Compliance based Trustworthiness Calculation Mechanism in Cloud ...

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 37 (2014) 439 – 446

International Workshop on Intelligent Techniques in Distributed Systems (ITDS-2014)

Compliance based trustworthiness calculation mechanism in cloud environment Jagpreet Sidhu and Sarbjeet Singh* Computer Science and Engineering, UIET Panjab University,Chandigarh - 160014, India

Abstract Establishing trust is one of the most challenging issues in emerging cloud computing area. It is becoming increasingly complex for cloud users to make distinction (with respect to trustworthiness) among service providers offering similar kinds of services. There must be some mechanisms in the hands of users to determine trustworthiness of service providers so that they can select service providers with confidence and with some degree of assurance that service provider will not behave unpredictably or maliciously. Though various approaches exist to form trust between service providers and users, little work has been done in the area of forming trust based on compliance of QoS parameters which have been promised in SLA. In this paper an attempt has been made to design and simulate a mechanism to calculate trustworthiness of service providers based on their compliance to promised SLA parameters. The model has been simulated in MATLAB. The validation has been done using synthetic data set. Validation results show that approach is workable and can be used to evaluate trustworthiness of service providers in a cloud environment.

© 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license

© 2014 The Authors. Published by Elsevier B.V. (http://creativecommons.org/licenses/by-nc-nd/3.0/). Peer-review under responsibility of the Program Chairs of ITDS-2014.

Peer-review under responsibility of the Program Chairs of EUSPN-2014 and ICTH 2014.

Keywords: cloud computing; trust; trustworthiness; compliance; SLA; 1. Introduction A long apprehended vision of computer scientist to build computing as utility (e.g. electricity) has been achieved through cloud computing. Cloud computing as a technology has achieved its goals of being readily available, economical, robust, elastic and flexible. It provides high-end computing facilities to organizations which have limited finances to access state of the art technologies. Although there are many definitions of cloud computing in * Corresponding author. Tel.: +91-981-595-1674; fax: +91-172-254-7986. E-mail address: [email protected]

1877-0509 © 2014 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Peer-review under responsibility of the Program Chairs of EUSPN-2014 and ICTH 2014. doi:10.1016/j.procs.2014.08.066

440

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446

the computing domain, the most articulated one is given by NIST (National Institute of Standards and Technology) as “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction”1. According to Buyya et al.2 “A Cloud is a type of parallel and distributed system consisting of a collection of inter-connected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resource(s) based on service-level agreements established through negotiation between the service provider and consumers”. Cloud computing allows users to reduce initial capital expenses, enhance reliability and availability and provide scalability, but still, advantages of cloud restrict clients to move to cloud. One of the major reasons for this is lack of trust of client on service provider. Although SLA (Service Level Agreement) contracts are formed between clients and service providers which specify resources, performances and security that cloud should provide, still users have apprehensions about the service provider. In this paper an attempt has been made to design and simulate a trust model which uses compliance monitoring mechanism to build trust between users and service providers. This paper is divided into 5 sections. Section 2 presents work in the area of trust in cloud systems. Section 3 describes the proposed mechanism and Section 4 presents results obtained. Finally, section 5 presents summary and concludes the paper with future scope. 2. Related work Several efforts have been made by researchers, academician and industry personnel for handling trust related issues. Survey of trust in cloud computing and related disciplines has been discussed by several researchers3-7. This section briefly highlights some of the major works in the area of trust in cloud computing. Berger et al.8 (2009) worked on trusted virtual data center (TVDc) which is a new technology developed to address the need for strong isolation and integrity guarantees in virtualized environments. Authors have implemented prototypes which demonstrate the enforcement of isolation and integrity constraints8. C. Chaowen et al.9 (2009) proposed a trust model to evaluate trust degree by history of interactions and reputations of trustee’s outer information. The model evaluates trust by calculating both inner attributes and outer information as parameters. Due to two dimensional evaluations, trust degree is considered to be more dynamic, reliable and flexible9. Li et al.10 (2010) proposed a Multi-Tenancy Trusted Computing Environment Model (MTCEM) for IaaS delivery model. Its purpose is to guarantee a trusted cloud infrastructure to customers. The prototype showed low impact on system performance and the model is technically and practically feasible10. Kim et al.11 (2010) proposed a trust model that takes into account history information of node for its efficient allocation to users. Authors performed experiments on four types of data which are random data sets, all data sets, data sets with standard deviation, and recent data sets. Their results show that the model efficiently allocates service provider’s resources and it provides trusted services to users11. Schiffman et al.12 (2010) advocated the use of hardware-based attestation mechanisms to improve cloud transparency and to build trust. Sato et al.13 (2010) proposed a trust model which takes into consideration two types of trust viz. internal trust and contracted trust to solve security problems of cloud. Guo et al.14 (2011) proposed an extensible trust evaluation system named ETEC which considers two types of trust: direct trust (time-variant) and recommendation trust (space-variant). Algorithm to compute trust degree is given and simulation shows that this model can calculate trust degree effectively and reasonably in cloud environments14. Liu et al.15 (2011) proposed data coloring method for trust management. The model is based on cloud watermarking to recognize and ensure mutual reputations. Ko et al.16 (2011) proposed a detective trust framework which concerns integrity and accountability of data stored in cloud. Authors list several cloud accountability issues and also outline the risks of not achieving accountability. Authors aim at building a single point of view for accountability of cloud service provider. Authors are currently researching and developing solutions for each accountability layer16. Habib et al.17 (2011) proposed a multi-faceted Trust Management (TM) system architecture. In order to identify trustworthiness of cloud service providers, different attributes are assessed by multiple sources and roots of trust. This trust system provides means to efficiently differentiate service providers based on evaluated trust. This model increases transparency between cloud providers and users17. Abbadi and Alawneh18 (2012) propose a foundation framework which helps in addressing identified trust challenges. Abbadi19 (2013) proposes framework for trustworthy cloud’s provenance. Cloud provenance is the key requirement to establish foundation for providing trust in the cloud.

