This paper suggests an approach for providing the dynamic federations of clouds. The approach is based on risk assessment technology and implements cloud federations without consideration of identity federations. Here, for solving this problem, first of all, important factors which are capable of seriously influencing the information security level of clouds are selected and then hierarchical risk assessment architecture is proposed based on these factors. Then, cloud provider’s risk priority vectors are formed by applying the AHP methodology and fuzzy logic excerpt type risk evaluation is carried out based on this vector.
Large-scale distributed systems, such as cloud technologies, usually require interaction among various entities [
In scientific research works, the problem of cloud federations is usually solved using identity federations. This solution, nevertheless, is not optimal, since identity federations have a number of problems: necessity of trust agreements, limited scalability, information security, privacy, identity provider detection problem, and interoperability [
These problems of existing federation technologies make them inadequate for cloud environment, because the cloud environment is governed by uncertainty. It is necessary to establish an interaction between two unknown entities, in which no pre-established trust relations between them may arise.
To overcome this problem, a set of guidelines claim the necessity of developing methods which can provide an ad-hoc dynamic federation of clouds [
Ad-hoc federation is usually provided by assessing the risk level of federation party’s identity infrastructure. For this purpose, in [
Several efforts are underway to standardize cloud security risk assessment, including the Cloud Security Alliance (CSA) [
However, the CSA and ENISA efforts do not address how such assessments will be implemented as an automated service in a cloud environment. They also leave open the question of how a cloud consumer will build a test and development environment that includes security regression testing as well as assessment controls.
The suggested paper proposes a method that can provide federation of clouds without consideration identity federation, but allowing the possibility, of using it. This approach is based on risk assessment technology. For this purpose, a risk assessment method is proposed through a combination of Analytical Hierarchy Process (AHP) methodology and Mamdani fuzzy inference algorithm.
The main difference between our approach and the existing methods is the use of fuzzy risk model to enable the implementation of cloud federations. Here cloud federation is not carried to identity federation issues and implemented directly on the basis of infrastructure assessment.
Various risk metrics are used for the establishment federation of clouds. In [
These factors they can also be grouped based on several aspects. One of the aspects is the legal nature of factors, and another is their technological nature. Governed by this approach risk factors of clouds can be classified as
As a result of such classification two inputs are formed for the last block: risks related to the technological problems of the clouds and risks related to the legal problems of the clouds.
The overall risk assessment system described in the form of a hierarchical structure is composed of separate subsystems which are organized as decision-making systems. Here inputs of one subsystem transmit the output signals to the input of the next decision-making system. This idea can be described as
Thus, according to various criteria these components are combined forming a general risk assessment system. Here input risk factors assigned to the decision block are described by the fuzzy sets, such as low, medium, high and some of the risk factors have a differently weighted role in the system. Here first of all, weighted factors are forwarded to the input of the decision-making system; weighted rules are established on these factors and obtained results forwarded to the next phase of the inference process. Here the goal is to forward a weighted input vector to the system. Decision making systems are described by “If … Then” type rules. Thus, a risk assessment method is proposed based on the collaborative decision-making theory.
The goal in determining the factor’s weights is to achieve accuracy in the risk assessment process. For this purpose, weight ratios were calculated using the AHP methodology for each factor.
The concept of AHP was developed, by Thomas Saaty in the 1970s. AHP is a decision making approach that
involves structuring multiple choice criteria into a hierarchy, assessing the relative importance of these criteria, comparing alternatives for each criterion, and determining an overall ranking of the alternatives [
AHP algorithm is interpreted as follows:
Step 1. Development of decision making hierarchy. As shown in
Step 2. Establishment of comparison matrix for each layer. In this step, establishment of dominance rates matrix is carried out, based on a 9-point system ranging from 1 to 9.
where,
parison matrix.
Step 3. Establishment of normalized pairwise comparison matrix. Normalized comparison matrix is determined by dividing each element of the matrix
Step 4. Calculation of weight vectors for the factors. Weight vectors of factors are determined by averaging the elements on each row of normalized comparison matrix. Weight ratio of row i is calculated as follows:
where n is the number of factors and weight ratios of factors are calculated as in Tables 2-19.
