Framework for assessing the trustworthiness of cloud resources

Computing power is shifting from local computers to a globally distributed system of servers. Data that used to be stored on the user´s machine as well as applications that process this data are now part of the “cloud”. While there are various advantages in doing so such as cost, performance and availability; security and trust relationships now become major issues. For instance, in the cloud, computations (i.e. data processing) are often distributed among multiple servers which are not necessarily controlled by the user or even a single entity. Therefore, the user needs to determine what part of the processing that produced the results can and cannot be trusted. In order to secure individual resources such as individual applications, operating systems and hypervisors in the cloud we have developed a new framework which embeds them in an armor that protects the resources. The armor works by constantly monitoring and evaluating the environment surrounding the armor and checking the resources it is protecting in order to assess the trustworthiness of cloud resources. Based on these assessments and trust relationships with other armor components it makes decisions such as redeployment or migration in the event that resources have been compromised. The framework provides mechanisms for extracting measurements from resources and derives a trustworthiness assessment for each measurement (of whether it has been compromised) based on a rich set of data and meta information from multiple resources and contexts. This includes a rigorous process of how to derive confidence intervals from data by evaluating history, expected behavior and context information. Furthermore, we present a flexible decision scheme which allows for the estimation of belief that a resource has been compromised based on the assessment and confidence intervals of the individual measurements, their meta information and context.