A ZERO-TRUST-BASED IDENTITY MANAGEMENT MODEL FOR VOLUNTEER CLOUD COMPUTING

Author

abdullah albuali, Southern Illinois University CarbondaleFollow

Date of Award

12-1-2021

Degree Name

Doctor of Philosophy

Department

Computer Science

First Advisor

Che, Dunren

Abstract

Non-conventional cloud computing models such as volunteer and mobile clouds have been increasingly popular in cloud computing research. Volunteer cloud computing is a more economical, greener alternative to the current model based on data centers in which tens of thousands of dedicated servers facilitate cloud services. Volunteer clouds offer numerous benefits: no upfront investment to procure the many servers needed for traditional data center hosting; no maintenance costs, such as electricity for cooling and running servers; and physical closeness to edge computing resources, such as individually owned PCs. Despite these benefits, such systems introduce their own technical challenges due to the dynamics and heterogeneity of volunteer computers that are shared not only among cloud users but also between cloud and local users. The key issues in cloud computing such as security, privacy, reliability, and availability thus need to be addressed more critically in volunteer cloud computing.Emerging paradigms are plagued by security issues, such as in volunteer cloud computing, where trust among entities is nonexistent. Thus, this study presents a zero-trust model that does not assign trust to any volunteer node (VN) and always verifies using a server-client topology for all communications, whether internal or external (between VNs and the system). To ensure the model chooses only the most trusted VNs in the system, two sets of monitoring mechanisms are used. The first uses a series of reputation-based trust management mechanisms to filter VNs at various critical points in their life-cycle. This set of mechanisms helps the volunteer cloud management system detect malicious activities, violations, and failures among VNs through innovative monitoring policies that affect the trust scores of less trusted VNs and reward the most trusted VNs during their life-cycle in the system. The second set of mechanisms uses adaptive behavior evaluation contexts in VN identity management. This is done by calculating the challenge score and risk rate of each node to calculate and predict a trust score. Furthermore, the study resulted in a volunteer computing as a service (VCaaS) cloud system using undedicated hosts as resources. Both cuCloud and the open-source CloudSim platform are used to evaluate the proposed model.The results shows that zero-trust identity management for volunteer clouds can execute a range of applications securely, reliably, and efficiently. With the help of the proposed model, volunteer clouds can be a potential enabler for various edge computing applications. Edge computing could use volunteer cloud computing along with the proposed trust system and penalty module (ZTIMM and ZTIMM-P) to manage the identity of all VNs that are part of the volunteer edge computing architecture.