A framework for establishing trust in the Cloud

Cloud infrastructure is expected to be able to support Internet scale critical applications (e.g. hospital systems and smart grid systems). Critical infrastructure services and organizations alike will not outsource their critical applications to a public Cloud without strong assurances that their requirements will be enforced. Central to this concern is that the user should be provided with evidence of the trustworthiness of the elements of the Cloud without getting involved into infrastructure details. In addition, users should be able to control their outsourced data at public Clouds. Establishing Cloud's trust model is important but the Cloud's infrastructure complexity and dynamism makes it difficult to address. This paper focuses on an important angle in this direction. We start by identifying the related challenges for establishing trust in the Cloud, and then propose a foundation framework which can help in addressing the identified challenges. Our focus is on IaaS Cloud type and on organizations as Cloud users.

[1]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[2]  Imad M. Abbadi Clouds' Infrastructure Taxonomy, Properties, and Management Services , 2011, ACC.

[3]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Special Aspects and Challenges , 2008, SOFSEM.

[5]  Gail-Joon Ahn,et al.  SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[6]  Imad M. Abbadi,et al.  Sharing but Protecting Content Against Internal Leakage for Organisations , 2008, DBSec.

[7]  Gail-Joon Ahn,et al.  Role-based privilege and trust management , 2005, Comput. Syst. Sci. Eng..

[8]  Long Nguyen,et al.  ISO/IEC 9798−6. Information technology – Security techniques – Entity authentication – Part 6: Mechanisms using manual data transfer , 2010 .

[9]  Pramod A. Jamkhedkar,et al.  Digital rights management architectures , 2009, Comput. Electr. Eng..

[10]  Trent Jaeger,et al.  Seeding clouds with trust anchors , 2010, CCSW '10.

[11]  Lizhe Wang,et al.  Large scale distributed visualization on computational Grids: A review , 2011, Comput. Electr. Eng..

[12]  Khaled M. Khan,et al.  Establishing Trust in Cloud Computing , 2010, IT Professional.

[13]  Imad M. Abbadi Operational trust in Clouds' environment , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[14]  Mohammed Amoon A fault-tolerant scheduling system for computational grids , 2012, Comput. Electr. Eng..

[15]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[16]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[17]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[18]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[19]  Ahmad-Reza Sadeghi,et al.  Trustworthy Clouds Underpinning the Future Internet , 2011, Future Internet Assembly.

[20]  Andrew P. Martin,et al.  Secure Virtual Layer Management in Clouds , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[21]  Imad M. Abbadi,et al.  Preventing information leakage between collaborating organisations , 2008, ICEC.

[22]  Imad M. Abbadi,et al.  Toward Trustworthy Clouds' Internet Scale Critical Infrastructure , 2011, ISPEC.

[23]  Young-Sik Jeong,et al.  High availability and efficient energy consumption for cloud computing service with grid infrastructure , 2013, Comput. Electr. Eng..

[24]  Andrew P. Martin,et al.  RepCloud: achieving fine-grained cloud TCB attestation with reputation systems , 2011, STC '11.

[25]  Matt Bishop,et al.  Storm Clouds Rising: Security Challenges for IaaS Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[26]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .