Policing as a Service in the Cloud

ABSTRACT

Security and privacy are fundamental concerns in cloud computing both in terms of legal complications and user trust. Cloud computing is a new computing paradigm, aiming to provide reliable, customized, and guaranteed computing dynamic environment for end users. However, the existing security and privacy issues in the cloud still present a strong barrier for users to adopt cloud computing solutions. This paper investigates the security and privacy challenges in cloud computing in order to explore methods that improve the users’ trust in the adaptation of the cloud. Policing as a Service can be offered by the cloud providers with the intention of empowering users to monitor and guard their assets in the cloud. This service is beneficial both to the cloud providers and the users. However, at first, the cloud providers may only be able to offer basic auditing services due to undeveloped tools and applications. Similar to other services delivered in the cloud, users can purchase this service to gain some control over their data. The subservices of the proposed service can be Privacy as a Service and Forensics as a Service. These services give users a sense of transparency and control over their data in the cloud while better security and privacy safeguards are sought.     

云环境下基于服务等级协议的信任评估模型

针对用户在交互过程中对云服务商缺乏信任的问题,提出了一个基于服务等级协议(SLA)的云计算信任模型。在该模型中,云服务商在向服务中心--可信的第三方平台注册时,首先提交自身的实力评估报告,说明其实力、运营、技术及提供的服务属性等,服务中心根据相关的评价标准对该云服务商进行评估,得到系统信任;其次把系统信任引入到传统的声誉机制中,把系统信任、直接信任和间接信任作为评估一个云服务提供商的三个重要因素,并计算出云服务商的综合信任度;最后用户根据云服务商提供的服务和综合信任度与其进行SLA协商,确定最终交互对象,屏蔽掉不诚实或信誉较低的云服务商。实验结果表明,在基于服务等级协议的信任模型中,由于引入了系统信任,云服务商综合信誉的获得更全面准确、有效地防止了云服务商的不诚信行为,提高了交互的成功率。     

基于凸函数证据理论的关联感知云服务信任模型

针对大规模分布式云计算系统中的服务可信度辨别问题,提出一种基于凸函数证据理论的关联感知云服务信任模型。对云计算系统中云服务提供商、服务和用户之间的信任关系进行形式化描述,充分挖掘了同一服务商中的不同云服务之间的关联性,利用凸函数证据理论对有序命题的处理能力,构建了云计算系统中的可信服务推荐方法,根据用户需求为其提供合理可靠的云服务。与经典证据理论方法的对比结果表明,基于凸函数证据理论的关联感知云服务信任模型在保证有效性和健壮性的同时,充分利用了云计算系统中云服务之间的关联信息,能够根据用户的请求提供合理的云服务。     

An SLA-based cloud computing that facilitates resource allocation in the distributed data centers of a cloud provider

The number of cloud service users has increased worldwide, and cloud service providers have been deploying and operating data centers to serve the globally distributed cloud users. The resource capacity of a data center is limited, so distributing the load to global data centers will be effective in providing stable services. Another issue in cloud computing is the need for providers to guarantee the service level agreements (SLAs) established with consumers. Whereas various load balancing algorithms have been developed, it is necessary to avoid SLA violations (e.g., service response time) when a cloud provider allocates the load to data centers geographically distributed across the world. Considering load balancing and guaranteed SLA, therefore, this paper proposes an SLA-based cloud computing framework to facilitate resource allocation that takes into account the workload and geographical location of distributed data centers. The contributions of this paper include: (1) the design of a cloud computing framework that includes an automated SLA negotiation mechanism and a workload- and location-aware resource allocation scheme (WLARA), and (2) the implementation of an agent-based cloud testbed of the proposed framework. Using the testbed, experiments were conducted to compare the proposed schemes with related approaches. Empirical results show that the proposed WLARA performs better than other related approaches (e.g., round robin, greedy, and manual allocation) in terms of SLA violations and the provider’s profits. We also show that using the automated SLA negotiation mechanism supports providers in earning higher profits.     

