A separation-of-powers model for a trustworthy and open cloud computing ecosystem

Most existing security enhancements lack a widely-agreed definition of trust. Trusted Cloud models have been proposed, which establish a Root-of-Trust inside the cloud and vouch for the trustworthiness of the cloud services. However, these are often impractical and ineffective due to the cloud’s characteristics of complexity, heterogeneity, and dynamism. This dissertation thus focuses on how to effective manage the trust dynamics inside the cloud, and how to export trust to achieve practical cloud attestations. <p>Firstly, a <em>Separation-of-Powers</em> <em>(SoP)</em> model is designed. It separates the authorities of a Cloud Service Provider, and allows different independent roles to participate in managing trust inside the cloud. The collaborative-restrictive relationship among these roles encourages a trustworthy and open cloud ecosystem. Secondly, three core components for implementing this model are designed, solving the problems of: how to effectively determine a <em>Cloud Trusted Computing Base (cTCB)</em> for a cloud application; how to define a <em>Cloud Root-of-Trust (cRoT)</em> for managing the trust evidence for this <em>cTCB</em>; and how to construct a <em>Cloud Chain-of-Trust (cCoT)</em> from the <em>cRoT</em> to export the trust evidence, and achieve cloud application attestations. Thirdly, simulators and prototypes are implemented to evaluate these core components. A Trusted MapReduce (TMR) system is also built as a case study to demonstrate how to utilize the trust services achieved by the SoP model.</p> <p>This dissertation demonstrates that, by correctly managing trust inside the cloud, the genuine behaviours of the cloud can be effectively inspected and verified. The SoP model builds trust from customers to the Cloud Services Providers. <em>Trustworthiness</em> supports security-critical cloud applications, which encourages a wider range of cloud users. <em>Openness</em> further brings a flourishing market to the ecosystem. It encourages many more diverse Cloud Service Providers to equally participate in the cloud ecosystem, regardless of their scale or capabilities. We believe that a model of this kind is important for achieving trustworthy governance in the cloud ecosystem. It could in turn help to promote a wider cloud model adoption.</p>