Mikel berdufi university_of_camerino_thesis

Universita degli Studi di Camerino

Scuola di Scienze e Tecnologie

Corso di Laurea Magistrale in Computer Science

Trust Management in a multicloud

Computing Environment

Student Supervisor

Mikel Berdufi Francesco De AngelisMatricola MAT. 090386

A.A. 2015/2016

Abtract

Cloud Computing is changing the way the technology works. It allows consumers andbusinesses to use applications without installation and access their personal files atany computer with internet access. In an enterprise that has complex and expensiveIT systems to support its business processes, who would not be attracted by the ideaof just being able to pay on-demand for someone else to provide IT services withoutbeing concerned with the details of how it is done? Despite the benefits of using thistechnology. Many companies are not quite sure to use this technology. Here are somethe reasons why:

1. Downtime.

2. Security and privacy issues.

3. Vulnerability to attack.

So in other words Security in cloud computing is really a big challenge in our daysand for this a lot of companies and universities are working for. These problems willbe more difficult to be solved when we consider a Multicloud Environment. Multicloudis the use of multiple cloud computing services in a single heterogeneous architecture.So now, we do not have to take care about the security on just only one single cloudcomputing system, but many of them. In fact, this project is focused in one of most im-portant security issues of this technology related to Trust management in a multicloudenvironment. We propose a trust management system for a multicloud environment.We have also built a prototype of the system we propose. This thesis describes the sys-tem including its architecture, framework used, the tests we have done, the performanceof the system and how it will affect this technology in the future.

Dedication

This is dedicated to my parents that have sacrificed for me to be a good student andwhat is important a good person. They have taught me to be always honest, respectother people, and fight for my future. One of the reasons why I am here now is becauseof them.

Thank you mom and thank you dead for being great persons.

Acknowledgements

I am using this opportunity to express my gratitude to everyone who supported methroughout the course of this project. I am thankful for their aspiring guidance, invalu-ably constructive criticism and friendy advice during the project work. I am sincerelygrateful to them for sharing their truthful and illuminating views on a number of issuesrelated to the project. I express my warm thanks to Francesco De Angelis and FabrizioIppoliti for their support and guidance. I would also like to thank all the people whoprovided me with the facilities being required and conductive conditions for my project.Thank you,Mikel Berdufi

Contents

1 Introduction 13

2 Cloud Computing Environment 15

2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.2 Deployment models of Cloud Computing . . . . . . . . . . . . . . . . . . 17

2.3 Security and privacy Issues . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.3.1 Authentication and Identity Management . . . . . . . . . . . . . 22

2.3.2 Access Control and Accounting . . . . . . . . . . . . . . . . . . . 23

2.3.3 Trust Management and Policy Integration . . . . . . . . . . . . . 23

2.3.4 Privacy and Data Protection . . . . . . . . . . . . . . . . . . . . 23

2.4 Security and Privacy Approaches . . . . . . . . . . . . . . . . . . . . . . 23

2.4.1 Authentication and Identity Management . . . . . . . . . . . . . 24

2.4.2 Secure Interoperation . . . . . . . . . . . . . . . . . . . . . . . . 24

2.4.3 Secure-Service Provisioning and Composition . . . . . . . . . . . 24

3 Multi-Cloud Environment 27

3.1 Multi-Cloud vs other Multiple Clouds . . . . . . . . . . . . . . . . . . . 30

3.2 Collaboration in a Multi Cloud environment . . . . . . . . . . . . . . . . 31

3.3 Challenges and benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4 Management software for Multi-cloud . . . . . . . . . . . . . . . . . . . 34

3.5 Recent research Prototypes . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.5.1 Example of a multicloud system using CloudMF . . . . . . . . . 36

4 Trust management in Cloud Computing 41

4.1 The Concept of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.2 Trust Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.2.1 Cross Cloud Trust . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.2.2 Cross Domain Trust . . . . . . . . . . . . . . . . . . . . . . . . . 47

4.2.3 Cross Project Trust . . . . . . . . . . . . . . . . . . . . . . . . . 50

4.3 Trust Management Techniques . . . . . . . . . . . . . . . . . . . . . . . 50

4.3.1 Policy as a Trust Management Technique . . . . . . . . . . . . . 52

4.3.2 Recommendation as a Trust Management Technique (RecT) . . 52

4.3.3 Reputation as a Trust Management Technique (RepT). . . . . . 53

4.3.4 Prediction as a Trust Management Technique (PrdT). . . . . . . 53

Contents

4.4 Research Prototypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.4.1 Security-Aware Cloud Architecture: . . . . . . . . . . . . . . . . 54

4.4.2 Compliant Cloud Computing Architecture . . . . . . . . . . . . 54

4.4.3 TrustCloud: A Framework for Accountability and Trust in CloudComputing: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4.4 Multi-faceted Trust Management System Architecture for CloudComputing: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.4.5 CLOUD-ARMOR: A Trust Management Framework for Servicesin Cloud Environments: . . . . . . . . . . . . . . . . . . . . . . . 55

5 Proposed approach 57

5.1 Technical Requirements for a MULTI-CLOUD system . . . . . . . . . . 57

5.1.1 Development group : . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.1.2 Deployment group : . . . . . . . . . . . . . . . . . . . . . . . . . 58

5.1.3 Execution group : . . . . . . . . . . . . . . . . . . . . . . . . . . 58

5.2 Technological Barriers in enabling the MULTI-CLOUD . . . . . . . . . 59

5.3 Proposed system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.3.1 Openstack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

5.3.2 Jclouds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

5.3.3 Tests made . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.3.4 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 73

6 Conclusions and Future Work 79

10

List of Figures

2.1 Exmaple of SAAS Architecture . . . . . . . . . . . . . . . . . . . . . . . 16

2.2 Cloud Computing Service Levels . . . . . . . . . . . . . . . . . . . . . . 17

2.3 Cloud platforms and Services they offer . . . . . . . . . . . . . . . . . . 18

2.4 % of businesses in cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.5 what clouds do businesses use most . . . . . . . . . . . . . . . . . . . . . 20

2.6 Cloud Environment Architecture. . . . . . . . . . . . . . . . . . . . . . . 20

2.7 Cloud Deployment models. . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1 Example of a Multicloud framework . . . . . . . . . . . . . . . . . . . . 28

3.2 Cloud Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.3 Multicloud Collaboration Example . . . . . . . . . . . . . . . . . . . . . 32

3.4 The SensApp architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.5 CloudMF Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4.1 Trust Management two different perspectives . . . . . . . . . . . . . . . 41

4.2 Trust Relationship between 3 clouds EXAMPLE . . . . . . . . . . . . . 45

4.3 Example of a Cross Cloud TRUST . . . . . . . . . . . . . . . . . . . . . 46

4.4 Cross-Cloud Type β Sequence . . . . . . . . . . . . . . . . . . . . . . . . 47

4.5 Cross-Domain Trust User Assignment . . . . . . . . . . . . . . . . . . . 49

4.6 TM Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.7 Example of Reputation calculation . . . . . . . . . . . . . . . . . . . . . 53

4.8 Example of Prediction similarity calculation . . . . . . . . . . . . . . . . 54

5.1 Openstack architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

5.2 Conceptual Openstack architecture . . . . . . . . . . . . . . . . . . . . . 62

5.3 Minimal architecture example with OpenStack Networking (neutron) . . 63

5.4 Providers supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

5.5 Terminology used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

5.6 Test Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

5.7 Proposed architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

5.8 Trust establishment steps . . . . . . . . . . . . . . . . . . . . . . . . . . 77

5.9 Trust establishment steps simple UI . . . . . . . . . . . . . . . . . . . . 78

1. Introduction

Cloud computing has the potential to change the whole IT industry market, makingsoftware more attractive for the users. Cloud computing has been attracting the atten-tion of several researchers both in the academia and the industry as it provides manyopportunities for organizations by offering a range of computing services. Furthermore,cloud computing could significantly enhance collaboration, agility, and scale, thus en-abling a truly global computing model over the Internet infrastructure. But it’s still anevolving paradigm and several issues have to be solved. Without appropriate securityand privacy solutions designed for clouds, this potentially revolutionizing computingparadigm could become a huge failure. This thesis illustrates some of the most impor-tant security and privacy challenges in clouds. So from one side we have businessesthat are interested to use this technology because it’s convenient and from the otherside we have a lot of universities that are involved solving Security problems in cloudcomputing. It is true that a lot of companies are interested using the services cloudcomputing offers but it’s not clear if they trust the cloud provider. Fujitsu ResearchInstitute did a survey [23] 5 years ago and this survey was conducted among morethan 3000 cloud consumers from 6 countries. It shows that 84% of the consumers areconcerned about their data storage location and 88% of the consumers worry aboutwho has access to their data.Over the last year, as enterprise awareness of the cloudhas increased, more and more enterprises outsource their workload deployments to thecloud, in most cases to a single cloud provider or vendor. But the market is rapidlychanging with more and more options becoming available from a variety of public IaaSproviders, including Amazon, HP, IBM, Rackspace as well as private offering such asOpenstack and VMware. The new deployment options make it possible to mix andmatch platforms and cloud providers, as well as to set up hybrid clouds where you keepsome of your resources in your on-premises datacenter or private cloud while migratingparts of your workload to one or more public clouds. A key issue that needs specialattention is security of clouds, and trust management is an important component ofsecurity in cloud. This thesis is focused on trust management in a multi-cloud en-vironment. It is described an approach proposed by us to build a special system tomanage trust management in a multicloud computing environment. Thesis is orga-nized in sections. Section 2, gives an overview about a single cloud environment. Itfocuses more on security and privacy issues the cloud computing in general is facingthese days. Sections 3, gives an overview about the multi cloud environment. In thesection 3 trust management in multi-cloud is described. The approach we propose isdescribed in section 4. While in section 5 an overview about the developed system isgiven. In section 5 is described the chosen framework, the performance of the systemand the architecture.

2. Cloud ComputingEnvironment

This Chapter is focused on single cloud computing environments giving an overviewabout a single cloud environment provided by a cloud provider. In this section are alsodescribed some of the security and privacy issues cloud computing is facing in our days.

2.1 Overview

To understand the importance of cloud computing and its adoption, we must under-stand its principal characteristics, its delivery and deployment models, how customersuse these services, and how to safeguard them. The five key characteristics of cloud com-puting include on-demand self-service, ubiquitous network access, location-independentresource pooling, rapid elasticity, and measured service, all of which are geared towardusing clouds seamlessly and transparently Cloud computing can be defined as a set ofservices offered online by different cloud provides. These services can be categorized in3 categories:

• Software as a Service (SaaS):Saas is sometimes referred as ”on-demand software”. It is one of the services thata cloud provider can offer for its clients. So the cloud provide offers the software asa service and the client has to pay if he wants to use a specific software installedon cloud. The software in cloud can be considered as centralized and in mostcases they are accessible from the web from the client. Knowing that securityissues are present in a cloud computing environment, for cloud providers it’s noteasy to offer this service. Cloud providers must make sure that ever services theyoffer is secure. Figure 2.1 illustrates how this service is offered to the costumersfrom cloud providers.

• Platform as a Service (PaaS):This service provides to costumers a platform only for them to develop managedifferent web applications. If the customer is using a service provide by a publiccloud provider, in this case the customer will have to control the deployment andthe configuration settings. So the customer doesn’t have to be worried about thewebserver, storage etc... Is the cloud provider that maintains all these stuff.

• Infrastructure as a Service (IaaS):This is the most expensive service offered by a cloud provider. This service pro-vides to the customer hardware resources using virtualization over the internet.So the customer can buy its own hardware resources. This service is provided

Overview

Figure 2.1: Exmaple of SAAS Architecture

online, and the customer can configure its own system. The service it’s not freeand the cost of the service depends form the cloud provider. Cloud provider fromthe other side handle tasks including system maintenance, backup and resiliencyplanning. It also hosts hardware, software, servers, storage and other infras-tructure components on behalf of its users. IaaS platforms offer highly scalableresources that can be adjusted on-demand.

• Network as a Service (NAAS):Network as a service can be defined as delivering network services virtually overthe Internet on a pay-per-use or monthly subscription basis. This concept couldbe very interesting for a lot of business because it saves them from spending a lotof money on managing network and buying network devices. This is not a newconcept. Sometimes it is listed as a separate Cloud provider service because itsdevelopment is facing a lot of concerns that have affected other cloud computingservices like:

1. High availability (HA).

2. Service level agreements (SLAs).

3. Data sovereignty.

4. Vendor Lock-in.

Anyway there are some cloud providers that are offering this service.

From a hardware point of view, three aspects are new in Cloud Computing:

1. The illusion of infinite computing resources available on demand, thereby elimi-nating the need for Cloud Computing users to plan far ahead for provisioning.

2. The elimination of an up-front commitment by Cloud users, thereby allowingcompanies to start small and increase hardware resources only when there is anincrease in their needs.

16

Deployment models of Cloud Computing

3. The ability to pay for use of computing resources on a short-term basis as needed(e.g., processors by the hour and storage by the day) and release them as needed,thereby rewarding conservation by letting machines and storage go when they areno longer useful.

Figure 2.2 gives some details about the cloud levels mentioned before.

Figure 2.2: Cloud Computing Service Levels

As mentioned before there are different cloud providers that offer different cloudservices. Figure 2.3 gives a list of cloud providers and the cloud services they offer.

An article published by CloudTweaks [14] says that in 2020 the worth from cloudcomputing industry is going to be about 240$ billion as shown in Figure 2.4. As a lot ofbusiness are shifting to cloud, it means that a lot of them trust in cloud computing asa good solution for them. A lot of research is done and there are a lot ongoing focusedon the main security issues cloud computing is facing.

2.2 Deployment models of Cloud Computing

There is aggressive growth in business for cloud adoption. However, the cloud canbring security risks and challenges for IT Management, which can be more expensivefor the organization to deal with, even considering the cost saving achieved by movingto the cloud. So it’s very important for businesses to understand their needs beforethey pass their IT infrastructure to cloud. There are different cloud deployment modelsfor the businesses and their implementation depends from business needs, that’s whythe business must understand their needs to choose the best deployment model. Someof the cloud computing deployment models are:

1. The Private Cloud.This model of cloud computing refers to an implemented cloud platform within

17


Figure 2.3: Cloud platforms and Services they offer

Figure 2.4: % of businesses in cloud

the corporate firewall, under the control of the IT department. This deploymentmodel offers the same features and benefits of public cloud systems, but it ismore secured because the cloud platform is implemented within the companyit infrastructure and is the managed by the company itself. A private cloudimplementation aims to avoid many of the objections regarding cloud computingsecurity. Because a private cloud setup is implemented safely within the corporatefirewall, a private cloud provides more control over the company’s data, and itensures se20curity, albeit with greater potential risk for data loss due to naturaldisaster.

2. The Public Cloud.This deployment model is very popular and it represents true cloud hosting. Inthis deployment model, services and infrastructure are provided to various clientsby different cloud providers. It really helps to reduce capital expenditure andbring down operational IT costs. Public cloud services may be free or offered on

18


a pay-per-usage model. Some of the benefits of using public cloud providers are:

(a) It’s very easy and it doesn’t cost a lot to set up the environment, becauseall the hardware and maintenance expenses are covered by the provider.

(b) Public clouds get enterprises out of the ”datacenter business”.

(c) Public clouds attract the best security people available.

(d) Scalability to meet needs.

3. The Hybrid Cloud.Hybrid cloud can be considered as a mix between private and public cloud envi-ronments. Hybrid cloud gives businesses greater flexibility and more data deploy-ment options. The idea is that the customer, in this case the business can leaveits important data into his own private cloud provider, and from the other sidecan use the services offered by a public cloud provider. So the business beforepassing to hybrid cloud computing must first be sure the data it wants to storeand manage in its private cloud environment and the data it wants to store in apublic cloud environment.Hybrid cloud models can be implemented in a number of ways:

• Separate cloud providers team up to provide both private and public servicesas an integrated service.

• Individual cloud providers offer a complete hybrid package.

• Organizations who manage their private clouds themselves sign up to a pub-lic cloud service which they then integrate into their infrastructure.

4. The Community Cloud.This deployment model of cloud computing is a little bit special. It represents ashared cloud infrastructure by several organizations. This helps to further reducecosts as compared to a private cloud, as it is shared by larger group. The goal ofa community cloud is to have participating organizations realize the benefits of apublic cloud – such as multi-tenancy and a pay-as-you-go billing structure – butwith the added level of privacy, security and policy compliance usually associatedwith a private cloud.

CloudTweaks [14] published some statistics online about the percentage of usage ofeach deployment model by business as shown in Figure 2.5.

The statistics shows that the most part of companies are using Private Cloud. Thismeans that it exists the fear of data privacy . An example of cloud architecture is shownon figure 2.6.Another figure 2.7 shows all Deployment models of cloud computing.

19


Figure 2.5: what clouds do businesses use most

Figure 2.6: Cloud Environment Architecture.

20


Figure 2.7: Cloud Deployment models.

21

Security and privacy Issues

2.3 Security and privacy Issues

This section illustrates the unique issues of cloud computing that exacerbate securityand privacy challenges in clouds. Security and privacy risks in cloud computing is achallenging activity. Understanding this risks is very important because it helps to findsolutions that are so critical for its success. As cloud computing provides access to datathe biggest challenge is to ensure that only authorized entities can gain access to it.So its cloud provider’s responsibility to provide secure data access for their customers.And of course the sharing level it’s not the same for every delivery models. For example:

• In SAAS Providers are more responsible for the security and privacy of applicationservices, more so in public than private clouds where the client organization mighthave stringent security requirements and provide the needed enforcement services.

• In PAAS customers are primarily responsible for protecting the applications theybuild and run on the platforms. Providers are then responsible for isolating thecustomers’ applications and workspaces from one another.

• In IAAS the situation is more complicated. It’s expected that the consumerssecure the operating systems, applications, and content. The cloud provider stillmust provide some basic, low-level data protection capabilities.

Multitenancy is another characteristic of a cloud computing environment. It allowsthe cloud providers to share and manage the implemented infrastructure. From a cus-tomer’s perspective, the notion of using a shared infrastructure could be a huge concern.There are a lot of mechanisms that allow a secure shared environment management.The provider must provide a secure multitenant environment.

Cloud computing environments are multidomain environments, where each domaineach domain can use different security, privacy, and trust requirements and potentiallyemploy various mechanisms, interfaces, and semantics.

The information security area has faced significant problems in establishing appropri-ate security metrics for consistent and realistic measurements that help risk assessment.We must reevaluate best practices and develop standards to ensure the deployment andadoption of secure clouds.

2.3.1 Authentication and Identity Management

Users can access their personal information and make it available for other services usingan identity management (IDM) mechanism. This system is installed and managed bythe cloud provider. An IDM system should be able to protect private and sensitiveinformation related to users and processes. An issue that comes with an IDM system isthat sometimes it doesn’t provide SSO in other cloud computing platforms or domains,because may happen that some cloud domains use different identity tokens and identity

22

Security and Privacy Approaches

negotiation protocols. And the system needs to be configured to support SSO. In amultitenant environment is more difficult to manage and ensure the privacy. Whileusers interact with a front-end service, this service might need to ensure that theiridentity is protected from other services with which it interacts. How multi-tenant cloudenvironments can affect the privacy of identity information isn’t yet well understood.

2.3.2 Access Control and Accounting

Different cloud services and domains demand fine-grained access control policies. ac-cess control services might need to integrate privacy-protection requirements expressedthrough complex rules. In order to have an efficient access control system the followingcharacteristics must be considered:

• Must be easily managed.

• Its privilege distribution must be administered efficiently.

• Cloud delivery models must provide generic access control interfaces for properinteroperability.

• Should also be able to capture relevant aspects of SLAs.

2.3.3 Trust Management and Policy Integration

There are a lot of cloud service providers that coexist in clouds and collaborate toprovide various services. Some of them might have different security mechanism anddifferent security approaches, making the collaboration very difficult. So, there areneeded mechanisms to ensure different cloud services collaboration. This mechanismmust ensure that the collaboration is dynamic and secure. Hence, providers shouldcarefully manage access control policies to ensure that policy integration doesn’t leadto any security breaches. A trust framework should be developed to allow for effi-ciently capturing a generic set of parameters required for establishing trust and tomanage evolving trust and interaction/sharing requirements. The cloud’s policy in-tegration tasks should be able to address challenges such as semantic heterogeneity,secure interoperability, and policy evolution management.

2.3.4 Privacy and Data Protection

As we discussed above privacy is the biggest challenge including even the need to protectidentity Information, policy components during integration, and transaction histories.As we said a lot of costumers are not happy that they are storing their data outside oftheir datacenters. This might be the single greatest fear of cloud clients. Workloads ina shared infrastructure can increase the risk of potential customer data unauthorizedaccess and exposure. What’s more important is that all the actions related to data mustbe logged. Within multi-tenant environments, one tenant could be a highly targetedattack victim, which could significantly affect the other tenants.

2.4 Security and Privacy Approaches

This section describes some approaches proposed for the issues mentioned above.

23


2.4.1 Authentication and Identity Management

One of the best approaches that has recently received attention for handling privateand critical identity attributes is USER CENTRIC IDM [29]. Such an approach letsusers control their digital identities and takes away the complexity of IDM from the en-terprises, thereby allowing them to focus on their own functions. The users can accessthe cloud services from everywhere they are and they must be able to they must be ableto export their digital identities and securely transfer them to various computers. Re-searchers are currently pursuing other federated IDM solutions that might benefit cloudenvironments [16][29]. IDM services in the cloud should be able to be integrated withan enterprise’s existing IDM framework. [5][13] In some cases, it’s important to haveprivacy-preserving protocols to verify various identity attributes by using, for example,zero-knowledge proof-based techniques. These techniques, which use pseudonyms andaccommodate multiple identities to protect users’ privacy, can further help build a de-sired user-centric federated IDM for clouds. IDM solutions can also be extended withdelegation capabilities to address identification and authentication issues in composedservices.

2.4.2 Secure Interoperation

A lot of recent research works are being focused on on multidomain access control poli-cies and policy integration issues. secure interoperation and policy engineering mecha-nisms to integrate access policies of different domains and define global access policies.[17][41]. The idea of all of this research work is to build and standardize a centralizedaccess approach that different cloud domains can then implement to communicate andinteroperate with other cloud domains. We also need specification frameworks to ensurethat the cross-domain accesses are properly specified, verified, and enforced. SecurityAssertion Markup Language (SAML), Extensible Access Control Markup Language(XACML), and Web services standards are viable solutions toward this. [41]

2.4.3 Secure-Service Provisioning and Composition

To optimize resource utilization, cloud service providers often use virtualization tech-nologies that separate application services from infrastructure. In the cloud, serviceproviders and service integrators need to collaborate to provide newly composed servicesto customers. This sort of activity requires automatic service provisioning and compo-sition frameworks that allow cloud service providers and service integrators to describeservices with unified standards to introduce their functionalities, discover existing in-teroperable services, and securely integrate them to provide services. Such frameworksmust include a declarative language to describe services, features, and mechanisms toprovision and compose appropriate services. The Open Services Gateway Initiative(OSGi) service platform provides an open, common architecture for service providers,developers, software vendors, gateway operators, and equipment vendors to cooper-atively develop, deploy, and manage services.13 Researchers have developed ways toconfigure and map the OSGi authorization mechanism to RBAC.13 Declarative OWL-based language can be used to provide a service definition manifest, including a list ofdistinct component types that make up the service, functional requirements, componentgrouping and topology instructions, and so on. OSGi can also be adopted to develop anagent-based collaboration system for automatic service provisioning. The challenges ofsuch collaboration systems include dynamic access control to resources shared by agents

24


and controlling collaborative actions that are geared toward a collaboration goal.

25

3. Multi-Cloud Environment

Multi-cloud can be defined as the use of cloud services from different cloud provides inone single environment. It can be considered as an integration of cloud providers toform a single working heterogeneous environment as shown in figure 3.1. Multi-Cloudis the future of Cloud. Research recently carried out by Dimensional Research hasunveiled something very interesting about the future of cloud computing - and it’s atrend of which anyone with even a passing interest in the technology should be awareof. Commissioned by Equinix, Dimensional conducted a survey [38] of over 650 ITprofessional worldwide. This is a recent survey is published in 2015 by dimensionalresearch. Dimensional Research discovered that the majority of enterprises are lookinginto the deployment of multiple clouds in both the short and long-term. The resultsof the survey are shown in figure 3.2. They found out that 77% of IT decision makersare planning to implement multi-cloud architecture, while a staggering 91% intend toat least implement some sort of cloud-based solution within the next twelve months.Of these respondents, 48% plan to deploy six or more cloud services.

Figure 3.1: Example of a Multicloud framework

28

Figure 3.2: Cloud Trends

29

Multi-Cloud vs other Multiple Clouds

The top applications slated to be moved to the cloud during this implementation are:

1. Storage/backup.

2. Business intelligence.

3. Disaster recovery.

4. Project management.

5. Content management.

But why a lot of companies are planning to pass to a multicloud platform? In thesection below are explained the benefits of a multicloud platform but also the challengesin building and maintaining an environment like this.

3.1 Multi-Cloud vs other Multiple Clouds

If we talk about multiple clouds it doesn’t mean that we are talking about multi clouds.Multi clouds is part of multiple clouds. Multiple clouds have a only a quinquennialhistory and during these years different terms are used to describe their various forms.We name here only few: Multi-Cloud, Cloud Federation, Inter-Cloud, Hybrid Cloud,Cloud-of-Clouds, Sky Computing, Aggregated Clouds, Multi-tier Clouds, Cross- Cloud,Cloud Blueprint, Cloud Merge, Fog Computing, Hi- erarchical Clouds, DistributedClouds and so on.

There are several cloud ontologies( for example ([18])), but the taxonomy of multipleClouds is not well established and the border between different terms is still cloudy.Still we are sure that there are 2 delivery models in multiple Clouds:

1. Federated Cloud.

2. Multi-Cloud.

The difference is made, according to [3], by the degree of collaborations between theClouds involved and by the way by which the user interacts with the Clouds. In thefirst model there is an agreement between the different Cloud providers to share theirresources, while in the second model there is no such agreement. Similarly, in [20] thetwo models are classified based on the collaboration type: volunteer, in Federation, ornot, in Multi-Cloud. In the first model the user interacts with one Cloud and is notaware that the resources or services that are consumed are from another Cloud. In thesecond model the user is aware of the different Clouds and is responsible, or a thirdparty is responsible, to deal with the provisioning of the services or resources.

The Cloud provider needs are served by the Federated Cloud. The main drive isthe need to enhance own Cloud resource and service offers, based on agreements withother providers, especially to acquire new resources due to limitation of the own ones.However, to optimize costs or improve quality of services; and to follow the constraints,like new locations or laws, can be also the reasons of its usage, especially in the case ofthe geographical location restrictions or own cost reduction politics. The Cloud clientsneeds are served by the Multi-Cloud model. The main drive is the need to optimizecosts or improve quality of services; , as relying upon own or third party capacity toidentify the appropriate service or resource for a concrete application or new service.

30

Collaboration in a Multi Cloud environment

However, any reason can be also motivating the usage of Multi-Cloud.Knowing that agreements between large Cloud providers are difficult to be achieved ,because of the amount of data and services they offer for their clients, this can be agood opportunity fr small cloud providers to implement a multi cloud system. Usingthese new technology small cloud providers can enhance e their offer .As we said before one of the main problems of multiple cloud environments is theinteroperability between different Clouds, while in Multi-Cloud the main one is theportability of applications between Clouds .

A good example of an application of a Multi-Cloud is presented in [19], related tothe monitoring of multiple Clouds.

In the NIST Cloud Computing Reference Architecture [34], was mentioned one majoractor ” Cloud broker ”. A cloud broker has different roles in different multiple cloudenvironemnts. For example in the case of a Federation, it is part of a centralized entityor appears to each provider. In the case of Multi-Cloud, it is part of the special serviceor library. So in each model, it can take important roles :

• optimizer in Finding the best match between requirement and offer;

• adapter by offering a unique management interface;

• extension of existing services;

• aggregation with indexing;

• splitter of user requests to multiple providers;

• arbitrage between Clouds.

And if we talk about Inter Cloud we mean a federated cloud or a multicloud thatincludes at least 1 broker.

3.2 Collaboration in a Multi Cloud environment

There are 2 main scenarios where multicloud is needed.First collaboration between dif-ferent organizations : As more organizations are transferring their it resources intocloud there is a need for collaboration with other organization into cloud. Secondlysome big organization may use cloud services provided by different cloud provides toguarantee availability and eliability, and hence will need the ability to consolidate re-sources across multiple cloud service providers for day to day operations. In real life,collaboration among organizations is inevitable due to growing challenges of globalcompetition, rapid changes and increasing complexity of organizational structures. Or-ganizations should be able to quickly come together and collaborate to solve a specificproblem or exploit a specific opportunity.In order to make use of services from multiple clouds a re- ality, several technical bar-riers need to be resolved, and some of them are described in the next section.Thereis also a need to define some standards and the research community is working forthis.Research community is beginning to establish architectures and standards for col-laboration across multiple clouds [35, 6, 30, 7] .The idea of collaboration in multicloud has to do with the rights or permissions thatone user from one specific cloud platform has on resources of another user that belongs

31

Challenges and benefits

to another cloud platform. Thus a critical challenge in facilitating multi-cloud collabo-ration is to allow customers across multiple clouds to precisely control what resourcesthey are willing to share with other customers, and what operations are authorized onthose shared resources.

To clarify the idea of collaboration an example is shown on figure 3.3

Figure 3.3: Multicloud Collaboration Example

In this example we take in consideration the collaboration between different insti-tutes of university to form an inter-university research community.We have two CERNmember universities Acme and Zenith running OpenStack as their cloud platform.Bobis a professor in physics domain in Zenit. Bob should have access to Acme Cloud’sproject to perform his analysis. But bob cant do this if he hasn’t cross access into theplatform. This can allow Bob to create a virtual machine (VM) in Acme cloud’s Con-dense Matter project and perform analysis.From the other side we have David thatwants to access the Molecular domain in Zenith Cloud , but he cant do this manuallybecause by default openstack doesnt allow him to access this domain.By enabling cross-cloud access we achieve the following beneffits.

• We eliminate the need to provision users in every collaborating organization.

• Inter-cloud and intra-cloud assignments are differentiated and administered sep-arately.

• Each participating organization has some degree of control over organizations’relationship.

3.3 Challenges and benefits

There are a number of reasons for deploying a multicloud architecture. In this sectionare described the benefits and the challenges of deploying and maintaining a platformlike this. A multicloud strategy can improve overall enterprise performance by avoiding”costumer vendor lock-in” and using different infrastructures to meet the needs ofdiverse partners and customers. This kind of approach can offer not only the hardware,software and infrastructure redundancy necessary to optimize fault tolerance, but it

32

Challenges and benefits

can also steer traffic from different customer bases or partners through the fastestpossible parts of the network. Some organizations use a public cloud to make resourcesavailable to consumers over the Internet and a private cloud to provide hosted servicesto a limited number of people behind a firewall. A third type of cloud, called a hybridcloud, may also be used to manage miscellaneous internal and external services. Inone of his articles on InfoWorld [28] David Linthicum (recognized industry expert andthought leader) explains that Multicloud,“is more complex than a hybrid cloud, whichis typically a paired public and private cloud says,. Multiclouds add more cloudsto the mix; perhaps two or more public IaaS providers, a private PaaS, on-demandmanagement, and security systems from public clouds, private use-based accounting.Some of the multicloud benefits are:

• AutonomyThe ability to deploy your applications on different cloud providers has the clearadvantage of reducing dependency on a single vendor.

• HybridityYou can keep some applications on-premises and others on one or more publicclouds, based on a variety of considerations, such as security, performance or costoptimization. For example, a hybrid cloud solution can also be used to providefaster service, particularly if your customers are located in different countries. De-ploying your applications on a cloud that is closer to your customer’s geographicallocation can result in better response time and performance.

• Extended capabilitiesDifferent cloud providers support different platforms and offer constantly chang-ing packages of capabilities. Some features, for example, Database as a Service,might not be supported by all cloud providers. It might be a good idea to shoparound, comparing the various cloud offerings to identify which providers offerthe best fit for you. You might prefer to pay more for specific deployments if itmeans you get special capabilities, while continuing to take advantage of lowercosts offered by a different provider for resources where those capabilities are notrelevant.

But again as the companies want to pass their system to cloud or multicloud environ-ment some of them hesitate to take this step because of security issues in this plat-forms. So, despite many benefits, multi-clouds can be difficult to manage. Typically,these cloud services emerge autonomously; they are purchased to meet specific busi-ness needs, at times, with little to no IT input – which creates inefficiency. Multi-cloudintegration is also an issue. Ranging from operating systems to protocol stacks, publicIaaS providers use different technologies to build and support their cloud services. Forexample, AWS has a distinct Linux flavor, whereas Microsoft Azure is Windows-centric.Therefore, software portability is limited or completely unavailable.

So we can say that some of the multicloud challenges are:

• ComplexityThe biggest challenge of multi-cloud is its inherent complexity – different tech-nologies, different interfaces, different services, and different terminology. Thereis currently no standardization of terminology, instance sizes, or methodologiesacross cloud vendors.

33

Management software for Multi-cloud

• Interoperabilityor lack between different cloud vendors. This necessitates using workaroundsor APIs to make the application set up work on different platforms and clouds.Specialized tools, such as Ravello, can be used to achieve seamless deploymenton different external cloud providers.

• Management overheadMulti-cloud requires a higher level of expertise in determining what to move tothe cloud, where, when and why. This brings with it an increase in overall man-agement overhead, including investments in VPN connections and monitoring.The implementation of different platforms requires expertise in a more diverserange of subjects.

• PortabilityTo avoid the vendor lock-in syndrome, SaaS must be portable on top of variouscloud PaaS and IaaS providers. This portability allows the migration from oneprovider to another in order to take advantage of cheaper prices or better qual-ities of services (QoS). However, SaaS portability requires the runtime supportprovides a common model to hide the diversity of underlying PaaS and IaaS.

• Heterogeneityarious protocols can be used to support interactions between services distributedon the clouds, such as Simple Object Access Protocol (SOAP), RepresentationalState Transfer(REST),JavaScript Object Notation(JSON),Google Web Toolkit(GWT) RPC, just to name a few of them. PaaS will then need to deal with theheterogeneity of these service-oriented protocols and let SaaS to select the bestfitting protocol according to business requirements.

• Geo-diversity: Finally, [2] advocates that small data centers, which consume lesspower, may be more advantageous than large ones, and that geo-diversity tendsto better match user demands. This has led to the idea that federated cloudplatforms, so-called intercloud solutions [3], are required.

3.4 Management software for Multi-cloud

Now a days there are a lot of software libraries that can be used to build and maintain amulticloud environment. This management software’s can be library-based or service-based. Library-based approaches let the developers to build a multicloud platform fromscratch. The libraries are written in different programing languages. The developer canuse these libraries to communicate with different api services offered by different cloudplatforms. This is how the integration of different cloud platforms is done. The mostknown library-based approaches are:

Jclouds is an open source Java library designed to support the portability of Javaapplications, which allows the uniform access to the resources of AWS, vCloud, Cloud-Servers, ElasticHosts, Eucalyptus, GoGrid, OpenHosting, Rackspace, DeltaCloud andso on (complete list at www.jclouds.org).

libcloud is a Python library that abstract the differences among the programminginterfaces of various services offered by OpenNebula, GoGrid, Enomaly, SliceHost,Elastic Hosts, RackSpace, Eucalyptus, AWS, Joyent, vCloud and so on (details at

34

www.jclouds.org

Management software for Multi-cloud

www.libcloud.apache.org )

deltacloud is a REST-based API written in Ruby which allows also the connectionsto various Cloud resources of AWS, Eucalyptus, GoGrid, OpenNebula, Eucalyp-tus,Rackspace, OpenStack and so on (details atwww.deltacloud.apache.org).

SimpleCloud is a PHP library offering uniform interfaces for file and document stor-age, queues and infrastructure services of AWS, RackSpace, Azure, Nirvanix (detailsat www.simplecloud.org).

Service-based approaches can be divided in two categories: hosted or deployable.This are software’s developed that can be installed in local or configured online.Thisplatforms are not free. The most known hosted services are the commercial ones:

RightScale is offering a management platform for control and administration of de-ployments in different Clouds,based on AWS, Eucalytus, GoGrid, vCloud and Flexi-ant(details at www.rightscale.com). Its Multi-Cloud Engine is able to broker capabilitiesrelated to virtual machine placement in Public Clouds. enStratus allows the manage-ment, monitoring, automation and governance of resource consumption based on theservices from AWS, GoGrid, Joyent, OpenStack, Cloud-Stack, CloudSigma, vCloud,Azure and so on (details at www.enstratus.com );Kaavo allows the management of distributed applications and workloads in variousClouds based on AWS, Rack-space, Terremark, Eucalyptus (details at www.kaavo.com).

Deployable services are results of open-source projects like:

Aeolus is an open-source cloud management software written in Ruby and pro-vided for Linux systems by RedHat. It is based on the deltacloud library (details atwww.aeolusproject.org );

mOSAIC is an open-source API and a deployable Platform as a Service allowingthe deployment and the life-cycle control of applications consuming infrastructure ser-vices. Services that can be consumed are provided by AWS, GoGrid, vCloud, Eu-calytus, RackSpace, CloudSigma, DeltaCloud, Flexiscale and so on (details at bit-bucket.org/mosaic);

Optimis is a deployable Platform as a Service that allows Cloud service provision-ing and the management of the life-cycle of the services. Services that are currentlyconnected are from AWS, OpenNebula, Eucalyptus, Emotive, Flexiant (details atwww.optimis-project.eu/Toolkit v2).

Some other multi-cloud management software’s are cloud brokers like:

SpotCloud provides a marketplace for infrastructure service and a matching servicewith the client requirements (details at www.spotcloud.com);

Scalr provides deployment of virtual machines in various Clouds and includes auto-mated triggers to scale up and down (details at www.scalr.net);

Stratos offers single sign-on and monitors resource consumption and the fulllment ofservice level agreements and offers auto-scaling mechanisms(details at www.wso2.com/cloud/stratos).

35

www.libcloud.apache.org

www.deltacloud.apache.org

www.simplecloud.org

www.enstratus.com

www.kaavo.com

www.aeolusproject.org

www.spotcloud.com

www.scalr.net

Recent research Prototypes

3.5 Recent research Prototypes

There are a lot of researches done from different research communities to supportthe development of new solutions for the Multi-Clouds. Migration from one cloud toanother is very difficult and poses many problems. PSIF [32] models and tries to resolvesemantic interoperability conflicts raised during the deployment or the migration of anapplication between PaaS. Several Broker Prototypes are recently developed. Some ofthe best research prototypes developed are:

SORMA [25] use bidders and sellers to represent the beneficiaries of the brokeringsystem.SERA [24] uses agents to represent the beneficiaries of the brokering system, to scheduleand control the resources, and to enable monitoring, registering or recovery.

CCFM [2] is for example a manager with discovery, match-making and authenticationfeatures.

Zeel/I [39] allows single-sign and the selection of Cloud resources according to specificrequirements.

Cloudbus [37] is a platform that incorporate several brokers.

mOSAIC approach is based on a Cloud Agency gathering client and provider agentsin a brokerage process working with service level agreements.(details atwww.bitbucket.org/mosaic and [15])

Cloudle [26] is an example of a Cloud service search engine based on a specific Cloudontology.

CloudCmp[4] is a set of benchmarking tools for comparing services from differentpoint of views, e.g. elasticity, persistence of storage,intra-cloud.

CloudMF [33] includes a set of tools that aims at facilitating the pro-visioning, de-ployment, and adaptation of multi-cloud systems by leveraging upon model-driven en-gineering (MDE) techniques and methods.MDE is a branch of software engineering thataims at improving the productivity, quality and cost effectiveness of software develop-ment by shifting the paradigm from code-centric to model-centric.

Other approaches that must be taken in consideration are the approaches relatedto network technologies for distributed resources. This kind of approaches facilitatesthe transition from the Cloud to Multi-Cloud. We can mention 2 recently developednetwork topologies: TinyViNe [31], Network virtualization technique for distributedresources in different administrative domains. ORCA enables computational and net-work resources from multiple clouds and network substrates to be aggregated into asingle virtual resource.

3.5.1 Example of a multicloud system using CloudMF

here in this subsection we are going to explain how CloudMF was used to build anopen-source multicloud platform.The system we take as an example is called SEN-SAPP.SENSAPP is an open-source, service-oriented application for storing and ex-ploiting large data sets collected from sensors and devices.It is built to close the gapbetween IOT and cloud.This system is developed to support a large amount of Sensordata. All of this data coming from sensors are stored in different databases in cloudand are shown to a user in real time though user interface. The architecture of thissystem is shown on figure 3.4

36


Figure 3.4: The SensApp architecture

• The registry service stores metadata about the sensors (e.g., description and cre-ation date).

• The database service stores raw data from the sensors using a MongoDB database.

• The notification service sends notifications to thirdparty applications when rele-vant data are pushed (e.g., when new data collected by air quality sensors becomeavailable).

• Finally, the dispatcher service orchestrates the other services: it receives datafrom the sensors, stores these data in the database according to the metadatafrom the registry, and finally triggers the notification mechanisms for the newdata.

In order to be deployed, SensApp requires a database and a servlet container, whileSensApp Admin requires a Web server.

This is a good example to address different system requirements for CloudMF. Someof this requirements are :

1. Separation of concerns .: CloudMF should support a modular,loosely-coupledspecification of the provisioning and deployment so that the modules can be seam-lessly substituted. This will facilitate the dynamic adaptation of the provisioningand deployment topology.

2. Cloud provider-independence. CloudMF should support a cloud provider-agnostic specification of the provisioning and deployment. This will simplify thedesign of multi-cloud systems and prevent vendor lock-in.

3. Reusability .CloudMF should support the specification of reusable types orreusable patterns composing the system. This will ease the evolution as well asthe rapid development of different variants of a system in time and in space (i.e.,a product line).

37


4. Abstraction. CloudMF should provide an up-to-date, abstract representation ofthe running system. This will facilitate reasoning, simulation, and validation ofadaptation actions before their actual enactments.

But how CloudMF how it addresses hese requirements ?As we mentioned above . CloudMF includes a set of tools that aims at facilitating theprovisioning, deployment, and adaptation of multi-cloud systems by leveraging uponmodel-driven engineering (MDE) techniques and methods, where MDE is a branchof software engineering that aims at improving the productivity, quality and cost-effectiveness of software development by shifting the paradigm from code-centric tomodel-centric.

The architecture of CLOUDMF is shown of figure ‘reffig:ArchitectureCloudMF. Wesee that the architecture of CLOUDMF is composed by 2 components :

• The modelling environment

• The models@run-time environment

Figure 3.5: CloudMF Architecture

The modelling environment is used for the deployment of the multicloud system. Onemodule of this component is the editor where are specified one or more Cloud ProviderIndependent Models ( one or more CPIMs ).In this example SensApp and SensAppAdmin are deployed on a same virtual machine and another where they are deployedon two different virtual machines).After specifying different CPIMs these CPIMs arethen provide as input for the refinement engine,where the user can then select the bestCPIM solution related to his scenario.

The modelling environment can either enact the initial deployment of the applicationimperatively by interacting with the provisioning and deployment engine directly, or

38


declaratively by providing the CPSM to the models@run-time environment, which inturn interacts with the provisioning and deployment engine. In the lat- ter case, theCPSM is causally connected to the running system; i.e. , a change in the CPSM isreflected on-demand in the running system, whereas a change in the running systemis automatically reflected in the CPSM. In this way, the models@run-time environ-ment provides a model-based interface to any reasoning systems and modelling toolsfor future adaptation.

39

4. Trust management in CloudComputing

This section gives an overview on trust management in multicloud as one of the biggestsecurity issues that this technology is facing. Trust management was first developed byBlaze et. al [9] to resolve the issues of centralized security systems, such as centralizedcontrol of trust relationships ( global certifying authorities), inflexibility to supportcomplex trust relationships in large-scale networks, and the heterogeneity of policylanguages. Each authorization role has a set of of security policies and each securitypolicy has a set of credentials.There are a lot of attempts done in building a trustmanagment system and some of this attempts are PolicyMaker and KeyNote [10, 11, 8].These techniques are policy-based trust management techniques because they dependon policy roles to provide authorizations. Later, the concept of trust managementinspired many researchers to specify the same concept in different environments such ase-commerce, P2P systems, Web services, wireless sensor networks, grid computing, andmost recently cloud computing.Trust management can be considered as an approachthat can be used to to assess and establish trusted relationships.Several approacheshave been proposed for managing and assessing trust based on different perspectives.Trust management is classified taking in consideration two different perspectives:

• Service Provider Perspective (SPP)

• Service Requester Perspective (SRP)

In SPP, the service provider is the main driver of the trust management system whereservice requesters’ trustworthiness is assessed 4.1(a). On the other hand, in SRP, theservice requester is the one who assesses the trustworthiness of the service provider4.1(b).

Figure 4.1: Trust Management two different perspectives

An effective trust management system helps cloud service providers and consumersconsumers reap the benefits brought about by cloud computing technologies. Despitethe benefits of trust management, several issues related to general trust assessmentmechanisms, distrusted feedbacks, poor identification of feedbacks, privacy of partic-ipants and the lack of feedbacks integration still need to be addressed. Traditionaltrust management approaches such as the use of Service Level Agreement (SLA) areinadequate for complex cloud environments.

In cloud computing environments, the interactions between different service domainsdriven by service requirements can be dynamic, transient, and intensive. Thus, atrust framework should be developed to allow for efficiently capturing a generic setof parameters required for establishing trust and to manage evolving trust and inter-action/sharing requirements. The cloud’s policy integration tasks should be able toaddress challenges such as semantic heterogeneity, secure interoperability, and policyevolution management. Furthermore, customers’ behaviors can evolve rapidly, therebyaffecting established trust values. This suggests a need for an integrated, trust-based,secure inter operation framework that helps establish, negotiate, and maintain trust toadaptively support policy integration.

42

The Concept of Trust

4.1 The Concept of Trust

As we mentioned one of the characteristics of cloud computing is Multi-tenancy.Multi-tenancy means a lot of users accessing cloud services being protected.It seeks to isolateactivities of tenants from each other to protect data security and privacy. There are alot of traditional single-domain models, such as role-based access control (RBAC) [33,1]that can be used only for single cloud environments to guarantee tenant data security.But these models are not a solution for multicloud environment . This solution raisesmany problems, such as data lock-in, which restrict the development of multicloud.

Before going on and explain what trust is , to clarify all what is said above, here aresome definitions about trust in cloud computing :

• Trust is referred to the recognition of entity’s identity and the confidence on itsbehaviors. Trust is subjective behavior since entity’s judgement is usually basedon its own experiences. Trust is described by trust value.

• Trust value or trust degree is used to measure the degree of trust. Trust valueoften depends on special time and special context.

• Direct trust means trust that is obtained by entities’ direct interaction.

• Indirect trust or recommended trust means trust that is obtained from crediblethird party who has direct contact with the designated one. Recommended trustis one important way to obtain trust degree of unknown entities.

In a social context, trust has several connotations. Definitions of trust typically referto a situation characterized by the following aspects. One party (trustor) is willing torely on the actions of another party (trustee) with respect to the future. In addition,the trustor (voluntarily or forcedly) abandons control over the actions performed bythe trustee .This definition of trust is also applicable in the virtual world, includingcloud computing. For example, cloud consumers trust cloud providers to manage theirdata while cloud providers trust cloud consumers to use their computing resourcesresponsibly. These two trust relations are both established by a service level agreement(SLA) which regulates the responsibilities of each party.

Trust is one of the most important means to improve security and enable interoper-ability of current heterogeneous independent cloud platforms. Trust is considered fromGrandison et al [6] “the firm belief in the capability of an entity to act consistently,securely and reliably within a specified context” . He also thinks that trust is a groupof multiple attributes such as :

• reliability

• honesty

• truthfulness

• dependability

• security

• competence

• timeliness

43


• Quality of Service (QoS)

• Return on Investment (ROI)

All of this attributes in the the context of an environment.

Trust determines how clouds interact with each other, including which and howmuch information they share in a trust relationship. Based on such trust properties,in the following we identify four potential types of trust relations to establish andcontrol cross-cloud access in multi-cloud federation. Of these types α,β ,γ are adaptedfrom similarly defined trust types in intracloud systems [40] , whereas type φ is newlyintroduced.In such trust relations who controls the trust relation’s existence and whocontrols the authority to issue cross-cloud assignments determines the type of trust. Inthe following, we use two clouds A and B where each has a set of users and resourcesand cross-cloud assignments are users → resources.We use ”E” as a trust relation notion where AEB, states that A trusts B.

• Type-α. Trustor grants inter-cloud access to trustee. It is perhaps the mostintuitive trust meaning. By trusting a cloud, trustor shares certain resourceswith trusted cloud. If A Eα B, cloud A is authorized to assign B’s users to cloudA’s resources. In such trust type, A controls trust relation existence and cross-cloud assignments. Type-α trust is useful when cloud A is a resource providerand cloud B is an identity provider.

• Type-β. Trustee grants inter-cloud access to trustor. If A Eβ B, cloud B isauthorized to assign A’s users to its resources. In such trust type, A controlstrust relation and B controls cross-cloud assignments. In order for cloud A toaccess shared resources in cloud B, it should trust B with exposing its user setand trust B’s authorization with assignments (UserA → ResourceB).

• Type-γ. Trustee takes inter-cloud access to trustor. If AEγ B, cloud B is autho-rized to assign its users to cloud A’s resources. In such trust type, A controlstrust relation and B controls cross-cloud assignments. Cloud A exposes its se-lected resources to share with trusted cloud B (UserB → ResourceA).

• Type- φ . Trustee controls intra-cloud access within trustor. If A Eφ B, cloud Bis authorized to assign A’s users to A’s resources. In such trust type, A controlstrust relation and B controls intra-cloud assignments within A. Cloud A ex- posespart or entire set of users and resources to cloud B (UserA → ResourceA). Thistrust type is necessary for delegating administration across two clouds.

Trust can be classified into different categories according to different standards.

1. According to attributes: identity trust and behavior trust.

2. According to obtaining way:direct trust and recommended trust.

3. According to role: code trust, third party trust and execution trust, etc.

4. According to based theory: subjective trust and objective trust.

An example of trust between 3 clouds is shown on figure 4.2.In this example we see acentralized service that verifies the authentication and authorization of different clouds, in this case cloud A. Cloud A tries to communicate with cloud b and then Cloud

44


B communicates with the centralized service asking for the permissions and access ofcloud A . After that the centralized service gets all the security context of cloud A. andresponds to cloud be with all the security attributes of cloud A . The same steps arefollowed in the case Cloud A tries to access cloud C.

Figure 4.2: Trust Relationship between 3 clouds EXAMPLE

45

Trust Models

We think that trust has the following main features:

1. Inconstancy and context-sensitive. Trust is changing along with special time andspecial context.

2. Condition based transitivity. A’s trust value for B is always unequal to the rec-ommended trust that is received from C. There always exists a recommendationfactor.

3. Asymmetry. If A and B have to set up trust relationship, A’s evaluated trust forB can be different from B for A .

4. Subjective, uncertainty and fuzzy.

4.2 Trust Models

In these section are mentioned some of the current trust models .we are going to talkabout cross cloud trust model,cross domain trust , cross project trust and other existingtrust models.

4.2.1 Cross Cloud Trust

In cloud it is normal that the tenants share their resources into a single infrastructure.Sharing infrastructure means sharing resources and to protect tenant data it is a chal-lenge .Also trust management in this case is a challenge .In order to enable clouds toshare their physical infrastructure, it is necessary to create a controlled trust relationwithin cloud administration realm of participating clouds.

we mentioned above , type β. by trusting a cloud, trustor agrees that trustee allocatesits services to trustee’s infrastructure.An example of Cross-Cloud Resource Allocationin Two Federated Clouds is shown on figure 4.3

Figure 4.3: Example of a Cross Cloud TRUST

46

Trust Models

In figure 4.3 we see the trust relation cloudA Eβ cloudB meaning that cloudB isauthorized to assign VMs in cloudA to its physical shared resources while cloudA caninitiate and end this collaboration. In such a collaboration, in order for clouds tohave access within shared infrastructure they should agree on granting trustee cloud,assignment authorization and visibility to VMs they wish to federate.

In figure 4.4 are shown the steps followed to assign and remove resources between 2clouds A and B.

Figure 4.4: Cross-Cloud Type β Sequence

As we see here after the trust relationship between clouds is established , is requiredfrom B to assign a virtual machine to a cloud A infrastructure .Then if A want toremove the access of B to its resources it does a request to cloud B and removes it.

In a multicloud environment its more useful a TYPE γ trust where as we said before ina A Eγ B trust relationship A controls trust relation and B is responsible for cross cloudassignments.In typeγ by trusting a cloud, trustor shares its physical resources withtrusted clouds and authorize trusted clouds to assign their VMs to its resources.Usersare assigned roles with respect to projects or project-role-pairs (PRPs).

4.2.2 Cross Domain Trust

We said that multicloud system its very important for big companies that want toenable the collaboration between different cloud infrastructure they own on differentcloud providers. So for this companies the collaboration between tenants of differentinfrastructures is very important.In this case we are defining this separate cloud systemsas domain where each domain has its set of users and projects or resources. WE canapply all the trust types we mentioned before. Figure 4.5 shown each of these trusttypes applied in Cross Domain Trust solution. Type α is illustrated in Figure 4.5a. It

47

Trust Models

enables user assignments between an identity provider’s users and cloud’s PRPs.Typeβ is used in cases of shared resources , so it is practical for sharing resources whileprivacy of resources is a concern in collaboration.Type β is shown on figure 4.5b ,that means that domain A agrees to grant user visibility to b in a A Eβ B trsutrelationship.While Type γ is used for project sharing.This type of trust is shown onfigure 4.5c in which domain b controls the user assignment to projects.In figure 4.5d isshown type φ trust relation.This trust enables trusted cloud (domainB) to administerintra-cloud assignments in trustor (domainA). Such trust type is useful to achieveadministration federation in a multi-cloud environment.

48

Trust Models

Figure 4.5: Cross-Domain Trust User Assignment

49

Trust Management Techniques

4.2.3 Cross Project Trust

This trust model is based on the Trust between clouds’projects.All the types of trustwe mentioned above are applicable . For example, when sales project wishes to shareits sales VMs or sales databases cross-project trust is sufficient and there is no need toestablish a domain trust between collaborating clouds.

4.3 Trust Management Techniques

There are Different trust management techniques that can be classified into four dif-ferent categories:

• Policy

• Recommendation

• Reputation

• Prediction

In this section we are going to describe these techniques taking in considerationconsumer point of view (service requester perspective). All of these techniques areshown in figure 4.6

50


Figure 4.6: TM Techniques

51


In figure 4.6 e see that cloud customers and cloud providers are connected with linesthat represents trust relationship between them.And if there is a trust relationshipbetween them the value can be 1 otherwise 0 .We see also a dashed line relationshipthat occurs when a cloud service consumer x approaches a cloud service provider y forthe first time.

4.3.1 Policy as a Trust Management Technique

Policy as a trust management technique (PocT) is one of the most popular and tra-ditional ways to establish trust among parties and has been used in cloud environ-ments.This technique uses a lot of policies and each of this policies assumes severalroles that control authorization levels and specifies a minimum trust threshold in orderto authorize access.Trust relationships are measured by the trust results .For exampleto verify Service Level Agreement (SLA) violations in cloud service monitoring and au-diting approach can be used.SLA can establish trust between cloud service consumersand providers by specifying technical and functional descriptions with strict clauses.Theentities credibility (the credibility of cloud services) can be measured from qualitativeand quantitative attributes such as security, availability, response time,and customersupport .Researchers identify two features of credibility including trustworthiness andexpertise.For credential-based threshold, PocT follows either the Single- Sign-On (SSO)approach where the credentials disclosure and authentication take place once and thenthe cloud service consumers have an access approval for several cloud services, or thestate machine approach where the credentials disclosure and authentication take placefor each state of the execution of cloud services.This trust technique is described in figure 4.6a.Cloud x has its own policy to controlthe privacy of its own credentials (CX) and contains the trust relationship (TX) .TXcan either follow the credentials approach or the credibility approach, depending on thecredibility assessment of the cloud service provider y to determine whether to proceedwith the transaction. From the other side we have the cloud provider y that containspolicy (PY) to regulate access to its cloud services and to control the privacy of its owncredentials , also contains a trust relationship (TY) .Similarly,Ty can either follow thecredential approach or the credibility approach, depending on the credibility assessmentof the cloud service consumer CX.If both trust rules are satisfied than we can say thatthe relation between the cloud service consumer x and provider y is considered as atrusted relation . The trust relation can be defined as below equation :

T (x, y) =

{1 if Cx ≥ Ty ⇐⇒ Cy ≥ Txory ≥ Tx ⇐⇒ x ≥ Ty0 otherwise

PocT is applicable for all three cloud service models.

4.3.2 Recommendation as a Trust Management Technique (RecT)

This is another trust technique widely used in the cloud environment.Recommendationstake advantage of participants knowledge about the trusted parties, especially giventhat the party at least knows the source of the trust feedback.Recommendations ca beexplicit recommendation or transitive recommendation. An explicit recommendationhappens when a cloud service consumer clearly recommends a certain cloud service toher well-established and trusted relations. transitive recommendation happens, on theother hand, when a cloud service consumer trusts a certain cloud service because at

52


least one of her trusted relations trust the service. This approach is shown on figure 4.6bwhere in this case a cloud customer X has a trust relation with another cloud customerZ.Cloud customer Z recommends cloud x to a cloud provider y.In other words trust ybecause of a transitive relation, so there is a trust relation between z and y ,So thecloud service consumer x trusts the other cloud service consumer z , it is more likelythat x will trust the recommended relation .

4.3.3 Reputation as a Trust Management Technique (RepT).

This technique is very important because the feedback of the various cloud service con-sumers can dramatically influence the reputation of a particular cloud service eitherpositively or negatively. Reputation can have direct or indirect influence on the trust-worthiness of a particular entity (ex..cloud service).This trust technique is shown onfigure 4.6c . As we see that in RepT, cloud service consumers do not know the sourceof the trust feedback, i.e., there is no trusted relations in RepT, unlike RecT.Thereare several online reputation-based systems such as the auction systems (e.g., eBay[eBay] and Amazon [Amazon ]).Figure 4.6c depicts how RepT supports trust manage-ment.Lets consider a customer x that has a trust threshold tx and a cloud provider thathas a set of trusted relations with other cloud customers which give trust feedbacks onthe cloud service provider. Then this feedback is taken in consideration by loud serviceconsumer x which then can decide whether to proceed with the transaction based onthe reputation result of y.The more positive feedbacks that y receives, the more likelyx will trust the cloud service provider y. In figure 4.7 is shown an example how thisreputation can be calculated.

Figure 4.7: Example of Reputation calculation

4.3.4 Prediction as a Trust Management Technique (PrdT).

Prediction as a trust management technique (PrdT) is very useful especially whenthere is no prior information regarding the cloud service’s interactions (e.g., previousinteractions, history records). The basic idea behind PrdT is that similar mindedentities (e.g., cloud service consumers) are more likely to trust each other . This trustmanagement technique is shown on figure 4.6d where is shown how PrdT to supporttrust management.

We can consider customer x that has a set of capabilities and interests denoted asix where ix= (i1; i2; ....; ij) and a certain minimum trust threshold Tx are used todetermine whether to trust the other cloud service consumers.The same thing for acloud provider. he similarity between those two vectors (like ix ) can be measured, andthe equation is shown on figure 4.8. The more similar these capabilities and interests

53

Research Prototypes

Figure 4.8: Example of Prediction similarity calculation

are, the more likely that the cloud service consumer x will trust y. PrdT can be usedto refine the trust results and to increase the credibility of trust feedbacks.

4.4 Research Prototypes

Trust management is an effective approach to assess and establish trusted relationships.Several approaches have been proposed for managing and assessing trust based ondifferent perspectives.

4.4.1 Security-Aware Cloud Architecture:

This research is focused on the cloud service provider’s and consumer’s perspectives.Fromservice provider point of view the proposed architecture uses the trust negotiationand the data coloring (integration) approach based on the fuzzy logic technique andthe Public-Key Infrastructure (PKI) for cloud service consumer authentication.Fromthe service consumer’s perspective, the proposed architecture uses the Distributed-Hash-Table (DHT)-based trust-overlay networks among several data centers to deploya reputation-based trust management technique. This prototype is based on prede-fined policies that evaluate the credibility of cloud services , so it is a policy-based trustmanagement system because reputation is actually based on other trusted participantsopinions.This prototype is proposed by Hwang at [22] as a security-aware cloud archi-tecture that uses Virtual Private Network (VPN) and Secure Socket Layer (SSL) forsecure communication.

4.4.2 Compliant Cloud Computing Architecture

This approach is proposed by Brandic at [12] as a a novel approach for compliancemanagement in cloud environments. The architecture focuses on cloud service con-sumer’s perspective to protect cloud resources and preserve the privacy for all par-ties.This architecture is centralized and uses a certification mechanism for authentica-tion, compliance management to help the cloud service consumers have proper choicesin selecting cloud services and does not make use of other trust techniques such asreputation,recommendation.The C3 middleware is responsible for the deployment ofcertifiable and auditable applications. his approach is considered to be a policy-basedtrust management system in the sense that it depends on policy compliance to enhanceprivacy, security and establish trust among cloud service providers and consumers.

54

Research Prototypes

4.4.3 TrustCloud: A Framework for Accountability and Trust in CloudComputing:

This approach is proposed by Ko et al.[27] focuses on cloud service consumer’s per-spective to enforce cloud accountability and audit ability.The framework exploits acentralized architecture, detective controls, and monitoring techniques for achievingtrusted cloud services. In particular, TrustCloud consists of five layers, including workow ,data,system,policies, and laws and regulations , to address accountability in cloudenvironments. All these layers maintain the cloud accountability life cycle that con-sists of seven phases including policy planning,sense and trace,logging,safe-keeping oflogs,reporting and replaying,auditing, and optimizing and rectifying.

4.4.4 Multi-faceted Trust Management System Architecture for CloudComputing:

This approach is proposed by Habib at [21] as a multifaceted Trust Management(TM) system for cloud computing to help consumers identify trustworthy cloud serviceproviders.The system focuses on the service consumer’s perspective to establish trustrelations between cloud service providers and consumers.It uses a centralized approachto collect trust-relevant information from multiple sources. In particular, the architec-ture models uncertainty of trust information using a set of Quality of Service (QoS)attributes such as security, latency, availability, and customer support. Finally, thearchitecture combines two different trust management techniques, namely reputationand recommendation.

4.4.5 CLOUD-ARMOR: A Trust Management Framework for Ser-vices in Cloud Environments:

This approach is proposed by Noor and Sheng as a trust management framework todeliver Trust as a Service (TaaS).CLOUD-ARMOR relies on a decentralized architec-ture for trust management. It supports different models including a credibility modelthat distinguishes the credible feedbacks from the misleading ones and detects mali-cious feedbacks from attackers and a replication determination model that dynamicallydecides the optimal replica number of the trust management service so that the trustmanagement service can be always maintained at a desired availability level.

55

5. Proposed approach

In this section is explained our proposal and some suggestions about building a systemlike this.First of all , it’s not easy to build a trust management system for a multicloudenvironment,because now we are not considering a single cloud system. In a multicloudenvironment as we mentioned above there are a lot of tenants from different cloud plat-forms that want to gain access to other tenants resources present in other cloud plat-forms part of the big system.its very a difficult challenge to manage the trust betweenall of this tenants. The system must be a secure system and we mentioned above therecent research work done in this field and there is a lot of work to do.We propose aclear solution using open source tools available online and some of this are mentionedin the sections above.We propose using Openstack as an open source cloud platformand jcloud as a collection of java libraries that will allow us to communicate with theapis of Openstack cloud nodes.This section is divided in subsections where first we givesome suggestions about the technical requirements of a trust management system.Wesuggest taking in consideration this suggestions before building the system.And then inanother section is explained why its a challenge enabling the MULTI-CLOUD.Then adetail description of our proposal, including the architecture of the system we propose.