Data Security in the World of Cloud Computing

Today, we have the ability to utilize scalable, distributed computing environments within the confines of the Internet, a practice known as cloud computing. In this new world of computing, users are universally required to accept the underlying premise of trust. Within the cloud computing world, the virtual environment lets users access computing power that exceeds that contained within their own physical worlds. Typically, users will know neither the exact location of their data nor the other sources of the data collectively stored with theirs. The data you can find in a cloud ranges from public source, which has minimal security concerns, to private data containing highly sensitive information (such as social security numbers, medical records, or shipping manifests for hazardous material). Does using a cloud environment alleviate the business entities of their responsibility to ensure that proper security measures are in place for both their data and applications, or do they share joint responsibility with service providers? The answers to this and other questions lie within the realm of yet-to-be-written law. As with most technological advances, regulators are typically in a "catch-up" mode to identify policy, governance, and law. Cloud computing presents an extension of problems heretofore experienced with the Internet. To ensure that such decisions are informed and appropriate for the cloud computing environment, the industry itself should establish coherent and effective policy and governance to identify and implement proper security methods.     

A rough set-based hypergraph trust measure parameter selection technique for cloud service selection

Selection of trustworthy cloud services has been a major research challenge in cloud computing, due to the proliferation of numerous cloud service providers (CSPs) along every dimension of computing. This scenario makes it hard for the cloud users to identify an appropriate CSP based on their unique quality of service (QoS) requirements. A generic solution to the problem of cloud service selection can be formulated in terms of trust assessment. However, the accuracy of the trust value depends on the optimality of the service-specific trust measure parameters (TMPs) subset. This paper presents TrustCom—a novel trust assessment framework and rough set-based hypergraph technique (RSHT) for the identification of the optimal TMP subset. Experiments using Cloud Armor and synthetic trust feedback datasets show the prominence of RSHT over the existing feature selection techniques. The performance of RSHT was analyzed using Weka tool and hypergraph-based computational model with respect to the reduct size, time complexity and service ranking.     

基于云理论的可信技术研究

针对云计算环境下信息的安全性和可靠性方面的欠缺, 为了建立灵活多适应性的安全机制, 将云与可信的概念相结合, 是现今安全领域的一个主要研究方向。为进一步解决云计算安全问题, 对云计算环境下的一些可信技术进行了研究, 并在此基础上提出了一种新的逆向云生成算法。该算法基于原一维逆向云算法, 使用主观信任云的期望和超熵对信任客体的可信度进行了评价, 为网上交易的信任决策提供了依据。对实验数据的分析表明, 与传统的算法相比, 此算法在信任度的可靠性和稳定性上存在比较明显的优势。     

基于加权多属性云的服务信任评估方法

针对云计算环境中服务信任的随机性和模糊性以及现有基于云模型的信任评估方法对时效性和推荐信任考虑不足的问题,提出一种基于加权多属性云的服务信任评估方法。首先,引入时间衰减因子为每次服务评价赋权重,从服务的多个属性细化信任评估粒度,通过加权属性信任云逆向生成器得到直接信任云;然后,根据评价相似度确定推荐实体的推荐权重,并计算得到推荐信任云;最后综合直接信任云和推荐信任云生成综合信任云,通过云相似度计算确定服务的信任等级。仿真结果表明,所提方法明显提高了服务交互成功率并有效抑制恶意推荐,能够更加真实地反映云计算环境中服务信任情况。     

公有云中针对服务提供商的用户隐私保护

用户隐私保护一直是影响云计算推广的重要问题。当前,针对云服务提供商的用户隐私保护研究还只局限于少数特定领域,没有一个较为通用的方案。这严重阻碍了用户对云服务提供商及云计算服务模式的信任。为解决这一问题,首先分析了云环境中信息泄露的特点,并根据云计算服务及模型的特点,引出了一个让云服务各层或各模块相互分离、相互制约的用户隐私保护思路。随后沿用该思路,提出了一套基于PaaS层和SaaS层分离的完整隐私保护方案,让PaaS层和SaaS层服务有不同的云服务商分别提供,并让云服务商在提供服务的同时,根据相应规范限制对方泄露用户隐私。最后,对该方案进行了详细的安全性分析论证,并采用一个实际例子说明了该方案在保护用户隐私中的作用。该方案能在一般的云计算架构中实行,可通用于各类SaaS服务中,具有较强的理论和应用价值。     

