Decentralized Runtime Monitoring Approach Relying on the Ethereum Blockchain Infrastructure

Abstract

Cloud computing offers a model where resources (storage, applications, etc.) are abstracted and provided “as-aservice” in a remotely accessible manner. Although there are numerous claimed benefits of the Cloud to ensure confidentiality, integrity, and availability of the stored data, the number of security breaches is still on the rise. The lack of security assurance and transparency prevented customers/enterprises from trusting the Cloud Service Providers (CSPs). Unless the customer’s security requirements are identified and documented by the CSPs, customers can not be assured that the CSPs will satisfy their requirements. Furthermore, the customer’s compensation upon a violation is a manual time intensive process.In this paper we address the aforementioned challenges by proposing a decentralized customer-based monitoring approach running over Ethereum blockchain. The proposed approach allows the customer(s) to validate the compliance of CSP(s) to the contracted services in the Service Level Agreements (SLAs) and “autonomsly” compensate customers in case of security breaches. At the same time, the proposed approach prevents customers from misreporting for financial gain. The approach builds upon the Ethereum blockchain infrastructure in order to securely store monitoring logs and incorporate SLAs as smart contracts. The compliance validation framework is implemented and its functionality is evaluated on Amazon EC2 and Ethereum Blockchain.