Evaluation and Establishment of Trust in Cloud Federation
description
Transcript of Evaluation and Establishment of Trust in Cloud Federation
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Evaluation and Establishment of Trust in
Cloud Federation
In-house DefenseSchool of Electrical Engineering &
Computer Science, NUST Islamabad
1Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Agenda
Introduction Motivation Literature Review Research Methodology Problem Statement Objectives Contributions Implementation Future Directions References Demonstration
2
3
Introduction
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Introduction
4
Cloud Federation Maximize resource utilization Minimize power consumption while satisfying
customer service‐level agreements (SLAs). Load balancing and Cloud bursting Expand Cloud provider’s geographic footprints
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Motivation
Cloud Federation
5
Cloud federation platform Foreign Cloud Foreign Cloud
Home Cloud
Distribute the load of customers across the home cloud boundary
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
6
Motivation
Cloud federation
Challenges
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
7
Foreign Cloud Foreign Cloud
Home Cloud
Motivation
Trust Establishment
in Cloud Federation
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Review
Cloud Federation-
State of the Art
8
2010 Cloud brokering and strategies Types of Cloud federation Facilitating self-adaptable Inter-Cloud
management Dynamic resource allocation
2011 Service Level Agreement (SLAs) in Cloud
federation Authentication and authorization Privacy of data being shifted to foreign Cloud
2012 Security challenges faced by Cloud federation Trust issues in horizontal Cloud federation Secure data sharing schemes
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Literature Review
Trust Models in Cloud
Computing-State of the Art
9
2009 Domain based trust models Reputation based trust models
2010 Trusted virtual environment module for trust
evaluation Service Level Agreements based trust models
2011 Feedback based trust evaluation for Cloud
providers Risk management and trust policies for Cloud
scenarios Use of Quality of Service parameters for trust
formulation
2012 Ensuring trust through security certification Novel weighted trust algorithms for Cloud
environment
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Industrial Survey
Cloud Federation
10
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
11
Industrial Survey
Cloud Federation
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Research Methodolo
gy Deductive Approach
12
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
13
Research Methodolo
gy Deductive Approach
In order to establish and evaluate trust between home and foreign Cloud providers participating in federation, we propose a bi-directional trust evaluation system. The system aims to initiate the reliable and trusted federation of resources during the demand spikes of Cloud consumers requests.
14
Problem Statement
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Objectives
15
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Contributions
Research Perspective
Research Paper 1
• Ayesha Kanwal, Rahat Masood, Ume E Ghazia, Muhammad Awais Shibli, Abdul Ghafoor Abbasi, “Assessment Criteria for Trust Models in Cloud Computing”, In: 9th IEEE International Conference on Green Computing and Communications (GreenCom), IEEE, Beijing, China, 20-23 August, 2013.
Research Paper 2 Ayesha Kanwal, Rahat Masood and Muhammad
Awais Shibli, “Evaluation and Establishment of Trust in Cloud Federation”, 2014 International Conference on Ubiquitous Information Management and Communication , ACM, Cambodia, 9-11 January, 2014.
16
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Research Perspective
Proposed Benchmark
17
Assessment Criteria for Trust Models in Cloud Computing
Establishment of a benchmark for assessment and evaluation of Cloud based trust models.
Analysis of existing trust models with respect to proposed assessment criteria
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
18
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Trust Evaluation System and protocol
Feedback and SLA based trust evaluation for CSPs Exchange of trust credentials using Security
Assertion Markup Language (SAML) between the two CSPs
19
Contributions
Implementation Perspective
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Implementation
Development Toolkit
Eclipse (JavaEE)
Security Assertion Markup Language (SAML ) version 2.0
Apache Tomcat Server 7.0
MySQL Essential Server Version 5.1.47
Java Cryptographic Library
20
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
21
Trust Management Module Registration Management
Module
Feedback Collection
Module
Feedback based Trust Evaluation
SLA based Trust
Evaluation
Parameters Extraction
Module
Trust Evaluation System
Feedback Management Module
SLA Management Module
Feedback Repository
SLA Repository
Implementation
Architecture – Trust Evaluation System
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
22
Implementation
Workflow Diagram – Trust Evaluation
System
Feedback Collection
Module
Feedback based Trust Evaluation
SLA based Trust
Evaluation
Parameters
Extraction Module
Feedback Repository
SLA Repository
Trust Management Module
Registration Management
Module
Cloud consumers
Data
1
2
3
4
5
67
8a8b
9a9b
10
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
23
Application Layer
Business LogicLayer Storage
Layer
Trust Managem
ent
Feedback based
Trust Evaluatio
n
SLA storageCloud
AdministratorInterface
SLA Collection
Customers feedback and information
XACML files of SLA
Feedback Storage
Cloud customersInterface
Feedback
Collection
Implementation
Component Diagram– Trust
Evaluation System
Parameters
Extraction
SLA based Trust
Evaluation
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
24
Implementation
Trust Establishment
Protocol
Trust Evaluation System
4- < Federation Request >
6- < Trust
Response>
1 <
Tru
st
Requ
est >
2- <
Tru
st
Resp
onse
>7-Verification 3-Verification
Home
CSPForeign CSP
8- < FederationResponse >
5- < Trust
Request >
Trust
Management Agent
Trust
Management Agent
Foreign CSP
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Future Directions
After the trust establishment between home and foreign Clouds, the access rights delegation can also be introduced for the customer being redirected to foreign CSP.
