Identity Matrix: Architecture Framework for Trusted Cloud Computing through Cloud Intellect.

1Identity Matrix: Architecture Framework for Trusted Cloud Computing through Cloud Intellect

Identity Matrix: Architecture Framework for Trusted Cloud Computing through Cloud Intellect

Sarah Shafqat1, Muhammad Naeem Ahmed Khan1, Naveed Riaz2, Khalid Khan1

1Shaheed Zulfikar Ali Bhutto Institute of Science and Technology (SZABIST), Pakistan2CCSIT, University of Dammam, Saudi Arabia

{sarah.shafqat, mnak2010}@gmail.com, [email protected], [email protected]

Abstract

This paper presents a novel approach to devise an architectural framework for trusted cloud computing to help organizations and companies in curtailing data processing costs by outsourcing computations on-demand by ensuring confidentiality and integrity of the data sources and computation processes. The proposed framework comprises a number of modules -- Identity Matrix (IMx) being one of them. The architecture is designed in a way that it offers processes a virtual view of a network interface to support user level access to high-speed communication devices like biometric devices to supportuser level identification system. As the target audience are scrutinized and their corresponding interest groups are better understood, the framework could be further refined such that it would make a systematic data warehouse depicting meaningful information for various public and private sector organizations and businesses etc. The right information would be directed towards right people at the right time; thus helping organizations to take right actions based on global network of trusted peers, as well as eliminating risks posed by identified malicious users. The main focus of this study will be software architecture. The study also demonstrates the efficacy of software architecture and high level design for the proposed trusted cloud computing framework.

Keywords: Cloud computing, Identity management, Architectural framework, Trusted cloud, Knowledge management.

1 Introduction

Cloud computing envisioned as the next-generation architecture of IT Enterprise is a new area of research that bears certain ambiguities pertaining to its potential use in the modern era where everyone is much conscious and concerned about privacy and security of digital data. Cloud computing utilizes dynamic, scalable and often visualized resources to provide computation and data management services over the InternetThe users generally use HTTP as a medium to avail these services. In cloud computing, the knowledge, expertise or control over the technology

infrastructure is ordinarily not needed by the user. The term cloud computing is used with relevance of diagrammatical representation of the cloud symbol that is often used to depict the Internet inflow charts. Hence, cloud is an abstraction symbol to represent the underneath complex infrastructure. In cloud computing, the provider builds solution (i.e., software, infrastructure or platform) over the Internet and these services are made available to the users on demand via subscription [1].

1.1 Risks to Cloud Computing AdaptationThe prominent risks associated to the cloud computing

adoption include: y Unauthenticated user level access to data y Identity theft and fraud y Cyber bullying y Weak network structure that gives access to eavesdropping on confidential data y Users are vulnerable to cloud providers for data security, cost and services y Non-availability of proper standards to practice

Latest technology facilitates different service providers to unite their infrastructure to address a broader business space. It is also possible that a consumer maintains accounts with multiple service providers like e-bay, Gmail etc. The visibility and scope of attributes for every identity needs to be verified against a central trusted policy regulatory authority assumed by the systems. In such systems, extreme precaution is required to handle identities in order to avoid untoward incidents. Hence, identity management (IDM) hold an upper hand in the whole area of cloud security and can be considered as superset of all the issues encompassing cloud computing.

An IDM in cloud has to manage control points, dynamic composite/decommissioned machines, virtual device or service identities etc. Today’s cloud requires dynamic governance of typical IDM issues l ike provisioning/de-provisioning, synchronization, entitlement, lifecycle management etc. [2].

2 Literature Review

Keeping abreast with the ever challenging security concerns in cloud computing, the knowledge transfer

*Corresponding author: Naveed Riaz; E-mail: [email protected]: 10.6138/JIT.2016.17.4.20120904

Journal of Internet Technology Volume 17 (2016) No.42

assessed for the effect of inhomogeneous data on the scheduling mechanism. A comparison of performance of three aforementioned cloud technologies on virtual and non-virtual hardware platforms suggests that MapReduce is the more preferred approach due to its flexible nature. However, MapReduce and Dryad cannot express iterative computations.

