Skip to main content
SpringerLink
Log in

Intercloud Trust and Security Decision Support System: an Ontology-based Approach

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

As Cloud Computing evolves, both customers and Cloud Service Providers are starting to require Intercloud scenarios where different clouds have to interact each other. Although there are some initial proposals to manage the Intercloud, there are still few approaches dealing with the associated new security and trust challenges in such a federated environment. To fill this gap, this paper presents SOFIC (Security Ontology For the InterCloud) aimed to formally describe the security aspects that are subject to be modeled in an Intercloud security assessment. SOFIC is based on standards and has been tailored extensible to cope with the security requirements of different Intercloud scenarios. The paper also shows in which way the ontology is used as input for a Trust and Security Decision Support System, in order to assist in the Intercloud security decision making process, quantifying security expectations and trustworthiness about Cloud Service Providers. The implementation, experiments and performance evaluation show the feasibility of the proposed ontology and system.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abawajy, J.H.: Determining service trustworthiness in intercloud computing environments. In: ISPAN, pp. 784–788 (2009)

  2. Abbadi, I.: A framework for establishing trust in cloud provenance. Int. J. Inf. Secur. 12(2), 111–128 (2013)

    Article  Google Scholar 

  3. Abbadi, I.M., Martin, A.: Trust in the cloud. Inf. Secur. Tech. Rep. 16(34), 108–114 (2011)

    Article  Google Scholar 

  4. Aceto, G., Botta, A., De Donato, W., Pescapè, A.: Survey cloud monitoring: A survey. Comput. Netw 57(9), 2093–2115 (2013)

    Article  Google Scholar 

  5. Balboni, P., et al.: Security and privacy controls for federal information systems and organizations. Special publication SP 800-53 rev4, National Institute of Standards and Technology (2012)

  6. Androcec, D., Vrcek, N., Seva, J.: Cloud computing ontologies: A systematic review. In: MOPAS 2012, The Third International Conference on Models and Ontology-based Design of Protocols, Architectures and Services (2012)

  7. Balboni, P., et al: Procure secure, a guide to monitoring of security service levels in cloud contracts. Document, European Network and Information Security Agency (2012)

  8. Bernabe, J.B., Perez, J.M.M., Calero, J.M.A., Clemente, F.J.G., Perez, G.M., Skarmeta, A.F.G.: Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems (0), – (2012)

  9. Bernstein, D., Deepak, V.: Intercloud security considerations. In: 2nd IEEE International Conference on Cloud Computing Technology and Science, pp. 537–544 (2010)

  10. Bernstein, D., Li, T.: P2302 Standard for Intercloud Interoperability and Federation. IEEE Technical Report (2012). http://standards.ieee.org/develop/project/2302.html

  11. Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., Morrow, M.: Blueprint for the intercloud - protocols and formats for cloud computing interoperability. In: Fourth International Conference on Internet and Web Applications and Services, pp. 328–336 (2009)

  12. Bhadauria, R., Sanyal, S.: Article: Survey on security issues in cloud computing and associated mitigation techniques. Int. J. Comput. Appl. 47(18), 47–66 (2012). Published by Foundation of Computer Science, New York, USA

    Google Scholar 

  13. Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, ARES ’08, pp. 813–820. IEEE Computer Society, DC, USA (2008)

    Chapter  Google Scholar 

  14. Calero, J.M.A., Perez, J.M.M., Bernabe, J.B., Clemente, F.J.G., Perez, G.M., Skarmeta, A.F.G.: Detection of semantic conflicts in ontology and rule-based information systems. Data Knowl. Eng. 69(11), 1117–1137 (2010). Special issue on contribution of ontologies in designing advanced information systems

    Article  Google Scholar 

  15. Celesti, A., Tusa, F., Villari, M., Puliafito, A.: How to enhance cloud architectures to enable cross-federation. In: International Conference on Cloud Computing (CLOUD), 2010 IEEE 3rd, pp. 337–345 (2010)

