TRUSTED CLOUD ARCHITECTURE: BEYOND SECURITY
MODEL
S. Lalithambikai ,AP/CSE Mahendra Institute of Technology, Mahendhirapuri,
Mallasamudram, Namakkal [email protected]
K.Savitha,AP/CSE Mahendra Institute of Technology, Mahendhirapuri,
Mallasamudram, Namakkal [email protected]
ABSTRACT
Trust is a social issue, not a purely technical issue. We believe that technology can enhance trust, justice, reputation, credibility, and assurance in online applications. To maximize the adoption of Web and cloud services, cloud service providers (CSPs) initially makes a trust and security to alleviate the worries of a huge amount of clients’s. A good cloud should be free from cheating, hacking, modifications, and privacy and copyright violations. Both public and private clouds demand “trusted zones” for data, virtual machines (VMs), and client identity, as VMware and EMC3 originally introduced. Trust means an act of faith; confidence and reliable in something that’s expected to behave or deliver as promised. It’s a belief in the competence and expertise of others, such that you feel you can reasonably rely on them to care for your valuable assets. The main aim of this work is to provide an overview of our Trust Management system architecture for cloud computing marketplace. This architecture will reject the multi-faceted nature of trust assessment by considering multiple attributes sources and roots of trust. It aims at supporting clients to identify trustworthy services providers as well as trustworthy service providers to stand out.
Keywords
Cloud Computing, Trust scheme, Service operator, and Cloud Brokering.
1. INTRODUCTION
A crucial component of cloud computing is trust, and the problem of a trustworthy cloud service is of paramount concern for enterprises and clients. Clients are willing to send their most secret data to cloud service centers, which is based on the trust relationship established between client and service providers. A lack of trust between cloud clients and providers will seriously hinder the universal acceptance of clouds as outsourced computing services.
From a client’s perspective, trust is a comprehensive index for service guarantee and there are several trust factors in a system, i.e. security, availability and reliability. The existing studies either ignore service-related operators in trust evaluation or use a unilateral context to model the trust relationship. So that to increase the adoption of cloud services, a
cloud broker should establish and provide trusts management capacity to alleviate the worries of the client’s.
To the best of our knowledge, most studies either ignore service-related operators in trust evaluation or use a unilateral context to model the trust relationship. For example the scholars only considered the security of services, without other trust factors. In that the authors only considered service operators of reliability. The authors completely ignored dynamic operators of services. A major limitation of current studies is that their schemes may lead to inaccurate trust evaluation outcomes.
Intensive Comput. Clouds, 2011, pp. 71–80. In this work the scientific community is exploring the suitability of cloud infrastructure to handle High Performance Computing (HPC) applications. The goal of Magellan, a project funded through DOE ASCR, is to investigate the potential role of cloud computing to address the computing needs of the Department of Energy's Office of Science, especially for mid-range computing and data-intensive applications which are not served through existing DOE centers today. Prior work has shown that applications with significant communication or I/O tend to perform poorly in virtualized cloud environments. However, there is a limited understanding of the I/O characteristics of cloud environments. This paper will present our results in benchmarking the I/O performance over different cloud and HPC platforms to identify the major bottlenecks in existing infrastructure. We compare the I/O performance using IOR benchmarks on two cloud plat-forms - Amazon and the Magellan cloud testbed. We analyze the performance of different storage options available on different instance types in multiple availability zones. We do some custom benchmarking in order to analyze the variability in the I/O patterns over time and region. Our results highlight the performance of the different storage options enabling applications to make effective storage option choices.
Data is a critical component of next-generation scientific processes. Scientific processes are generating and analyzing large data sets to derive scientific insights. Cloud computing technologies have largely evolved to process and store large data volumes of web and log data. Last few years, there has been an increasing interest in evaluating the use of cloud technologies to meet the needs of scientific applications. Several groups have run both standard benchmark suites such as Linpack and NAS, and network performance tests. Previous results have shown that the communication-intensive applications do poorly in these environments. There is limited
understanding of the I/O performance in virtualized cloud environments.
Motivation
The trust and security have prevented businesses from fully accepting cloud platforms. To protect clouds, providers must secure virtualized data-center resources, uphold user privacy, and preserve data integrity. The scholars suggest using a trust-overlay network over multiple data centers to implement a reputation system for establishing trust between cloud providers and owners of the data. These methods safeguard multi-way authentications, enable single sign-on in the cloud, and tighten access csign-ontrol for sensitive data in both public and private clouds.
