Journal of Cloud Computing: Advances, Systems and Applications, 2012
Cloud computing offers massively scalable, elastic resources (e.g., data, computing power, and se... more Cloud computing offers massively scalable, elastic resources (e.g., data, computing power, and services) over the internet from remote data centres to the consumers. The growing market penetration, with an evermore diverse provider and service landscape, turns Cloud computing marketplaces a highly competitive one. In this highly competitive and distributed service environment, the assurances are insufficient for the consumers to identify the dependable and trustworthy Cloud providers. This paper provides a landscape and discusses incentives and hindrances to adopt Cloud computing from Cloud consumers' perspective. Due to these hindrances, potential consumers are not sure whether they can trust the Cloud providers in offering dependable services. Trust-aided unified evaluation framework by leveraging trust and reputation systems can be used to assess trustworthiness (or dependability) of Cloud providers. Hence, cloud-related specific parameters (QoS+) are required for the trust and reputation systems in Cloud environments. We identify the essential properties and corresponding research challenges to integrate the QoS+ parameters into trust and reputation systems. Finally, we survey and analyse the existing trust and reputation systems in various application domains, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) why trust establishment is important in the Cloud computing landscape, 2) how trust can act as a facilitator in this context and 3) what are the exact requirements for trust and reputation models (or systems) to support the consumers in establishing trust on Cloud providers.
2008 11th International Conference on Computer and Information Technology, 2008
Abstract - Smartphones are widely used nowadays and their popularity will certainly not slow down... more Abstract - Smartphones are widely used nowadays and their popularity will certainly not slow down in the near future due to improved functionality and new technology improvements. Becoming more and more similar to PCs and laptops, they will also begin to face the same security ...
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2013
ABSTRACT Trustworthy selection of cloud services has become a significant issue in emerging cloud... more ABSTRACT Trustworthy selection of cloud services has become a significant issue in emerging cloud marketplaces. As a consequence, the Cloud Security Alliance (CSA) has formulated a self-assessment framework for cloud providers to publish their cloud platform's security controls and capabilities. This framework enables consumers to select a cloud service based on the capabilities and controls published by the providers. However, a fundamental question that arises is, how can consumers trust that the security controls are satisfied as claimed by the providers and are compliant with consumers' requirements. This paper proposes a trust-aware framework to verify and evaluate these security controls considering consumers' requirements. First, we model the security controls in the form of trust properties. Then, we introduce a taxonomy of these properties based on their semantics and identify the authorities who can validate the properties. The taxonomy of these properties is the basis of trust formalisation in our proposed framework. The framework rests on the notion of hybrid trust that combines hard and soft trust mechanisms for verifying the trust properties. Furthermore, a decision model is proposed as an integral part of the framework in order to empower consumers to determine trustworthiness of cloud providers. Finally, we demonstrate that the proposed trust-aware security evaluation framework could be potentially useful in practice for consumers to determine trustworthy cloud providers in a competitive marketplace.
2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 2011
Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dy... more Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dynamic, scalable, and shared services. Usually, cloud providers provide assurances by specifying technical and functional descriptions in Service Level Agreements (SLAs) for the services they offer. The descriptions in SLAs are not consistent among the cloud providers even though they offer services with similar functionality. Therefore, customers are not sure whether they can identify a trustworthy cloud provider only based on its SLA. To support the customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted Trust Management (TM) system architecture for a cloud computing marketplace. This system provides means to identify the trustworthy cloud providers in terms of different attributes (e.g., security, performance, compliance) assessed by multiple sources and roots of trust information.
Proceedings of the 28th Annual ACM Symposium on Applied Computing - SAC '13, 2013
ABSTRACT The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that... more ABSTRACT The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self-assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept.
The evaluation of the trustworthiness of complex systems is one of the major challenges in curren... more The evaluation of the trustworthiness of complex systems is one of the major challenges in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems.