Predicting motivators of cloud computing adoption: A developing country perspective

Cloud computing is a recent and significant development in the domain of network applications with a new information technology perspective. This study attempts to develop a hybrid model to predict motivators influencing the adoption of cloud computing services by information technology (IT) professionals. The research proposes a new model by extending the Technology Acceptance Model (TAM) with three external constructs namely computer self-efficacy, trust, and job opportunity. One of the main contributions of this research is the introduction of a new construct, Job Opportunity (JO), for the first time in a technology adoption study. Data were collected from 101 IT professional and analyzed using multiple linear regression (MLR) and neural network (NN) modeling. Based on the RMSE values from the results of these models NN models were found to outperform the MLR model. The results obtained from MLR showed that computer self-efficacy, perceived usefulness, trust, perceived ease of use, and job opportunity. However, the NN models result showed that the best predictor of cloud computing adoption are job opportunity, trust, perceived usefulness, self-efficacy, and perceived ease of use. The findings of this study confirm the need to extend the fundamental TAM when studying a recent technology like cloud computing. This study will provide insights to IT service providers, government agencies, academicians, researchers and IT professionals.     

云计算中基于SLA的服务可信协商与访问控制策略

针对当前云计算中因服务提供者(SP)的信任保障机制缺失而容易被不可信服务消费者(SC)滥用的现象,提出面向SC实体的服务可信协商及访问控制策略.该策略首先依据系统信任规则来表达服务实体的可信程度,然后通过求解SC实体的直接和间接信任推理空间建立信任证据的举证方法,同时采用服务级别协议(service level agreements,SLA)构建交互双方的协商机制,最后综合信任传递与迭代计算策略,确定服务交互的SLA等级,提供相应级别的服务,从而达到访问控制的目的.理论分析与实验结果表明,该方法虽少量增加了协商的次数,但能较好解决服务被滥用以及利用率不高的问题,为云计算环境下信任协商研究提供一种有效的新方法.     

Criteria for Selecting Cloud Service Providers: A Delphi Study of Quality-of-Service Attributes

Customers of cloud service providers (CSPs) use different criteria to judge the quality of cloud services. Based on managerial and technical Quality-of-Service (QoS) attributes, these criteria provide information on service quality and the CSP itself. Thus, it is important to identify relevant QoS to assure success of customers. Using a Delphi study, 16 professionals characterized by different cloud service models, company sizes, and industries identified and ranked QoS according to their relative importance. Our results show consensus on QoS. We identify functionality, legal compliance, contract, geolocation of servers, and flexibility as top QoS and observe increasing importance of managerial QoS.     

Towards an autonomic performance management approach for a cloud broker environment using a decomposition–coordination based methodology

Efficient resource allocation of computational resources to services is one of the predominant challenges in a cloud computing environment. Furthermore, the advent of cloud brokerage and federated cloud computing systems increases the complexity of cloud resource management. Cloud brokers are considered third party organizations that work as intermediaries between the service providers and the cloud providers. Cloud brokers rent different types of cloud resources from a number of cloud providers and sublet these resources to the requesting service providers. In this paper, an autonomic performance management approach is introduced that provides dynamic resource allocation capabilities for deploying a set of services over a federated cloud computing infrastructure by considering the availability as well as the demand of the cloud computing resources. A distributed control based approach is used for providing autonomic computing features to the proposed framework via a feedback-based control loop. This distributed control based approach is developed using one of the decomposition–coordination methodologies, named interaction balance, for interactive bidding of cloud computing resources. The primary goals of the proposed approach are to maintain the service level agreements, maximize the profit, and minimize the operating cost for the service providers and the cloud broker. The application of interaction balance methodology and prioritization of profit maximization for the cloud broker and the service providers during resource allocation are novel contributions of the proposed approach.     

面向个性化需求的云制造服务可信评价模型

针对传统的云制造服务可信评价模型中存在的可扩展性弱、难以满足个性化需求等问题,提出一种可扩展性强、可以较好地满足个性化需求的可信评价模型.首先构建多层次的、多粒度的云制造服务可信评价框架;然后基于此框架,提出了基于云模型的云制造服务可信评价方法,在该方法中,引入云模型理论,用于统一表征不同类型的评价指标,以及描述用户的...     

