Future cloud services are expected to increasingly involve and synthesize capabilities from multiple clouds. Applications from different organizations may establish collaborative relationships and share information dynamically in cloud computing. In this increasingly complex scenario, both consumers and service providers will face new challenges. For example, consumers will need to be able to identify the best service providers from a potentially huge pool, which could be computationally demanding. Service providers will need to be able to ensure the security and privacy of data shared among loosely connected subcontractors.
This project proposes a novel brokerage-based architecture to promote cost-effective cloud provisioning. Specifically, the PIs will devise efficient indexing structures to facilitate the management of massive information generated by a large number of service providers with a variety of properties. The PIs are developing necessary services to allow effective cloud-brokerage, such as service selection for consumers, service negotiation between consumers and their service providers, and service agreement delegation among service providers involved in a compound service. Along with the service development, the work will produce new policy analysis, composition and delegation techniques that accommodate the unique characteristics of the cloud.
The research in this project will help significantly streamline the selection and management of cloud computing services, and will open up new business opportunities by providing cloud brokerage services. Moreover, the proposed approach may also help reduce the vendor lock-in problem which is a long standing major concern among consumers.
In this project, we have designed a novel brokerage-based architecture to serve as a middle-man between the consumers and cloud service providers to promote the cloud provisioning by providing both pre-cloud and post-cloud services. As part of the pre-cloud services, we developed new data structures and algorithms that facilitate the cloud brokers to manage the information of a potentially large pool of cloud service providers, and enable the cloud brokers to provide cloud consumers with a careful selection of the most appropriate cloud service providers. We also design the first kind of verification mechanism in the area of the cloud service selection. The verification mechanism enables the consumers to verify the correctness and completeness of the services recommended by the cloud broker so that brokers are forced to provide unbiased best available options to consumers. In terms of post-cloud services, we proposed broker-assisted access control delegation among collaborating cloud service providers. Specifically, depending on the specific service agreement, a decision of a given data access request may require the evaluation of different portions of user information stored in multiple service providers involved in a compound service. Asking participating service providers to exchange their data in order to make the global decision may introduce complicated trust issues especially when the requested information is sensitive to the participating parties. Given the amount of information that the cloud broker collects from service providers and consumers, we proposed to let the broker be in charge of policy decomposition and then facilitate collaborative access control among participating service providers. As one step further to relieve users’ concerns of the possible misuse of their data in the clouds, we also designed a highly distributed cloud auditing mechanism which provides end-to-end accountability. The major innovation of this approach lies in its ability to maintain light-weight and powerful accountability that combines aspects of access control, usage control and authentication. In our study, we analyzed over 1000 documents of 10 most popular CSPs to date and tested our system using both real and synthetic datasets. The experimental results have demonstrated both effectiveness and efficiency of our approaches. The proposed brokerage-based architecture will significantly streamline the selection and management of cloud computing services, helping users build trust on the cloud services. It also opens up new business opportunities by providing cloud brokerage services. The research findings from this project have led to multiple publications. The funding partially supported one PhD student, two MS students and two undergraduates, three of whom are female and four graduated in May 2014. More excitingly, one female undergraduate involved in this project joined the PI’s research group as a PhD student in Fall 2014.