Journal of Cloud Computing: Advances, Systems and Applications, 2012
Cloud computing offers massively scalable, elastic resources (e.g., data, computing power, and se... more Cloud computing offers massively scalable, elastic resources (e.g., data, computing power, and services) over the internet from remote data centres to the consumers. The growing market penetration, with an evermore diverse provider and service landscape, turns Cloud computing marketplaces a highly competitive one. In this highly competitive and distributed service environment, the assurances are insufficient for the consumers to identify the dependable and trustworthy Cloud providers. This paper provides a landscape and discusses incentives and hindrances to adopt Cloud computing from Cloud consumers' perspective. Due to these hindrances, potential consumers are not sure whether they can trust the Cloud providers in offering dependable services. Trust-aided unified evaluation framework by leveraging trust and reputation systems can be used to assess trustworthiness (or dependability) of Cloud providers. Hence, cloud-related specific parameters (QoS+) are required for the trust and reputation systems in Cloud environments. We identify the essential properties and corresponding research challenges to integrate the QoS+ parameters into trust and reputation systems. Finally, we survey and analyse the existing trust and reputation systems in various application domains, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) why trust establishment is important in the Cloud computing landscape, 2) how trust can act as a facilitator in this context and 3) what are the exact requirements for trust and reputation models (or systems) to support the consumers in establishing trust on Cloud providers.
2008 11th International Conference on Computer and Information Technology, 2008
Abstract - Smartphones are widely used nowadays and their popularity will certainly not slow down... more Abstract - Smartphones are widely used nowadays and their popularity will certainly not slow down in the near future due to improved functionality and new technology improvements. Becoming more and more similar to PCs and laptops, they will also begin to face the same security ...
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 2013
ABSTRACT Trustworthy selection of cloud services has become a significant issue in emerging cloud... more ABSTRACT Trustworthy selection of cloud services has become a significant issue in emerging cloud marketplaces. As a consequence, the Cloud Security Alliance (CSA) has formulated a self-assessment framework for cloud providers to publish their cloud platform's security controls and capabilities. This framework enables consumers to select a cloud service based on the capabilities and controls published by the providers. However, a fundamental question that arises is, how can consumers trust that the security controls are satisfied as claimed by the providers and are compliant with consumers' requirements. This paper proposes a trust-aware framework to verify and evaluate these security controls considering consumers' requirements. First, we model the security controls in the form of trust properties. Then, we introduce a taxonomy of these properties based on their semantics and identify the authorities who can validate the properties. The taxonomy of these properties is the basis of trust formalisation in our proposed framework. The framework rests on the notion of hybrid trust that combines hard and soft trust mechanisms for verifying the trust properties. Furthermore, a decision model is proposed as an integral part of the framework in order to empower consumers to determine trustworthiness of cloud providers. Finally, we demonstrate that the proposed trust-aware security evaluation framework could be potentially useful in practice for consumers to determine trustworthy cloud providers in a competitive marketplace.
2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 2011
Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dy... more Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dynamic, scalable, and shared services. Usually, cloud providers provide assurances by specifying technical and functional descriptions in Service Level Agreements (SLAs) for the services they offer. The descriptions in SLAs are not consistent among the cloud providers even though they offer services with similar functionality. Therefore, customers are not sure whether they can identify a trustworthy cloud provider only based on its SLA. To support the customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted Trust Management (TM) system architecture for a cloud computing marketplace. This system provides means to identify the trustworthy cloud providers in terms of different attributes (e.g., security, performance, compliance) assessed by multiple sources and roots of trust information.
Proceedings of the 28th Annual ACM Symposium on Applied Computing - SAC '13, 2013
ABSTRACT The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that... more ABSTRACT The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self-assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept.
The evaluation of the trustworthiness of complex systems is one of the major challenges in curren... more The evaluation of the trustworthiness of complex systems is one of the major challenges in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems.
Uploads
Papers by Sheikh Habib