Information Technology Reference
In-Depth Information
However one also need to keep in mind the fact that IT service providers have been
providing details of their security systems and associated processes to third party
(security) auditors for obtaining security certifications and legal compliance status.
These certifications are often essential requirements of the service provider to gain
confidence of their customers and the industry as a whole. In order to obtain security
certification the service provider needs to share, among other details, the security
event related information to the third party auditors. The higher the level of security
certification required, the more critical security events information and process details
are expected by the auditors. In order to avoid security leakage it is a common
practice to obtain non-disclosure agreements with auditors before this critical security
information are shared. An enterprise needing cloud services have to rely on the
security certifications of the cloud service providers to establish trust in the providers.
This approach however constraint the enterprise to match their security requirements
based only on the certification information published by the service providers and the
associated minimum requirements that needs to be met by the service provider for
obtaining the certification, due to unavailability of other detailed information.
As a way of breaking this impasse we propose the use of a Cloud Broker (CB) that
inherits and expands on the role of the security auditor, enabling the broker to obtain
access to the security events due to the high trust placed by the service providers,
which may not be possible with the wider community. The CB provisions the
enterprises with security reputation of the cloud service providers based on their
security requirements as specified to the CB. The registration with the broker allows
the cloud service providers to highlight their security strengths without exposing their
internal security details like event information to the wider customer base and at the
same time also benefited by CB's potentially wider customer base. The cloud service
consumers benefit from the service that provides a closest match between their
security requirements and the security reputation of the cloud service providers.
The remaining of the paper is structured as follows: Section 2 provides the
background and related work. Section 3 describes the cloud broker architecture and its
components. Section 4 describes our approach of the reputation modeling to build the
security reputation of the cloud service provider. Section 5 provides applicability of
this work in an existing project OPTIMIS - Optimized Infrastructure Services.
Section 6 provides concluding remarks and future work.
2
Related Work
Reputation system based trust model have been adopted in several open systems such
as internet websites, e-commerce, P2P Systems and mobile adhoc networks
[7][15][16][6][12][17][9][18]. Resnick et. al. [15][16] discusses the importance of
reputation system to decide whom to trust in the Internet where large number of
producers or consumers may not know each other. Epinion [17], eBay [15][16] are
some of the very popular electronic markets using reputation systems. Trust
management systems help reduce free riding of the nodes in the P2P systems
where each entity can act as client and server, expecting to contribute in the systems.
Search WWH ::




Custom Search