Evaluation and Establishment of Trust in Cloud Federation

Department of Computing, School of Electrical Engineering and Computer

Sciences, NUST - Islamabad

Evaluation and Establishment of Trust in

Cloud Federation

In-house DefenseSchool of Electrical Engineering &

Computer Science, NUST Islamabad

1Department of Computing, School of Electrical Engineering and Computer




Agenda

Introduction Motivation Literature Review Research Methodology Problem Statement Objectives Contributions Implementation Future Directions References Demonstration

2

3

Introduction





Introduction

4

Cloud Federation Maximize resource utilization Minimize power consumption while satisfying

customer service‐level agreements (SLAs). Load balancing and Cloud bursting Expand Cloud provider’s geographic footprints



Motivation

Cloud Federation

5

Cloud federation platform Foreign Cloud Foreign Cloud

Home Cloud

Distribute the load of customers across the home cloud boundary



6

Motivation

Cloud federation

Challenges



7

Foreign Cloud Foreign Cloud

Home Cloud

Motivation

Trust Establishment

in Cloud Federation



Literature Review

Cloud Federation-

State of the Art

8

2010 Cloud brokering and strategies Types of Cloud federation Facilitating self-adaptable Inter-Cloud

management Dynamic resource allocation

2011 Service Level Agreement (SLAs) in Cloud

federation Authentication and authorization Privacy of data being shifted to foreign Cloud

2012 Security challenges faced by Cloud federation Trust issues in horizontal Cloud federation Secure data sharing schemes



Literature Review

Trust Models in Cloud

Computing-State of the Art

9

2009 Domain based trust models Reputation based trust models

2010 Trusted virtual environment module for trust

evaluation Service Level Agreements based trust models

2011 Feedback based trust evaluation for Cloud

providers Risk management and trust policies for Cloud

scenarios Use of Quality of Service parameters for trust

formulation

2012 Ensuring trust through security certification Novel weighted trust algorithms for Cloud

environment



Industrial Survey

Cloud Federation

10



11

Industrial Survey

Cloud Federation



Research Methodolo

gy Deductive Approach

12



13

Research Methodolo

gy Deductive Approach

In order to establish and evaluate trust between home and foreign Cloud providers participating in federation, we propose a bi-directional trust evaluation system. The system aims to initiate the reliable and trusted federation of resources during the demand spikes of Cloud consumers requests.

14

Problem Statement





Objectives

15



Contributions

Research Perspective

Research Paper 1

• Ayesha Kanwal, Rahat Masood, Ume E Ghazia, Muhammad Awais Shibli, Abdul Ghafoor Abbasi, “Assessment Criteria for Trust Models in Cloud Computing”, In: 9th IEEE International Conference on Green Computing and Communications (GreenCom), IEEE, Beijing, China, 20-23 August, 2013.

Research Paper 2 Ayesha Kanwal, Rahat Masood and Muhammad

Awais Shibli, “Evaluation and Establishment of Trust in Cloud Federation”, 2014 International Conference on Ubiquitous Information Management and Communication , ACM, Cambodia, 9-11 January, 2014.

16



Research Perspective

Proposed Benchmark

17

Assessment Criteria for Trust Models in Cloud Computing

Establishment of a benchmark for assessment and evaluation of Cloud based trust models.

Analysis of existing trust models with respect to proposed assessment criteria



18



Trust Evaluation System and protocol

Feedback and SLA based trust evaluation for CSPs Exchange of trust credentials using Security

Assertion Markup Language (SAML) between the two CSPs

19

Contributions

Implementation Perspective



Implementation

Development Toolkit

Eclipse (JavaEE)

Security Assertion Markup Language (SAML ) version 2.0

Apache Tomcat Server 7.0

MySQL Essential Server Version 5.1.47

Java Cryptographic Library

20



21

Trust Management Module Registration Management

Module

Feedback Collection

Module

Feedback based Trust Evaluation

SLA based Trust

Evaluation

Parameters Extraction

Module

Trust Evaluation System

Feedback Management Module

SLA Management Module

Feedback Repository

SLA Repository

Implementation

Architecture – Trust Evaluation System



22

Implementation

Workflow Diagram – Trust Evaluation

System

Feedback Collection

Module

Feedback based Trust Evaluation

SLA based Trust

Evaluation

Parameters

Extraction Module

Feedback Repository

SLA Repository

Trust Management Module

Registration Management

Module

Cloud consumers

Data

1

2

3

4

5

67

8a8b

9a9b

10



23

Application Layer

Business LogicLayer Storage

Layer

Trust Managem

ent

Feedback based

Trust Evaluatio

n

SLA storageCloud

AdministratorInterface

SLA Collection

Customers feedback and information

XACML files of SLA

Feedback Storage

Cloud customersInterface

Feedback

Collection

Implementation

Component Diagram– Trust

Evaluation System

Parameters

Extraction

SLA based Trust

Evaluation



24

Implementation

Trust Establishment

Protocol

Trust Evaluation System

4- < Federation Request >

6- < Trust

Response>

1 <

Tru

st

Requ

est >

2- <

Tru

st

Resp

onse

>7-Verification 3-Verification

Home

CSPForeign CSP

8- < FederationResponse >

5- < Trust

Request >

Trust

Management Agent

Trust

Management Agent

Foreign CSP



Future Directions

After the trust establishment between home and foreign Clouds, the access rights delegation can also be introduced for the customer being redirected to foreign CSP.

