Trust Evaluation System

advertisement
Evaluation and Establishment of
Trust in Cloud Federation
In-house Defense
School of Electrical Engineering & Computer Science, NUST
Islamabad
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
1
 Introduction
 Motivation
 Literature Review
 Research Methodology
Agenda
 Problem Statement
 Objectives
 Contributions
 Implementation
 Future Directions
 References
 Demonstration
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
2
Introduction
Cloud
Computing
Peer to
peer
computing
Cloud
Federation
Service
Oriented
Architecture
Grid
Computing
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
3
Cloud Federation
Introduction
 Maximize resource utilization
 Minimize power consumption while satisfying customer
service‐level agreements (SLAs).
 Load balancing and Cloud bursting
 Expand Cloud provider’s geographic footprints
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
4
Home Cloud
Motivation
Cloud Federation
Distribute the load of customers
across the home cloud boundary
Foreign Cloud
Cloud federation
platform
Foreign Cloud
5
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
Optimum federation Secure Federation
Motivation
Cloud federation
Challenges
Resource provisioning &
management
Authentication of federation
requests
Selection of foreign Cloud
Trust establishment between
Clouds
Efficient brokering policies
Virtual machine migration and
monitoring
Optimum resource discovery
Secure data sharing
Distributed resource allocation
Authenticating internetworking
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
6
Motivation
Trust
Establishment in
Cloud Federation
Home Cloud
Problem of Trust establishment
arises to achieve federation
Foreign Cloud
Foreign Cloud
7
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
 2010
Literature
Review
Cloud FederationState of the Art




Cloud brokering and strategies
Types of Cloud federation
Facilitating self-adaptable Inter-Cloud management
Dynamic resource allocation
 2011
 Service Level Agreement (SLAs) in Cloud federation
 Authentication and authorization
 Privacy of data being shifted to foreign Cloud
 2012
 Security challenges faced by Cloud federation
 Trust issues in horizontal Cloud federation
 Secure data sharing schemes
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
8
Literature
Review
Trust Models in Cloud
ComputingState of the Art
 2009
 Domain based trust models
 Reputation based trust models
 2010
 Trusted virtual environment module for trust evaluation
 Service Level Agreements based trust models
 2011
 Feedback based trust evaluation for Cloud providers
 Risk management and trust policies for Cloud scenarios
 Use of Quality of Service parameters for trust
formulation
 2012
 Ensuring trust through security certification
 Novel weighted trust algorithms for Cloud environment
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
9
Reservoir- Resources and
service virtualization
without barriers
Industrial
Survey
Cloud Federation
CompatibleOne- The
open source Cloud broker
ScaleUp TechnologiesFederated Cloud
platform
Contrail- Open
computing infrastructure
for elastic service
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
10
Industrial
Survey
Cloud Federation
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
11
Theory/Define
Research Area
Research
Methodology
Deductive
Approach
• Explore Cloud federation issues and challenges
• Explore Trust models in Cloud computing
Literature Survey
•Explore Industrial Cloud federation Solutions
•Review Concepts & theories
•Research publication related to trust models in
Cloud
Define Research
Problem
• There is a need to propose an assessment criteria
for analysis of trust models in Cloud domain
• There is need to propose a trust evaluation
system and protocol for Cloud federation
Develop
Hypothesis
• Is it possible to devise assessment criteria for
trust models in Cloud ?
• Are existing trust models in Cloud computing
limited to only one Cloud provider?
• Does the trust establishment is a major hindrance
in adoption and acceptance of Cloud federation?
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
12
Research
Methodology
Prepare Research
Design
Deductive
Approach
Hypothesis
Evaluation/
Confirmation
• Identification of eminent features for analysis of
trust models in Cloud.
• Design of trust evaluation model and underlying
protocol for Cloud federation
• Proposition of Assessment criteria for trust
models in Cloud
• Implementation of trust evaluation system and
protocol
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
13
Problem
Statement
 In order to establish and evaluate trust between home and foreign
Cloud providers participating in federation, we propose a bidirectional trust evaluation system. The system aims to initiate the
reliable and trusted federation of resources during the demand
spikes of Cloud consumers requests.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
14
Objective 1
Objectives
• To propose an assessment criteria for trust models in Cloud
computing by extensive survey and analysis of existing
trust models
Objective 2
• To design and implement trust evaluation system and
underlying trust establishment protocol in Cloud
federation
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
15
 Research Paper 1
Contributions
Research
Perspective
•
Ayesha Kanwal, Rahat Masood, Ume E Ghazia, Muhammad
Awais Shibli, Abdul Ghafoor Abbasi, “Assessment Criteria for
Trust Models in Cloud Computing”, In: 9th IEEE International
Conference on Green Computing and Communications
(GreenCom), IEEE, Beijing, China, 20-23 August, 2013.