Step 5. Calculation of principal Eigen value. Principal Eigen value is obtained from the summation of products between each element of weight vector and the sum of columns of the decision matrix
n | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|---|---|---|---|---|---|---|---|---|---|
RI | 0 | 0 | 0.58 | 0.9 | 1.12 | 1.24 | 1.32 | 1.41 | 1.45 | 1.49 |
Identity and access management risk | Multitenancy risk | Availability and backup risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Identity and access management risk | 1 | 3 | 1/9 | 0.2782 | 7.2257 |
Multitenancy risk | 1/3 | 1 | 7 | 0.3789 | |
Availability and backup risk | 9 | 1/7 | 1 | 0.3429 |
Organization changes management risk | Resours planing risk | Organizational security management risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Organization changes management risk | 1 | 9 | 5 | 0.7020 | 3.3546 |
Resours planing risk | 1/9 | 1 | 1/7 | 0.0556 | |
Organizational security management risk | 1/5 | 7 | 1 | 0.2424 |
Portability risk | Application development risk | Interoperability standards risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Portability risk | 1 | 1/5 | 3 | 0.3024 | 6.6386 |
Application development risk | 5 | 1 | 1/9 | 0.3048 | |
Interoperability standards risk | 1/3 | 9 | 1 | 0.3927 |
SLA rules abide risk | Security audit risk | Weight of factor | Eigen value | |
---|---|---|---|---|
SLA rules abide risk | 1 | 5 | 0.8333 | 2.9908 |
Security audit risk | 1/5 | 1 | 0.3333 |
Infrastructure control risk | Specific jurisdictions risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Infrastructure control risk | 1 | 7 | 0.8750 | 2.1429 |
Specific jurisdictions risk | 1/7 | 1 | 0.1250 |
Unauthorised acces risk | Administrative acces risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Unauthorised acces risk | 1 | 1/3 | 0.1750 | 0.49 |
Administrative access risk | 3 | 1 | 0.5250 |
Isolation between tenants risk | Virtual attacks realization risk | Leakage between tenants risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Isolation between tenants risk | 1 | 7 | 1/7 | 0.3333 | 7.4632 |
Virtual attacks realization risk | 1/7 | 1 | 5 | 0.3178 | |
Leakage between tenant risk | 7 | 1/5 | 1 | 0.3489 |
Service availability risk | Future operation risk | Backup related risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Service availability risk | 1 | 4 | 6 | 0.6264 | 4.0091 |
Future operation risk | 1/4 | 1 | 1/7 | 0.0933 | |
Backup related risk | 1/6 | 7 | 1 | 0.2803 |
Change people work risk | Resistance of change risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Change people work risk | 1 | 3 | 0.7500 | 2 |
Resistance of change risk | 1/3 | 1 | 0.2500 |
Hardware maintenance risk | Hardware failure risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Hardware maintenance risk | 1 | 1/8 | 0.1111 | 1.9998 |
Hardware failure risk | 8 | 1 | 0.8888 |
Technology and service failure risk | Resource sharing isolation risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Technology and service failure risk | 1 | 2 | 0.6667 | 1.9910 |
Resource sharing isolation risk | 1/2 | 1 | 0.3333 |
Illegal clauses risk | Jurisdiction abide risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Illegal clauses risk | 1 | 4 | 0.8 | 2 |
Jurisdiction abide risk | 1/4 | 1 | 0.2 |
External audit risk | Security certification risk | Recovery method risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
External audit risk | 1 | 1 | 7 | 0.4940 | 4.7362 |
Security certification risk | 1 | 1 | 1/4 | 0.2212 | |
Recovery method risk | 1/7 | 4 | 1 | 0.2849 |
Staff training risk | Data center physical security risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Staff training risk | 1 | 5 | 0.8333 | 2.9908 |
Data center physical security risk | 1/5 | 1 | 0.3333 |
Specific jurisdiction location risk | Specific jurisdiction privacy risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Specific jurisdiction location risk | 1 | 3 | 0.7500 | 2 |
Specific jurisdiction privacy risk | 1/3 | 1 | 0.2500 |
Security and privacy risk | Organizational risk | Technical risk | Weight of factor | Eigen value | |
---|---|---|---|---|---|
Security and privacy risk | 1 | 6 | 2 | 0.5467 | 3.1589 |
Organizational risk | 1/6 | 1 | 1/8 | 0.0700 | |
Technical risk | 1/2 | 8 | 1 | 0.3833 |
Physical security risk | Compliance and audit risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Physical security risk | 1 | 4 | 0.8 | 2 |
Compliance and audit risk | 1/4 | 1 | 0.2 |
Technological problem risk | Legal problem risk | Weight of factor | Eigen value | |
---|---|---|---|---|
Technological problem risk | 1 | 9 | 0.9 | 2 |
Legal problem risk | 1/9 | 1 | 0.1 |
Step 6. Calculation of consistency index (CI) and consistency ratio (CR).
where, n is the number of factors, RI is random consistency index and is determined by Saaty as in
Having obtained the risk priorities vector of cloud provider, we are able to calculate the risk value of cloud provider according to fuzzy logic of fuzzy set theory.
Fuzzy logic inference process for risk assessment can be described as a system which contain following blocks (
In this paper Mamdani type fuzzy logic inference algorithm is used. Mamdani type fuzzy logic inference model mainly contains the following five assessment steps:
Step 1. Fuzzification. In this step determination of main parameters which become necessary for risk assessment is performing. Due to uncertainty nature of these parameters their measurement are too complex. Therefore, the measure of each parameter is shown by linguistic terms and transforming to the appropriate fuzzy number.
