TU Darmstadt / ULB / TUprints

Quantitative Trust Assessment in the Cloud

Taha, Ahmed :
Quantitative Trust Assessment in the Cloud.
Ahmed Taha, Darmstadt
[Ph.D. Thesis], (2018)

document.pdf - Text (Thesis)
document.pdf - Submitted Version
Available under CC-BY-NC 4.0 International - Creative Commons, Attribution Non-commercial.

Download (5MB) | Preview
Item Type: Ph.D. Thesis
Title: Quantitative Trust Assessment in the Cloud
Language: English

Cloud computing offers a model where resources (storage, applications, etc.) are abstracted and provided "as-a-service" in a remotely accessible manner. In such a service-based environment, the Cloud provisioning relies on stipulated Service Level Agreements (SLAs). Such an agreement is a contract between the Cloud Service Provider (CSP) and the Cloud Service Customer (CSC) regarding the offered services. These SLAs specify the Cloud services requested by the customers and are required to be achieved by the CSPs. A variety of parameters for different aspects of a service can be included in the SLA, such as but not limited to: availability, performance, downtime and location of the data.

Although there are numerous claimed benefits of the Cloud to ensure confidentiality, integrity, and availability of the stored data, the number of security breaches is still on the rise. The lack of security assurance and transparency prevented customers/enterprises from trusting the CSPs, and hence not using their services. Unless the customer's security requirements are identified and documented by the CSPs, customers can not be assured that the CSPs will satisfy their requirements. Although the recent efforts on specification of security services using SLAs, also known as security SLAs or secSLAs, is a positive development, multiple technical and usability issues limit the adoption of Cloud secSLAs in practice.

For example, multiple CSPs offer similar security services (e.g., "encryption key management") albeit with different capabilities and prices. The customers need to comparatively assess the offered security services in order to select the best CSP matching their security requirements. However, the presence of both explicit and implicit dependencies across security related services add further challenges for Cloud customers to: (i) specify their security requirements taking service dependencies into consideration, (ii) determine which CSP can satisfy these requirements in a qualitative way, and (iii) identify threats that can compromise their data ownership requirements of security, functionality and performance.

Although secSLA provides specifications for the security level to be provided, assurance mechanisms are required to validate the compliance of the enforced security mechanisms to the secSLA. The lack of security transparency on the security controls implemented in the Cloud and the diversity of the security specifications covered in the secSLA make validating the service to the secSLA a challenging task. Furthermore, the customer's compensation upon a violation is a manual time intensive process.

Finally, despite the benefits of enclosing security-related information in the secSLAs, CSPs are hesitant to release detailed information regarding their security posture for security and proprietary reasons. This lack of security transparency makes assessing and validating the offered security level and finding the best CSP matching the customer's security requirements a challenging task.

In this dissertation we address the aforementioned challenges. For challenges (i) and (ii), two evaluation techniques for conducting the quantitative assessment and analysis of the secSLA-based security level provided by CSPs with respect to a set of Cloud customer security requirements are presented. The proposed techniques help to improve the security requirements' specifications by introducing a flexible and simple methodology that allows customers to identify and represent their specific, imprecise and inconsistent security needs. The techniques automatically detect conflicts resulting from inconsistent customer requirements and provide an explanation for the detected conflicts which in-turn allows customers to resolve these conflicts. To tackle challenge (iii) and uncover threats that can compromise the customer's data ownership requirements, a threat analysis process is presented which establishes the viability of identifying threats based on the CSPs' offered services and customers' requirements.

To validate the compliance of CSPs to the contracted services in the secSLA(s), a decentralized customer-based monitoring approach is proposed. The monitoring approach detects secSLA's violations and autonomously compensates customers according to the violation severity. The approach relies on the Ethereum blockchain to securely store monitoring logs and incorporate secSLAs as smart contracts. The compliance validation framework is implemented and its functionality is evaluated on Amazon EC2.

Finally, a system that enables (a) CSPs to disclose detailed information about their offered security services in an encrypted form to ensure data confidentiality, and (b) customers to assess the CSPs' offered security services and find those satisfying their security requirements is presented. The system preserves each party's privacy by leveraging an evaluation method based on secure two-party computation and searchable encryption techniques. The system is implemented and evaluated by applying it to existing standardized secSLAs. We show that the system's performance is practical for the presented use-case. The system is formally proved against a strong realistic adversarial model, using an automated cryptographic protocol verifier.

Alternative Abstract:
Alternative AbstractLanguage
Obwohl es zahlreiche Vorteile der Cloud gibt, um Vertraulichkeit, Intigrität und Verfügbarkeit der gespeicherten Daten zu gewährleisten, steigt die Anzahl an Verstößen weiterhin. Fehlende Sicherheit und Durchsichtigkeit halten Kunden/Unternehmen davon ab, Cloud Service Anbietern (CSPs) zu vertrauen und ihren Dienst zu nutzen. Solange die Sicherheitsanforderungen der Kunden von den CSPs nicht bekannt und dokumentiert sind, kann den Kunden nicht versichert werden, dass die CSPs ihre Anforderungen erfüllen können. Obwohl die jüngsten Anstrengungen die Sicherheit, mit Hilfe von Service Level Agreements (SLAs), auch bekannt als Sicherheits SLAs oder secSLAS , zu präzisieren eine positive Entwicklung darstellen, begrenzen viele technische und benutzerfreundliche Punkte die Annahme von Cloud secSLAs in der Praxis. Obwohl secSLA Spezifizierungen für das Sicherheitsniveau zur Verfügung stellt, sind „assucrance mechanisms“ erforderlich, um die Einhaltung der durchgesetzten Sicherheitsmechanismen der secSLA zu validieren. Mangel von Transparenz der Sicherheit der implementieren Sicherheitskontrollen der Cloud und die Vielfalt der Sicherheitsspezifikationen, die in secSLA enthalten sind, macht die Überprüfung der seclSLA Dienste zu einer herausfordernden Aufgabe. Weiterhin ist die Kundenentschädigung bei Verletzung (des Vertrages) ein manuell zeitintensiver Vorgang. Diese Dissertation beschäftigt sich mit den oben genannten Herausforderungen. Zwei Formen der Evaluierung für die quantitative Bewertung und Analyse des auf secSLA basierten Sicherheitslevels, bereitgestellt von CSPs mit Bezug auf eine Reihe von Sicherungsanforderungen von Cloud Kunden, sind vorhanden. Die Techniken erkennen Konflikte, die aus inkonsistenten Kundenanforderungen resultieren und stellen eine Erklärung für diese zur Verfügung, was wiederum den Kunden erlaubt, diese Konflikte zu lösen. Um die Übereinstimmung der CSPs mit den Vertragsservice der secSLA(s) zu validieren, wird eine dezentrale kundenbasierte „monitoring approach“ vorgeschlagen. Das „monitoring approach“ erkennt secSLA Verletzungen und entschädigt automatisch Kunden gemäß der Schwere der Verletzung. Die Annäherung verlässt sich auf „Ethereum blockchain“. Die Annäherung der Überwachung wird durchgeführt und seine Funktionalität wird auf Amazons EC2 bewertet.German
Place of Publication: Darmstadt
Publisher: Ahmed Taha
Classification DDC: 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Divisions: 20 Department of Computer Science > Security, Usability and Society
Date Deposited: 06 Jun 2018 13:34
Last Modified: 06 Jun 2018 13:34
URN: urn:nbn:de:tuda-tuprints-74488
Referees: Suri, Prof. Dr. Neeraj and Posegga, Prof. Dr. Joachim
Refereed: 25 April 2018
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/7448
Actions (login required)
View Item View Item