MapReduce, Hadoop, and Dryad are recent distributed computing frameworks that offer simpler methods for exploiting multiple systems on cloud. These frameworks are based on coordination languages, including iterative and recursive algorithms that are still insufficiently expressive. Skywriting [11] is thus introduced that generalizes these approaches coming up with a better expression. Turing-powerful, pure functional scripting language describing distributed computing, and novel cooperative task farming execution engine are amongst its features. Nonetheless, it is a generalized scripting language and does not specifically comply with identity management system on cloud to track activities of users in an effective manner.

Organizations can adopt to cloud paradigm if they have certain level of trust in the cloud service providers. Gao et al. [12] proposed a framework for executing knowledge discovery applications on cloud in a timely manner to make the required predictions. OpenStack [13] is an open source IaaS cloud platform released by Rackspace and NASA. It manages storage and network resources across the multiple servers to provide a web interface compatible with Amazon EC2. Cloud computing encompasses grid and distributed computing [14]. Authors in [15] proposed leveraging trust of users from one device to other, thus enabling them to safely shift to the other commodity appliance or service. The proposed methodology has been supported by developing techniques to utilize small, secure and handy appliances to securely learn which program is running on the local machine. Rather trusting a vast cloud, a secure on-demand execution environment is constructed for performing sensitive tasks and handling private data securely by keeping it in isolation from all other software and hardware on the system.

Cloud computing can leverage from Renesse (a monitoring framework) [16] as Renesse can support a wide range of grid-control applications in a standard manner.

3 ProblemDefinition

Cloud computing being the hot topic nowadays has grabbed attention of researchers globally but still it is not systematic. Researchers are working to streamline its processes and control the channel of information flow and the user traffic that makes it complex and congested.

When a user surfs the cloud and signs up with different

over the cloud is also at its peak [3]. The authenticity of information is judged by analyzing the opinions of many users. On web, this approach of building trust and sharing trusted information fails because of users adopting different personas or identity and thus propagating biased opinions. A relationship of trust is an approach that has been triggered by social networks providing dual benefits. Firstly, opinions are accessed by a user on a certain idea by using large chunks of information extracted from reviews and judgments made available through a trusted channel. Secondly, trusted global individuals, who enjoy privileged power, can market their goods and services at a better return.

Security is greatly focused by the considerable work done concerning trust in IT related services. Formal logical models used for cryptography and authentication include Pretty Good Privacy (PGP). The similar trust relations can be built amongst agents for much wider range of applications than just authenticating identities. An entity-centric approach for IDM in cloud is discussed in [4] that comprise two components: active bundles and anonymous identification. Each active bundle includes a payload of personally identifiable information, privacy policies and a virtual machine that enforces the policies for protection mechanisms. The anonymous identification is used for interaction on cloud using entity’s privacy policies.

Security problems in the industry are outlined in [5] and a set of trust concepts with respect to security architecture are defined. The required roots-of-trust in hardware and firmware including TCG-based hardware and UEFI-based firmware are discussed in the literature. The comprehension of architectural goals is mandatory to understand the technology platform that deploys richer interoperability and greater trust in the system. IBM System-X is one such technology to deliver security architecture. Features like observed behaviors of entities, disk encryption, malware resistance etc. are assigned greater consideration in this regards. Despite the identification system bears high potential, yet it is limited to firmware.

Authors in [6] advocate that e-passport combines the concept of using three identification technologies biometrics, smartcards and radio frequency. However, e-passport using biometric identification is limited to be used as a service and cannot be referred as a medium for authenticating users on cloud.