In this study, we adopt triangular membership function. A triangular membership function is specified by three parameters
By using the defined membership functions, we replace the input values with a set of linguistic values and assign a membership degree for each linguistic value using triangular membership functions.
Step 2. Construction of fuzzy rules. A fuzzy rule can be defined as a conditional statement in the form: “IF x is A THEN y is B” where x and y are linguistic variables and A and B are linguistic values determined by fuzzy sets on the universe of discourses X and Y, respectively. In this study, the fuzzy logic system is represented with three fuzzy sets low, medium, high. These fuzzy sets determine the shape and location of the membership functions.
Step 3. Inference. The inference engine makes decisions based on fuzzy rules. In other words, in this step calculation of output parameters for the rules are conducting here. For example, rule output parameter
where
In this study, the inference engine for main block makes decisions based on 15 fuzzy inference rules as shown in
Step 4. Aggregation. Single output of rule knowledgebase are obtaining by aggregating of
Step 5. Defuzzification. In this step, implementation of transformation of the linguistic value of cloud risk level into crisp risk values is carried out. We adopt the most common defuzzification method, called center of gravity to obtain the risk value of cloud provider with a value in the range
The proposed risk assessment system was built in the Matlab program in Fuzzy Inference Toolbox and Simulink environment.
First of all, decision-making matrixes are constructed by providing pairwise comparison within the AHP scale framework for the main factors and their sub factors as shown below and weight ratios were calculated for each factors (Tables 2-19).
Here 21 Mamdani-type decision-making subsystems are constructed. General fuzzy inference system for last main block of the general risk assessment system is illustrated in
In order to form a single risk assessment system all of the created subsystems are integrated. Simulink model was created in Matlab software environment for the demonstration of the capabilities of the proposed fuzzy approach for the risk assessment in the clouds (
The risk assessment is executed through the hierarchy from the bottom level to the highest multiplying each factor by its weight value.
In proposed model, the relevant input and output membership functions for each rule are shown in the following rule viewer window (
Here for the given input parameters the output membership function formed as a domain shown in a blue color shape. But in the bottom right area of the rule viewer window is illustrated the aggregated form of the membership functions. This represents the result of the fuzzification. Here, the center of gravity method is usedas a defuzzification method and in the bottom right area of the rule viewer window the red line represents the central point of the area, it represents the obtained output value of the risk assessment system. Here the input parameters added to the system with the linearly increasing number.
The units derived from the output signals of the system, shows that each factor can influence to the risk level of the clouds in a various forms. Final risk evaluation diagram of the system is illustrated in
On the basis of proposed approach in a case the IdP (Identity Provider) and the SP (Service Provider) are unknown to each other, they can federate by estimating their risk level. And the decision to federation is making according to internal thresholds taken by the providers. In other words, on the basis of proposed collaborative
risk assessment method SP’s risk value are calculating, and then obtained this risk value is comparing with the internal threshold of the IdP. If the final risk value is assumable according to internal thresholds, then they include each other to their own dynamic trust list, thus they are considered as federated.
Cloud technologies have led to a great revolutionary on the Internet since their emergence. But its series security problems have created a serious obstacle to prevalence of this technology. One of the main problems is the need
to create high-quality identification systems. Federative systems are used as identification systems in the clouds and they usually perform cloud federations through the identity. However, the main problem of the existing federative system is a requirement for pre-establishing of trust among the entities who wish to federate; this approach is not considered suitable for cloud environments dominated under the uncertainty. Therefore the need to develop methods that provide dynamic federation of multiple clouds still has not been met in the world science.
In this paper an approach for the providing of the dynamic federations of clouds is proposed. The approach is based on risk assessment technology and allows the use of cloud federations without the need of identity federations. Here for the solving of this problem, first of all important factors which are capable of seriously influencing of the information security level of clouds are selected and then based on these factors hierarchical risk assessment architecture is proposed. Then in the Simulink environment of Matlab program, a general model of the proposed architecture is constructed. The system parameters are described in the form of fuzzy sets. An experimental implementation of the proposed method is conducted on the cloud providers.
In the future studies the complex toolbox can be developed for the proposed collaborative risk assessment method, and it can be used in risk assessment process of all kinds enterprises, which have necessity of hierarchical risk assessment.
This work was supported by the Science Development Foundation under the President of the Republic of Azerbaijan―Grant No. EIF-2013-9(15)-46/16/1.
RasimAlguliyev,FarganaAbdullayeva, (2015) Development of Fuzzy Risk Calculation Method for a Dynamic Federation of Clouds. Intelligent Information Management,07,230-241. doi: 10.4236/iim.2015.74018