5.1 Technical Requirements for a MULTI-CLOUD system

This section gives a list of Technical Requirements that must be considered to build amulticloud system.This list of requirements is proposed by Dana Petcu at [36].Requirementsare divided in three groups :

5.1.1 Development group :

1. Offer a resource and service (meta-)management software (portal, service orinterface);

2. Offer services that are Cloud vendor agnostic.

3. Abstract service control interfaces of multiple Clouds;

4. Offer an interface for describing functional and non- functional requirements ofthe clients;

5. Support the application portability between the connected Clouds;

6. Offer an Integration-as-a-Service or service aggrega- tors to combine services fromdifferent Clouds*:

7. Comply with the current standards and protocols in Cloud resource management;

Technical Requirements for a MULTI-CLOUD system

5.1.2 Deployment group :

1. Offer a facility for the selection of consumable Cloud services and resources;

2. Offer support for the deployment of components of applications in multiple Clouds;

3. Preserve the particularities of various Clouds;

4. Do not impose any constrains to the connected Clouds;

5. Allow seamless join by new Cloud without changing local policies (both of theCloud and the Multi-Cloud):

6. Offer a broker or match-matching service;

7. Implement a search engine based on a specific taxonomy or using semantic pro-cessing;

8. Offer authentication services for single sign-on or Cloud credentials repositories;

9. Support the connection with the top Cloud providers;

10. Support the application relocation between Clouds**;

11. Allow the deployment on Private Clouds to enable testing, debugging, or privacy;

12. Implement network overlay technologies to overcome limited connectivity;

13. Implement (meta-) scheduling, load-balancing or auto- scaling mechanisms;

14. Use automated procedures for deployments***;

15. Implement a recommendation system, a trust management system or a reputationmanagement system;

16. Enable a fair marketplace for Cloud services and updates with the latest offers ofthe connected Clouds;

5.1.3 Execution group :

1. Offer support for application component execution si- multaneous in multipleClouds;

2. Offer a (meta-)monitoring service for the deployed applications;

3. Offer a (meta-)monitoring facility of the Cloud resource consumptions;

4. Allow the control of the full life-cycle of the deployed applications;

5. Allows the measurement of the degree of ful

llment of the service level agreements;

6. Allow dynamic allocation of resources or mechanisms for self-adaptation;

7. Introduce only a small overhead in comparison with a direct connection to eachsupported Cloud.

This requirements sometimes are fulfilled by the existing enabling software for Multi-Clouds or expressed in research and development activities related to Multi-Clouds. Butnone of above software solutions fulfill these requirements.

58

Technological Barriers in enabling the MULTI-CLOUD

5.2 Technological Barriers in enabling the MULTI-CLOUD

A multicloud system developer is invited to follow the current Cloud standards asmentioned (Requirement 5.1.1.7) even if there are few current cloud standards. Anotheris the reluctance of the Cloud providers which do not see them as business needsor priority (or even the contrary, as a danger for innovation and market advantage).We mentioned before some multcloud management software’s (frameworks) , but theservices this tools or set of libraries are offering are not following the requirements wementioned before.These services are offering the common denominator of the underlyingservices, and are loosing their individuality, i.e. entering in contradiction with R2.3 .Moreover, while they are compliant with R5.1.1.5 , they do not contain any concepts ormechanisms to ensure R5.1.2.10. And in fact there are a lot of cloud services offered inthe market and the selection is very difficult. Taking in consideration this thing thereis needed a methodology to compare Cloud service based on multiple criteria and forvarious user profiles .Comparison criteria can vary from cost, policies, performance andso on. Best matching in a certain context instead an optimal matching is expected inmost the cases due to the complexity of the problem.It is expected that the Multi-Cloudis hiding this heterogeneity. If this is happening at the Cloud provider level to a certainlevel, the meta-level is still lacking a complete oer beyond the research prototypes (i.e.fulfillment of the requirements R5.1.1.1-R5.1.1.7). On other important point to bediscussed is the connection interface of hosted services . As there are different cloudservice providers , some of them ignore the Cloud standards and protocols, so formulticloud developers is very difficult to understand each particular interface in orderto connect each service. The development of a Multi-Cloud requires to offer solutionsto multiple levels:

• Business by establishing strategies, regulations, or mode of use, e.g. to fulfillR5.1.2.3, R5.1.2.5, R5.1.2.8, R5.1.3.5;

• Semantic by establishing a taxonomy for calls, responses, functionality, e.g. tofulfill R5.1.1.3, R5.1.1.4, R5.1.2.7 ;

• Application and services by enabling automation or configuration, e.g. to fulfillR5.1.2.14, R5.1.3.4;

• Management by using rules, protocols, standards in deployment or relocation,e.g. to fulfill R5.1.1.1, R5.1.1.7,R5.1.2.2, R5.1.3.1

• Image and data by using the specifications of each Cloud that is connected, e.g.to fulfill R5.1.2.3, R5.1.2.9, R5.1.3.7;

• Network by allocation and admission procedures, e.g. to fulfill R5.1.2.12, R5.1.3.6.

To handle all the levels mentioned above there is needed a large team with variousexpertises , not necessarily available to one research team or one company. A solutionto R5.1.2.15 is therefore needed in Multi-Cloud, and very few prototypes are currentlyavailable as the trust management problem is more than a technical one.

5.3 Proposed system

In this section are described all the choices we made to build a trust managementsystem for a multicloud environment. We have tried to simulate a virtual multicloud

59

Proposed system

environment and all the steps followed are described also in this section.

5.3.1 Openstack

As is mentioned above we tried to simulate a multicloud environment using virtualmachines . We have chosen Openstack as a cloud operating system . Openstack is aset of software tools for building and managing cloud computing platforms for publicand private clouds. Backed by some of the biggest companies in software developmentand hosting, as well as thousands of individual community members, many think thatOpenStack is the future of cloud computing. OpenStack is managed by the OpenStackFoundation, a non-profit which oversees both development and community-buildingaround the project.OpenStack is open source software, which means that anyone whochooses to can access the source code, make any changes or modifications they need,and freely share these changes back out to the community at large. It also means thatOpenStack has the benefit of thousands of developers all over the world working intandem to develop the strongest, most robust, and most secure product that they can.OpenStack is made up of many different moving parts. Because of its open nature,anyone can add additional components to OpenStack to help it to meet their needs.But the OpenStack community has collaboratively identified nine key components thatare a part of the ”core” of OpenStack, which are distributed as a part of any Open-Stack system and officially maintained by the OpenStack community.Figure 5.1 showsthe simplified architecture of Openstack.Compute resources are accessible via APIs fordevelopers building cloud applications and via web interfaces for administrators andusers. The compute architecture is designed to scale horizontally on standard hard-ware, enabling the cloud economics companies have come to expect.OpenStack ObjectStorage can be deployed independently of a compute cloud or alongside other com-puting platforms. It is ideal for cost effective, scale-out storage and provides a fullydistributed, API-accessible storage platform that can be integrated directly into appli-cations or used for backup, archiving and data retention.Deployed together, Computeand Object Storage provide the full set of OpenStack core services and open APIs. Incombination, the platform provides robust cloud computing capabilities with horizontalstorage for managing images, snapshots, backups, virtual machines and block devices.

Figure 5.1: Openstack architecture

The official definition of Openstack taken from official Openstack website is :

60

Proposed system

OpenStack is a cloud operating system that controls large pools of compute, storage,and networking resources throughout a datacenter, all managed through a dashboardthat gives administrators control while empowering their users to provision resourcesthrough a web interface.This definition describes in simple words its architecture.

Here are Components of Openstack listed :

• Nova is the primary computing engine behind OpenStack. It is used for deployingand managing large numbers of virtual machines and other instances to handlecomputing tasks.

• Swift is a storage system for objects and files. Rather than the traditional idea ofa referring to files by their location on a disk drive, developers can instead refer toa unique identifier referring to the file or piece of information and let OpenStackdecide where to store this information. This makes scaling easy, as developersdon’t have the worry about the capacity on a single system behind the software.It also allows the system, rather than the developer, to worry about how best tomake sure that data is backed up in case of the failure of a machine or networkconnection.

• Cinder is a block storage component, which is more analogous to the traditionalnotion of a computer being able to access specific locations on a disk drive. Thismore traditional way of accessing files might be important in scenarios in whichdata access speed is the most important consideration.

• Neutron provides the networking capability for OpenStack. It helps to ensurethat each of the components of an OpenStack deployment can communicate withone another quickly and efficiently.

• Horizon is the dashboard behind OpenStack. It is the only graphical interfaceto OpenStack, so for users wanting to give OpenStack a try, this may be thefirst component they actually “see.” Developers can access all of the componentsof OpenStack individually through an application programming interface (API),but the dashboard provides system administrators a look at what is going on inthe cloud, and to manage it as needed.

• Keystone provides identity services for OpenStack. It is essentially a centrallist of all of the users of the OpenStack cloud, mapped against all of the servicesprovided by the cloud which they have permission to use. It provides multiplemeans of access, meaning developers can easily map their existing user accessmethods against Keystone.

• Glance provides image services to OpenStack. In this case, ”images” refers toimages (or virtual copies) of hard disks. Glance allows these images to be usedas templates when deploying new virtual machine instances.

• Ceilometer provides telemetry services, which allow the cloud to provide billingservices to individual users of the cloud. It also keeps a verifiable count of eachuser’s system usage of each of the various components of an OpenStack cloud.Think metering and usage reporting.

• Heat is the orchestration component of OpenStack, which allows developers tostore the requirements of a cloud application in a file that defines what resources

61

Proposed system

are necessary for that application. In this way, it helps to manage the infrastruc-ture needed for a cloud service to run.

All of these component can be installed based on our needs. We have chosen both com-pute and object storage components to deploy for our solution.As compute componentswe specially use NOVA and as a object storage we use Swift. The idea why we havechosen this components is that we pretend to implement our solution on a IAAS levelof the multicloud platform,so we need swift installed . We have chosen SWIFT despitechoosing CINDER as a block storage component because the framework for managingmulticloud doesn’t support a connection to the cinder api interface.

To have a better understanding of how openstack works , the conceptual architectureof this system is shown on figure 5.2.There is shown each component of openstack andwhat each of them does .

Figure 5.2: Conceptual Openstack architecture

62

Proposed system

Implementing a huge system like this it is not easy. Taking in consideration thatthe best scenario of implementing openstsack is to provide a node for each componentthat means to install the components to single servers which then can communicatewith each other.Openstack its a huge system that requires first of all a lot of hardwareresources that include , powerful servers and a powerful network.

Figure 5.3 shows minimal hardware requirements for every node .

Figure 5.3: Minimal architecture example with OpenStack Networking (neutron)

63

Proposed system

Considering Limitations in hardware resources to deploy openstack into a single vir-tual machine we have used DEVSTACK .DevStack is an opinionated script to quicklycreate an OpenStack development environment. It can also be used to demonstratestarting/running OpenStack services and provide examples of using them from a com-mand line. The example exercises were fleshed out beyond simple examples and becameuseful as a quick sanity check for the OpenStack installation.DevStack is not and hasnever been intended to be a general OpenStack installer. DevStack isn’t really meantto be used for production deployments. Instead, it’s a tool OpenStack developers use toquickly stand up an OpenStack environment they can work with.So it is a deploymentoption for OpenStack that could work for an All-In-One deployment. This solutiondeveloped by openstack community is ideal in our case as we want to build a testingenvironment. Devstack like Openstack can be installed on :

• Ubuntu

• Fedora

• RHEL

5.3.2 Jclouds

For a trust management system it is very important to use a software that will managethe communication between different cloud providers , in our case we are using differentcloud providers that have installed the same cloud operating system (openstack).Thissoftware must allow the developer to interact with the cloud provider system throughapi’s. This is not so easy , we mentioned before about standardization problems thatsome cloud providers don’t respect.In Section ”Multicloud environment” we mentioned some of the top multicloud soft-ware management. We have chosen jclouds as tool to manage all this issues.Multi-cloud APIs, such as jclouds, have been regarded as central players in achievingcloud portability and managing multiple clouds. Although their benefits, little is knownabout their performance. This is critical because applications can suffer performancedegradation if the overhead created by a multi-cloud API is significantly larger than aplatform specific API. Furthermore, if multi-cloud APIs prove not to be cost-effective,it can influence the selection of a solution for cloud portability. By carrying out twoquasi-experiments, we identified that the performance of jclouds varies according tothe cloud platform it targets. This finding contributes to the cloud community byshowing a possible trade-off of multi-cloud APIs and providing a quantitative crite-rion to be analysed when adopting multiple cloud solutions. Jclouds is an open sourceJava library designed to support the portability of Java applications, which allows theuniform access to the resources of AWS, vCloud, Cloud Servers, Elastic Hosts, Eu-calyptus, GoGrid, OpenHosting, Rackspace, DeltaCloud and so on (complete list atwww.jclouds.org).jclouds offers several API abstractions as Java and Clojure libraries. The most matureof these are BlobStore and ComputeService.

In other words jclouds is a great tool or set of java libraries that helps in the devel-opment of a multicloud computing platform.It supports more than 40 cloud providerplatforms. A list of some providers supported by jclouds are shown in figure 5.4

So , we see that openstack is supported by jclouds. That means that jclouds allowsus to interact through api’s with openstsack.