The performance of a CSP in a cloud federation can deteriorate over the time, there is a need to propose a secure mechanism which will dynamically change the access level given to a CSP based on the evaluated trust score according to risk associated with it.
25
Conclusion
We have proposed a trust evaluation system that facilitates the CSPs to evaluate and establish the trust, hence making them to participate in trusted and reliable Cloud federation.
The system is based on two essential factors for trust evaluation which are feedback and SLAs of CSPs.
An aggregated trust value is evaluated using the feedback and extracted SLA parameters. The trust credentials are issued by trust evaluation system and exchanged between home and foreign CSPs using SAML based assertions.
26Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References
1. Lizhe Wang, Gregor von Laszewski, Andrew Younge, Xi He, Marcel Kunze, Jie Tao and Cheng Fu, “Cloud computing: a perspective study”, New Generation Computing, volume 28, page 137-146, April 2010.
2. Michael armbrust, armando fox, rean griffith, anthony d. joseph, randy katz, andy konwinski, gunho lee, dav id patterson, ariel rabkin, ion stoica, and matei zaharia, “A view of Cloud computing”, Communications of the ACM Volume 53, Issue 4, page 50-58, USA, April 2010.
3. Bhaskar Prasad, Eumin Choi and Ian Lumb, “A Taxomony and Survey of Cloud Computing Systems”, fifth international joint conference on INC, IMS and IDC, Page(s): 44 – 51, Seoul, August 2009.
4. Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic, “Cloud Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility”, Future Generation Computer Systems, 25 (6), page(s): 599-616, 2009.
5. Shubhashis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma, “Cloud Computing Security - Trends and Research Directions”, 7th IEEE World Congress on Services, page(s): 524-531, USA, July 2011.
6. S. Subashini and V.Kavitha, “A survey on security issues in service delivery models of cloud computing”, Journal of Network and Computer Applications volume 34, page 1–11, January 2011.
7. Dimitrios Zissis and Dimitrios Lekkas, “Addressing cloud computing security issues”, Future Generation Computer system, volume 29, pages 583- 592, March 2012.
8. Qi Zhang , Lu Cheng and Raouf Boutaba, “Cloud computing: state-of-the-art and research challenges”, Journal of Internet Services and Applications, volume 1, page 7-18, May 2010.
27
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
References
9. Chang Chaowen, Liu Chen and Wang Yuqiao “A Subjective Trust Model based on two-dimensional measurement”, International Conference on Computer Engineering and Technology, page(s): 37-41, Singapore, 2009.
10. Wojcik M, Venter HS and Eloff “Trust Model Evaluation Criteria: A Detailed Analysis of Trust Evaluation”, In Proceedings of the ISSA from Insight to Foresight Conference, Information Security, page(s): 1-9, South Africa, 2006.
11. Jemal Abawajy, “Establishing Trust in Hybrid Cloud Computing Environments” IEEE 10th International conference on Trust, Security and Privacy in Computing and Communications (TrustCom), page(s): 118-125, Australia , November 2011.
12. P.S. Pawar, M. Rajarajan, S. Krishnan Nair, and A. Zisman, “Trust Model for Optimized Cloud Services”, IFIP Advances in Information and Communication Technology Volume 374, page(s): 97-112, 2012.
13. Hyukho Kim, Hana Lee, Woongsup Kim and Yangwoo Kim, “A Trust Evaluation Model for QoS Guarantee in Cloud Systems”, International Journal of Grid and Distributed Computing Volume 3, No.1, March, 2010.
14. Kai Hwang, Sameer Kulkarni and Yue Hu, “Cloud Security with Virtualized Defense and Reputation-based Trust Management”, Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, page(s): 717-722, USA, 2009.
15. Yu-Chao Liu, Yu-Tao Ma, Hai-Su, Zhang De-Yi Li and Gui-Sheng Chen, “A Method for Trust Management in Cloud Computing: Data Coloring by Cloud Watermarking”, International Journal of Automation and Computing, Volume 8, page(s): 280-285, August 2011.
28
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
Thank You Special thanks to my Supervisor & Committee Members
29
Department of Computing, School of Electrical Engineering and Computer
Sciences, NUST - Islamabad
30
Implementation Demo
Evaluation and Establishment of Trust in Cloud Federation