Towards Establishing Security-Aware Cloud Markets

Today's cloud environments are very heterogeneous. This cloud heterogeneity, as the consequence of lacking cloud standards, builds technical and security barriers between cloud providers and blocks them from intended cloud collaborations within cloud marketplaces. A cloud broker, who acts on behalf of cloud providers, matches compatible collaborative partners according to their requirements and attempts to support the optimal exchange of cloud resources between them. The fulfillment of security requirements in cloud collaborations usually involves providing risk assessments, which are still very time-consuming and not applicable for ad hoc cloud collaborations within cloud marketplaces. Aiming to design and develop a security model for trading with cloud services, we identify in this paper concepts, mechanism and available tools that can support establishing of security-aware cloud markets. Furthermore, we introduce our information security governance driven cloud brokerage model with security labeling of tradable cloud products that can be the next step in the standardization process of tradable cloud products and optimize the selection of collaborative cloud partners.

[1]  A. Rahimi,et al.  Effective market monitoring in deregulated electricity markets , 2003 .

[2]  Rajkumar Buyya,et al.  Mandi: a market exchange for trading utility and cloud computing services , 2011, The Journal of Supercomputing.

[3]  Michael Papish A method for implementing dynamic, cloud-based metadata services based on a unified content ID space across a fragmented CE ecosystem , 2012, 2012 IEEE International Conference on Consumer Electronics (ICCE).

[4]  Cynthia E. Irvine,et al.  A cloud-oriented cross-domain security architecture , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[5]  Jordi Torres,et al.  Characterizing Cloud Federation for Enhancing Providers' Profit , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[6]  Ulrich Lampe,et al.  Cloud Computing in the Financial Industry - A Road Paved with Security Pitfalls? , 2012, AMCIS.

[7]  Mark Anderson,et al.  Understanding the Complexity Surrounding Multitenancy in Cloud Computing , 2011, 2011 IEEE 8th International Conference on e-Business Engineering.

[8]  Jacques Fayolle,et al.  An Identity-Centric Internet: Identity in the Cloud, Identity as a Service and Other Delights , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[9]  Amani S. Ibrahim,et al.  Collaboration-Based Cloud Computing Security Management Framework , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[10]  Anwitaman Datta,et al.  On trust guided collaboration among cloud service providers , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[11]  Johan Tordsson,et al.  Towards Secure Cloud Bursting, Brokerage and Aggregation , 2010, 2010 Eighth IEEE European Conference on Web Services.

[12]  Mario Golling,et al.  Security management spectrum in future multi-provider Inter-Cloud environments — Method to highlight necessary further development , 2011, 2011 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud (SVM).

[13]  Jianzhong Li,et al.  Ad Hoc Aggregation Query Processing Algorithms Based on Bit-Store in Data Intensive Cloud , 2011, 2011 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[14]  Ralf Steinmetz,et al.  Verifying the Availability of Cloud Applications , 2013, CLOSER.

[15]  Rajkumar Buyya,et al.  A framework for ranking of cloud computing services , 2013, Future Gener. Comput. Syst..

[16]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[17]  Ryszard Kowalczyk,et al.  Pure exchange markets for resource sharing in federated clouds , 2010, Concurr. Comput. Pract. Exp..

[18]  Pankaj Goyal Application of a Distributed Security Method to End-2-End Services Security in Independent Heterogeneous Cloud Computing Environments , 2011, 2011 IEEE World Congress on Services.

[19]  Christoph Meinel,et al.  Contract-based cloud architecture , 2010, CloudDB '10.

[20]  David Bernstein,et al.  Intercloud Security Considerations , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[21]  Ralf Steinmetz,et al.  Much Ado about Security Appeal: Cloud Provider Collaborations and Their Risks , 2012, ESOCC.

[22]  Stuart J. Fitz-Gerald Book Review of: 'Business knowledge for IT in retail banking: a complete handbook for IT professionals' by Essvale Corporation Limited , 2008 .

[23]  Bin Wang,et al.  Identity Federation Broker for Service Cloud , 2010, 2010 International Conference on Service Sciences.

[24]  Holger Wache,et al.  Cloud Broker: Bringing Intelligence into the Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[25]  Rajkumar Buyya,et al.  Resource Provisioning Policies to Increase IaaS Provider's Profit in a Federated Cloud Environment , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.