Cloud computing enables a new business model that supports on-demand, pay-for-use, and econ-omies-of-scale IT services over the Internet. The online cloud works as a service factory built around virtualized data centers. Cloud platforms are dynamically built through virtualization with provisioned hardware, software, networks, and datasets. The idea is to migrate desktop computing to a service-oriented platform using virtual server groups at data centers. A lack of trust between cloud users and providers has hindered the universal acceptance of clouds as outsourced computing services. To promote multitenancy, we must design the cloud system to be secure, trustworthy, and dependable.
2 RELATED WORKS
Trust Model Implementation:
Our trust evaluation model aims to configure to complex set of services dynamically in a cloud environment, according to predictive performance in terms of stability and availability of all resources that are to be provided as cloud services. It’s very important to build an adequate trust model for prediction of service’s performance and stability.
The main contributions of trust scheme are based on many existing representative work. In this section, we first review the typical work cloud brokers. We then analyze the developments of trust management in cloud computing.
A. Development of Cloud Brokers
In recent years, there are many service brokers or monitoring systems emerged as a promising concept to offer enhanced service delivery over large-scale environments. Some private companies offer brokering solutions for the current cloud market, e.g., RightScale or SpotCloud. In, the authors use the Lattice monitoring framework as a real-time feed for the management of a service. Monitoring is a fundamental aspect of Future Internet elements, and in particular for service, where it is used for both the infrastructure and service management. The authors present the issues relating to the management of service clouds, discussing the key design requirements and how these are addressed in the RESERVOIR project.
scholars describe their experience with a private cloud, and discuss the design and implementation of private cloud monitoring system (PCMONS) and its application via a case study for the proposed architecture. An important finding of work is that it is possible to deploy a private cloud within the organization using source solutions and integrating with traditional tools like Nagios. There is significant development work to be done while integrating this tools. RightScale is a web based cloud computing managing tool for managing cloud infrastructure to multiple providers. RightScale enables organizations to easily deploy and manage business-critical applications across public, private, and hybrid clouds. SpotCloud provides a structured cloud capacity marketplace where service providers sell the extra capacity they have and the buyers can take advantage of cheap rates selecting the best service provider at each moment. The broker in also provides this feature but in an automatized way, without checking manually prices of each cloud provider at each moment. Thus, optimization algorithms can be used to select the best way to place VM according to the actual rates of the cloud providers.
3 OUR WORK
Global Trust Degree (GTD) Calculation:
Step1: Calculate the values for CPU frequency, memory size, hard disk capacity and the average bandwidth using evaluation of matrix normalization.
Step2: Calculate the information entropy expression of the trust decision factor, based on their self-information using entropy based and adaptive weight calculation.
Step3: RTD (Real-time Trust Degree) is used to evaluate recent cloud resource service operators. RTD is generated in the time window when an interaction takes place between a user and a resource.
Step4: Hence the GTD is calculated using time –based attenuation function for resource matchmaking algorithm.
Securing Infrastructure as a Service
The IaaS model lets users lease compute, stor-age, network, and other resources in a virtualized environment. The user doesn’t manage or control the underlying cloud infrastructure but has control over the OS, storage, deployed applications, and possibly certain networking components. Amazon’s Elastic Compute Cloud (EC2) is a good example of IaaS. At the cloud infrastructure level, CSPs can enforce network security with intrusion-detection systems (IDSs), firewalls, antivirus programs, distributed denial-of-service (DDoS) defenses, and so on.
Securing Platform as a Service
Cloud platforms are built on top of IaaS with system integration and virtualization middleware support. Such platforms let users deploy user-built software applications onto the cloud infrastructure using provider-supported programming languages and software tools. The user doesn’t manage the underlying cloud infrastructure. Popular PaaS platforms include the Google App Engine (GAE) or Microsoft Windows Azure. This level requires securing the provisioned VMs, enforcing security compliance, managing potential risk, and establishing trust among all cloud users and providers.
Securing Software as a Service
security and copyright compliance are designed to protect all intellectual property rights at this level. Data encryption and coloring offer options for upholding data integrity and user privacy.
Fig. 2. A trust broker for multi-cloud environments.
Trust-Aware Brokering System Architecture
The above figure shows a schematic of our architecture. The proposed middleware architecture consists of a number of core modules, include the trusted resource matchmaking and distributing module, the adaptive trust evaluation module, the agent-based on service operator acquisition module, and the resource management module, among others. This module is core of the trust-aware cloud computing system, and is the major focus of this paper. Using this module, broker can dynamically sort high-performance resources by analyzing the historic resource information in terms of providing highly trusted resources.