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446

Provenance helps self-managed services to reason about the changes across distributed elements of clouds. Huang et al.20 (2013) suggested a framework for integrating various trust mechanisms together20. They suggest a policy-based approach of trust judgment by which the trust placed on a cloud service or a cloud entity is derived from a “formal” audit proving that the cloud entity conforms to some trusted policies. Zou et al.21 (2012) presented a trusted monitoring framework for cloud platforms. This framework solves trust issues between cloud tenants and providers. The framework advocates the adoption of trusted computing technology and monitoring VMs information from an independent VM instead of management VM21. Manuel, P.22 (2011) proposed a QoS based trust model which takes into consideration past credentials and present capabilities of a cloud provider. Past credentials of cloud resource describe the past reputation and service records of the resource. It includes reliability, availability, turnaround time, and data integrity. Present capabilities of cloud resource describe what is offered at present. The proposed model performs better than the conventional FIFO model and similar trust models. Authors have suggested some more attributes such as honesty, return on investments and utilization of resources for trust evaluation22. Wu et al.23 (2013) propose a trust model based on D-S evidence theory and sliding windows for cloud computing. Experimental results show that the model is effective and extensible23. The approach presented in this paper is different from the approaches mentioned above in the sense that it builds trust by taking into consideration the compliance provided by service provider (as per promised QoS parameters in SLA). Moreover, it also takes into consideration the peers views while evaluating trust and hence provides a more accurate and reliable measure of trustworthiness. Next section describes the proposed approach. 3. Proposed approach for compliance-based trustworthiness calculation The proposed approach of compliance-based trustworthiness calculation involves following steps: 1. 2. 3. 4. 5. 6. 7.

Negotiation and finalization of SLA Installation of monitoring services at user end Usage of services and storage of monitoring results for compliance checking Generation of compliance report Request of compliance reports from peers Aggregation of compliance reports received from peers Generation of trustworthiness based on i) compliance results observed by user and ii) aggregated results of compliance reports received from peers

Following is a brief description of various steps involved: Step 1: Negotiation and finalization of SLA Initially a client negotiates with service provider on services required and the performance parameters expected of service provider. After negotiation, a contract is signed between client and service provider in the form of SLA which is a formal document specifying the terms and conditions and the services and performance parameters agreed between them. SLA includes several measurable aspects of service provisioning like availability of service, reliability of service, response time, performance of service etc. Both the parties are expected to obey SLA and a violation or deviation from agreed terms and conditions allow both the parties to take disciplinary actions against other. Compliance to SLA plays an important role in building reputation and trust in the minds of clients. A copy of finalized SLA is stored in database and is used by compliance checker to check compliance and generate compliance reports. Fig. 1 shows the association of a user with service providers, their services and the QoS parameters agreed for those services. A user can acquire services from any number of service providers, and from any service provider, any number of services can be hired. Furthermore, any number of QoS parameters can be agreed for any service. As shown in Fig. 1, a cloud user is accessing the services of i service providers (SP1, SP2, … SPi). SP1 is providing j services (SV1, SV2, …SVj). For SV1, k QoS parameters have been agreed (P1, P2, … Pk).

441

442

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446

Fig. 1. Associations among user, service providers, services and their parameters

Fig. 2. Placement of monitoring service with respect to client interface, network interface and cloud environment

Step 2: Installation of monitoring services at user end In this step, monitoring services are installed at client end to monitor QoS parameters as per finalized SLA. Fig. 2 shows the placement of monitoring services with respect to client interface, network interface and cloud environment. Client’s request for service access goes through monitoring services. Response returned is observed with respect to agreed QoS parameters. There can be any number of monitoring services, each observing a specific QoS parameter. Step 3: Usage of services and storage of monitoring results for compliance checking User starts using services of service providers. Responses are observed for agreed QoS parameters and monitoring results are stored in database for compliance checking. Fig. 3 shows high level view of the working of proposed mechanism. Monitored values are compared with values agreed in SLA and accordingly compliance report is prepared by compliance generator. The process of generating compliance is explained in the next step.

Fig. 3. High level view of the working of proposed mechanism

443

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446

Step 4: Generation of compliance report Compliance of a service provider is generated as follows: Let






be the agreed value of   parameter , of   service , of ith service provider , and
















be the monitored value of parameter , of   service , of   service provider , during   interaction.







Also assume that the agreed and observed parameter values are normalized over [0..1]. Now the compliance of   parameter  of  
service 
of
 
service provider , denoted by C (


), is computed as follows:





























 
 





































 
 



























































































































From















 
 




, compliance received for   service

(of   service provider 

), denoted by






, is









computed as follows: 






































































































































































From




, compliance of   service provider 

, denoted by





, is computed as follows:













2)











































3)






















1)









4)










5)

























As agreed and observed parameters values are normalized in the range [0..1], we have



























, and










.



,

444

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446

The compliance results are passed to trust generator to generate trustworthiness of service provider. Step 5: Request of compliance reports from peers A user can request compliance report of a particular service provider from its peers to have an idea of the compliance reputation of the service provider in the environment. Peers opinion is formed by aggregating responses received from peers. The aggregation mechanism is explained in the next step. Step 6: Aggregation of compliance reports received from peers Let




be the compliance received from peer

about service provider


, now aggregated peers opinion about compliance of service provider 

, denoted by 




), is computed as follows:











2)






















 



























3)






















1)

4)






























5)








As the compliances received from service providers are from [0..1], we have










.

Step 7: Generation of trustworthiness based on i) compliance results observed by user and ii) aggregated results of compliance reports received from peers The trustworthiness of a service provider in the environment, denoted by


, is computed using following equation:





















where
and
are the weights associated with compliance observed by client and compliance observed by peers in the environment respectively and




. As











,











and





, we have







. 4. Results and Discussion The proposed model has been simulated in MATLAB. It has been validated using synthetic data set as no real data of the required kind was available. A sample cloud environment consisting of 50 users and 20 service providers with known results has been considered. Each user accesses different number of services of different service providers, and for each service, different number of parameters have been set and agreed as per corresponding SLAs. Different numbers of interactions have been considered for different services and service providers. Peers lists have also been maintained with different users. The sample consists of service providers of various sorts like highly trustworthy (always providing highly compliant services), mostly trustworthy (largely providing highly compliant services), marginal trustworthy (mostly providing borderline compliant services), mostly untrustworthy (mostly providing non-compliant services) and not trustworthy (always providing non-compliant services).

445

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446 Fig. 4. Compliance of parameters observed by a user

Fig. 5. Compliance of services observed by a user

The compliance levels of parameters (
















), services (




), service providers (





) and peers

(





) have been computed using the approach described in previous section. Fig. 4 shows the compliance of parameters observed by a user for a particular service and Fig. 5 shows the compliance of services observed by a user for a particular service provider. Fig. 6 shows the compliance levels observed by a cloud user about different service providers and Fig. 7 shows the compliance levels observed by user’s peers.

Fig. 6. Compliance levels observed by a user for different service providers

Fig. 7. Compliance levels observed by user’s peers for different service providers

Fig. 8 shows the variance among user’s and peer’s view. High variance is an indication of uncertain behavior of service provider. Fig. 9 shows the trustworthiness (


) of a service provider.