Authors in [7], present a study comparing latest cloud technologies such as MapReduce [8] for executing inter-task communication on cloud in parallel by using technologies like Microsoft DryadLinq [9] and Apache Hadoop [10] on two bioinformatics applications. In an application, when comparison of performance is made with MPI implementation, the cloud technologies are


services, he/she ends up with multiple credentials and multiple access permissions across different applications provided by different service providers. These fragmented user details present a challenge to the both users and service providers in the forms of synchronization of shared identities, security etc. Also, there is a chance for malicious users making multiple fraudulent identities to get unauthorized entrance to variety of services. Thus, it stimulates a strong desire for developing an intrinsic identity system that unambiguously identifies users and is trusted across the web and within the enterprises. Different Service Providers use different factors for authentication like account number, email ID, PayPal ID etc. Moreover, when transactions traverse multiple tiers of service hosted in the cloud, the semantics of the context of identity information has to be properly maintained, constrained and relaxed as per the specific needs of the users. Until the identities are not associated to the published jargon, developing trustworthy meaning of the content remains a challenge in non-trusted relationships. Therefore, conceptualization of relating digital presence with physical personas in real life is very intriguing for bringing trustworthiness in P2P networks in terms of end-to-end technical, information assurance and governance perspectives.

Key problem areas identified during the course of this study include:

y Architectural Framework y Scripting Language y Security Issues

3.1 Architectural FrameworkThe problem areas related to architectural framework

mainly cover the aspects of service outages, authenticity of information, auditability, and intrusion detection. Detail description of these problems/issues is briefly discussed below.(1) Hardware or software resources are frequently

shutdown or restarted for attestation purposes resulting in temporary service outages on the client side. The attestation process at client side may make the client vulnerable to threats as the client system is accessible at that particular time for attestation.

(2) The authentici ty of information is judged by intelligently reviewing and analyzing the opinions of many users in order to take appropriate decisions related to data security.

(3) To date, there is no auditability mechanism in place for validating a user identity. A fraudulent user can still forge a trusted identity and enter into a trusted network of friends, thus polluting the network of trust.

(4) The identification system of IBM System-X despite bearing high potential is yet limited to firmware and

can be considered to merge with cloud computing to bring about added trust.

(5) Decentralization of PeerTrust is another limitation as, ideally, there should be a centralized system to authenticate activities of every user on the cloud. The fact that a single user ends up with multiple logins constricts and limits the ease of use of cloud services due to difficulty faced by the user to remember and manage login details. Therefore, a single point of entry is needed to be introduced for cloud users.

(6) Introduct ion of e-passport bear ing biometr ic identification is limited to be used as a service as it is not referred as a medium for authenticating users on the cloud. Furthermore, every individual user on the cloud may not possess a passport which will limit his/her identification options.

3.2 Scripting Language(1) MapReduce, Hadoop and Dryad use coordination

languages including iterative and recursive algorithms that are insufficiently expressive.

(2) Skywriting is a generalized scripting language that does not specifically comply with Identity Management System on cloud to track activities of users in an effective manner.

3.3 SecurityAn on-demand completely isolated secure execution

environment for a local system that performs highly sensitive tasks and handles private/confidential data securely, can put a barrier over the other software and hardware. The same procedure can be adopted for every virtual machine on the cloud to make it secure. The main concern here is to enable user to trust the cloud.

4 Proposed Solution

Transparency is a key to implementing accountability and forming an international regulatory body for authenticating identities over the Internet through biometric devices -- e.g., fingerprint sensors or smart cards -- and confirming identity card and passport details in order to form a single knowledge base to mesh multiple identities of a user over the cloud.

For added trust on the existing cloud computing architecture, the key artifacts which need to be transformed through reengineering of cloud infrastructure using reverse engineering techniques include; Architectural Framework, Scripting, and Security. Keeping in view the three key problem areas related to cloud security, we endeavor to present a model that amicably addresses the aforesaid problems.


4.1 Architectural Framework(1) There is a need to introduce a virtual layer of cloud

that encompasses every machine on the network attested for its software and hardware. Even when a machine is temporarily down, its instance still appears on the cloud that is trusted for its security through a generalized script in order to combat identity pollution and untrustworthy content on the virtual network. The script also includes intrusion detection mechanism to identify the intrusion point of malicious contents and halt it from the source point.

(2) The authenticity of information is judged by analyzing and intelligently reviewing the opinions of many users to take various decisions. For making intelligent decisions, there should be a single instance of user that should operate anywhere on the cloud having different profiles linked up at a single point of occurrence. The users would have to physically attest to biometric device and provide their authorization credentials for further validation by the IRB. The proposed approach would preserve the auditability of user identity, reduce the use of forged identities to almost nil and help build trust in the P2P network.

(3) To enable biometric attestation, the identification system of IBM System-X has to be molded for inclusion of every computing device that connects user to the cloud.

(4) Identity Matrix (IMx) would give a single platform to users for access to the cloud and would help eliminate decentralization of PeerTrust. A user would have only one login that would keep all his/her profiles linked to a single point. This way the user would be spared from managing multiple accounts using several types of identification mechanisms like paypal, ebay etc.

(5) Introduction of e-passport using biometric identification is limited to be used as a single service; therefore, it has not been referred as a medium for authenticating users on the cloud. However, it can be merged with Identity Matrix to validate users having passports other than identity card details. Such an approach would also restrict children’s access to adult websites. Finally, the proposed architecture would be hybrid in nature.

4.2 Scripting Language for Communication and Interaction(1) As discussed above, scripting language would be main

point of connection among the modules of Architectural Framework for Trusted Cloud Computing. MapReduce, Hadoop and Dryad use coordination languages that include iterative and recursive algorithms that are insufficiently expressive. Skywriting in its current form does not track activities of users in an effective manner

and comply with Identity Matrix on the cloud. So, it also needs to be modified to embed into our proposed system.

(2) Forensic Web Services can also be included to maintain secure transactional records with other web services. Since it is limited to forming compliance between digital evidence and legal standards, therefore, it would be configured to integrate interchanging physical evidence into digital.

4.3 SecurityThe main concern in cloud computing adaptability is

to make users to trust the cloud. If users trust certain type of software execution on their own systems then the same secure code execution environment can be set all over the cloud to persuade them to use cloud computing facilities. The incorporation of virtual layer proposed in our model would help create this environment. The system thus designed would meet the requirements of Architectural Framework for Trusted Cloud Computing. Maintaining logs of malicious sources and combat the potential threats are the core tasks of the design model. Additionally, the model would include compliance mechanism for Identity Matrix and standards set by IRB.

5 Proposed Design of Architectural Framework for Trusted Cloud Computing

High level DFDs are made to better elaborate the functionality of the proposed system for Architectural Framework for Trusted Cloud Computing and are described at length in the subsequent sections.

5.1 Context DiagramAs mentioned earlier, Identity Matrix (IMx) is one

of the modules of which Architectural Framework for Trusted Cloud Computing is comprised of. Thus IMx is used to form a main system. It is connected to knowledge warehouse and IRB data warehouse, triggered by any cloud user who interacts with it as depicted in Figure 1.

5.2 First Level DFDExtracted from IMx, there are four cloud platforms;

Identity Matrix, Cloud, and IRB forming processes connected with data warehouses; IRB and Knowledge base. A cloud user interacts with the system after registering himself by providing identity and passport details for verification prior to be profiled with IMx. The data flow diagram for Architectural Framework for Trusted Cloud Computing is shown in Figure 2.


5.3 Proposed ArchitectureFour cloud platforms -- any cloud application, identity

matrix (IMx), IRB and Knowledge warehouse -- form a hybrid cloud multitude with different hosting service providers on separate virtual platforms.

IRB symbolizes an isolated data warehouse where data obtained from identity card and passport issuers in every country is stored. Cloud application refers to where user registers himself giving some specific identity information like identity card and passport number and thumb impression etc. These set of values are verified by IRB. If the identities are validated then the user will be registered both on the cloud application and IMx automatically and the user’s profile is recorded in secure isolated knowledge warehouse where it can be retrieved as required. On IMx, any user’s activities on the cloud can be viewed and is kept transparent by maintaining the needed confidentiality. This is illustrated in Figure 3.

Figure 1 Context Diagram for Identity Matrix (IMx)

Figure 2 First Level Data Flow Diagram (DFD) of IMx Solution

Figure 3 Hybrid Cloud Architectural Framework for IMx


6 Simulation and Validation

As the system that is being tested here is huge, KAOS model is made using a simulation tool called the Objectiver. The functionality and the arrangement of the system produced by the Objectiver is illustrated in Figure 4. Simulated cloud comprising of IMx and other cloud applications is encapsulated within a secure virtual layer that communicates with server, IRB, and the cloud user at client side. A user interfaces with the cloud through a secure virtual layer by digitally signing in through finger impression. After getting validated by IRB, the user profile is copied on to the IMx. The identity profile is created after successful ratification and verification of the user details. Later, the identity profile is screened through secure virtual layer that is on the founding layer of the architecture to maximize security. This identity profile can subsequently be used as a part of the knowledge management system. The secure virtual layer encompasses every machine on the network attested for its software and hardware. Even when a machine is temporarily down, its instance still appears on the cloud that is trusted for its security through a generalized script composed of Credence in order to combat identity pollution and untrustworthy content on the

virtual network. Since users normally trust their contents when executed on the remote machine, therefore, the same pretext can be used to trust the contents on the cloud alike. The script includes intrusion detection mechanism to identify the intrusion point of malicious contents and halt it from the source point. In short, the virtual layer is capable to identify, halt and filter the malicious activity initiating in the cloud through the well-designed script.

Validation of the proposed architecture is done by comparing it to the existing cloud architecture. The validation is primarily based on three main aspect of the current system, namely, dispersed cloud application on an insecure cloud, multiple logins and absence of standards. An approach for trust management for decentralized cloud known as PolicyMaker is already available [17]. Trust management problem is addressed as distinct component of security in network services. PGP and X.509 address only narrow subsets of the overall trust management problem and pertains to only one application. PolicyMaker facilitates the development of security features in a wide range of network services, but still the problem with the decentralization of cloud remains. The foremost drawback with the dispersed cloud application on an insecure cloud pertains to addressing the issue of

Figure 4 Simulation for Hybrid Architecture for Trusted Cloud Computing


managing multiple logins for a single cloud user. In our proposed framework, this problem is addressed through integrating cloud applications with Identity Matrix system to support single sign-on. The proposed solution minimizes the chances of hacking by introducing a secure virtual layer at foundation layer and at the client side.

Entities may have multiple accounts and PII is mapped on to the entity. But, a key question arises why to have multiple accounts for an entity when it can have a single account in the centralized cloud. The second aspect of multiple logins in the existing systems suffers the drawbacks of lack of verification of physical identities, the existence of forged identities and possible threats of cyber bullying. In our proposed framework, we suggest to use biometric data or acceptable means of identification like identity card or passport details that are duly verified by IRB to resolve this issue. The key benefits obtained through this approach could be multifaceted. Firstly, a single login can be easily traced back to physical identity. Secondly, in the event of malfunctioning, a complaint can be registered with IRB to resolve the issue. The proposed approach will support transparent identities over the cloud due to the mechanism of secure login authentication through biometric identification.

The third aspect observed in the existing systems pertains to the absence of standards due to which the cloud has become quite unsystematic. In our proposed architecture, we suggest to use IRB standards to transform the cloud into a trusted cloud.

7 Discussion and Findings

Presently, there is no standard architecture for cloud computing, therefore, we propose Architectural Framework for Trusted Cloud Computing (AFTCC) with a view to transform it into an informed cloud termed as Cloud Intellect. AFTCC embeds biometric signatures for the sake of scrutinizing cloud consumer as a single entity. User would register with Identity Matrix -- a cloud application, and sign into cloud with a single identity and this approach would save storage space and time as compared to the existing approaches that keep multiple profiles of a single user. Also, now there is an added module within IMx -- Cloud Indicator that helps maintaining the authenticity of services and cloud providers on the basis of vendor authority and user feedback. Thus, malicious users with fake identities along with the malfunctioning cloud providers taking advantage of cloud user would be barred automatically to enter cloud as IRB verification would be required to validate users and cloud providers entering into cloud environment. IRB is composed of data warehouses within every country and is assumed to validate cloud

providers and the credentials of users entering cloud at national level in electronic form. It is assumed that credentials of the nationals are already being managed in electronic form. So, the cost would also be minimal to maintain all this data under a single umbrella. But, a clause would be included in SLA to get user’s permission for using his data and monitoring his profile. Then permission is required at national levels for keeping user’s profiles. An optimistic consideration is made, that knowing the limitations of current cloud environment the nations would not form hindrance in developing such a cloud. Monitoring would be done at national level and user’s profiles would be limited to its respective country. Users are monitored on-the-fly to thwart malicious activities such as cyber bullying and hacking etc. If a user found guilty, he would be barred out of the cloud. In this way, on the backend users’ profiles would form a knowledgebase that could be used for Cloud Intellect in future. All these modules in the AFTCC are strongly bounded by a scripting language.

Apart from its advantages, AFTCC yet bears a major limitation that it is computationally expensive. Firstly, a major challenge and expense is to introduce biometric device embedded in all communicational appliances, so that a cloud user can register into Identity Matrix, thus becoming part of cloud. Secondly, it requires huge amount of virtual memory to hold a knowledgebase that maintains electronic profiles of every cloud user.

8 Conclusion and Future Work

The development of evolving Architectural Framework for Trusted Cloud Computing comprises several modules and IMx is one of them. The architecture of IMx is understood and the evolution of IMx generates the need for storage, compatibility, scalability and performance. Therefore, the future work will focus on developing other systems that can be integrated with it, e.g., Knowledge Management, Storage, Virtualization, Scalability and Data Security modules. These modules are envisaged to be based on robust algorithms to provide efficient mechanisms and adhere to the proper governance standards implemented by IRB by exploiting neural computing functionalities.

Knowledge management system is likely to be the key expected outcome of this research in the future. As the target audience is scrutinized and their interest groups are better understood, the system would be designed in such a way that it would further make a systematic data warehouse depicting meaningful information for various government and non-government organizations particularly those dealing with national security, e-governance, businesses etc. The proposed model will help disseminating the right information to the right consumers at the right


time and this tactic would help organizations to take right actions based on calculated decisions through global network of trusted peers. The proposed approach will also eliminate risks posed by identified malicious users.

References

[1] Bhaskardeep, Cloud Computing -- SaaS, 2010, http://www.c-sharpcorner.com/UploadFile/bhaskardeep/190/

[2] Elisa Bertino, Federica Paci, Rodolfo Ferrini and Ning Shang, Privacy-Preserving Digital Identity Management for Cloud Computing, IEEE Computer Society Data Engineering Bulletin, Vol.32, No.1, 2009, pp.21-27.

[3] Sheng-Hua Xu and Hong Zou, Synchronization Simulations of Secure Knowledge Transfer in Cloud Networks, Journal of Internet Technology, Vol.15, No.5, 2014, pp.853-862.

[4] Pelin Angin, Bharat Bhargava, Rohit Ranchal, Noopur Singh, Mark Linderman, Lotfi Ben Othmane and Leszek Lilien, An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing, Proc. of 2010 29th IEEE Symposium on Reliable Distributed Systems, New Delhi, India, October/November, 2010, pp.177-183.

[5] Vincent J. Zimmer, Shiva R. Dasari and Sean P. Brogan, Trusted Platforms UEFI, PI and TCG-Based Firmware, 2009, http://www.cs.berkeley.edu/~kubitron/courses/cs194-24-S14/hand-outs/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf

[6] Bart Jacobs and Erik Poll, Biometrics and Smart Cards in Identity Management, 2010, http://repository.ubn.ru.nl/bitstream/handle/2066/91601/91601.pdf?sequence=1

[7] Xiaohong Qiu, Jaliya Ekanayake, Scott Beason, Thilina Gunarathne and Geoffrey Fox, Cloud Technologies for Bioinformatics Applications, Proc. of MTAGS’09, Portland, OR, November, 2009, http://research.microsoft.com/pubs/140453/MTAGS.pdf

[8] Ralf Lämmel, Google’s MapReduce Programming Model -- Revisited, Science of Computer Programming, Vol.70, No.1, 2008, pp.1-30.

[9] Christophe Poulain, An introduction to DryadLINQ, July, 2010. Microsoft Research.

[10] Dhruba Borthakur, The Hadoop Distributed File System: Architecture and Design, 2007, http://hadoop.apache.org/docs/r0.18.3/hdfs_design.html

[11] Derek G. Murray and Steven Hand, Scripting the cloud with Skywriting, Proc. of HotCloud’10, Boston, MA, June, 2010, https://www.usenix.org/legacy/events/hotcloud10/tech/full_papers/Murray.pdf?CFID=478253341&CFTOKEN=84377490

[12] Kun Gao, Qin Wang and Lifeng Xi, Reduct Algorithm Based Execution Times Prediction in Knowledge Discovery Cloud Computing Environment, International Arab Journal of Information Technology, Vol.11, No.3, 2014, pp.268-275.

[13] Anton Beloglazov, Sareh Fotuhi Piraghaj, Mohammed Alrokayan and Rajkumar Buyya, Deploying OpenStack on CentOS using the KVM hypervisor and GlusterFS distributed file system, August, 2012. Technical Report CLOUDS-TR-2012-3.

[14] Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Avi Patel and Muttukrishnan Rajarajan, A Survey on Security Issues and Solutions at Different Layers of Cloud Computing, The Journal of Supercomputing, Vol.63, No.2, 2013, pp.561-592.

[15] Bryan Jeffrey Parno, Trust Extension as a Mechanism for Secure Code Execution on Commodity Computers, Ph.D. Thesis, Carnegie Mellon University, Pittsburgh, PA, 2010.

[16] Ketan Maheshwari, Marcus Lim, Lydia Wang, Ken Birman and Robbert van Renesse, Toward a Reliable, Secure and Fault Tolerant Smart Grid State Estimation in the Cloud, Proc. of ISGT, Washington, DC, February, 2013, pp.1-6.

[17] Matt Blaze, Joan Feigenbaum and Jack Lacy, Decentralized Trust Management, Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, September, 1996, pp.164-173.

Biographies

Sarah Shafqat received the degree of BB(IT) from Curtin University, Australia in 2006 and MBA (HRM) from COMSATS Institute of Information Technology, Islamabad, Pakistan, in 2009. Later she did MS(CS) with majors in Software Engineering from SZABIST,

Islamabad, Pakistan in 2013.Her research interests include Knowledge Management, Network Security and Cloud Computing.

Muhammad Naeem Ahmed Khan obtained D.Phil. degree in Computer System Engineering from the University of Suusex, Brighton, England, UK. His research interests are in the fields of software engineering, cloud computing, digital forensic analysis and machine

learning techniques.


Naveed Riaz obtained PhD degree in Computer Engineering from Graz University of Technology, Austria. His research interests are Model-Based Diagnosis, Verification and Testing, and Digital Image.

Khalid Khan obtained his MS(SE) degree from SZABIST. His research interests include Software Engineering and Cloud Computing.

Identity Matrix: Architecture Framework for Trusted Cloud Computing through Cloud Intellect.

Documents

Transcript of Identity Matrix: Architecture Framework for Trusted Cloud Computing through Cloud Intellect.