by this study aims to assist new cloud computing users to determine the appropriateness of a cloud computing service, thereby enhancing their trust in cloud computing applications

A Survey of Trust Management Models for Cloud Computing

Over the past few years, cloud computing has been widely adopted as a paradigm for large-scale infrastructures. In such a scenario, new security risks arise when different entities or domains share the same group of resources. Involved organizations need to establish some kind of trust relationships, able to define appropriate rules that can control which and how resources and services are going to be shared. The management of trust relationships represents a key challenge in order to meet high security requirements in cloud computing environments. This allows also to boost consumers confidence in cloud services, promoting its adoption. Establishing trust with cloud service providers supports to have confidence, control, reliability, and to avoid commercial issues like lock in. This paper proposes a survey of existing trust management models addressing collaboration agreements in cloud computing scenarios. Main limitations of current approaches are outlined and possible improvements are traced, as well as a future research path

Blockchain-enabled Reliable Osmotic Computing for Cloud of Things: Applications and Challenges

Cloud of Things (CoT) refers to an IoT solution consuming the cloud services of a single cloud vendor. In this paper, we have introduced the concept of a MultiCoT1 solution which refers to the collaborative execution of an IoT solution by multiple cloud vendors. Cloudlets and ad-hoc clouds are the extensions of centralized cloud services, closer to the user, in the form of fog and edge computing layers respectively and the Osmotic Computing (OC) serves as a glue by accomplishing the seamless compute sharing across these layers. The OC can also be integrated within a MultiCoT solution for extending it across three computational layers of cloud, fog and edge. However, this can only be achieved after establishing enough trust among all the vendors that are working in collaboration to simultaneously serve a particular MultiCoT solution. Blockchain has been already proven for establishing trust and supporting reliable interactions among independently operating entities. Hence, it can be used for establishing trust among the multiple cloud vendors serving a single MultiCoT solution. In this paper, we have presented the importance of using the proactive Blockchain-enabled Osmotic Manager (B-OM) for improving the reliability of OC. We have also highlighted the blockchain features that can improve the reliability of OC by establishing trust among the independently operating vendors of a MultiCoT solution, followed by the challenges associated with the integration of blockchain and OC along with the future research directions for achieving the proposed integration. © 2020 IEEE.Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works

Enhancing Trust Management in Cloud Environment

AbstractTrust management has been identified as vital component for establishing and maintaining successful relational exchanges between e-commerce trading partners in cloud environment. In this highly competitive and distributed service environment, the assurances are insufficient for the consumers to identify the dependable and trustworthy Cloud providers. Due to these limitations, potential consumers are not sure whether they can trust the Cloud providers in offering dependable services. In this paper, we propose a multi-faceted trust management system architecture for cloud computing marketplaces, to support customers in identifying trustworthy cloud providers. This paper presents the important threats to a trust system and proposed a method for tackling these threats. It described the desired feature of a trust management system. It security components to determine the trustworthiness of e- commerce participants to helps online customers to decide whether or not to proceed with a transaction. Based on this framework, we proposed an approach for filtering out malicious feedbacks and a trust metric to evaluate the trustworthiness of service provider. Results of various simulation experiments show that the proposed multi-attribute trust management system can be highly effective in identifying risky transaction in electronic market places

Blockchain-Based Digital Trust Mechanism: A Use Case of Cloud Manufacturing of LDS Syringes for COVID-19 Vaccination

Trust is essential in the digital world. It is a critical task to build digital trust for the ongoing digital engineering transformation. Aiming at developing a blockchain-based digital trust mechanism for Cloud Manufacturing or Manufacturing-as-a-Service (MaaS), in this paper, we use the manufacturing of low dead space (LDS) medical syringes through Cloud Manufacturing as a motivating scenario to develop a basic framework. To meet the need of optimally saving COVID-19 vaccine doses to save more lives, the medical device manufacturing community needs to make a swift move to meet the surged need for LDS syringes. Cloud Manufacturing is a form of emerging Digital Manufacturing facilitated with Cloud/Edge Computing, the Internet of Things, and other digital technologies. Cloud manufacturing allows quickly establishing a digital virtual enterprise that pools together various manufacturing resources worldwide to meet the surged needs of products and save cost and time. Trusting the product quality and safety is a significant challenge when using Cloud Manufacturing to manufacture the products. This paper proposes a schema of blockchain-based digital trust mechanisms with examples of using Cloud Manufacturing of medical LDS syringes for the urgent needs of catering COVID-19 vaccination

