Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Decentralized Runtime Monitoring Approach Relying on the Ethereum Blockchain Infrastructure
AU - Taha, Ahmed
AU - Zakaria, Ahmed
AU - Kim, Dongseong
AU - Suri, Neeraj
PY - 2020/5/19
Y1 - 2020/5/19
N2 - Cloud computing offers a model where resources (storage, applications, etc.) are abstracted and provided “as-aservice” in a remotely accessible manner. Although there are numerous claimed benefits of the Cloud to ensure confidentiality, integrity, and availability of the stored data, the number of security breaches is still on the rise. The lack of security assurance and transparency prevented customers/enterprises from trusting the Cloud Service Providers (CSPs). Unless the customer's security requirements are identified and documented by the CSPs, customers can not be assured that the CSPs will satisfy their requirements. Furthermore, the customer's compensation upon a violation is a manual time intensive process.In this paper we address the aforementioned challenges by proposing a decentralized customer-based monitoring approach running over Ethereum blockchain. The proposed approach allows the customer(s) to validate the compliance of CSP(s) to the contracted services in the Service Level Agreements (SLAs) and “autonomsly” compensate customers in case of security breaches. At the same time, the proposed approach prevents customers from misreporting for financial gain. The approach builds upon the Ethereum blockchain infrastructure in order to securely store monitoring logs and incorporate SLAs as smart contracts. The compliance validation framework is implemented and its functionality is evaluated on Amazon EC2 and Ethereum Blockchain.
AB - Cloud computing offers a model where resources (storage, applications, etc.) are abstracted and provided “as-aservice” in a remotely accessible manner. Although there are numerous claimed benefits of the Cloud to ensure confidentiality, integrity, and availability of the stored data, the number of security breaches is still on the rise. The lack of security assurance and transparency prevented customers/enterprises from trusting the Cloud Service Providers (CSPs). Unless the customer's security requirements are identified and documented by the CSPs, customers can not be assured that the CSPs will satisfy their requirements. Furthermore, the customer's compensation upon a violation is a manual time intensive process.In this paper we address the aforementioned challenges by proposing a decentralized customer-based monitoring approach running over Ethereum blockchain. The proposed approach allows the customer(s) to validate the compliance of CSP(s) to the contracted services in the Service Level Agreements (SLAs) and “autonomsly” compensate customers in case of security breaches. At the same time, the proposed approach prevents customers from misreporting for financial gain. The approach builds upon the Ethereum blockchain infrastructure in order to securely store monitoring logs and incorporate SLAs as smart contracts. The compliance validation framework is implemented and its functionality is evaluated on Amazon EC2 and Ethereum Blockchain.
U2 - 10.1109/IC2E48712.2020.00021
DO - 10.1109/IC2E48712.2020.00021
M3 - Conference contribution/Paper
SN - 9781728111001
SP - 134
EP - 143
BT - 2020 IEEE International Conference on Cloud Engineering (IC2E)
PB - IEEE
T2 - IEEE Intl. Conference on Cloud Engineering
Y2 - 20 April 2020 through 24 April 2020
ER -