64

Proposed system

Figure 5.4: Providers supported

In our case we are going to use NOVA,KEYSTONE and swift. NOVA and keystoneare going to be used to realize the identification of the deployment of virtual machinesbased ion trust between tenants.For example if Tenant A want to have a virtual ma-chine located in tenant B environment that is part of another cloud provider. So in thiscase we can manage this situation using jcloud and the developed trust managementsystem where we store all the trust relationships between tenants.Another challenge in this type of system is to manage the transfer of data betweentenants that trust each other. So for this we decide to use SWIFT api as BlobStoreopenstack component.IF tenant A trust tenant B and tenant B is allowed by tenant Ato upload data in tenant A storage, only in this case tenant B can upload data.Keystone is an OpenStack project that provides Identity, Token, Catalog and Policyservices for use specifically by projects in the OpenStack family. It implements Open-Stack’s Identity API.In the system we propose we use KEYSTONE to create userslocally using keystone identity api. We do this because the trusted tenants must bepresent locally in order to access the trusted system. A trusted tenant is created andthen a set of permissions are given to this user based on the trust relation rule definedby both tenants (truster , trustee ).

There are some differences in terminology between jclouds and OpenStack that shouldbe made clear. Figure 5.5 shows this differences in terminology , just to be clear whatthey mean.

65

Proposed system

Figure 5.5: Terminology used

66

Proposed system

The java code shown below See code 5.1. is an example of creating tenants and usersusing a single jcloud method . This method allows us to create a tenant and a user aspecific openstack cloud endpoint. If a tenant is present and we want to create a userthere is also a method that allows us to do that . This can be the most used case inour project. An example of this method is shown on code 5.2.

Listing 5.1: Jcloud-keystone

public CreateTenantAndUser(String endpoint, String tenantName,String userName, String password) {

System.out.format("%s%n", this.getClass().getName());

Iterable<Module> modules = ImmutableSet.<Module>of(newSLF4JLoggingModule());

String provider = "openstack-keystone";String identity = tenantName + ":" + userName;

keystoneApi = ContextBuilder.newBuilder(provider).endpoint(endpoint).credentials(identity, password).modules(modules).buildApi(KeystoneApi.class);

}

Listing 5.2: Jcloud-keystone

private void createUser(Tenant tenant) {System.out.format(" Create User%n");

Optional<? extends UserAdminApi> userAdminApiExtension =keystoneApi.getUserAdminApi();

if (userAdminApiExtension.isPresent()) {System.out.format(" UserAdminApi is present%n");

UserAdminApi userAdminApi = userAdminApiExtension.get();CreateUserOptions userOptions = CreateUserOptions.Builder

.tenant(tenant.getId())

.email("[email protected]");User user = userAdminApi.create("newUser", "newPassword",

userOptions);

System.out.format(" %s%n", user);} else {

System.out.format(" UserAdminApi is *not* present%n");System.exit(1);

}}

An example of NOVA is shown on code 5.3 . Here is shown a simple example , on howwe can list servers of a specific tenant.After importing all the libraries and defining theserver node we can use this method.

67

Proposed system

Listing 5.3: Jcloud-NOVA

private void listServers() {for (String region : regions) {

ServerApi serverApi = novaApi.getServerApi(region);

System.out.println("Servers in " + region);

for (Server server : serverApi.listInDetail().concat()) {System.out.println(" " + server);

}}

}

Another example is shown on code 5.4 . In this example is shown how to upload alarge file to a specific oepnstack node blobstore.

Listing 5.4: Jcloud-SWIFT

private void uploadObjectFromFile() throws IOException {System.out.format("Upload Object From File%n");

String filename = "uploadObjectFromFile";String suffix = ".txt";

File tempFile = File.createTempFile(filename, suffix);

try {Files.write("uploadObjectFromFile", tempFile, Charsets.UTF_8);

ByteSource byteSource = Files.asByteSource(tempFile);Payload payload = Payloads.newByteSourcePayload(byteSource);

cloudFiles.getObjectApi(REGION, CONTAINER).put(filename + suffix, payload);

System.out.format(" %s%s%n", filename, suffix);} finally {

tempFile.delete();}

}

These are some examples that show us how jclouds interacts and can be used tointeract with openstack .

68

Proposed system

5.3.3 Tests made

In this section we are goint to mention all the tests we made to simulate a test multicloudenvironment and how to use jclouds to interact with different cloud provider in thenetwork.We have used :

1. VMWARE as a virtual machine manager that we have used to manage the 2openstack cloud providers.

2. Ubuntu LTS server 14.04 .We mentioned before that this version of ubuntu is themost compatible os for supporting openstack installation.

3. Devstack as a all in one single VM openstack deployment package.

4. Eclipse as a java IDE used to implement and use jclouds libraries.Eclipse is alsoused to develop the trust management system,It is a java project and jcloudlibraries are part of the developing system.

To have an idea of the test enviornment we built , a diagram is shown on figure 5.6.

Figure 5.6: Test Environment

As we see this is simple testing environment composed by 2 cloud providers and asimple web app that uses jclouds libraries to communicate with both cloud providers.Inone server is installed a public cloud provider and to the other one is installed the pri-vate cloud provider,this to simulate a multicloud environment.There are only 2 serversbecause of limitation on hardware resources. At the center of the system remain asimple jcloud app that we used to test the communication with both cloud providersusing api’s.

69

Proposed system

In 2 servers is installed the basic version of Devstack following the instruction pro-vided at the official site of Devstack . By default devstack includes NOVA and KEY-STONE api enabled but as we said before we are going to use even SWIFT as a service. To enable even swift it is necessary to change configuration file name localrc puttingthe lines of text shown below.

Listing 5.5: ENABLE SWIFT

ENABLED_SERVICES+=,swiftSWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5SWIFT_REPLICAS=1

This changes must be done before installing devstack or runnning devstack installationscript.

Taking in consideration the system we want to built , we have done the followingtests :

• Create User that can access both cloud providers.

• Upload a file from private cloud a the public cloud

Code 5.6 shows how to create a user that can access both cloud providers. The useris created using jclouds.As we see first it is necessary to declare 2 KeystoneApi variables, 1 refers to the public cloud provider and 2 refers to private cloud provider.After thatit is necessary to declare the admin credentials to login to the specific cloud providerin order to have a full access to the system.In this case the usernames and passwordsare the same as default.To realize connection with the keystoneapi it is necessary todefine the endpoint IP to which we want to have access.In our case as we want to accessboth cloud providers we do this for both of them (keystoneapi1 and keystoneapi2).Themethod used to create a user for a specific tenant on that specific cloud provider is cre-ateUser(Tenant tenant).It takes as a parameter the tenant for which we want to createthe user. The code shown below creates the user only for the public cloud provider,but if we want we can apply this medhod even for the private cloud provider ,the onlything to do is to change variable keystoneapi1 to keystoneApi2 as following

Optional¡? extends UserAdminApi¿ userAdminApiExtension = keystoneApi2.getUserAdminApi();

Listing 5.6: Create a Tenant User

private final KeystoneApi keystoneApi1;private final KeystoneApi keystoneApi2;

String provider = "openstack-keystone";String identity = "demo:demo"; // tenantName:userNameString credential = "devstack";

//initialize connection with keystoneApi API for the public CloudProvider.keystoneApi1 = ContextBuilder.newBuilder(provider)

.endpoint("http://172.54.48.84:5000/v2.0/")

.credentials(identity, password)

.modules(modules).buildApi(KeystoneApi.class);

70

Proposed system

//initialize connection with keystoneApi API for the privateCloud Provider.

keystoneApi2 = ContextBuilder.newBuilder(provider).endpoint("http://192.168.47.33:5000/v2.0/").credentials(identity, password).modules(modules).buildApi(KeystoneApi.class);

//here we create a user for a specific tenant (demo) present inthe specified cloud provider.

private void createUser(Tenant tenant) {System.out.format(" Create User%n");

Optional<? extends UserAdminApi> userAdminApiExtension =keystoneApi1.getUserAdminApi();

if (userAdminApiExtension.isPresent()) {System.out.format(" UserAdminApi is present%n");

UserAdminApi userAdminApi = userAdminApiExtension.get();CreateUserOptions userOptions = CreateUserOptions.Builder

.tenant(tenant.getId())

.email("[email protected]");User user = userAdminApi.create("newUser", "newPassword",

userOptions);

System.out.format(" %s%n", user);} else {

System.out.format(" UserAdminApi is *not* present%n");System.exit(1);

}}

Example 5.7 shows how to get an object from one cloud provider and upload it toanother.As we did with the other example even here it is necessary to declare or torealize the swiftapi connection with both the cloud providers.Then using getObject()method we can get the file object from one cloud provider and upload it to the otherone using writeObject() method.

Listing 5.7: Upload file object

public static final String CONTAINER_NAME = "jclouds-example";public static final String OBJECT_NAME = "jclouds-example.txt";

private SwiftApi swiftApi1;private SwiftApi swiftApi2;

//initialize swiftapi connection with the specific cloud provider//In our case we have to initialize connection for both cloud

providerspublic JCloudsSwift1() {

Iterable<Module> modules = ImmutableSet.<Module>of(new SLF4JLoggingModule());

71

Proposed system

String provider = "openstack-swift";String identity = "demo:demo"; // tenantName:userNameString credential = "devstack";

swiftApi = ContextBuilder.newBuilder(provider).endpoint("http://172.54.48.84:5000/v2.0/").credentials(identity, credential).modules(modules).buildApi(SwiftApi.class);

}//initialize connection with the private cloud provider

public JCloudsSwift2() {Iterable<Module> modules = ImmutableSet.<Module>of(

new SLF4JLoggingModule());

String provider = "openstack-swift";String identity = "demo:demo"; // tenantName:userNameString credential = "devstack";

swiftApi = ContextBuilder.newBuilder(provider).endpoint("http://192.168.47.33:5000/v2.0/").credentials(identity, credential).modules(modules).buildApi(SwiftApi.class);

}

private SwiftObject getObject() {System.out.format("Get Object%n");

ObjectApi objectApi = cloudFiles.getObjectApi(REGION,CONTAINER);

SwiftObject swiftObject =objectApi.get("uploadObjectFromFile.txt");

System.out.format(" %s%n", swiftObject);

return swiftObject;}

private void writeObject(SwiftObject swiftObject) throwsIOException {System.out.format("Write Object%n");

InputStream inputStream = swiftObject.getPayload().openStream();File file = File.createTempFile("uploadObjectFromFile", ".txt");BufferedOutputStream outputStream = new

BufferedOutputStream(new FileOutputStream(file));

try {ByteStreams.copy(inputStream, outputStream);

}finally {

inputStream.close();

72

Proposed system

outputStream.close();}

System.out.format(" %s%n", file.getAbsolutePath());}

The test environment we built and the tests we made are a proof that jclouds supportsthe development of the trust management system we want to build.Jclouds is still aproject in development ,but it supports some of the futures we want to use for our trustmanagement system.The trust managment system we propose is an on demand trustrelation establishment system and it is explained below what does it mean.The systemwill have a web user interface and can be installed in cloud.

5.3.4 System Architecture

This section explains the architecture of the system we propose.The system we proposeis a trust management system focused on a multicloud environment.The architecture othe system we propose is shown on figure 5.7. The most important component of thesystem is the Trustmanager process. This is the core of the system we propose.We seethat trust manager is connected with a DB and with another process called monitor-ing.The system is composed by :

• Trust Manager . As we mentioned above this process is the core of the proposedsystem.It is responsible for allowing users to validate and add the trust relationbetween tenants.All the information gathered from this process is then stored intothe knowledge db .Here is where jclouds libraries are implemented and are partof this system.This process takes all the requests from tenant admin users andenables the trust as requested storing it to the knowledge base and enabling theconnection between tenants of different cloud providers.

• Monitoring is another extra process that will log every action regarding trustrelations for each tenant.This process is a security components of our system ,because every suspicious can be logged and the verified by the administrator. Thelog information is stored into log files.

• Knowledge DB is considered as the memory of the system.Here are stored allthe trust relations between tenants.it is accessed by the trust management processthat is responsible for storing this information.Here are stored all the users of allthe tenants that are present in the multicloud environment. The knowledge db issynchronised with all the local user storage db of the cloud providers, this meansthat when a tenant t creates a user c this user first is stored lcoally and thensynchrinised with the knowledge db.

In figure 5.7 we see this components part of a centralised system that is connectedwith 2 cloud providers and in our case this cloud providers are using openstack as acloud operating system.We see that the centralised system communicates with this 2cloud providers thought api’s .So in other words the centralised must access all cloudproviders part of a multicloud system even if it is a public or private cloud provider.

We mentioned above that this is an on demand trust establishment system. Eachtenant has a super user that can manage the tenant environment and its users and thisis the tenant admin.He can add , remove users, apply access rights and so on. Taking

73

Proposed system

in consideration that trust its really a big security problem ,we decided to give accessonly to the tenant admin to our trust management system so it can decide weather ornot to establish the trust between 2 users in a multicloud environment.In other wordsif user a decides to trust user b than user a must make a trust request to his tenantadmin and then it is the tenant admin that decides to establish or not the trust. Thisis a secure solution because it lets the tenant admin to know and to decide weatheror not to establish the trust. Another security element we have included is monitoringprocess ,that in cases of suspicious activity administrator is able to see the log .The logallows him to identify actions that he hasn’t performed . The log is thought to have astructure like this :

DateTime- IP -USERNAME -Activity EVENT[07/Mar/2004:16:33:53]-64.242.88.10-USERA : TENANT B-Trust

establishment user c , user g :tenant h

Jclouds libraries is thought to be used as part of trust managment process. So we usejclouds implemented into the trust managment servise in order to communicate thoughtapi’s with different cloud providers that jclouds supports.The lack of standardizationof multicloud technologies is a big problem and it is very difficult to find a standardsolution to realize the communication with different cloud providers because not all ofthem use the same technology.The best solution we found is jclouds as it supports aconsiderable number of cloud provider.We have tested jcloud in an openstack environ-ment but it also works with amazon web services and other cloud providers.