The performance of a CSP in a cloud federation can deteriorate over the time, there is a need to propose a secure mechanism which will dynamically change the access level given to a CSP based on the evaluated trust score according to risk associated with it.

25

Conclusion

We have proposed a trust evaluation system that facilitates the CSPs to evaluate and establish the trust, hence making them to participate in trusted and reliable Cloud federation.

The system is based on two essential factors for trust evaluation which are feedback and SLAs of CSPs.

An aggregated trust value is evaluated using the feedback and extracted SLA parameters. The trust credentials are issued by trust evaluation system and exchanged between home and foreign CSPs using SAML based assertions.

26Department of Computing, School of Electrical Engineering and Computer




References

1. Lizhe Wang, Gregor von Laszewski, Andrew Younge, Xi He, Marcel Kunze, Jie Tao and Cheng Fu, “Cloud computing: a perspective study”, New Generation Computing, volume 28, page 137-146, April 2010.

2. Michael armbrust, armando fox, rean griffith, anthony d. joseph, randy katz, andy konwinski, gunho lee, dav id patterson, ariel rabkin, ion stoica, and matei zaharia, “A view of Cloud computing”, Communications of the ACM Volume 53, Issue 4, page 50-58, USA, April 2010.

3. Bhaskar Prasad, Eumin Choi and Ian Lumb, “A Taxomony and Survey of Cloud Computing Systems”, fifth international joint conference on INC, IMS and IDC, Page(s): 44 – 51, Seoul, August 2009.

4. Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic, “Cloud Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility”, Future Generation Computer Systems, 25 (6), page(s): 599-616, 2009.

5. Shubhashis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma, “Cloud Computing Security - Trends and Research Directions”, 7th IEEE World Congress on Services, page(s): 524-531, USA, July 2011.

6. S. Subashini and V.Kavitha, “A survey on security issues in service delivery models of cloud computing”, Journal of Network and Computer Applications volume 34, page 1–11, January 2011.

7. Dimitrios Zissis and Dimitrios Lekkas, “Addressing cloud computing security issues”, Future Generation Computer system, volume 29, pages 583- 592, March 2012.

8. Qi Zhang , Lu Cheng and Raouf Boutaba, “Cloud computing: state-of-the-art and research challenges”, Journal of Internet Services and Applications, volume 1, page 7-18, May 2010.

27



References

9. Chang Chaowen, Liu Chen and Wang Yuqiao “A Subjective Trust Model based on two-dimensional measurement”, International Conference on Computer Engineering and Technology, page(s): 37-41, Singapore, 2009.

10. Wojcik M, Venter HS and Eloff “Trust Model Evaluation Criteria: A Detailed Analysis of Trust Evaluation”, In Proceedings of the ISSA from Insight to Foresight Conference, Information Security, page(s): 1-9, South Africa, 2006.

11. Jemal Abawajy, “Establishing Trust in Hybrid Cloud Computing Environments” IEEE 10th International conference on Trust, Security and Privacy in Computing and Communications (TrustCom), page(s): 118-125, Australia , November 2011.

12. P.S. Pawar, M. Rajarajan, S. Krishnan Nair, and A. Zisman, “Trust Model for Optimized Cloud Services”, IFIP Advances in Information and Communication Technology Volume 374, page(s): 97-112, 2012.

13. Hyukho Kim, Hana Lee, Woongsup Kim and Yangwoo Kim, “A Trust Evaluation Model for QoS Guarantee in Cloud Systems”, International Journal of Grid and Distributed Computing Volume 3, No.1, March, 2010.

14. Kai Hwang, Sameer Kulkarni and Yue Hu, “Cloud Security with Virtualized Defense and Reputation-based Trust Management”, Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, page(s): 717-722, USA, 2009.

15. Yu-Chao Liu, Yu-Tao Ma, Hai-Su, Zhang De-Yi Li and Gui-Sheng Chen, “A Method for Trust Management in Cloud Computing: Data Coloring by Cloud Watermarking”, International Journal of Automation and Computing, Volume 8, page(s): 280-285, August 2011.

28



Thank You Special thanks to my Supervisor & Committee Members

29



30

Implementation Demo

Evaluation and Establishment of Trust in Cloud Federation

Evaluation and Establishment of Trust in Cloud Federation

Documents

Transcript of Evaluation and Establishment of Trust in Cloud Federation