  16. Chadwick, D., Siu, K., Lee, C., Fouillat, Y., Germonville, D.: Adding federated identity management to openstack. J. Grid Comput. 12(1), 3–27 (2014)

    Article  Google Scholar 

  17. CSA: Security guidance for critical areas of focus in cloud computing. Technical Report., Cloud Security Alliance (CSA) (2012)

  18. CSA: Cloud controls matrix. Document, Cloud Security Alliance. https://cloudsecurityalliance.org/research/ccm/ (2013)

  19. DMTF: Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol. An Interface for Managing Cloud Infrastructure. Specification DSP0263, Distributed Management Task Force (2012)

  20. Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling of virtual machines. SIGPLAN Not 46(7), 3–14 (2011)

    Article  Google Scholar 

  21. Dukaric, R., Juric, M.B.: Towards a unified taxonomy and architecture of cloud frameworks. Future Gener. Comput. Syst. 29(5), 1196–1210 (2013)

    Article  Google Scholar 

  22. ETSI: Initial analysis of standardization requirements for cloud services. Technical Report ETSI TR 102 997. European Telecommunications Standards Institute (2010)

  23. Field, L., Memon, S., Mrton, I., Szigeti, G.: The emi registry: Discovering services in a federated world. J. Grid Comput. 12(1), 29–40 (2014)

    Article  Google Scholar 

  24. Firdhous, M., Ghazali, O., Hassan, S.: Trust management in cloud computing: A critical review. Int. J. Adv. ICT Emerg. Reg. (ICTer) 4(2), 24–36 (2012)

    Google Scholar 

  25. Fortis, T.F., Munteanu, V., Negru, V.: Towards an ontology for cloud services. In: 2012 Sixth International Conference on Complex, Intelligent and Software Intensive Systems (CISIS), pp. 787–792 (2012)

  26. Group, W.O.W.: OWL 2 Web Ontology Language: Document overview (second edition). W3C recommendation, W3C (2012)

  27. Hashizume, K., Rosado, D., Fernndez-Medina, E., Fernandez, E.: An analysis of security issues for cloud computing. J. Int. Serv. Appl. 4(1), 1–13 (2013)

    Article  Google Scholar 

  28. Horrocks, I., Patel-Schneider, P.F., Boley, H., B. Grosof, S.T., Dean, M.: SWRL: A Semantic Web Rule Language combining OWL and RuleML. Technical Report, W3C. http://www.w3.org/Submission/SWRL/ (2004)

  29. Hu, D., Wang, L., Zhou, Y., Zhou, Y., Jiang, X., Ma, L.: D-s evidence theory based digital image trustworthiness evaluation model. In: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01, MINES ’09, pp. 85–89. IEEE Computer Society, DC, USA (2009)

    Chapter  Google Scholar 

  30. Jansen, W., Grance, T.: Guidelines on security and privacy in cloud computing. Technical Report SP-800-14, National Institute of Standards and Technology (2011)

  31. Khasnabish, e.a.: Cloud Reference Framework. Tech. rep., Internet Engineering Task Force., https://tools.ietf.org/html/draft-khasnabish-cloud-reference-framework-08

  32. Kim, A., Luo, J., Kang, M.: Security ontology to facilitate web service description and discovery. In: Spaccapietra, S., Atzeni, P., Fages, F., Hacid, M.S., Kifer, M., Mylopoulos, J., Pernici, B., Shvaiko, P., Trujillo, J., Zaihrayeu, I. (eds.) Journal on Data Semantics IX, Lecture Notes in Computer Science, vol. 4601, pp. 167–195. Springer Berlin Heidelberg (2007)

  33. Knode, R., Egan, D.: Into the cloud with ctp: A precis for the cloudtrust protocol. Technical Report, Computer Sciences Corporation (2010)

  34. Li, A., Yang, X., Kandula, S., Zhang, M.: Cloudcmp: Comparing public cloud providers. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC ’10, pp. 1–14. ACM, NY, USA (2010)