 Research Paper 2
 Ayesha Kanwal, Rahat Masood and Muhammad Awais Shibli,
“Evaluation and Establishment of Trust in Cloud Federation”,
2014 International Conference on Ubiquitous Information
Management and Communication , ACM, Cambodia, 9-11
January, 2014.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
16
Research
Perspective
Proposed
Benchmark
Assessment Criteria for Trust Models in Cloud
Computing
 Establishment of a benchmark for assessment and evaluation
of Cloud based trust models.
 Analysis of existing trust models with respect to proposed
assessment criteria
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
17
Domain based
trust models
Security &
interoperability
centered trust model
[32]
Feedback based trust
models
Subjective trust
models
Medium
Low
Low
Low
Low
Data Control and
ownership
High
High
High
High
High
Low
Low
Low
Low
Low
Low
Low
Model complexity
Low
Low
Medium
High
High
Medium
High
Medium
Low
Low
High
High
Detection
of
untrusted entities
High
High
High
Low
High
Low
High
High
High
Medium
High
Medium
Process Execution
Control
Low
High
Low
Low
High
Low
Low
Low
Low
Low
Low
Low
Quality of Service
attributes
Medium
Low
Low
Low
Low
High
Medium
Medium
Low
Low
Low
Low
Dynamic
trust
update and logging
Medium
Low
Low
Medium
Medium
High
Department
of Electrical High
Medium of Computing,
Low SchoolHigh
Engineering and Computer Sciences, NUST Islamabad
Medium
Fuzzy
comprehensive
based trust model
[34]
Low
A novel weighted
trust model [33]
Low
Collaborative Trust
Model [31]
High
PLT-based trust
model [30]
Medium
Trust as a service
model [29]
High
Trust evaluation
model based on
response time [28]
Medium
(TVEM) based trust
model [27]
Medium
Certificates based
trust model [26]
Data integrity
Ticket based trust
model [25]
Trust model for
security aware Cloud
[24]
Certificate/secret keysbased trust models
SLA-based trust
model [23]
Assessment
features
Agreement
based trust
models
High 18
Contributions
Implementation
Perspective
Trust Evaluation System and protocol
 Feedback and SLA based trust evaluation for CSPs
 Exchange of trust credentials using Security Assertion
Markup Language (SAML) between the two CSPs
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
19
Implementation
 Eclipse (JavaEE)
Development Toolkit
 Security Assertion Markup Language (SAML ) version 2.0
 Apache Tomcat Server 7.0
 MySQL Essential Server Version 5.1.47
 Java Cryptographic Library
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
20
Trust Evaluation System
Implementation
Architecture – Trust
Evaluation System
Feedback Management Module
Feedback
based Trust
Evaluation
Feedback
Collection
Module
SLA Management Module
SLA based
Trust
Evaluation
Parameters
Extraction
Module
Feedback
Repository
SLA
Repository
Registration Management Module
Trust Management Module
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
21
Feedback
based Trust
Evaluation
8b
Feedback
Repository
SLA based
Trust
Evaluation
8a
Parameters
Extraction
Module
7
Implementation
6
9b
Feedback
Collection
Module
Workflow Diagram –
Trust Evaluation System
9a
SLA
Repository
1
5
Trust Management
Module
4
Cloud
consumers
Data
3
10
Registration
Management Module
2
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
22
Implementation
Component Diagram–
Trust Evaluation System
Application
Layer
Cloud
Administrator
Interface
Business Logic
Layer
XACML files of
SLA
SLA
Collection
SLA storage
SLA based Trust
Evaluation
Trust
Management
Cloud customers
Interface
Parameters
Extraction
Storage
Layer
Customers feedback
and information
Feedback
Storage
Feedback
based Trust
Evaluation
Feedback
Collection
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
23
Trust Evaluation
System
Implementation
Trust Establishment
Protocol
Home
CSP
Trust
Management
Agent
4- < Federation Request >
8- < FederationResponse >
3-Verification
Foreign
CSP
Trust
Foreign
CSP
Management
Agent
7-Verification
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
24
Future
Directions
 After the trust establishment between home and foreign Clouds,
the access rights delegation can also be introduced for the
customer being redirected to foreign CSP.
