KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

Establishment and propagation of trust in federated cloud environment

Domain:Cloud Computing Security

Status: Completed 
Contact Person(s): Ayesha Kanwal, Rahat Masood, Muhammad Awais Shibli

Date of Completion: March, 2014 

With Cloud federation, providers can share the resources with peers to gain economic advantages. Cloud federation allows the Cloud providers (home Cloud) to use outside resources when demand outstrips supply, and to rent out the resources (foreign Cloud) when other providers need to shed load. It also allows providers to expand their geographic footprints without deploying their own computing resources worldwide. There exist several challenging issues in Cloud federation that mainly includes the lack of trust between home Cloud and foreign Cloud providers. During migration of customer’s requests and services from home Cloud to foreign Cloud platform, there is a need to establish and propagate trust among the Cloud providers. The ability to guarantee that services are provisioned with appropriate level of security requires a trusted relationship between the Cloud providers participating in federation.

In order to redirect the customer’s requests from one Cloud provider to other Cloud provider during the demand spikes, we are aiming to propose a protocol for establishment of trust between two Cloud providers participating in federation. In addition to this, the proposed protocol will propagate the customer’s trust towards the second Cloud provider, where its requests and services have to migrate during the federation. In proposed design, the collected feedback and SLAs will be used to evaluate an aggregated trust value for Home Cloud and Foreign Cloud providers. This aggregated trust score along with the authentication and trust credentials that mainly includes identity of CSPs, SLAs and Security profiles will be exchanged via SAML assertions.

                


The main objective of proposed protocol is to establish and propagate the trust of one CSP to another CSP in inter-Cloud domain that will facilitate the trusted and secure migration of requests in federated Cloud domain during the demand spikes. Using our protocol Cloud providers can establish a trusted link that will lead them to participate in federation, for best utilization of computing and storage resources as well as load balancing. The protocol will provide establishment and propagation of trust on “Software as a service” layer that is more portable, reliable and convenient, as compared to hardware (TPM) based trust evaluation. Moreover, all the three types of Cloud consumers either on software, platform or infrastructure layer (SaaS, PaaS, or IaaS) will be redirected across Cloud providers in a trusted and secure way. The protocol will resolve the trust issue among Cloud providers and provoke them to participate in federation for servicing more and more customers using the existing infrastructure.

 


Project Documents:

  1. Absract  (PDF)
  2. Presentation  (PDF)
  3. Publications

      ►"Assessment Criteria for Trust Models in Cloud Computing" (Link) presented in Greencom Conference Presentation