    Google Scholar 

  35. Li, X., Du, J.: Adaptive and attribute-based trust model for service level agreement guarantee in cloud computing. Inf. Secur. IET 7(1), 39–50 (2013)

    Article  Google Scholar 

  36. Manuel, P., Thamarai Selvi, S., Barr, M.E.: Trust management system for grid and cloud resources. In: First International Conference on Advanced Computing, 2009. ICAC 2009, pp. 176–181 (2009)

  37. Mather, T., Kumaraswamy, S., Latif, S.: Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly Media (2009)

  38. Moscato, F., Aversa, R., Di Martino, B., Fortis, T., Munteanu, V.: An analysis of mosaic ontology for cloud resources annotation. In: 2011 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 973–980 (2011)

  39. Nafi, K.W., Kar, T.S., Hossain, M.A., Hashem, M.M.A.: An advanced certain trust model using fuzzy logic and probabilistic logic theory. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 3(12), 164–173 (2013)

    Google Scholar 

  40. Nyrn, R., et al: Open cloud computing interface - core. Specification GFD-P-R.183, OCCI-WG (2011)

  41. Parker, D.B.: Fighting computer crime: a new framework for protecting information. Wiley Inc., NY, USA (1998)

    Google Scholar 

  42. Petcu, D., Di Martino, B., Venticinque, S., Rak, M., Mahr, T., Esnal Lopez, G., Brito, F., Cossu, R., Stopar, M., perka, S., Stankovski, V.: Experiences in building a mosaic of clouds. J. Cloud Comput.: Adv. Syst. Appl. 2(1), 12 (2013)

    Article  Google Scholar 

  43. Rimal, B., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: Fifth International Joint Conference on INC, IMS and IDC, 2009. NCM ’09, pp. 44–51 (2009)

  44. Slawik, M., Ermakova, T., Repschlȧger, J., Ku̇pper, A., Zarnekow, R.: Securing medical saas solutions using a novel end-to-end encryption protocol. In: 22st European Conference on Information Systems, ECIS 2014, Tel Aviv, Israel, June 9-11, 2014 (2014)

  45. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)

    Article  Google Scholar 

  46. Takabi, H., Joshi, J., Ahn, G.J.: Securecloud: Towards a comprehensive security framework for cloud computing environments. In: Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th Annual, pp. 393–398 (2010)

  47. Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd international conference on Security of information and networks, SIN ’10, pp. 100–109. ACM, NY, USA (2010)

  48. University of Murcia: Complete definition of SOFIC ontology. [Online]. Available: http://selfnet.inf.um.es/sofic (2015)

  49. Vaquero, L., Rodero-Merino, L., Morn, D.: Locking the sky: a survey on iaas cloud security. Computing 91(1), 93–118 (2011)

    Article  MATH  Google Scholar 

  50. Yangui, S., Marshall, I.J., Laisne, J.P., Tata, S.: Compatibleone: The open source cloud broker. J. Grid Comput. 12(1), 93–109 (2014)

    Article  Google Scholar 

  51. Youseff, L., Butrico, M., Da Silva, D.: Toward a unified ontology of cloud computing. In: Grid Computing Environments Workshop, 2008. GCE ’08, pp. 1–10 (2008)

Download references

Author information

Authors and Affiliations

  1. Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Murcia, Spain

    Jorge Bernal Bernabe, Gregorio Martinez Perez & Antonio F. Skarmeta Gomez

Authors
  1. Jorge Bernal Bernabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregorio Martinez Perez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio F. Skarmeta Gomez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jorge Bernal Bernabe.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bernabe, J.B., Perez, G.M. & Skarmeta Gomez, A.F. Intercloud Trust and Security Decision Support System: an Ontology-based Approach. J Grid Computing 13, 425–456 (2015). https://doi.org/10.1007/s10723-015-9346-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-015-9346-7

Keywords

Search

Navigation