 The performance of a CSP in a cloud federation can deteriorate
over the time, there is a need to propose a secure mechanism
which will dynamically change the access level given to a CSP
based on the evaluated trust score according to risk associated
with it.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
25
Conclusion
 We have proposed a trust evaluation system that facilitates the
CSPs to evaluate and establish the trust, hence making them to
participate in trusted and reliable Cloud federation.
 The system is based on two essential factors for trust evaluation
which are feedback and SLAs of CSPs.
 An aggregated trust value is evaluated using the feedback and
extracted SLA parameters. The trust credentials are issued by
trust evaluation system and exchanged between home and
foreign CSPs using SAML based assertions.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
26
References
1.
Lizhe Wang, Gregor von Laszewski, Andrew Younge, Xi He, Marcel Kunze, Jie Tao and Cheng Fu,
“Cloud computing: a perspective study”, New Generation Computing, volume 28, page 137-146, April
2010.
2.
Michael armbrust, armando fox, rean griffith, anthony d. joseph, randy katz, andy konwinski, gunho
lee, dav id patterson, ariel rabkin, ion stoica, and matei zaharia, “A view of Cloud computing”,
Communications of the ACM Volume 53, Issue 4, page 50-58, USA, April 2010.
3.
Bhaskar Prasad, Eumin Choi and Ian Lumb, “A Taxomony and Survey of Cloud Computing Systems”,
fifth international joint conference on INC, IMS and IDC, Page(s): 44 – 51, Seoul, August 2009.
4.
Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic, “Cloud
Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the
5th Utility”, Future Generation Computer Systems, 25 (6), page(s): 599-616, 2009.
5.
Shubhashis Sengupta, Vikrant Kaulgud and Vibhu Saujanya Sharma, “Cloud Computing Security Trends and Research Directions”, 7th IEEE World Congress on Services, page(s): 524-531, USA, July
2011.
6.
S. Subashini and V.Kavitha, “A survey on security issues in service delivery models of cloud
computing”, Journal of Network and Computer Applications volume 34, page 1–11, January 2011.
7.
Dimitrios Zissis and Dimitrios Lekkas, “Addressing cloud computing security issues”, Future
Generation Computer system, volume 29, pages 583- 592, March 2012.
8.
Qi Zhang , Lu Cheng and Raouf Boutaba, “Cloud computing: state-of-the-art and research
challenges”, Journal of Internet Services and Applications, volume 1, page 7-18, May 2010.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
27
9.
References
Chang Chaowen, Liu Chen and Wang Yuqiao “A Subjective Trust Model based on two-dimensional
measurement”, International Conference on Computer Engineering and Technology, page(s): 37-41,
Singapore, 2009.
10.
Wojcik M, Venter HS and Eloff “Trust Model Evaluation Criteria: A Detailed Analysis of Trust
Evaluation”, In Proceedings of the ISSA from Insight to Foresight Conference, Information Security,
page(s): 1-9, South Africa, 2006.
11.
Jemal Abawajy, “Establishing Trust in Hybrid Cloud Computing Environments” IEEE 10th
International conference on Trust, Security and Privacy in Computing and Communications (TrustCom),
page(s): 118-125, Australia , November 2011.
12.
P.S. Pawar, M. Rajarajan, S. Krishnan Nair, and A. Zisman, “Trust Model for Optimized Cloud Services”,
IFIP Advances in Information and Communication Technology Volume 374, page(s): 97-112, 2012.
13.
Hyukho Kim, Hana Lee, Woongsup Kim and Yangwoo Kim, “A Trust Evaluation Model for QoS
Guarantee in Cloud Systems”, International Journal of Grid and Distributed Computing Volume 3, No.1,
March, 2010.
14.
Kai Hwang, Sameer Kulkarni and Yue Hu, “Cloud Security with Virtualized Defense and Reputationbased Trust Management”, Eighth IEEE International Conference on Dependable, Autonomic and
Secure Computing, page(s): 717-722, USA, 2009.
15.
Yu-Chao Liu, Yu-Tao Ma, Hai-Su, Zhang De-Yi Li and Gui-Sheng Chen, “A Method for Trust
Management in Cloud Computing: Data Coloring by Cloud Watermarking”, International Journal of
Automation and Computing, Volume 8, page(s): 280-285, August 2011.
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
28
Thank You
 Special thanks to my Supervisor & Committee Members
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
29
Implementation
Demo
Evaluation and Establishment of Trust in Cloud
Federation
Department of Computing, School of Electrical
Engineering and Computer Sciences, NUST Islamabad
30
Related documents
Download