Hysteresis-based robust trust computing mechanism for cloud computing

Cloud computing has been the new paradigm in distributed systems where users can access computing resources and pay only for usage similar to other utilities like electricity, water, gas and telephony.Service Level Agreements signed at the beginning between the clients and service providers stipulate conditions of the services including the QoS requirements.Trust can be used to quantify the QoS levels of providers and rank them according to their performances. Hence trust management systems can play an important role in identifying the right service provider who would maintain the QoS at the levels required by the clients. Researchers have proposed several trust computing mechanisms based on different techniques and trust metrics on the literature.Almost all of these mechanisms increment or decrement the trust scores monotonously based on the inputs.This is a major vulnerability that can be exploited by adversaries to force the trust scores towards extreme values.In this paper, the authors propose a novel trust computing mechanism based on hysteresis function which requires extra efforts to force the output from one end to the other.Hysteresis functions are immune to small changes and hence can be used to protect the system from sporadic attacks.The proposed mechanism has been tested using simulations.The test results show that the trust scores computed using the proposed mechanism are more robust and stable in the face of attacks than other mechanisms

Secure Cloud-Edge Deployments, with Trust

Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology

Trust Management Model for Cloud Computing Environment

Software as a service or (SaaS) is a new software development and deployment paradigm over the cloud and offers Information Technology services dynamically as "on-demand" basis over the internet. Trust is one of the fundamental security concepts on storing and delivering such services. In general, trust factors are integrated into such existent security frameworks in order to add a security level to entities collaborations through the trust relationship. However, deploying trust factor in the secured cloud environment are more complex engineering task due to the existence of heterogeneous types of service providers and consumers. In this paper, a formal trust management model has been introduced to manage the trust and its properties for SaaS in cloud computing environment. The model is capable to represent the direct trust, recommended trust, reputation etc. formally. For the analysis of the trust properties in the cloud environment, the proposed approach estimates the trust value and uncertainty of each peer by computing decay function, number of positive interactions, reputation factor and satisfaction level for the collected information.Comment: 5 Pages, 2 Figures, Conferenc

Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments

With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST

Cloud computing ecosystem: Insights from an exploratory study in SaaS and PaaS value networks

Objectives of the Study: This thesis studies software ecosystem in cloud computing context. It gives additional insight into the characteristics of the cloud ecosystem, and into the roles recognized in the ecosystem, as well as network management. Furthermore, it recognizes benefits that cloud computing vendors gain by establishing an ecosystem, as well as network effects involved in the ecosystem. In this research, SaaS and PaaS delivery models are taken into closer review. The purpose of this research is to gain familiarity with the phenomenon, and acquire new insight into cloud computing ecosystem in order to develop hypotheses, and to formulate more precise research problems for further research. Academic background and methodology: This qualitative research utilizes systematic combining where theoretical framework, empirical fieldwork, and case analysis evolve simultaneously. Moreover, it explores a new field of cloud computing ecosystem through a multiple case study from the software vendor's angle. Data collection is performed via semi-structured interviews among key persons of the case company. Also various Internet sources are utilized to collect data. Because of the abductive approach results are combined with existing theory on the field. Findings and conclusions: The findings reveal that task of building trust and managing customer relationships becomes more important for the partners. They concretize that SaaS delivery side network consists of SIs, Service providers, VAPs, and SaaS app stores. On the other hand, PaaS scenario consists of PaaS providers, ISVs, and the SaaS customer. Cloud computing offers partners possibility to move towards providing high value services, for example, business process consulting instead of basic system configuration. On the other hand, platform providers will need to invest more into marketing to support the ecosystem. Also, software vendors should apply new network management principles in cloud computing ecosystem. Given the nature of exploratory study, the results of this research are not applicable for decision-making as such. However, they can provide significant insight into the context