Advertisement

Journal of Grid Computing

, Volume 13, Issue 3, pp 425–456 | Cite as

Intercloud Trust and Security Decision Support System: an Ontology-based Approach

  • Jorge Bernal Bernabe
  • Gregorio Martinez Perez
  • Antonio F. Skarmeta Gomez
Article

Abstract

As Cloud Computing evolves, both customers and Cloud Service Providers are starting to require Intercloud scenarios where different clouds have to interact each other. Although there are some initial proposals to manage the Intercloud, there are still few approaches dealing with the associated new security and trust challenges in such a federated environment. To fill this gap, this paper presents SOFIC (Security Ontology For the InterCloud) aimed to formally describe the security aspects that are subject to be modeled in an Intercloud security assessment. SOFIC is based on standards and has been tailored extensible to cope with the security requirements of different Intercloud scenarios. The paper also shows in which way the ontology is used as input for a Trust and Security Decision Support System, in order to assist in the Intercloud security decision making process, quantifying security expectations and trustworthiness about Cloud Service Providers. The implementation, experiments and performance evaluation show the feasibility of the proposed ontology and system.

Keywords

Intercloud Security Trust Ontology Fuzzy Semantic-Web 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abawajy, J.H.: Determining service trustworthiness in intercloud computing environments. In: ISPAN, pp. 784–788 (2009)Google Scholar
  2. 2.
    Abbadi, I.: A framework for establishing trust in cloud provenance. Int. J. Inf. Secur. 12(2), 111–128 (2013)CrossRefGoogle Scholar
  3. 3.
    Abbadi, I.M., Martin, A.: Trust in the cloud. Inf. Secur. Tech. Rep. 16(34), 108–114 (2011)CrossRefGoogle Scholar
  4. 4.
    Aceto, G., Botta, A., De Donato, W., Pescapè, A.: Survey cloud monitoring: A survey. Comput. Netw 57(9), 2093–2115 (2013)CrossRefGoogle Scholar
  5. 5.
    Balboni, P., et al.: Security and privacy controls for federal information systems and organizations. Special publication SP 800-53 rev4, National Institute of Standards and Technology (2012)Google Scholar
  6. 6.
    Androcec, D., Vrcek, N., Seva, J.: Cloud computing ontologies: A systematic review. In: MOPAS 2012, The Third International Conference on Models and Ontology-based Design of Protocols, Architectures and Services (2012)Google Scholar
  7. 7.
    Balboni, P., et al: Procure secure, a guide to monitoring of security service levels in cloud contracts. Document, European Network and Information Security Agency (2012)Google Scholar
  8. 8.
    Bernabe, J.B., Perez, J.M.M., Calero, J.M.A., Clemente, F.J.G., Perez, G.M., Skarmeta, A.F.G.: Semantic-aware multi-tenancy authorization system for cloud architectures. Future Generation Computer Systems (0), – (2012)Google Scholar
  9. 9.
    Bernstein, D., Deepak, V.: Intercloud security considerations. In: 2nd IEEE International Conference on Cloud Computing Technology and Science, pp. 537–544 (2010)Google Scholar
  10. 10.
    Bernstein, D., Li, T.: P2302 Standard for Intercloud Interoperability and Federation. IEEE Technical Report (2012). http://standards.ieee.org/develop/project/2302.html
  11. 11.
    Bernstein, D., Ludvigson, E., Sankar, K., Diamond, S., Morrow, M.: Blueprint for the intercloud - protocols and formats for cloud computing interoperability. In: Fourth International Conference on Internet and Web Applications and Services, pp. 328–336 (2009)Google Scholar
  12. 12.
    Bhadauria, R., Sanyal, S.: Article: Survey on security issues in cloud computing and associated mitigation techniques. Int. J. Comput. Appl. 47(18), 47–66 (2012). Published by Foundation of Computer Science, New York, USAGoogle Scholar
  13. 13.
    Blanco, C., Lasheras, J., Valencia-García, R., Fernández-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, ARES ’08, pp. 813–820. IEEE Computer Society, DC, USA (2008)CrossRefGoogle Scholar