SLA-based trust model for secure cloud computing

Cloud computing has changed the strategy used for providing distributed services to many business and government agents. Cloud computing delivers scalable and on-demand services to most users in different domains. However, this new technology has also created many challenges for service providers and customers, especially for those users who already own complicated legacy systems. This thesis discusses the challenges of, and proposes solutions to, the issues of dynamic pricing, management of service level agreements (SLA), performance measurement methods and trust management for cloud computing.In cloud computing, a dynamic pricing scheme is very important to allow cloud providers to estimate the price of cloud services. Moreover, the dynamic pricing scheme can be used by cloud providers to optimize the total cost of cloud data centres and correlate the price of the service with the revenue model of service. In the context of cloud computing, dynamic pricing methods from the perspective of cloud providers and cloud customers are missing from the existing literature. A dynamic pricing scheme for cloud computing must take into account all the requirements of building and operating cloud data centres. Furthermore, a cloud pricing scheme must consider issues of service level agreements with cloud customers.I propose a dynamic pricing methodology which provides adequate estimating methods for decision makers who want to calculate the benefits and assess the risks of using cloud technology. I analyse the results and evaluate the solutions produced by the proposed scheme. I conclude that my proposed scheme of dynamic pricing can be used to increase the total revenue of cloud service providers and help cloud customers to select cloud service providers with a good quality level of service.Regarding the concept of SLA, I provide an SLA definition in the context of cloud computing to achieve the aim of presenting a clearly structured SLA for cloud users and improving the means of establishing a trustworthy relationship between service provider and customer. In order to provide a reliable methodology for measuring the performance of cloud platforms, I develop performance metrics to measure and compare the scalability of the virtualization resources of cloud data centres. First, I discuss the need for a reliable method of comparing the performance of various cloud services currently being offered. Then, I develop a different type of metrics and propose a suitable methodology to measure the scalability using these metrics. I focus on virtualization resources such as CPU, storage disk, and network infrastructure.To solve the problem of evaluating the trustworthiness of cloud services, this thesis develops a model for each of the dimensions for Infrastructure as a Service (IaaS) using fuzzy-set theory. I use the Takagi-Sugeno fuzzy-inference approach to develop an overall measure of trust value for the cloud providers. It is not easy to evaluate the cloud metrics for all types of cloud services. So, in this thesis, I use Infrastructure as a Service (IaaS) as a main example when I collect the data and apply the fuzzy model to evaluate trust in terms of cloud computing. Tests and results are presented to evaluate the effectiveness and robustness of the proposed model

Agent-Based Cloud Resource Management for Secure Cloud Infrastructures

The cloud offers clear benefits for computations as well as for storage for diverse application areas. Security concerns are by far the greatest barriers to the wider uptake of cloud computing, particularly for privacy-sensitive applications. The aim of this article is to propose an approach for establishing trust between users and providers of cloud infrastructures (IaaS model) based on certified trusted agents. Such approach would remove barriers that prevent security sensitive applications being moved to the cloud. The core technology encompasses a secure agent platform for providing the execution environment for agents and the secure attested software base which ensures the integrity of the host platform. In this article we describe the motivation, concept, design and initial implementation of these technologies

ACCEPTANCE OF HEALTH CLOUDS - A PRIVACY CALCULUS PERSPECTIVE

The cloud computing paradigm promises to significantly improve the transfer of crucial medical records during medical service delivery. However, since cloud computing technology is still known for unsolved security and privacy challenges, severe concerns could prevent patients and medical workers from accepting such an application scenario. Owing to the lack of similar studies, we investigate what determines an individual´s information privacy concerns on cloud-based transmission of medical records and whether perceived benefits influnce the behavioral intention of individuals to permit medical workers to transfer their medical records via cloud-based services. Based on different established theories, we develop and empirically test a corresponding research model by a survey with more than 260 full responses. \ \ Our results show the perceived benefits of this health cloud scenario override the impact of information privacy concerns even in the privacy-sensitive German-speaking area and immediately after the NSA scandal. Somewhat surprisingly, we also find that in this scenario knowledge about information privacy has no significant effect on information privacy concerns although some relations have been observed in previous empirical studies. Finally, patient information privacy concerns can be mitigated by establishing trust in cloud providers in healthcare as well as in privacy-preserving technological and regulatory mechanisms

Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components - trusted computing, virtualization technology and cloud computing platforms - to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on- demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment