International Journal of Distributed and Cloud Computing

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Towards Establishing Trust in Public Clouds through Real-time Client Feedback


Affiliations
1 School of Technology, University of Technology & Management, Shillong, Meghalaya., India
2 Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
3 Cisco Systems, Bangalore, Karnataka., India
     

   Subscribe/Renew Journal


Cloud computing, owing to its vast array of technological and commercial benefits, is being aggressively adopted by companies worldwide to meet their computing needs. Virtualization technology is the main enabler of cloud computing services making it economical and scalable for end-users. However, on the contrary, cloud services due to their inherent abstract nature pose significant security threats for user's data and applications; the most critical threat being the "malicious insider's threat" - the primary reason for lack of trust between a Cloud provider and its customers. In this paper, we analyze a cloud provider's basic internal operations required to provide IaaS services in order to understand and address the insider threat.Towards this goal, we inspect the virtualization stack and all the basic VM operations, the role of a cloud system administrator, their interactions with the virtualization ecosystem and therefore identify the scope of their possible malicious activities. We then review the present mechanisms that are adopted to implement trust in Clouds. Finally, we propose a Real-Time Client Feedback System (RTCFS)in the context of preventive and detective control in securing trust, aimed at increasing visibility and transparency for customers into public Clouds. We also suggest the use of job segregation for cloud administrators in order to restrict their individual capabilities to a minimal level. Both these mechanisms can help fill in the trust gap between a cloud provider and its customers.

Keywords

Virtualization, Malicious insider, Preventive Control, Detective Control, RTCFS, Job Segregation, Transparency, Trust, Logging
Subscription Login to verify subscription
User
Notifications
Font Size


  • Jansen, W. A. (2001). Cloud Hooks: Security and Privacy Issues in Cloud Computing. In Hawaii International Conference on System Sciences, (pp. 1-10). 2011 44th Hawaii International Conference on System Sciences.

  • Morsy, M. A., Grundy, J. & Muller, I. (2010). An Analysis of the Cloud Computing Security Proble. In PROC APSEC 2010 Cloud Workshop. 2010.

  • Dawoud, W. (2010). Infrastructure as a Service Security: Challenges and Solutions. Takouna, I. Meinel, C. Hasso Plattner Inst. IEEE Inc. (pp. 1-8).

  • Lombardi, F. & Di Pietro, R. (2010). Secure virtualization for cloud computing. Journal of Network and Computer Application. doi:10.1016/j.jnca.2010.06.008.

  • Griffin, J. L., Jaeger, T., Perez, R., Sailer, R., Van Doorn, L. & Caceres, R. (2005). Trusted Virtual Domains: Toward Secure Distributed Services. In Proc. of the First Workshop on Hot Topics in System Dependability (Hotdep05), Yokohama, Japan, June 2005. IEEE Press.

  • Rocha, F., Abreu, S. & Correia, M. (2011). The final frontier: Confidentiality and privacy in the cloud, security and privacy in an online world. Computer, September, 44(9), 44-50.

  • Zhang, H. C. F., Chen, J. & Zang, B. (2011). Cloud Visor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In To Appear the 23rd ACM Symposium on Operating Systems Principles, SOSP 2011.

  • Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., & Zaharia, M. (2009). Above the Clouds: A Berkeley View of Cloud Computing. UC Berkeley Reliable Adaptive Distributed Systems Laboratory, February 10, 2009.

  • Zissis, D. & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, March, 28(3), 583-592.

  • Pearson, S. (2011). Toward accountability in the cloud, view from the cloud, IEEE internet computing. IEEE Computer Society, July/August, 15(4), 64-69.

  • Building Confidence in the Cloud: A Proposal for Industry and Government Action to Advance Cloud Computing”, Microsoft, January 2010.

  • Ko, R. K. L., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q. & Lee, B. S. (2011). TrustCloud: A Framework for Accountability and Trust in Cloud Computing. HP Laboratories, HPL-2011-38.

  • http://en.wikipedia.org/wiki/Cloud_computing.

  • Mell, P. & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST. US Department of Commerce. Microsoft. (2010). Building Confidence in the Cloud: A Proposal for Industry and Government Action to Advance Cloud Computing.

  • http://en.wikipedia.org/wiki/Cloud_computing# Infrastructure_as_a_Service_.28IaaS.29.

  • http://en.wikipedia.org/wiki/Cloud_computing# Deployment_models.

  • Amazon, A. W. S. (2011). Overview of Security Processesr. Whitepaper.

  • http://openstack.org/.

  • http://docs.openstack.org/trunk/openstack-compute/admin/content/users-and-projects.html.

  • Mace, J. C., van Moorsel, A. & Watson, P. (2011). The Case for Dynamic Security Solutions in Public Cloud Workflow Deployments. Workshop on Dependability of Clouds, Data Centers and Virtual Computing Environments (DCDV 2011).

  • http://www.pinnacle-international.com/pdf/windows-host-access-tech-brief-us.pdf.

  • N. Santos, K. P. Gummadi, and R. Rodrigues. (2009). Towards Trusted Cloud Computing. In HotCloud ‘09:The 1st USENIX Workshop on Hot Topics in Cloud Computing, (pp. 1-5).

  • Brodkin, J. (2008). Gartner: Seven Cloud-Computing Security Risks. Infoworld.

  • Vouk, M. (2008). Cloud Computing-Issues, Research and Implementations. In Proc. 30th International Conference on Information Technology Interfaces, (ITI 2008) IEEE, (pp. 31-40).

  • Pearson, S. (2009). Taking Account of Privacy When Designing Cloud Computing Services. In Proc. 2009 ICSE Workshop on SoftwareEngineering Challenges of Cloud Computing, IEEE ComputerSociety, (pp. 44-52).

  • Pearson, S. & Charlesworth, A. (2009). Accountability as a way forwardfor privacy protection in the cloud. Cloud Computing, 131-144.

  • Haeberlen, A. (2010). A case for the accountable cloud. ACM SIGOPS Operating Systems Review, 44(2), 52-57.

  • Catteddu, D. & Hogben, G. (2009). Cloud Computing Risk Assessment. European Network and Information Security Agency (ENISA).

  • http://en.wikipedia.org/wiki/Log_management_and_intelligence.

  • http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf.

  • Wang, C., Ren, K. & Wang, Q. (2012). Security Challenges for the Public Cloud. IEEE Computer Society.

  • Hoffman, P. & Woods, D. (2010). Cloud Computing: The Limits of Public Clouds for Business Applications. IEEE Internet Computing.

  • https://github.com/cloudera/flume/wiki.

  • http://hbase.apache.org/.

  • http://www.cloudera.com/blog/2011/02/log-event-processing-with-hbase/.


Abstract Views: 557

PDF Views: 4




  • Towards Establishing Trust in Public Clouds through Real-time Client Feedback

Abstract Views: 557  |  PDF Views: 4

Authors

Deepak Shukla
School of Technology, University of Technology & Management, Shillong, Meghalaya., India
Jogesh K. Muppala
Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
Subrota K. Mondal
Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
Pranit Patil
Cisco Systems, Bangalore, Karnataka., India

Abstract


Cloud computing, owing to its vast array of technological and commercial benefits, is being aggressively adopted by companies worldwide to meet their computing needs. Virtualization technology is the main enabler of cloud computing services making it economical and scalable for end-users. However, on the contrary, cloud services due to their inherent abstract nature pose significant security threats for user's data and applications; the most critical threat being the "malicious insider's threat" - the primary reason for lack of trust between a Cloud provider and its customers. In this paper, we analyze a cloud provider's basic internal operations required to provide IaaS services in order to understand and address the insider threat.Towards this goal, we inspect the virtualization stack and all the basic VM operations, the role of a cloud system administrator, their interactions with the virtualization ecosystem and therefore identify the scope of their possible malicious activities. We then review the present mechanisms that are adopted to implement trust in Clouds. Finally, we propose a Real-Time Client Feedback System (RTCFS)in the context of preventive and detective control in securing trust, aimed at increasing visibility and transparency for customers into public Clouds. We also suggest the use of job segregation for cloud administrators in order to restrict their individual capabilities to a minimal level. Both these mechanisms can help fill in the trust gap between a cloud provider and its customers.

Keywords


Virtualization, Malicious insider, Preventive Control, Detective Control, RTCFS, Job Segregation, Transparency, Trust, Logging

References