The sequence of steps that finalises the trust establishment between 2 users of dif-ferent tenants is shown on figure 5.8.

Scenario 1 Lets take a simple example, We have 2 users User A from tenant T anduser B from tenant P.In this example user A trusts user B to access a specific folderof user A. The next step that the truster must perform is to inform his administratorin this case Tenant admin.User A gives him all the details and the permissions user awant to give to user b including here the trust rules for example (’allow access to folderx’).The admin after getting the request can decide either to establish the trust or todecline it.If admin decides to approves the trust request ,he can approve it using thetrust management system. He can access the trust management system suing Internetbecause as we mentioned before it will be a web application. A simple user interfaceprototype is shown on figure 5.9 .As we see the Tenant admin after sign in has thepossibility to view its own tenant user list.He selects user A from this list and anotherinterface shows him the tenant list he trusts in the multicloud environment. In thiscase we see that tenant P is present in the list.In cases when the tenant is not present itmeans that there is no trust between tenants and both tenants must agree to allow eachother to access user list of each other in order to establish trust between users.Aftertenant admin selects the tenant he then can select the user B that is part of this tenant.After that a list of trust rules is shown.This trust rules can be customised that meansthis rules can be defined by the admin.Admin can add ,remove trust rules.In the trustrule interface admin can select the trust rules and then apply this rules.At the end UserB , Tenant P and User A are notified about this event via email or SMS.

74

Proposed system

Scenario 2 What happens if a new tenant user is created ? Lets consider the casewhen a tenant admin creates a new user C. We mentioned before that the knowledge dbpresent in the trust management system must be synchronises with the local storage dbof each tenant.The synchronization is done only for the user list.The synchronization isnecessary to establish trust between different users on the multcloud environment.So iffor example user B present decided to trust user C just created , the tenant admin ofuser B must see the new user in the list so he can establish the connection.

75

Proposed system

Figure 5.7: Proposed architecture

76

Proposed system

Figure 5.8: Trust establishment steps

77

Proposed system

Figure 5.9: Trust establishment steps simple UI

78

6. Conclusions and Future Work

In recent years, cloud computing has become a vibrant and rapidly expanding area ofresearch and development.But even now a days there are a lot of security problems incloud computing .We mention some of the most important security issues cloud com-puting is facing and current security and privacy approaches done by a lot of researchwork and support.We explained why a lot of companies are not ready to pass theirinfrastructure to cloud and we gave some statistics about the usage of cloud computingnow a days.This thesis is focused on multicloud environment in which security problems are moredifficult to be resolved.We gave an overview about multicloud and the challenges andbenefits of an environment like this.We described why a multicloud environment is use-ful for a lot of big companies that want to share resources with other companies thatare part of other cloud providers.After a lot of research on web we gave a list of currentresearch multicloud prototypes and management software’s for multicloud.Part of thelist is Jclouds ,the set of java libraries we decided to use for our trust managementsystem.As the system we propose is a trust management system in section 4 we described theconcept of trust in cloud computing .The most important part of this section is thetrust management techniques to be used in order to manage trust between tenants andusers.We also mentioned in this section some of the current research prototypes relatedto trust in multicloud environment.In the last section we explained the system we propose .We have included here even somescenarios to understand better how the system will work.In this section is described thearchitecture of the system and also are included a flowchart and a simple user interface .

The system we propose is a simple trust management system and a solution tobe considered as it includes some security functionalities regarding the trust betweentenants.So the system we propose lets all the actors know if the trust is establishedor not by notifying the users.The trust can only be established by the tenant admin,so he has in control the situation and knows and decides in base of trust rules andthe trust request sent by the user to establish or not the trust.We also mentionedthat each tenant user local storage must be synchronised with the knowledge db partof trust management system we propose.Another important point is the monitoringservice that can be considered as a security protection policy.The core of the system isthe trust manager process.It is the heart of the system .Here is where jclouds librariesare implemented and are part of this system.This process takes all the requests fromtenant admin users and enables the trust as requested storing it to the knowledge baseand enabling the connection between tenants of different cloud providers.

In the future we will develop the proposed system adding even other functionalities.Itrequires a lot of support because its not easy to face different problems related to

trust in a multicloud environment.We will automatize more and more the processes, using a knowledge base system that will gather information for each tenant andwill store information based on their actions and behaviour in an automatic way.Andthen considering the fact that we have information for each tenant gathered over themulticloud network in an automatic way we can define and calculate trust rules and inbase of the results the system can decide to establish or not the trust between tenantsid it is required.This is another challenge for us and we are working for this .We willuse semantic web technologies that can allow us to build this system.

80

Bibliography

[1] S. Gavrila D. R. Kuhn . F. Ferraiolo, R. Sandhu and R. Chandramouli. ProposedNIST standard for role-based access control. ACM Trans. on Information andSystem Se- curity (TISSEC).

[2] M. Villari A. Celesti, F. Tusa and A. Pulia. How to enhance cloud architecturesto enable cross-federation. In Procs. 3rd IEEE Cloud, 2010.

[3] J. Tordsson E. Elmroth A. Ali-Eldin C. Zsigri R. Sirvent J. Guitart R. M. BadiaK. Djemame W. Ziegler T. Dimitrakos S. K. Nair G. Kousiouris K. Konstanteli T.Varvarigou B. Hudzia A. Kipp S. Wesner M. Corrales N. Forgo T. Sharif A. J. Fer-rer, F. Hernandez and C. Sheridan. Optimis: A holistic approach to cloud serviceprovisionin. Future Generation Computer Systems , 28(1):66 77, 2012.,.

[4] S. Kandula A. Li, X. Yang and M. Zhang. Cloudcmp. Cloudcmp: Comparingpublic cloud provider. Procs. 10th Conf. Internet measurement.

[5] Cloud Security Alliance. Security Guidance for Critical Areas of Focus in CloudComputing V2.1. http://www.cloudsecurityalliance.org/csaguide.pdf.

[6] A. Epstein D. Hadas I. Loy K. Nagin J. Tordsson C. Ragusa M. Villari S. Claymanet al. B. Rochwerger, D. Breitgand. Reservoir Uwhen one cloud is not enough.IEEE computer , 44(3):4451, 2011.,.

[7] D. Bernstein and D. Vij. Intercloud security considerations. In Cloud ComputingTechnology and Science (CloudCom), 2010 IEEE Second International Conferenceon , pages 537544. IEEE, 2010.,.

[8] Feigenbaum J. Blaze, M. and A. 1998. Keromytis. KeyNote: Trust Management forPublickey Infrastructures. In Proc. of the 6th Int. Workshop on Security Protocols.Cambridge, UK.

[9] Feigenbaum J. Blaze, M. and J. 1996. Lacy. Decentralized Trust Management. InInformation Reuse and Integration (In Proc. of IEEE 17th Symp. on Security andPrivacy (SP’96). Oakland, CA, USA.

[10] Feigenbaum J. Ioannidis J. Blaze, M. and A. D. 1999. Keromytis. Secure InternetProgramming. Springer-Verlag, London, UK, Chapter The Role of Trust Manage-ment in Distributed Systems Security, 185–210.

[11] Ioannidis J. Blaze, M. and A. 2000. Keromytis. Trust Management and NetworkLayer Security Protocols. In Proc. of the 7th Int. Workshop on Security Protocols.London, UK.

Bibliography

[12] Dustdar S. Anstett T. Schumm D. Leymann F. and Konrad R.2010 Brandic, I.Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds. In Proc. of IEEE 3rd Int. Conf. onCloud Computing (CLOUD’10).Miami, Florida, USA.

[13] D. Catteddu and G. Hogben. Cloud Computing: Benefits, Risks and Recommen-dations for Information Security. ENISA, 2009; www.enisa.europa.eu/act/rm/.

[14] CloudTweaks. Cloud deployment models. cloudtweaks.com, 2012.

[15] S. Panica D. Petcu, G. Macariu and C. Craciun. Portable cloud applications - fromtheory to practice. Future Generation Computer System, 2012.

[16] F. Paci E. Bertino and R. Ferrini. Privacy-Preserving Digital Identity Managementfor Cloud Computing,. IEEE Computer Society Data Engineering Bulletin, Mar,2013.

[17] M. Blaze et al. Dynamic Trust Management. Computer,vol. 42, no. 2,.

[18] B. Di Martino D. Petcu M. Rak F. Moscato, R.Aversa and S. Venticinque. Anontology for the cloud in mosaic. In Cloud Computing: Methodology, Systems, andApplication. RC Press, 2011.

[19] P. Merle R. Rouvo F. Paraiso, N. Haderer and L. Seinturier. A federated multi-cloud paas infrastructure. IEEE 5th International Conference on Cloud Computing, pages 392399, 2012,.

[20] N. Grozev and R. Buyya. I. Inter-cloud architectures and application broker-ing: Taxonomy and survey. Software Practice and Experience , pages in print,http://dx.doi.org/10.1002/spe.2168, 2012.

[21] Ries S. Habib, S. and M. 2011. Muhlhauser. Towards a Trust Management Systemfor Cloud Computing. n Proc. of IEEE 10th Int. Conf. on Trust, Security andPrivacy in Computing and Communications (TrustCom’11) . Changsha, China.

[22] K. Hwang and D. Li. 2010. Trusted Cloud Computing with Secure Resources andData Coloring. IEEE Internet Computing 14, 5, ,.

[23] Fujitsu Research Institute and produced by Fujitsu Global Business Group. fujitsupersonal-data-in-the-cloud. 2010.

[24] R. Sirvent J. Ejarque and R. Badia. A multi agent. A multi-agent approach forsemantic resource allocation. n Procs. 2nd CloudCom, 2010.

[25] N. Borissov G. Smith D. Neumann N. Wirstrom E. Rosenberg J. Nimis, A. Anan-dasivam and M. Villa. Sorma - business cases for an open grid market: Conceptand implementation. In LNCS 5206, 2011.

[26] J. Kang and K.M. Sim. Cloudle. a multi-criteria cloud service search engine. Procs.APSCC ’10.

[27] Jagadpramana P.Mowbray M. Pearson S. Kirchberg M. Liang Q. and Lee B.2011Ko, R. TrustCloud: A Framework for Accountability and Trust in Cloud Comput-ing. n Proc. of IEEE World Congress on Services (SERVICES’11) . Washington,DC, USA.

82

Bibliography

[28] David Linthicum. Why you should care about multicloud.http://www.infoworld.com/article/2611544/hybrid-cloud/why-you-should-care-about-multicloud.html, 2013.

[29] G.-J. Ahn M. Ko and M. Shehab. Privacy-Enhanced User-Centric Identity Man-agement. Conf. Communications, IEEE Press, 2013.

[30] T. Ge R. S. Sandhu R. Krishnan G.-J. Ahn M. Singhal, S. Chandrasekhar andE. Bertino. Collaboration in multicloud computing environments: Framework andsecurity issues. IEEE Computer , 46(2):7684, 2013,.

[31] A. Matsunaga M. Tsugawa and J. Fortes. User-level virtual network support forsky computing. Procs. 5th IEEE e-Science.

[32] E. Kamateri N. Loutas and K. Tarabanis. A semantic interoperability frameworkfor cloud platform as a service. In Procs. 3rd IEEE CloudCom, 2011.

[33] Alessandro Rossini Brice Morin Arnor Solberg Nicolas Ferry, Franck Chauvel.Managing multi-cloud systems with CloudMF. Department of Networked Systemsand Services, SINTEF, Oslo, Norway.

[34] NIST. Cloud computing standards roadmap-version 1.0.. In Special 9 Publication500-291 , 2011.

[35] M. P. Papazoglou and W.-J. van den Heuvel. Blueprinting the cloud. IEEE InternetComputing , 15(6):7479, 2011.,.

[36] Dana Petcu. Multi-Cloud: Expectations and Current Approaches.

[37] R. Ranjan R. Buyya and R. Calheiros. Intercloud: Utility-oriented federation ofcloud computing environments for scaling of application services. I In LNCS 6081.

[38] Dimensional Research. Cloud adoption study global survey of it professionals.http://www.equinix.com/resources/analyst-reports/cloud-adoption-study/, 2014.

[39] C. Cunningham T. Harmer, P. Wright and R.Perrott. Provider-independent useof the cloud. In Procs. Euro-Par’09,, 2010.

[40] B. Tang and R. Sandhu. Cross-tenant trust models in cloud computing. In Infor-mation Reuse and Integration (IRI), 2013 IEEE 14th International Conference on,pages 129136. IEEE, 2013.,.

[41] Y. Zhang and J. Joshi. Access Control and Trust Management for Emerging Mul-tidomain Environments. Y. Zhang and J. Joshi.

83