Trust based Privacy Policy Enforcement in Cloud Computing

Cloud computing offers opportunities for organizations to reduce IT costs by using the computation and storage of a remote provider. Despite the benefits offered by cloud computing paradigm, organizations are still wary of delegating their computation and storage to a cloud service provider due to trust concerns. The trust issues with the cloud can be addressed by a combination of regulatory frameworks and supporting technologies. Privacy Enhancing Technologies (PET) and remote attestation provide the technologies for addressing the trust concerns. PET provides proactive measures through cryptography and selective dissemination of data to the client. Remote attestation mechanisms provides reactive measures by enabling the client to remotely verify if a provider is compromised. The contributions of this work are three fold. This thesis explores the PET landscape by studying in detail the implications of using PET in cloud architectures. The practicality of remote attestation in Software as a Service (SaaS) and Infrastructure as a Service (IaaS) scenarios is also analyzed and improvements have been proposed to the state of the art. This thesis also propose a fresh look at trust relationships in cloud computing, where a single provider changes its configuration for each client based on the subjective and dynamic trust assessments of clients. We conclude by proposing a plan for expanding on the completed work.

[1]  Pangfeng Liu,et al.  Server Consolidation Algorithms with Bounded Migration Cost and Performance Guarantees in Cloud Computing , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[2]  Peng Ning,et al.  HIMA: A Hypervisor-Based Integrity Measurement Agent , 2009, 2009 Annual Computer Security Applications Conference.

[3]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[4]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[5]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[6]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[7]  Michael K. Reiter,et al.  An Execution Infrastructure for TCB Minimization , 2007 .

[8]  P. Sztompka Trust: A Sociological Theory , 2000 .

[9]  N. Cao,et al.  Privacy-preserving multi-keyword ranked search over encrypted cloud data , 2011, 2011 Proceedings IEEE INFOCOM.

[10]  Mikhail J. Atallah,et al.  Privacy Preserving Cryptographic Protocols , 2016 .

[11]  Zhen Xu,et al.  Real-time remote attestation of IaaS cloud , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[12]  W. Wiggins THE CHALLENGE OF THE COMPUTER. , 1964, JAMA.

[13]  Jeffrey S. Chase,et al.  ExoGENI: A Multi-Domain Infrastructure-as-a-Service Testbed , 2012, The GENI Book.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[16]  Chern Har Yew,et al.  Architecture Supporting Computational Trust Formation , 2011 .

[17]  James Lee,et al.  Hacking Linux Exposed: Linux Security Secrets & Solutions , 2002 .

[18]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[19]  Stephen Marsh,et al.  Trust, Untrust, Distrust and Mistrust - An Exploration of the Dark(er) Side , 2005, iTrust.

[20]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[21]  Jan-Erik Ekberg NRC-TR-2007-015 Mobile Trusted Module ( MTM )-an introduction , 2007 .

[22]  Mohamed Saleh,et al.  Analyzing multiple logs for forensic evidence , 2007, Digit. Investig..

[23]  Muthucumaru Maheswaran,et al.  Towards Trust-Aware Resource Management in Grid Computing Systems , 2002, 2nd IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID'02).

[24]  Andrew P. Martin,et al.  Managing application whitelists in trusted distributed systems , 2011, Future Gener. Comput. Syst..

[25]  Deyi Li,et al.  A New Subjective Trust Model Based on Cloud Model , 2008, 2008 IEEE International Conference on Networking, Sensing and Control.

[26]  Pascal Bouvry,et al.  Certicloud: A Novel TPM-based Approach to Ensure Cloud IaaS Security , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[27]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[28]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[29]  Dong Seong Kim,et al.  Intrusion detection system , 2020, International Journal of Engineering and Techniques.

[30]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[31]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[32]  Siani Pearson,et al.  Privacy, Security and Trust in Cloud Computing , 2013 .

[33]  Zhaopeng Li,et al.  TrustVP: Construction and Evolution of Trusted Chain on Virtualization Computing Platform , 2012, CIS.

[34]  Zhaoyu Liu,et al.  A dynamic trust model for mobile ad hoc networks , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[35]  Rolf Dach,et al.  Technical Report 2012 , 2013 .

