1. Mohssen Mohammed Sakib Pathan Building Customer Trust in Cloud Computing with an ICT-Enabled Global Regulatory Body Mohssen Mohammed Sakib Pathan

2. Outline Outline Overview of ICMCCP The Constitution of ICMCCP Cloud Computing Issues ICMCCP Architecture ICMCCP Certificate Giving Procedure Conclusion

3. Overview of ICMCCP International Center for Monitoring Cloud Computing Providers (ICMCCP). ICMCCP is established on an idea somewhat like a Central bank It would be a global entity, not limited to local. A Headquarter (HQ) for the ICMCCP will be placed in one of the countries in the globe Then, several branches of it would cover the entire globe, with at least one branch in each country All these branches will follow the HQ of the ICMCCP for any kind of policy that is employed centrally. All branches and the HQ will be connected in one computer network

4. Overview of ICMCCP Cont. Each Cloud Provider (CP) in a particular country would be then connected with the ICMCCP branch in that country/location HQ of the ICMCCP, all ICMCCP branches, and all CPs in the world will be connected in one world-wide network. A practical constraint is that no CP can be forced to join the ICMCCP, but the customers will trust only the CPs that have are connected and certified by the ICMCCP, once it is established. ICMCCP is supposed to be a non-profit organization and the required fund to run it could be generated from the CPs

5. The Constitution of ICMCCP ICMCCP would have a constitution or a set of fundamental principles In the process of writing the constitution, experts in the fields of Cloud computing, networking, communications, law, banking, and policy making will be involved. The constitution should reflect the customers’ aspirations as well. This would ensure that the customers know how the ICMCCP can protect their data providing guaranteed and secure services. The constitution should clearly state what legal actions would be taken if a Cloud provider breaches the user privacy.

6. The Constitution of ICMCCP Cont. An example to illustrate the need for a constitution: Let us consider that a country establishes a Cloud Provider (CP) just for political reason. This CP’s name given is Global Cloud Provider (GCP). It appears as a private CP for the customers but it has been made for other purposes. The ICMCCP will make good effort to discover the nature of each CP by using technical program and employing manual security techniques If the ICMCCP discovers a deceitful CP, it will blacklist that CP and raise the legal case to the court. After that, the ICMCCP will advertise to all branches that the GCP (as in this example) is not a legitimate provider.

7. Cloud Computing Issues Cloud computing has two major issues: –Lack of Trust: –Attacks against Cloud Servers. Our work is basically concerned about the first issue, i.e., point (a) - that is establishing user trust. As presented before, establishing ICMCCP could well- handle this issue.

8. ICMCCP Architecture As understood by now, ICMCCP has mainly two parts: –Constitutional part and Technical part. the technical part has a significant role in making ICMCCP secure by using the newest reliable technologies. We have mentioned before that the Headquarter of the ICMCCP, all ICMCCP branches, and all CPs in the world will be connected with one network. Hence, a new software could be developed for monitoring all CPs that are enlisted with the ICMCCP. Let us call this software as Tracing Cloud Computing Provider (TCCP).

9. ICMCCP Architecture Cont. This software will be installed in the HQ of the ICMCCP, in all ICMCCP branches, and in all CPs. The TCCP will keep monitoring any interaction with each CP in the globe and all recorded. interactions would be archived in the local branches to be provided to the HQ for audit and verifications. Periodically, the ICMCCP will analyze the data collected by the TCCP to see whether there is any form of irregularity in accessing the CPs.

10. ICMCCP Architecture Cont. Fig. 1. The ICMCCP Architecture for TCCP

11. ICMCCP Certificate Giving Procedure Let us assume that there is a Cloud provider called First Trusted Cloud Provider (FTCP). FTCP wants to get the ICMCCP certificate. To obtain a certificate from ICMCCP, the following steps would be followed: –Step 1. First, the FTCP will send a letter to the Headquarter of the ICMCCP that it needs an ICMCCP certificate. The letter should include introductory information of FTCP with enough history about the company like, when the company was launched, why it was established, …etc. – Then, the ICMCCP HQ will study these documents well to move to the next step. –Step two, a technical team from the HQ would be sent to the applicant’s company to assess the FTCP systems, devices, security tools, etc. All companies that want an ICMCCP certificate must satisfy the minimum requirements set by ICMCCP.

12. ICMCCP Certificate Giving Procedure Cont. To make the task of assessment easier, ICMCCP could have country representatives and technical teams formed with the local experts (who are certified and qualified professionals). Once the technical team clears the CP’s (here, FTCP) technical strength, the certificate will be awarded. In case of negative recommendation from the technical team, the ICMCCP HQ will give the FTCP some conditions to satisfy within a specified time period. The certificate will be available, only if the conditions are successfully addressed; otherwise, the application will be rejected. We should mention that the certificate that is given by the ICMCCP HQ has a limited period of validity, for instance for 1 year, 2 years, 3 years, 5 years, or so. After expiration of certificate (or, before the due date), renewal must be done by the company.

13. Conclusion Conclusion We suggest the ICMCCP as a professional and regulatory association for the advancement of cloud computing field. While this work is exploratory in nature about the possibility and scope of thinking in this line to establish ICMCCP, there would be many other technical and practical constraints raised by experts that need to be solved in future. Hence, our work opens the door of many different discussions and directions of research – almost all topics would be open.