Trusted resource matchmaking and distributing module. In general, each cloud manager registers its service resources through the cloud broker. The service user negotiates with the service broker on the service-level agreement (SLA) details; they eventually prepare an SLA contract. According to this contract, the broker selects, and then presents highly trusted resources to
users from the trusted resource pool. Agent publish and service operator acquisition module. This module is used to monitor the usage of allocated resources in order to guarantee the SLA with the user. In interaction, the module monitors the resource operators and is responsible for getting run-time service operators. Another task of the module is to publish automatically the monitoring agents (MA) in a remote site when a computing task is assigned to the site.
Resource register module. It manages and indexes all the resources available from multi cloud providers, and obtains information from each particular cloud resource, acting as pricing interface for users, updating the database when new information is available.
Experimental Methodology
We set up a multiple cloud environment that is composed of three clusters. In each cloud, the operating system running in the virtual machines is a customized Scientific Computing as a Service (SCaaS). Each cloud under test is fully based on the Eucalyptus framework and the KVM hypervisor. In machines each cluster act as VM providers, in which an agent-based service operator acquisition module is deployed. A separate machine acts as the trust management server where the core functional modules of the broker are deployed, including a trusted resource matchmaking and distributing module, an adaptive trust evaluation module, and a resource management module. We have designed several performance mechanisms for a comprehensive trust evaluation scheme. Due to the restrictions of paper length, we mainly evaluate the performance of SOTS based on the following two aspects:
Efficiency is used to evaluate the overhead and the average job failure rate (AJFR) of the proposed scheme;
In the experimental environment, there are nearly 100 VMs in the resource pool of the cloud broker system. According to Algorithm 1 in Appendix E, available in the online supplementary material, our resource matchmaking approach should be “trust with cost.” The user’s request contains the job descriptions; namely, Job ID, minimum GTD required, and cost limits. Considering the job requirements, a resource is selected from a resource pool that has more than the minimum GTD given by the user.
Fig. 3. Multiple cloud experimental environment.
To reduce complexity, in the initial stage of the experimental environment, we mainly observe the results according to the following 6 key operators: CPU frequency (CPU), average response time, average task success rate (ATSR), authentication type, authorization type, and self-security competence. Types of VMs in the resource pool and the classification threshold are listed, including high trusted node (H), normal trusted node (N), low trusted node (L) and malicious node (M).
CONCLUSIONS
In this work, we propose SOTS for trustworthy resource matchmaking across multiple clouds. We have shown that SOTS yields very good results in many typical cases. However, there are still some open issues we can apply to the current scheme. First, we are interested in combining our trust scheme with reputation management to address concerns in users’ feedback. A universal measurement and quantitative method to assess the security levels of a resource is another interesting direction. Evaluation of the proposed scheme in a larger-scale multiple cloud environments is also an important task to be addressed in future research.
REFERENCES
[1] Fujitsu Research Institute,\Personal data in the cloud: A global survey of consumer attitudes," 2010.
[2] A. J_sang, R. Ismail, and C. Boyd, \A survey of trust and reputation systems for online service provision," Decision Support Systems, vol. 43(2), pp. 618{644, 2007.
[3] S. M. Habib, S. Ries, and M. Muhlhauser, \Cloud computing landscape and research challenges regarding trust and reputation," Symposia and Workshops on ATC/UIC, vol. 0, pp. 410{ 415, 2010.
[4] A. J_sang, C. Keser, and T. Dimitrakos,\Can we manage trust?" in iTrust. Springer, 2005, pp. 93{107.
[6] N. Dragoni, “A survey on trust-based web service provision approaches,” in Proc. 3rd Int. Conf. Dependability, 2010, pp. 83–99.
[7] Z. Liang and W. Shi, “A reputation-driven scheduler for autonomic and sustainable resource sharing in grid computing,” J. Parallel Distrib. Comput., vol. 70, no. 2, pp. 111–125, 2010.
[8] S. A. de Chaves, R. B. Uriarte, C. B. Westphall, “Toward an architecture for monitoring private clouds, ” IEEE Commun. Mag.,vol.49, no. 2, pp. 130–137, 2011.
[9] S. Clayman, A. Galis, C. Chapman, G. Toffetti, L. Rodero-Merino, L. M. Vaquero, K. Nagin and B. Rochwerger, “Monitoring service clouds in the future internet,” in Future Internet Assembly. Amsterdam,The Netherlands: IOS Press, 2010, pp. 115–126.
