International Journal of Distributed and Cloud Computing

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Towards Establishing Trust in Public Clouds through Real-time Client Feedback


Affiliations
1 School of Technology, University of Technology & Management, Shillong, Meghalaya., India
2 Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
3 Cisco Systems, Bangalore, Karnataka., India
     

   Subscribe/Renew Journal


Cloud computing, owing to its vast array of technological and commercial benefits, is being aggressively adopted by companies worldwide to meet their computing needs. Virtualization technology is the main enabler of cloud computing services making it economical and scalable for end-users. However, on the contrary, cloud services due to their inherent abstract nature pose significant security threats for user's data and applications; the most critical threat being the "malicious insider's threat" - the primary reason for lack of trust between a Cloud provider and its customers. In this paper, we analyze a cloud provider's basic internal operations required to provide IaaS services in order to understand and address the insider threat.Towards this goal, we inspect the virtualization stack and all the basic VM operations, the role of a cloud system administrator, their interactions with the virtualization ecosystem and therefore identify the scope of their possible malicious activities. We then review the present mechanisms that are adopted to implement trust in Clouds. Finally, we propose a Real-Time Client Feedback System (RTCFS)in the context of preventive and detective control in securing trust, aimed at increasing visibility and transparency for customers into public Clouds. We also suggest the use of job segregation for cloud administrators in order to restrict their individual capabilities to a minimal level. Both these mechanisms can help fill in the trust gap between a cloud provider and its customers.

Keywords

Virtualization, Malicious insider, Preventive Control, Detective Control, RTCFS, Job Segregation, Transparency, Trust, Logging
Subscription Login to verify subscription
User
Notifications
Font Size



  • Towards Establishing Trust in Public Clouds through Real-time Client Feedback

Abstract Views: 734  |  PDF Views: 4

Authors

Deepak Shukla
School of Technology, University of Technology & Management, Shillong, Meghalaya., India
Jogesh K. Muppala
Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
Subrota K. Mondal
Department of Computer Science & Engineering, Hong Kong University of Science & Technology., Hong Kong
Pranit Patil
Cisco Systems, Bangalore, Karnataka., India

Abstract


Cloud computing, owing to its vast array of technological and commercial benefits, is being aggressively adopted by companies worldwide to meet their computing needs. Virtualization technology is the main enabler of cloud computing services making it economical and scalable for end-users. However, on the contrary, cloud services due to their inherent abstract nature pose significant security threats for user's data and applications; the most critical threat being the "malicious insider's threat" - the primary reason for lack of trust between a Cloud provider and its customers. In this paper, we analyze a cloud provider's basic internal operations required to provide IaaS services in order to understand and address the insider threat.Towards this goal, we inspect the virtualization stack and all the basic VM operations, the role of a cloud system administrator, their interactions with the virtualization ecosystem and therefore identify the scope of their possible malicious activities. We then review the present mechanisms that are adopted to implement trust in Clouds. Finally, we propose a Real-Time Client Feedback System (RTCFS)in the context of preventive and detective control in securing trust, aimed at increasing visibility and transparency for customers into public Clouds. We also suggest the use of job segregation for cloud administrators in order to restrict their individual capabilities to a minimal level. Both these mechanisms can help fill in the trust gap between a cloud provider and its customers.

Keywords


Virtualization, Malicious insider, Preventive Control, Detective Control, RTCFS, Job Segregation, Transparency, Trust, Logging

References