59,161 research outputs found
Hysteresis-based robust trust computing mechanism for cloud computing
Cloud computing has been the new paradigm in distributed systems where users can access computing resources and pay only for usage similar to other utilities like electricity,
water, gas and telephony.Service Level Agreements signed at
the beginning between the clients and service providers stipulate conditions of the services including the QoS requirements.Trust can be used to quantify the QoS levels of providers and rank them according to their performances. Hence trust management systems can play an important role in identifying the right service provider who would maintain the QoS at the levels required by the clients. Researchers have proposed several trust computing mechanisms based on different techniques and trust metrics on the literature.Almost all of these mechanisms increment or decrement the trust scores monotonously based on the inputs.This is a major vulnerability that can be exploited by adversaries to force the trust scores towards extreme values.In this paper, the authors propose a novel trust computing mechanism based on hysteresis function which requires extra efforts to force the output from one end to the other.Hysteresis functions are immune to small changes and hence can be used to protect the system from sporadic attacks.The proposed mechanism has been tested using simulations.The test results show that the trust scores computed using the proposed mechanism are more robust and stable in the face of attacks than other mechanisms
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
Trust Management Model for Cloud Computing Environment
Software as a service or (SaaS) is a new software development and deployment
paradigm over the cloud and offers Information Technology services dynamically
as "on-demand" basis over the internet. Trust is one of the fundamental
security concepts on storing and delivering such services. In general, trust
factors are integrated into such existent security frameworks in order to add a
security level to entities collaborations through the trust relationship.
However, deploying trust factor in the secured cloud environment are more
complex engineering task due to the existence of heterogeneous types of service
providers and consumers. In this paper, a formal trust management model has
been introduced to manage the trust and its properties for SaaS in cloud
computing environment. The model is capable to represent the direct trust,
recommended trust, reputation etc. formally. For the analysis of the trust
properties in the cloud environment, the proposed approach estimates the trust
value and uncertainty of each peer by computing decay function, number of
positive interactions, reputation factor and satisfaction level for the
collected information.Comment: 5 Pages, 2 Figures, Conferenc
Cloud Security : A Review of Recent Threats and Solution Models
The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)
Trusted Computing and Secure Virtualization in Cloud Computing
Large-scale deployment and use of cloud computing in industry
is accompanied and in the same time hampered by concerns regarding protection of
data handled by cloud computing providers. One of the consequences of moving
data processing and storage off company premises is that organizations have
less control over their infrastructure. As a result, cloud service (CS) clients
must trust that the CS provider is able to protect their data and
infrastructure from both external and internal attacks. Currently however, such
trust can only rely on organizational processes declared by the CS
provider and can not be remotely verified and validated by an external party.
Enabling the CS client to verify the integrity of the host where the
virtual machine instance will run, as well as to ensure that the virtual
machine image has not been tampered with, are some steps towards building
trust in the CS provider. Having the tools to perform such
verifications prior to the launch of the VM instance allows the CS
clients to decide in runtime whether certain data should be stored- or calculations
should be made on the VM instance offered by the CS provider.
This thesis combines three components -- trusted computing, virtualization technology
and cloud computing platforms -- to address issues of trust and
security in public cloud computing environments. Of the three components,
virtualization technology has had the longest evolution and is a cornerstone
for the realization of cloud computing. Trusted computing is a recent
industry initiative that aims to implement the root of trust in a hardware
component, the trusted platform module. The initiative has been formalized
in a set of specifications and is currently at version 1.2. Cloud computing
platforms pool virtualized computing, storage and network resources in
order to serve a large number of customers customers that use a multi-tenant
multiplexing model to offer on-demand self-service over broad network.
Open source cloud computing platforms are, similar to trusted computing, a
fairly recent technology in active development.
The issue of trust in public cloud environments is addressed
by examining the state of the art within cloud computing security and
subsequently addressing the issues of establishing trust in the launch of a
generic virtual machine in a public cloud environment. As a result, the thesis
proposes a trusted launch protocol that allows CS clients
to verify and ensure the integrity of the VM instance at launch time, as
well as the integrity of the host where the VM instance is launched. The protocol
relies on the use of Trusted Platform Module (TPM) for key generation and data protection.
The TPM also plays an essential part in the integrity attestation of the
VM instance host. Along with a theoretical, platform-agnostic protocol,
the thesis also describes a detailed implementation design of the protocol
using the OpenStack cloud computing platform.
In order the verify the implementability of the proposed protocol, a prototype
implementation has built using a distributed deployment of OpenStack.
While the protocol covers only the trusted launch procedure using generic
virtual machine images, it presents a step aimed to contribute towards
the creation of a secure and trusted public cloud computing environment
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
Cloud computing ecosystem: Insights from an exploratory study in SaaS and PaaS value networks
Objectives of the Study:
This thesis studies software ecosystem in cloud computing context. It gives additional insight into the characteristics of the cloud ecosystem, and into the roles recognized in the ecosystem, as well as network management. Furthermore, it recognizes benefits that cloud computing vendors gain by establishing an ecosystem, as well as network effects involved in the ecosystem. In this research, SaaS and PaaS delivery models are taken into closer review. The purpose of this research is to gain familiarity with the phenomenon, and acquire new insight into cloud computing ecosystem in order to develop hypotheses, and to formulate more precise research problems for further research.
Academic background and methodology:
This qualitative research utilizes systematic combining where theoretical framework, empirical fieldwork, and case analysis evolve simultaneously. Moreover, it explores a new field of cloud computing ecosystem through a multiple case study from the software vendor's angle. Data collection is performed via semi-structured interviews among key persons of the case company. Also various Internet sources are utilized to collect data. Because of the abductive approach results are combined with existing theory on the field.
Findings and conclusions:
The findings reveal that task of building trust and managing customer relationships becomes more important for the partners. They concretize that SaaS delivery side network consists of SIs, Service providers, VAPs, and SaaS app stores. On the other hand, PaaS scenario consists of PaaS providers, ISVs, and the SaaS customer. Cloud computing offers partners possibility to move towards providing high value services, for example, business process consulting instead of basic system configuration. On the other hand, platform providers will need to invest more into marketing to support the ecosystem. Also, software vendors should apply new network management principles in cloud computing ecosystem. Given the nature of exploratory study, the results of this research are not applicable for decision-making as such. However, they can provide significant insight into the context
- …