This paper presents on-going research to develop the Intercloud Architecture Framework (ICAF) that addresses problems in multi-provider multi-domain heterogeneous cloud based infrastructure services and applications integration and interoperability. The paper refers to existing standards in Cloud Computing, in particular, recently published NIST Cloud Computing Reference Architecture (CCRA). The proposed ICAF defines four complementary components addressing Intercloud integration and interoperability: multi-layer Cloud Services Model (CSM) that combines commonly adopted cloud service models, such as IaaS, PaaS, SaaS, in one multilayer model with corresponding inter-layer interfaces including also access and delivery infrastructure layer; Intercloud Control and Management Plane (ICCMP) that supports cloud based applications interaction; Intercloud Federation Framework (ICFF), and Intercloud Operation Framework (ICOF). The paper provides general definition of the ICFF, its generic components and interfaces. The paper briefly describes the architectural framework for cloud based infrastructure services provisioned on-demand being developed in the framework of the GEYSERS project that provides a basis for CSM and ICCMP implementation allowing optimized provisioning of computing, storage and networking resources. The proposed architecture is intended to provide an architectural model for developing Intercloud middleware and in this way will facilitate clouds interoperability and integration.
Abstract-In Cloud computing, the data are not only managed by the data owner but also by Cloud providers. Sophisticated Clouds collaboration scenarios require that these data objects can be accessed distributively among Cloud providers, while still being under the control of data owners. It brings security challenges for distributed authorization and trust management in which existing proposed schemes have not fully solved. In this paper, we propose a Dynamic Trust Establishment approach which can incorporate into Cloud provisioning life-cycles for the multi-provider Intercloud environment. It relies on attribute-based policies as the mechanism for trust evaluation and delegation. The paper also presents a practical implementation approach for attribute-based policies using Multi-type Interval Decision Diagrams which has advantage in term of evaluation complexity.
Abstract-As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways to build and manage secure and trustworthy clouds. Providing consistent security services in on-demand provisioned Cloud infrastructure services is of primary importance due to the multi-tenant and potentially multiprovider nature of Cloud Infrastructure. Cloud security infrastructure should address two aspects of the IaaS operation and dynamic security services provisioning: (1) provide security infrastructure for secure Cloud IaaS operation; (2) provisioning dynamic security services. Although the first task is a traditional task in security engineering, dynamic provisioning of managed security services in virtualized environment remains a problem and requires additional research. Entire frameworks have been proposed and demonstrated but although successful, there is a tendency to see such solutions as integrated 'all in one' infrastructures. This paper describes a light-weight mechanism and protocol for building trust between two machines that takes advantage of the Trusted Platform Module (TPM) to handle a key exchange and remote trusted deployment of a bootstrapping tool (referred to as the Bootstrapping Initiator (BI)). Once deployed, the BI can execute any arbitrary software required which could be (but is not limited to) solutions for advanced architecture management such as the Dynamic Access Control Infrastructure (DACI). The proposed solution provides a light-weight layer of trust backed by a TPM that additional systems can build upon as required by the individual use case without the requirement for a specific management or security infrastructure to be deployed along with it.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.