Trust Management Model for Cloud Computing Environment

Software as a service or (SaaS) is a new software development and deployment paradigm over the cloud and offers Information Technology services dynamically as "on-demand" basis over the internet. Trust is one of the fundamental security concepts on storing and delivering such services. In general, trust factors are integrated into such existent security frameworks in order to add a security level to entities collaborations through the trust relationship. However, deploying trust factor in the secured cloud environment are more complex engineering task due to the existence of heterogeneous types of service providers and consumers. In this paper, a formal trust management model has been introduced to manage the trust and its properties for SaaS in cloud computing environment. The model is capable to represent the direct trust, recommended trust, reputation etc. formally. For the analysis of the trust properties in the cloud environment, the proposed approach estimates the trust value and uncertainty of each peer by computing decay function, number of positive interactions, reputation factor and satisfaction level for the collected information.Comment: 5 Pages, 2 Figures, Conferenc

Trust Model for Optimized Cloud Services

Cloud computing with its inherent advantages draws attention for business critical applications, but concurrently expects high level of trust in cloud service providers. Reputation-based trust is emerging as a good choice to model trust of cloud service providers based on available evidence. Many existing reputation based systems either ignore or give less importance to uncertainty linked with the evidence. In this paper, we propose an uncertainty model and define our approach to compute opinion for cloud service providers. Using subjective logic operators along with the computed opinion values, we propose mechanisms to calculate the reputation of cloud service providers. We evaluate and compare our proposed model with existing reputation models

The case for cloud service trustmarks and assurance-as-a-service

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing

Issues and challenges: cloud computing e-Government in developing countries

Cloud computing has become essential for IT resources that can be delivered as a service over the Internet. Many e-government services that are used worldwide provide communities with relatively complex applications and services. Governments are still facing many challenges in their implementation of e-government services in general, including Saudi Arabia, such as poor IT infrastructure, lack of finance, and insufficient data security. This research paper investigates the challenges of e-government cloud service models in developing countries. This paper finds that governments in developing countries are influenced by how the top management deals with the attention to the adoption of cloud computing. Further, organisational readiness levels of technologies, such as IT infrastructure, internet availability and social trust of the adoption of new technology as cloud computing, still present limitations for e-government cloud services adoption. Based on the findings of the critical review, this paper identifies the issues and challenges affecting the adoption of cloud computing in e- government such as IT infrastructure, internet availability, and trust adopted new technologies thereby highlighting benefits of cloud computing-based e-government services. Furthermore, we propose recommendations for developing IT systems focused on trust when adopting cloud computing in e-government services (CCEGov)

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

My Private Cloud Overview: A Trust, Privacy and Security Infrastructure for the Cloud

Based on the assumption that cloud providers can be trusted (to a certain extent) we define a trust, security and privacy preserving infrastructure that relies on trusted cloud providers to operate properly. Working in tandem with legal agreements, our open source software supports: trust and reputation management, sticky policies with fine grained access controls, privacy preserving delegation of authority, federated identity management, different levels of assurance and configurable audit trails. Armed with these tools, cloud service providers are then able to offer a reliable privacy preserving infrastructure-as-a-service to their clients

Enhancing User Trust in Cloud Computing Applications

Despite the surge in activity and interest in cloud computing, there are significant and persistent concerns about cloud computing, particularly with regard to trusting the cloud platform in terms of confidentiality, integrity and availability of user data stored through these applications. These factors are significant in determining trust in cloud computing and thus provide the foundation for this paper. The significant role that trust plays in use of cloud computing was considered in relation to various trust related models, theories and frameworks. The available trust models, frameworks and cloud computing adoption strategies focus on cost reduction and the various benefits that are associated with migrating to the cloud. This paper focused on the lack of user trust in cloud computing applications, and strategies of enhancing user trust with reference to the Proposed Trust Model by Mayer, Davis, and Schoorman, (1995) and the Confidentiality, Integrity, Availability (CIA) Triad. A questionnaire was used as the means of gathering data on trust related perceptions of the use of cloud computing. An initial cloud computing adoption model was proposed based on key portions of cloud computing literature that was explored, combined and expected to enhance trust in cloud computing. This initial model was an important foundation for the establishment of the Critical Success Factors (CSFs) and thereafter the framework to enhance user trust in cloud computing applications

A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec