An Overview of the Separation of Powers Model

Before the application of cloud computing, most business models and computing models only served one enterprise. With cloud computing, people get used to putting their services in the cloud, which makes it impossible to determine whether the machine is doing what it should do. When using cloud services, how do we ensure that administrators or programs on the cloud are safe and reliable, especially those large cloud service providers?

Separation of powers is a classic theory about the distribution and restriction of powers in western history, which advocates that the three powers of executive, legislature and judiciary are respectively controlled by different organs to ensure the independent exercise of rights and mutual restriction.

Figure 1: A Simplified Cloud Infrastructure

Figure 1 explains a simplified cloud infrastructure where cloud user U deploys its application A to the infrastructure provided by cloud service P, which performs cloud services to support application A. Since there may be external opponents or internal criminals, user U will seek the third-party credible agency T to verify and guarantee the credibility of P.

User U may be worried about the following threats:

1. Cloud service provider P is unbelievable.

P may not be able to load enough cloud service component Si to meet user U’s SLA.

2. Intruders or internal criminal M.

M can tamper with application A or cloud service component Si to violate SLA or tamper with user U’s data

3. The third party T is defective.

T may not be able to report these threats in time.

To build a credible and open cloud ecosystem, we need to address the above three threats, enabling user U to fulfill the following requirements:

1. Determine the exact cloud service or malware for the participating service and its application A;

2. Determine the exact attributes of each service or malware identified;

3. The above information is freely chosen among the many third-party providers as required

SOP(Separation-of-Powers)can help us achieve these three goals.

The core idea of SoP is to assign the right of definition, execution and inspection of cloud service providers to three independent roles. These three roles will work together to demonstrate the reliability of power. SoP consists of the following three models:

Role Model

Three roles for implementing SoP are defined.

Collaboration model

Specify three roles to collaborate to implement cloud service authentication.

Constraint model

The conditions that constrain each other between the three roles and the same role executor.

Figure 2: Role Model

Figure 2 explains SoP’s role model. CSE acts as the executing agency of cloud services, performing cloud services that meet customer requirements. TER, as the reporting agency of the trust evidence, is responsible for checking the cloud service behavior performed by CSE. The SPD is responsible for defining the attributes of each software component of the cloud service as the definition of the software attributes. In the role model, CSE is limited by TER and the SPD.

Figure 3: Collaboration Model

Figure 3 explains how the three roles collaborate. Users gather information from three roles to verify the credibility of the cloud service and make decisions. The information collected includes an executive summary provided by the TER, which records the identity of the cloud services loaded for those target applications; The service manifest provided by CSE declares the software composition of each cloud service. The attribute definition list provided by SPD is used to authenticate the attributes of each service component.

Figure 4: Mutual Check Constraint Model
Figure 5: Multiparty Constraint Model

The constraint model is designed to prevent the TER and SPD from gaining too much power. The mutual check constraint model described in figure 3 is that TER and SPD constrain each other. The multi-constraint model depicted in figure 4 indicates that CSE can employ multiple executors for each role, CSE can have multiple SPD to define its software component properties, and CSE can also employ multiple TER to check its service execution.

Trias adopts the concept of the separation of powers. Between the totally decentralized and totally centralized governance structures, Trias uses the mutual cooperation and restriction of the three powers to solve the problem of insufficient supervision of the existing rights in block chains and intelligent contracts to a great extent, realizes the dynamic balance of powers, so as to ultimately achieve information fairness and justice of the world.

Trustworthy and Reliable Intelligent Autonomous Systems