  14. 14.
    Calero, J.M.A., Perez, J.M.M., Bernabe, J.B., Clemente, F.J.G., Perez, G.M., Skarmeta, A.F.G.: Detection of semantic conflicts in ontology and rule-based information systems. Data Knowl. Eng. 69(11), 1117–1137 (2010). Special issue on contribution of ontologies in designing advanced information systemsCrossRefGoogle Scholar
  15. 15.
    Celesti, A., Tusa, F., Villari, M., Puliafito, A.: How to enhance cloud architectures to enable cross-federation. In: International Conference on Cloud Computing (CLOUD), 2010 IEEE 3rd, pp. 337–345 (2010)Google Scholar
  16. 16.
    Chadwick, D., Siu, K., Lee, C., Fouillat, Y., Germonville, D.: Adding federated identity management to openstack. J. Grid Comput. 12(1), 3–27 (2014)CrossRefGoogle Scholar
  17. 17.
    CSA: Security guidance for critical areas of focus in cloud computing. Technical Report., Cloud Security Alliance (CSA) (2012)Google Scholar
  18. 18.
    CSA: Cloud controls matrix. Document, Cloud Security Alliance. https://cloudsecurityalliance.org/research/ccm/ (2013)
  19. 19.
    DMTF: Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol. An Interface for Managing Cloud Infrastructure. Specification DSP0263, Distributed Management Task Force (2012)Google Scholar
  20. 20.
    Du, J., Sehrawat, N., Zwaenepoel, W.: Performance profiling of virtual machines. SIGPLAN Not 46(7), 3–14 (2011)CrossRefGoogle Scholar
  21. 21.
    Dukaric, R., Juric, M.B.: Towards a unified taxonomy and architecture of cloud frameworks. Future Gener. Comput. Syst. 29(5), 1196–1210 (2013)CrossRefGoogle Scholar
  22. 22.
    ETSI: Initial analysis of standardization requirements for cloud services. Technical Report ETSI TR 102 997. European Telecommunications Standards Institute (2010)Google Scholar
  23. 23.
    Field, L., Memon, S., Mrton, I., Szigeti, G.: The emi registry: Discovering services in a federated world. J. Grid Comput. 12(1), 29–40 (2014)CrossRefGoogle Scholar
  24. 24.
    Firdhous, M., Ghazali, O., Hassan, S.: Trust management in cloud computing: A critical review. Int. J. Adv. ICT Emerg. Reg. (ICTer) 4(2), 24–36 (2012)Google Scholar
  25. 25.
    Fortis, T.F., Munteanu, V., Negru, V.: Towards an ontology for cloud services. In: 2012 Sixth International Conference on Complex, Intelligent and Software Intensive Systems (CISIS), pp. 787–792 (2012)Google Scholar
  26. 26.
    Group, W.O.W.: OWL 2 Web Ontology Language: Document overview (second edition). W3C recommendation, W3C (2012)Google Scholar
  27. 27.
    Hashizume, K., Rosado, D., Fernndez-Medina, E., Fernandez, E.: An analysis of security issues for cloud computing. J. Int. Serv. Appl. 4(1), 1–13 (2013)CrossRefGoogle Scholar
  28. 28.
    Horrocks, I., Patel-Schneider, P.F., Boley, H., B. Grosof, S.T., Dean, M.: SWRL: A Semantic Web Rule Language combining OWL and RuleML. Technical Report, W3C. http://www.w3.org/Submission/SWRL/ (2004)
  29. 29.
    Hu, D., Wang, L., Zhou, Y., Zhou, Y., Jiang, X., Ma, L.: D-s evidence theory based digital image trustworthiness evaluation model. In: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01, MINES ’09, pp. 85–89. IEEE Computer Society, DC, USA (2009)CrossRefGoogle Scholar
  30. 30.
    Jansen, W., Grance, T.: Guidelines on security and privacy in cloud computing. Technical Report SP-800-14, National Institute of Standards and Technology (2011)Google Scholar
  31. 31.
    Khasnabish, e.a.: Cloud Reference Framework. Tech. rep., Internet Engineering Task Force., https://tools.ietf.org/html/draft-khasnabish-cloud-reference-framework-08
  32. 32.
    Kim, A., Luo, J., Kang, M.: Security ontology to facilitate web service description and discovery. In: Spaccapietra, S., Atzeni, P., Fages, F., Hacid, M.S., Kifer, M., Mylopoulos, J., Pernici, B., Shvaiko, P., Trujillo, J., Zaihrayeu, I. (eds.) Journal on Data Semantics IX, Lecture Notes in Computer Science, vol. 4601, pp. 167–195. Springer Berlin Heidelberg (2007)Google Scholar
