Towards Establishing Trust in Public Clouds through Real-time Client Feedback

Abstract

Cloud computing, owing to its vast array of technological and commercial benefits, is being aggressively adopted by companies worldwide to meet their computing needs. Virtualization technology is the main enabler of cloud computing services making it economical and scalable for end-users. However, on the contrary, cloud services due to their inherent abstract nature pose significant security threats for user’s data and applications; the most critical threat being the “malicious insider’s threat” - the primary reason for lack of trust between a Cloud provider and its customers. In this paper, we analyze a cloud provider’s basic internal operations required to provide IaaS services in order to understand and address the insider threat.Towards this goal, we inspect the virtualization stack and all the basic VM operations, the role of a cloud system administrator, their interactions with the virtualization ecosystem and therefore identify the scope of their possible malicious activities. We then review the present mechanisms that are adopted to implement trust in Clouds. Finally, we propose a Real- Time Client Feedback System (RTCFS)in the context of preventive and detective control in securing trust, aimed at increasing visibility and transparency for customers into public Clouds.We also suggest the use of job segregation for cloud administrators in order to restrict their individual capabilities to a minimal level. Both these mechanisms can help fill in the trust gap between a cloud provider and its customers.

Keywords: Virtualization, Malicious Insider, Preventive Control, Detective Control, RTCFS, Job Segregation, Transparency, Trust, Logging

View PDF