Trusted cloud computing modelling with distributed end-user attestable multilayer security

Abstract

As cloud computing continues to gain popularity and its economies of scale continue to improve, stakeholders want to minimise the security risk, protect their data and other resources while maximising the gains of using any cloud resources and its application. It is predicted that by the end of 2017, bulk of spending on any IT infrastructure would be on cloud infrastructure and services as many critical applications – power, medical, finance among others continue to be migrated onto cloud platforms. For these sectors, the security challenges of cloud adoption continue to be of a great concern even with its benefits. The ability to trust and measure security levels of any cloud platform is paramount in the complete adoption and use of cloud computing in many mission critical sectors. In-depth study and analysis of the trustworthiness of various cloud based platforms/systems are often limited by the complex and dynamic nature of cloud and often do not correctly foresee or practically determine the varying trust relationship between and across the cloud layers, components (schedulers), algorithms and applications especially at a large scale. Tradition security and privacy controls continue to be implemented on cloud but due to its fluid and dynamic nature, research work in the area of end-user attestable trust evaluation of the cloud platform is limited. Most of the current simulation tools do not cater for modelling of Trust on scalable multi-layer cloud deployments (including workflow and infrastructure).Even as these tools continue to be implemented none has been used to cater for all the layers of the cloud platform. This research presents a deployment of trusted computing applied in cloud computing suited for mission critical applications. It attempts to simplify the integration of trusted platform module based integrity measurement into cloud infrastructure. Using Eucalyptus cloud software on server-grade hardware, a trusted community cloud platform was deployed on the Brunel Network as presented in Chapter 3. Security is enhanced by the integration of an end-user accessible TPM integrity measurement and verification process; this guarantees trusted ownership and integrity of the uploaded data and provides additional level of trust for the cloud platform. This research further presents a technique which allows data owners to first secure their data offline by inserting colour drops into the data using steganography. The colour drops are used to detect unauthorised modifications, verify data owner in the event the copyright of the data is in dispute and identify the path through which it was tampered with. This process ensures integrity and confidentiality of the resources. This thesis also presents a trust model using fuzzy logic which was simulated using Simulink in Matlab and subsequently evaluated on an experimental platform deployed on the Brunel network. Using this model, end-users can determine the trust values for a cloud platform or service, as well as, classify and compare various cloud platforms. The results obtained suggest that the outputs of this research work can improve end-user confidence when selecting or consuming cloud resources with enhanced data integrity and protection.