| Data and computation integrity and security are major concerns for users of cloud computing facilities. Today's clouds typically place centralized, universal trust in all the cloud's nodes. This simplistic, full-trust model has the negative consequence of amplifying potential damage from node compromises, leaving such clouds vulnerable to myriad attacks.;To address this weakness, this dissertation proposes and evaluates new paradigms for decentralizing cloud trust relationships for stronger cloud security. Five new paradigms are examined: (1) Hatman decentralizes trust through computation replication in clouds to ensure computation integrity. Its prototype implementation embodies the first full-scale, data-centric, reputation-based trust management system for Hadoop clouds. (2) AnonymousCloud decentralizes trust by decoupling private billing information from a cloud job's code and data. The resulting cloud conceals computation and data ownership information from nodes that compute using the data, thereby impeding malicious nodes from learning who owns these resources without disrupting the cloud's power to process and bill jobs. (3) Penny is a fully decentralized peer-to-peer structure that shifts trust away from traditional, centralized, cloud master nodes to an equal distribution of trust over all nodes. It supports integrity and confidentiality labeling of data, and enforces a notion of ownership privacy that permits peers to publish data without revealing their ownership of the data. (4) CloudCover decentralizes trust on the user side. It proposes a new form of Security as a Service (SECaaS) that allows untrusted, mostly serial computations in untrusted computing environments to be independently and efficiently validated by trusted, commodity clouds. Finally, (5) SilverLine automatically in-lines secure information flow tracking code into untrusted job binaries, facilitating enforcement of custom security policies without any change to the underlying cloud kernel, operating system, hypervisor, or file system implementations. This makes SilverLine exceptionally easy to deploy and maintain on rapidly evolving cloud frameworks, since the cloud and security enforcement implementations are completely separate and orthogonal.;Experiments demonstrate that each paradigm is an effective strategy for realizing stronger security in cloud computing frameworks at modest overheads through reducing or shifting the trusted computing base. |