  33. 33.
    Knode, R., Egan, D.: Into the cloud with ctp: A precis for the cloudtrust protocol. Technical Report, Computer Sciences Corporation (2010)Google Scholar
  34. 34.
    Li, A., Yang, X., Kandula, S., Zhang, M.: Cloudcmp: Comparing public cloud providers. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC ’10, pp. 1–14. ACM, NY, USA (2010)Google Scholar
  35. 35.
    Li, X., Du, J.: Adaptive and attribute-based trust model for service level agreement guarantee in cloud computing. Inf. Secur. IET 7(1), 39–50 (2013)CrossRefGoogle Scholar
  36. 36.
    Manuel, P., Thamarai Selvi, S., Barr, M.E.: Trust management system for grid and cloud resources. In: First International Conference on Advanced Computing, 2009. ICAC 2009, pp. 176–181 (2009)Google Scholar
  37. 37.
    Mather, T., Kumaraswamy, S., Latif, S.: Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly Media (2009)Google Scholar
  38. 38.
    Moscato, F., Aversa, R., Di Martino, B., Fortis, T., Munteanu, V.: An analysis of mosaic ontology for cloud resources annotation. In: 2011 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 973–980 (2011)Google Scholar
  39. 39.
    Nafi, K.W., Kar, T.S., Hossain, M.A., Hashem, M.M.A.: An advanced certain trust model using fuzzy logic and probabilistic logic theory. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 3(12), 164–173 (2013)Google Scholar
  40. 40.
    Nyrn, R., et al: Open cloud computing interface - core. Specification GFD-P-R.183, OCCI-WG (2011)Google Scholar
  41. 41.
    Parker, D.B.: Fighting computer crime: a new framework for protecting information. Wiley Inc., NY, USA (1998)Google Scholar
  42. 42.
    Petcu, D., Di Martino, B., Venticinque, S., Rak, M., Mahr, T., Esnal Lopez, G., Brito, F., Cossu, R., Stopar, M., perka, S., Stankovski, V.: Experiences in building a mosaic of clouds. J. Cloud Comput.: Adv. Syst. Appl. 2(1), 12 (2013)CrossRefGoogle Scholar
  43. 43.
    Rimal, B., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: Fifth International Joint Conference on INC, IMS and IDC, 2009. NCM ’09, pp. 44–51 (2009)Google Scholar
  44. 44.
    Slawik, M., Ermakova, T., Repschlȧger, J., Ku̇pper, A., Zarnekow, R.: Securing medical saas solutions using a novel end-to-end encryption protocol. In: 22st European Conference on Information Systems, ECIS 2014, Tel Aviv, Israel, June 9-11, 2014 (2014)Google Scholar
  45. 45.
    Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)CrossRefGoogle Scholar
  46. 46.
    Takabi, H., Joshi, J., Ahn, G.J.: Securecloud: Towards a comprehensive security framework for cloud computing environments. In: Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th Annual, pp. 393–398 (2010)Google Scholar
  47. 47.
    Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd international conference on Security of information and networks, SIN ’10, pp. 100–109. ACM, NY, USA (2010)Google Scholar
  48. 48.
    University of Murcia: Complete definition of SOFIC ontology. [Online]. Available: http://selfnet.inf.um.es/sofic (2015)
  49. 49.
    Vaquero, L., Rodero-Merino, L., Morn, D.: Locking the sky: a survey on iaas cloud security. Computing 91(1), 93–118 (2011)CrossRefzbMATHGoogle Scholar
  50. 50.
    Yangui, S., Marshall, I.J., Laisne, J.P., Tata, S.: Compatibleone: The open source cloud broker. J. Grid Comput. 12(1), 93–109 (2014)CrossRefGoogle Scholar
  51. 51.
    Youseff, L., Butrico, M., Da Silva, D.: Toward a unified ontology of cloud computing. In: Grid Computing Environments Workshop, 2008. GCE ’08, pp. 1–10 (2008)Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2015

Authors and Affiliations

  • Jorge Bernal Bernabe
    • 1
  • Gregorio Martinez Perez
    • 1
  • Antonio F. Skarmeta Gomez
    • 1
  1. 1.Departamento de Ingenieria de la Informacion y las ComunicacionesUniversity of MurciaMurciaSpain

Personalised recommendations