Bridging the Cloud Trust Gap: Using ORCON Policy to Manage Consumer Trust between Different Clouds

If we send our data to the cloud, how do we know the cloud will not outsource our data to another cloud provider? We leverage the originator controlled access control policy (ORCON) which is originator focused and provides the opportunity to express consumer specific desires relating to our data in the cloud. We present a novel cloud trust policy framework which allows for the consumer to make more expressive choices regarding the handling of her data across distributed clouds using ORCON as a mechanism. We also identify a trust gap between a cloud consumer and the cloud. A cloud consumer (specifically first time user), who is provided with privacy and security guarantees and promised a level of service, must decide to take a leap of faith and trust the cloud. This 'trust gap' is a both short term and long term trust issue. We explore ways to bridge this gap. Finally, we identify a conflict-of-interest that exists within the cloud trust research space and explain how to mitigate it. This is achieved principally by moving attestation servers out of the cloud that it is supposed to be attesting to. This effectively creates Attestation as a Service(AaaS).

[1]  Ruby B. Lee,et al.  Hardware-Assisted Application-Level Access Control , 2009, ISC.

[2]  Imad M. Abbadi,et al.  A framework for establishing trust in the Cloud , 2012, Comput. Electr. Eng..

[3]  Radu Sion,et al.  Proceedings of the 2010 ACM workshop on Cloud computing security workshop , 2010, CCS 2010.

[4]  Jaehong Park,et al.  Originator Control in Usage Control , 2002, POLICY.

[5]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[6]  Tharam Dillon,et al.  Decision-making framework for user-based inter-cloud service migration , 2015, Electron. Commer. Res. Appl..

[7]  Yuqiong Sun,et al.  Cloud Verifier: Verifiable Auditing Service for IaaS Clouds , 2013, 2013 IEEE Ninth World Congress on Services.

[8]  Trent Jaeger,et al.  Seeding clouds with trust anchors , 2010, CCSW '10.

[9]  Anirban Sarkar,et al.  Trust Management Model for Cloud Computing Environment , 2013, SOCO 2013.

[10]  Theo Lynn,et al.  A User Data Location Control Model for Cloud Services , 2014, CLOSER.

[11]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[12]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[13]  Bu-Sung Lee,et al.  Efficient Migration of Virtual Machines between Public and Private Cloud , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[14]  Andrew P. Martin,et al.  RepCloud: Attesting to Cloud Service Dependency , 2017, IEEE Transactions on Services Computing.

[15]  Anne H. H. Ngu,et al.  Cloud Armor: a platform for credibility-based trust management of cloud services , 2013, CIKM.

[16]  Elena Rocco,et al.  Trust breaks down in electronic contexts but can be repaired by some initial face-to-face contact , 1998, CHI.

[17]  Ruby B. Lee,et al.  CloudMonatt: An architecture for security health monitoring and attestation of virtual machines in cloud computing , 2015, 2015 ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA).

[18]  Stefan Berger,et al.  Scalable Attestation: A Step Toward Secure and Trusted Clouds , 2015, 2015 IEEE International Conference on Cloud Engineering.

[19]  Max Mühlhäuser,et al.  Towards a Trust Management System for Cloud Computing , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[20]  Michael Naehrig,et al.  CryptoNets: applying neural networks to encrypted data with high throughput and accuracy , 2016, ICML 2016.

[21]  Adrian Perrig,et al.  Turtles all the way down: research challenges in user-based attestation , 2007, WRAITS '08.

[22]  Kevin R. B. Butler,et al.  Towards secure provenance-based access control in cloud environments , 2013, CODASPY.