Skip to main content

Advertisement

Springer Nature Link
Log in

A framework for establishing trust in Cloud provenance

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Provenance is a vital requirement for the success of Clouds, and it is associated with many challenges that are difficult to deal with. In this paper, we explore this area, we identify the problems in current Cloud provenance, we identify the challenges of having trustworthy secure Cloud provenance, and we identify the requirements which could address the identified challenges. We then propose a foundation framework for establishing trust in Cloud provenance. Finally, we draw our research agenda in this direction.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. The author has more than 15 years of industrial expectance covering most technologies behind today’s Cloud infrastructure.

  2. VCC (as the case of OpenStack) could be deployed at a set of dedicated and collaborating devices that share a common database to support resilience, scalability and performance.

Abbreviations

CCA:

Cloud client agent

CMD:

Collaborating management domain

COD:

Collaborating outsourced domain

CSA:

Cloud server agent

DBMS:

Database management system

LaaS:

Log as a Service

LCA:

LaaS client agent

LSA:

LaaS server agent

MD:

Management domain

OD:

Outsourced domain

PCR:

A platform configuration register

TCG:

Trusted computing group

TP:

Trusted platform

TPM:

Trust platform module

VCC:

Virtual control centre

VM:

Virtual machine

VMA:

Virtual machine agent

References

  1. Abbadi, I.M.: Clouds infrastructure taxonomy, properties, and management services. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thambi, S.M. (eds.) Advances in Computing and Communications, Volume 193 of Communications in Computer and Information Science, pp. 406–420. Springer, Berlin (2011)

    Google Scholar 

  2. Abbadi, I.M.: Operational trust in clouds’ environment. In: MoCS 2011: IEEE Proceedings of the Workshop on Management of Cloud Systems, June 2011, pp. 141–145 (2011)

  3. Abbadi, I.M.: Toward trustworthy clouds’ internet scale critical infrastructure. In: ISPEC’11: Proceedings of the 7th Information Security Practice and Experience Conference, Volume 6672 of LNCS, June 2011, pp. 73–84. Springer, Berlin (2011)

  4. Abbadi, I.M., Alawneh, M., Martin, A.: Secure virtual layer management in clouds. In: The 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-10), IEEE, Nov 2011, pp. 99–110 (2011)

  5. Abbadi, I.M., Lyle, J.: Challenges for provenance in cloud computing. In: 3rd USENIX Workshop on the Theory and Practice of Provenance (TaPP’11). USENIX Association (2011)

  6. Abbadi, I.M., Namiluko, C.: Dynamics of trust in clouds—challenges and research agenda. In: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011), December 2011, pp. 110–115. IEEE (2011)

  7. Alawneh, M., Abbadi, I.M.: Sharing but protecting content against internal leakage for organisations. In: DAS 2008, Volume 5094 of LNCS, pp. 238–253. Springer, Berlin (2008)

  8. Amazon: Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2/ (2010)

  9. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf (2009)

  10. Crawl, D., Altintas, I.: A provenance-based fault tolerance mechanism for scientific workflows. In: Provenance and Annotation of Data and Processes, Volume 5272 of LNCS, pp. 152–159. Springer, Berlin (2008)

  11. Digital Equipment Corporation—Maynard, Massachusetts: Information technology—database language sql. http://www.contrib.andrew.cmu.edu/~shadow/sql/sql1992.txt (1992)

  12. Huh J.H., Lyle, J.: Trustworthy log reconciliation for distributed virtual organisations. In: Proceedings of the 2nd International Conference on Trusted Computing, Trust’09, pp. 169–182. Springer, Berlin (2009)

  13. Huh, J.H., Martin, A.: Trusted logging for grid computing. In: Proceedings of the 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference, APTC’08, pp. 30–42. IEEE Computer Society, Washington, DC, USA (2008)

  14. International Organization for Standardization: ISO/IEC 9798–3, Information Technology—Security Techniques—Entity Authentication—Part 3: Mechanisms Using Digital Signature Techniques, 2nd edn (1998)

  15. International Organization for Standardization: ISO/IEC 18033–2, Information Technology—Security Techniques—Encryption Algorithms—Part 2: Asymmetric Ciphers (2006)

  16. Jeffery, K., NeideckerLutz, B.: The Future of Cloud Computing—Opportunities For European Cloud Computing Beyond 2010 (2010)

  17. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V.D., Perrig, A.: Trustvisor: efficient tcb reduction and attestation. In: IEEE Symposium on Security and Privacy, pp. 143–158 (2010)

  18. Muniswamy-Reddy, K.K., Macko, P., Seltzer, M.: Provenance for the cloud. In: FAST’10: Proceedings of the 8th USENIX Conference on File and Storage Technologies, pp. 15–14. USENIX (2010)

  19. Muniswamy-Reddy, K.K., Macko, P., Seltzer, M.I.: Making a cloud provenance-aware. In: TaPP’09: Proceedings of the First Workshop on the Theory and Practice of Provenance (2009)

  20. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. RFC 2560, Internet Engineering Task Force, June 1999 (1999)

  21. OpenSource: OpenStack. http://www.openstack.org/ (2010)

  22. Oracle: Oracle Advanced Security Administrator’s Guide—Using Oracle Wallet Manager. http://docs.oracle.com/cd/B10501_01/network.920/a96573/asowalet.htm (2011)

  23. Oracle: Oracle Real Application Clusters (RAC). http://www.oracle.com/technetwork/database/clustering/overview/index.html (2011)

  24. Reilly, C.F., Naughton, J.F.: Transparently gathering provenance with provenance aware condor. In: Cheney, J. (ed.) TaPP’09: Proceedings of the First Workshop on the Theory and Practice of Provenance. USENIX, San Francisco, CA, USA (2009)

  25. Sadeghi, A.R.: Trusted computing—special aspects and challenges. In: Geffert, V., et al. (eds.) SOFSEM, Volume 4910 of LNCS, pp. 98–117. Springer, Berlin (2008)

  26. Simmhan, Y.L., Plale, B., Gannon, D.: A survey of data provenance in e-science. SIGMOD Rec. 34(3), 31–36 (2005)

    Article  Google Scholar 

  27. Sun Microsystems: Take Your Business to a Higher Level (2009)

  28. Trusted Computing Group: TPM Main, Part 2, TPM Structures. Specification Version 1.2 Revision 103 (2007)

  29. VMware: VMware vCenter Server. http://www.vmware.com/products/vcenter-server/ (2010)

  30. Xu, J.: Provenance-Aware Fault Tolerance for Grid Computing. http://spiderman-2.laas.fr/IFIPWG/Workshops&Meetings/48/RR/03-Xu.pdf (2005)

Download references

Acknowledgments

This research has been supported by the TClouds project, which is funded by the EU’s Seventh Framework Program ([FP7/2007–2013]) under grant agreement number ICT-257243.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Oxford, Oxford, UK

    Imad M. Abbadi

Authors
  1. Imad M. Abbadi
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Imad M. Abbadi.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Abbadi, I.M. A framework for establishing trust in Cloud provenance. Int. J. Inf. Secur. 12, 111–128 (2013). https://doi.org/10.1007/s10207-012-0179-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-012-0179-0

Keywords