Jörg Kebbedies, Josef Spillner, I. Braun, A. Schill
{"title":"用户监管可信云的概念化策略设计","authors":"Jörg Kebbedies, Josef Spillner, I. Braun, A. Schill","doi":"10.1109/UCC.2015.105","DOIUrl":null,"url":null,"abstract":"The term \"trust\" in the area of cloud computing has always been one of the most problematic issues. The cloud user becomes willing to accept insecure conditions and unconsciously increases these conditions' security level if he is able to find a strategy that provides trust. This level of trust, once established, is difficult to maintain if any deception takes place. The indications of proven trust can only be seen in future usage of a cloud service. For this reason, specific control instruments are required to ascertain the accuracy of one's trust. The establishment of trust in a public cloud environment requires a paradigm change: a holistic strategy that enforces regulation requirements throughout the cloud architecture. The movement of the root of trust into hardware reduces vulnerability to compromise, as hardware attacks require a high expenditure of time and effort. Cloud users would define regulation standards through trust-worthy IT instruments and enforce them in specific cloud-service layers. The extension of this approach is the regulation of SaaS-based applications to enforce requirements for separation and availability. This work introduces a conceptual approach to establish a chain of policy by using hardware-oriented root of trust. The conceptual description of a chain of policy outlines the main principles to enforce regulations accurately for each architectural cloud layer based on an established chain of trust.","PeriodicalId":381279,"journal":{"name":"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Conceptualized Policy Design for User-Regulated Trusted Clouds\",\"authors\":\"Jörg Kebbedies, Josef Spillner, I. Braun, A. Schill\",\"doi\":\"10.1109/UCC.2015.105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The term \\\"trust\\\" in the area of cloud computing has always been one of the most problematic issues. The cloud user becomes willing to accept insecure conditions and unconsciously increases these conditions' security level if he is able to find a strategy that provides trust. This level of trust, once established, is difficult to maintain if any deception takes place. The indications of proven trust can only be seen in future usage of a cloud service. For this reason, specific control instruments are required to ascertain the accuracy of one's trust. The establishment of trust in a public cloud environment requires a paradigm change: a holistic strategy that enforces regulation requirements throughout the cloud architecture. The movement of the root of trust into hardware reduces vulnerability to compromise, as hardware attacks require a high expenditure of time and effort. Cloud users would define regulation standards through trust-worthy IT instruments and enforce them in specific cloud-service layers. The extension of this approach is the regulation of SaaS-based applications to enforce requirements for separation and availability. This work introduces a conceptual approach to establish a chain of policy by using hardware-oriented root of trust. The conceptual description of a chain of policy outlines the main principles to enforce regulations accurately for each architectural cloud layer based on an established chain of trust.\",\"PeriodicalId\":381279,\"journal\":{\"name\":\"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UCC.2015.105\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UCC.2015.105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Conceptualized Policy Design for User-Regulated Trusted Clouds
The term "trust" in the area of cloud computing has always been one of the most problematic issues. The cloud user becomes willing to accept insecure conditions and unconsciously increases these conditions' security level if he is able to find a strategy that provides trust. This level of trust, once established, is difficult to maintain if any deception takes place. The indications of proven trust can only be seen in future usage of a cloud service. For this reason, specific control instruments are required to ascertain the accuracy of one's trust. The establishment of trust in a public cloud environment requires a paradigm change: a holistic strategy that enforces regulation requirements throughout the cloud architecture. The movement of the root of trust into hardware reduces vulnerability to compromise, as hardware attacks require a high expenditure of time and effort. Cloud users would define regulation standards through trust-worthy IT instruments and enforce them in specific cloud-service layers. The extension of this approach is the regulation of SaaS-based applications to enforce requirements for separation and availability. This work introduces a conceptual approach to establish a chain of policy by using hardware-oriented root of trust. The conceptual description of a chain of policy outlines the main principles to enforce regulations accurately for each architectural cloud layer based on an established chain of trust.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