面向云联网的云服务协商机制

随着云计算的快速发展,越来越多的用户开始使用云服务提供商提供的服务,而云联网作为云计算研究的新领域,可以实现跨云服务提供商的服务,当单个云服务提供商无法满足用户的服务需求时,云服务提供商之间以合作的方式为用户提供服务,以便更好地满足用户的服务需求。针对上述情况,提出了面向云联网的云服务协商机制,该机制利用云联网和改进的经典合同网模型来实现云服务提供商的交互协商。为了有效地选出合作伙伴以提高合作效率,还为每一个云服务提供商建立了一个熟人集。实验表明,本文设计的机制可以有效地提高云服务提供商之间的合作效率,并且可以更好地满足用户的服务需求。     

云外包服务提供商竞争力评价研究

云外包作为目前外包服务的趋势,已经得到了产业界的普遍关注。有效利用云计算技术提供外包服务是外包服务提供商抓住云计算发展契机,提高自身竞争力的关键,因此云外包服务提供商竞争力的评价研究是必要且重要的。在云计算技术背景下,分析了影响云外包服务提供商竞争力的因素,并以此为基础构建了基于灰色聚类的评价模型,旨在为客户企业合适的云外包服务提供商提供参考,也为云外包服务提供商提高自身竞争力提供一定的依据。     

基于双滑动窗口的云服务可信评估

随着云计算的不断发展, 越来越多的云服务商利用云平台提供服务, 供云用户进行使用. 由于云平台无法得知云服务的配置和实现, 所以会产生信任缺失问题. 针对这个问题, 国内外提出了各种方法评估云服务的可信度, 但都较少的考虑了评价的客观性问题. 本文提出环境指标的概念, 使用滑动窗口结合主客观评价的方式对云服务进行可信评估, 并通过实验证明该评估方法提高了云服务可信评估的准确性.     

云计算访问控制技术研究综述

随着云计算规模化和集约化的发展,云安全问题成为云计算领域亟待突破的重要问题.访问控制技术是安全问题的重中之重,其任务是通过限制用户对数据信息的访问能力及范围,保证信息资源不被非法使用和访问.主要对目前云计算环境下的访问控制问题进行研究,首先介绍访问控制理论;然后分析了云计算环境下的访问控制技术体系框架,重点从云计算访问控制模型、基于ABE(attribute-based encryption)密码体制的云计算访问控制、云中多租户及虚拟化访问控制这3个方面对云计算环境下的访问控制问题进行综述,并且调研了工业界云服务提供商和开源云平台的访问控制机制;最后对未来的研究趋势进行了展望.     

A PKI approach for deploying modern secure distributed e-learning and m-learning environments

While public key cryptography is continuously evolving and its installed base is growing significantly, recent research works examine its potential use in e-learning or m-learning environments. Public key infrastructure (PKI) and attribute certificates (ACs) can provide the appropriate framework to effectively support authentication and authorization services, offering mutual trust to both learners and service providers. Considering PKI requirements for online distance learning networks, this paper discusses the potential application of ACs in a proposed trust model. Typical e-learning trust interactions between e-learners and providers are presented, demonstrating that robust security mechanisms and effective trust control can be obtained and implemented. The application of ACs to support m-learning is also presented and evaluated through an experimental test-bed setup, using the general packet radio service network. The results showed that AC issuing is attainable in service times while simultaneously can deliver flexible and scalable solutions to both learners and e-learning providers.     

云计算环境下基于灰色AHP的供应商信任评估研究

针对传统信任模型的不足,以改善供应链企业间的信任危机为目标,以灰色系统理论为基础,将层次分析法(analytic hierarchy process,AHP)与灰色评估法相结合,提出一种基于灰色AHP的云计算供应商信任评估模型。通过定义信任评价等级灰类及白化权函数,计算云环境下供应商企业实体各信任证据的灰色评价权,结合层次分析法构建层次结构并确定信任证据权值,最后求出供应商企业的信任评估值及信任等级灰类。实例说明,该信任评估方法能够有效应用于云环境供应商评价中,评价结果客观有效。