Towards Transparent and Trustworthy Cloud

Despite its immense benefits in terms of flexibility, resource consumption, and simplified management, cloud computing raises several concerns due to lack of trust and transparency. Like all computing paradigms based on outsourcing, the use of cloud computing is largely a matter of trust. There is an increasing pressure by cloud customers for solutions that would increase their confidence that a cloud service/application is behaving in a secure and correct manner. Cloud assurance techniques, developed to assess the trustworthiness of cloud services, can play a major role in building trust. In this paper, we start from the assumption that an opaque cloud does not fit security, and present a reliable evidence collection process and infrastructure extending existing assurance techniques towards the definition of a trustworthy cloud. The proposed process and infrastructure are applied to a case study on cloud certification showing their utility.

[1]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[2]  George Spanoudakis,et al.  Towards Hybrid Cloud Service Certification Models , 2014, 2014 IEEE International Conference on Services Computing.

[3]  Debra S. Herrmann,et al.  Using the Common Criteria for IT Security Evaluation , 2002 .

[4]  Ernesto Damiani,et al.  A test-based security certification scheme for web services , 2013, TWEB.

[5]  Dimitris Dranidis,et al.  Increased reliability in SOA environments through registry-based conformance testing of Web services , 2010 .

[6]  Khaled Mahbub,et al.  Incremental certification of cloud services , 2013, SECURWARE 2013.

[7]  Ali Sunyaev,et al.  Cloud services certification , 2013, CACM.

[8]  Ernesto Damiani,et al.  From Security to Assurance in the Cloud , 2015, ACM Comput. Surv..

[9]  Ernesto Damiani,et al.  Fast summarization and anonymization of multivariate big time series , 2015, 2015 IEEE International Conference on Big Data (Big Data).

[10]  Ernesto Damiani,et al.  A Certification-Based Trust Model for Autonomic Cloud Computing Systems , 2014, 2014 International Conference on Cloud and Autonomic Computing.

[11]  Antonio Maña,et al.  Software and hardware certification techniques in a combined certification model , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[12]  Ernesto Damiani,et al.  Toward Economic-Aware Risk Assessment on the Cloud , 2015, IEEE Security & Privacy.