Information Technology Reference
In-Depth Information
Opinion Model Based Security Reputation Enabling
Cloud Broker Architecture
Pramod S. Pawar
1,2
, Srijith K. Nair
2
, Fadi El-Moussa
2
, Theo Dimitrakos
2
,
Muttukrishnan Rajarajan
1
, and Andrea Zisman
1
1
City University London, London EC1V 0HB, United Kingdom
r.muttukrishnan@city.ac.uk, a.zisman@soi.city.ac.uk
2
British Telecommunications, Security Practice, Adastral Park, Ipswich IP5 3RE, UK
{pramod.s.pawar,srijith.nair,
fadiali.el-moussa,theo.dimitrakos}@bt.com
Abstract.
Security and trust in service providers is a major concern in the use
of cloud services and the associated process of selecting a cloud service
provider that meets the expectations and needs of one's security requirements is
not easy. As a solution, we propose a broker architecture model that enables us
to build a security reputation framework for cloud service providers, capturing
comprehensive evidence of security information to build its trust and security
reputation
Keywords:
broker, reputation, subjective logic, security.
1
Introduction
Cloud computing has become one of the fastest growing segments of the IT industry.
Cloud computing involves a provider delivering a variety of IT enabled resources to
consumers as a service over the Internet. Cloud computing services are offered as
Software as a Service (SaaS), Platform as a Service (PasS) or Infrastructure as a
Service (IaaS) [22]. Virtualization is a core enabling technology for cloud IaaS
architectures. Even though several advantages of the use of cloud based services have
been identified, in particular the pay-as-you-consume costing model and the
minimization of capex costs, the inherent loss of control of data and process to
external parties (cloud service providers) have the customers worried.
Since security remains a major concern in the use of cloud services, an individual
or an enterprise expects a high level of confidence and trust in the cloud service
provider it would like to use. The enterprise needs a process to identify and decide on
the most suitable service provider to fulfill its security requirements for its service to
be deployed. Reputation systems have been effectively used in making such
decisions, however it is highly challenging to apply the concept to the cloud
ecosystem, with a security context. This is challenging mainly due to the reluctance
of the cloud service providers to publicize their security related information to
the internet community or even to a selected group of customers. Relevant
information may include events or incidence recorded due to security activities
like firewall filtering, intrusion detection/prevention systems, security policies,
authentication/authorization, identity management and key management.
