Abstract
Cloud computing is revealing a new scenario where different cloud customers need to collaborate to meet client demands. The cloud stack must be able to support this situation by enabling collaborative agreements between cloud customers. However, these collaborations entail new security risks since participating entities should trust each other to share a set of resources. The management of trust relationships in the cloud is gaining importance as a key element to establish a secure environment where entities are given full control in the definition of which particular services or resources they are willing to share. Entities can cooperate at different levels of trust, according to their willingness of sharing information. This paper analyses these collaboration agreements defining a taxonomy of different levels of trust relationships among customers for the cloud. Privacy concerns, assumed risk, as well as easiness in the definition of the trust relationships have been taken into account. A set of different trust relationships have been identified and modeled, enabling entities to control the information they share with others in the cloud. The proposed model has been validated with a prototypical implementation. Likewise, some examples to illustrate the application of these trust models to common cloud collaboration scenarios are provided.
Similar content being viewed by others
References
OpenStack (2011) Open source cloud computing software. http://openstack.org
Vijayakumar V, Banu R (2008) Security for resource selection in grid computing based on trust and reputation responsiveness. Int J Comput Sci Netw Secur 8(11):105–107
Taige J, Xiaolin Q (2009) A trustworthiness-based access control model in grid system. Int Conf Comput Intell Softw Eng CiSE 2009:1–6
Muchahari MK, Sinha SK (2012) New trust management architecture A, for cloud computing environment. In: International symposium on cloud and services computing, pp 136–140
Wang S, Zhang L, Ma N, Wang S (2008) An evaluation approach of subjective trust based on cloud model. Transform 21:1062–1068
Abawajy J (2009) Determining service trustworthiness in inter loud computing environments. In: ISPAN 2009: proceedings of the 2009 10th international symposium on the pervasive systems, algorithms and networks, pp 784–788
Boursas L, Hommel W (2009) Multidimensional dynamic trust management for federated services. In: IEEE international conference on computational science and engineering, vol 2, pp 684–689
Hu R, Liu J, Liu XF (2011) A trustworthiness fusion model for service cloud platform based on D-S evidence theory. In: IEEE international symposium on cluster computing and the grid, vol 0, pp 566–571
Tran H, Watters P, Hitchens M, Varadharajan V (2005) Trust and authorization in the grid: a recommendation model. In: IEEE (ed) Proceedings. International conference on pervasive services, pp 433–436
Xudong Ni JL (2007) A trust aware access control in service oriented grid environment. In: IEEE (ed) Sixth international conference on grid and cooperative computing, pp 1–6
Lang B, Wang Z, Wang Q (2007) Trust representation and reasoning for access control in large scale distributed systems. In: IEEE (ed) 2nd international conference on pervasive computing and applications, IEEE, pp 436–441
Zhao T, Dong S (2010) A trust aware grid access control architecture based on ABAC. In: 2010 fifth IEEE international conference on networking, architecture, and storage, pp 1–6
Fakhar F, Shibli MA (2013) Comparative analysis on security mechanisms in cloud. In: 2013 15th international conference on advanced communication technology (ICACT), pp 145–50
Yang R, Lin C, Jiang Y, Chu X (2011) Trust based access control in infrastructure-centric environment. In: IEEE (ed) IEEE international conference on communications (ICC), pp 1–5
Fujun F, Junshan L (2009) Trust based authorization and access control. In: IEEE (ed) 2009 international forum on information technology and applications, pp 162–165
Xiong H, Zhang B (2010) Research on context and trust-based grid service authorization model. In: IEEE (ed) 2010 international conference on multimedia information networking and security, pp 433–437
Xiao-jun Z, Shi-qin L, Xue-li Y, Guang-Ping Z (2010) Dynamic authorization of grid based on trust mechanism. In: IEEE (ed) 2010 international symposium on intelligence information processing and trusted computing, pp 417–421
Ngo C, Membrey P, Demchenko Y, de Laat C (2012) Policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures. In: 2012 seventh international conference on availability, reliability and security, pp 343–349
Gomez-Farmo F, Martinez-Perez G (2010) Towards pre-standardization of trust and reputation models for distributed and heterogeneous systems. Comput Stand Interf 32(4):185–196
Viriyasitavat W, Martin A (2011) A survey of trust in workflows and relevant contexts, communications surveys tutorials, IEEE PP, vol 99, pp 1–30
Bernal-Bernabe J, Marin Perez JM, Alcaraz-Calero JM, Gomez Skarmeta AF, Garcia Clemente FJ, Martinez Perez G (2014) Semantic-aware multi-tenancy authorization system for cloud architectures. Future Gener Comput Syst 32:154–167
Alcaraz-Calero JM, Edwards N, Kirschnick J, Wilcock L, Wray M (2010) Towards a multi-tenancy authorization system for cloud services. IEEE Secur Privacy 8(6):48–55
Lenk A, Klems M, Nimis J, Tai S, Sandholm T (2009) Whats inside the cloud? An architectural map of the cloud landscape. In: Proceeding at ICSE workshop on software engineering challenges of cloud, computing, pp 1–6
Sirin E, Parsia B, Grau BC, Kalyanpur A, Katz Y (2007) Pellet: a practical OWL-DL reasoner. J Web Semant. 5(2):51–53
Carroll JJ, Dickinson I, Dollin C, Reynolds D, Seaborne A, Wilkinson Jena K (2004) Implementing the semantic web recommendations. In: Proceedings of the 13th international World Wide Web conference. ACM Press, New York, pp 74–83
Acknowledgments
This work has been partially funded with support from the Spanish MICINN (project RECLAMO—Virtual and Collaborative Honeynets based on Trust Management and Autonomous Systems applied to Intrusion Management—with code TIN2011-28287-C02-02) and the European project “Interoperable Trust Assurance Infrastructure” (INTER-TRUST-ICT FP7-G.A. 317731), within the European Commission 7th Framework Programme (FP7-ICT-2011-8).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Marin Perez, J.M., Bernal Bernabe, J., Alcaraz Calero, J.M. et al. Taxonomy of trust relationships in authorization domains for cloud computing. J Supercomput 70, 1075–1099 (2014). https://doi.org/10.1007/s11227-014-1117-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-014-1117-x