Toward a Dynamic Trust Establishment approach for multi-provider Intercloud environment

In cloud computing, data are managed by different entities, not only by the actual data owner but also by many cloud providers. Sophisticated clouds collaboration scenarios may require that the data objects are distributed at cloud providers and accessed remotely, while still being under the control of the data owners. This brings security challenges for distributed authorization and trust management that existing proposed schemes have not fully solved. In this paper, we propose a Dynamic Trust Establishment approach which can be incorporated into cloud services provisioning life-cycles for the multi-provider Intercloud environment. It relies on attribute-based policies as the mechanism for trust evaluation and delegation. The paper proposes a practical implementation approach for attribute-based policies evaluation using Multi-type Interval Decision Diagrams extended from Integer Decision Diagrams which is more efficient in terms of evaluation complexity than other evaluation approaches.

[1]  Yuri Demchenko,et al.  Defining inter-cloud architecture for interoperability and integration , 2012, CloudCom 2012.

[2]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[3]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[4]  Tong Jin,et al.  NIST-SP 500-291, NIST Cloud Computing Standards Roadmap | NIST , 2011 .

[5]  Cees T. A. M. de Laat,et al.  Security Framework for Virtualised Infrastructure Services Provisioned On-demand , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[6]  Bruno Crispo,et al.  Performance evaluation of XACML PDP implementations , 2008, SWS '08.

[7]  Wolfgang Ziegler,et al.  Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[8]  Randal E. Bryant,et al.  Efficient implementation of a BDD package , 1991, DAC '90.

[9]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[10]  Cees T. A. M. de Laat,et al.  Towards an Infrastructure Description Language for Modeling Computing Infrastructures , 2012, 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications.

[11]  Xiaoyang Sean Wang,et al.  Authorization in trust management: Features and foundations , 2008, CSUR.

[12]  Ninghui Li,et al.  DATALOG with Constraints: A Foundation for Trust Management Languages , 2003, PADL.

[13]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[14]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[15]  D. Recordon The OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-28 , 2012 .

[16]  Lothar Thiele,et al.  Interval diagrams for efficient symbolic verification of processnetworks , 2000, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[17]  Cees T. A. M. de Laat,et al.  Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[18]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[19]  Jordi Ferrer Riera,et al.  A multi-tenancy model based on resource capabilities and Ownership for infrastructure management , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.