[36]  Ronald Petrlic Integrity Protection for Automated Teller Machines , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[37]  Chunwen Li,et al.  An Implementation of Trusted Remote Attestation Oriented the IaaSCloud , 2012, ISCTCS.

[38]  Meng Wang,et al.  Consolidating virtual machines with dynamic bandwidth demand in data centers , 2011, 2011 Proceedings IEEE INFOCOM.

[39]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[40]  Vijay Varadharajan,et al.  Subjective logic based trust model for mobile ad hoc networks , 2008, SecureComm.

[41]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[42]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[43]  Jean-Pierre Seifert,et al.  Beyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform , 2010, TRUST.

[44]  Vijay Varadharajan,et al.  Trust/sup 2/: developing trust in peer-to-peer environments , 2005, 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1.

[45]  Minglu Li,et al.  An In-VM Measuring Framework for Increasing Virtual Machine Security in Clouds , 2010, IEEE Security & Privacy.

[46]  Peiqiang Chen,et al.  Software Behavior Based Trustworthiness Attestation For Computing Platform , 2012, J. Softw..

[47]  Jordi Sabater-Mir,et al.  Review on Computational Trust and Reputation Models , 2005, Artificial Intelligence Review.

[48]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[49]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[50]  Saumil Shah,et al.  Hacking Linux Exposed , 2001 .

[51]  S. Shapiro The Social Control of Impersonal Trust , 1987, American Journal of Sociology.

[52]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX ATC.

[53]  Norman L. Chervany,et al.  Trust and Distrust Definitions: One Bite at a Time , 2000, Trust in Cyber-societies.

[54]  Daniele Micciancio,et al.  A first glimpse of cryptography's Holy Grail , 2010, CACM.

[55]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[56]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[57]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[58]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[59]  Yanfei Liu,et al.  A trusted network platform architecture scheme on clouding computing model , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[60]  Anoop Gupta,et al.  SPLASH: Stanford parallel applications for shared-memory , 1992, CARN.

[61]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[62]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[63]  Dengguo Feng,et al.  Real-Time Remote Attestation with Privacy Protection , 2010, TrustBus.

[64]  Andrew P. Martin,et al.  myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[65]  Mark Perry,et al.  Clarifying Privacy in the Clouds , 2011 .

[66]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[67]  Xiao Qin,et al.  SAREC: a security-aware scheduling strategy for real-time applications on clusters , 2005, 2005 International Conference on Parallel Processing (ICPP'05).

[68]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[69]  Jonathan B. Postel Rfc821: simple mail transfer protocol , 1982 .

[70]  Shuai Wang,et al.  An Evaluation Approach of Subjective Trust Based on Cloud Model , 2008, CSSE.

[71]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[72]  Wang Meng,et al.  A Dynamic Trust Model Based on Recommendation Credibility in Grid Domain , 2009, 2009 International Conference on Computational Intelligence and Software Engineering.

[73]  Jie Wu,et al.  An Efficient Privacy Preserving Keyword Search Scheme in Cloud Computing , 2009, 2009 International Conference on Computational Science and Engineering.

[74]  Zheng Yan Security via Trusted Communications , 2010, Handbook of Information and Communication Security.

[75]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[76]  Yu Guo,et al.  A trusted computing environment model in cloud architecture , 2010, 2010 International Conference on Machine Learning and Cybernetics.

[77]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[78]  Cliff Changchun Zou,et al.  SMM rootkit: a new breed of OS independent malware , 2013, Secur. Commun. Networks.

[79]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[80]  Ravindra Gupta,et al.  An Comparison with Property Based Resource Attestation to Secure Cloud Environment , 2012 .

[81]  Abe Fettig,et al.  Twisted Network Programming Essentials , 2005 .

[82]  Audun Jøsang,et al.  Analysing the Relationship between Risk and Trust , 2004, iTrust.

[83]  Ahmad-Reza Sadeghi,et al.  Client-Controlled Cryptography-as-a-Service in the Cloud , 2013, ACNS.

[84]  Martin Pirker,et al.  A PrivacyCA for Anonymity and Trust , 2009, TRUST.