Fig. 9. Trustworthiness of service providers

Fig. 8. Variance among user’s and peer’s views

Fig. 10 shows the classification of service providers, obtained through the use of this model and Table 1 compares the obtained results with actual results.

Table 1. Comparison of actual results and obtained results Types of service providers

Fig. 10. Classification of service providers based on their

Always trustworthy Mostly trustworthy Marginal trustworthy Mostly not trustworthy Not trustworthy

Number of service providers Actual Identified through proposed mechanism 3 2 8 9 3 4

Deviation

1 1 1

4

3

1

2

2

0

446

Jagpreet Sidhu and Sarbjeet Singh / Procedia Computer Science 37 (2014) 439 – 446 trustworthiness

From Table 1, it is clear that proposed model is able to correctly identify most of the service providers. Though some service providers were not recognized correctly but the approach is still usable as accuracy is around 80%. 5. Summary and Conclusion Determining trustworthiness of cloud service providers is the need of the hour for rapid adaptation and growth of cloud computing. Cloud users need to have confidence and faith on cloud providers to migrate their security critical information, data and resource to cloud computing. In this paper we have presented compliance based trustworthiness calculation mechanism to determine trustworthiness of service providers in a cloud environment. The approach requires installation of monitoring services at user end to monitor QoS parameters against the agreed ones. The deviation of parameter values from the agreed ones decreases trust on service provider and desired compliance increases trust on service provider. The approach also relies on compliance reports received from peers to form final trustworthiness. The approach has been simulated in MATLAB and experimental results have been presented. The validation has been done using synthetic data set with known results. Validation results indicate that the approach is workable and can be adopted for use in cloud environment. References 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.

Mell, P., & Grance, T. The NIST definition of cloud computing (draft). NIST special publication, 2011. 800(145), 7. Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 2009. 25(6), 599-616. Grandison, T., & Sloman, M. A survey of trust in internet applications. Communications Surveys & Tutorials, 2000, IEEE. 3(4), 2-16. Suryanarayana, G., & Taylor, R. N. A survey of trust management and resource discovery technologies in peer-to-peer applications, 2000. Jøsang, A., Ismail, R., & Boyd, C. A survey of trust and reputation systems for online service provision. Decision support systems, 2007. 43(2), 618-644. Firdhous, M., Ghazali, O., & Hassan, S. Trust and Trust Management in Cloud Computing–A Survey. InterNetWorks Research Group, University Utara Malaysia, Technical Report No: UUM/CAS/InterNetWorks/TR2011-01, 2011. http://www. Internetworks. my/pubs/techrep/TR2011-01. pdf. Noor, T. H., Sheng, Q. Z., Zeadally, S., & Yu, J. Trust management of services in cloud environments: Obstacles and solutions. ACM Computing Surveys (CSUR), 2013. 46(1), 12. Berger, S., Cáceres, R., Goldman, K., Pendarakis, D., Perez, R., Rao, J. R., & Valdez, E. Security for the cloud infrastructure: Trusted virtual data center implementation. IBM Journal of Research and Development, 2009. 53(4), 6-1. Chaowen, C., Chen, L., & Yuqiao, W. A Subjective Trust Model based on two-dimensional measurement. In: International Conference on Computer Engineering and Technology, 2009, IEEE. 1, 37-41. Li, X. Y., Zhou, L. T., Shi, Y., & Guo, Y. A trusted computing environment model in cloud architecture. In: International Conference on Machine Learning and Cybernetics, 2010, IEEE. 6, 2843-2848. Kim, H., Lee, H., Kim, W., & Kim, Y. A Trust Evaluation Model for QoS Guarantee in Cloud Systems. International Journal of Grid & Distributed Computing, 2010. 3(1). Schiffman, J., Moyer, T., Vijayakumar, H., Jaeger, T., & McDaniel, P. Seeding clouds with trust anchors. In: Proceedings on Cloud computing security workshop, 2010, ACM. 43-46. Sato, H., Kanai, A., & Tanimoto, S. A cloud trust model in a security aware cloud. In: 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010, IEEE. 121-124. Guo, Q., Sun, D., Chang, G., Sun, L., & Wang, X. Modeling and evaluation of trust in cloud computing environments. In: 3rd International Conference on Advanced Computer Control, 2011, IEEE. 112-116. Liu, Y. C., Ma, Y. T., Zhang, H. S., Li, D. Y., & Chen, G. S. A method for trust management in cloud computing: Data coloring by cloud watermarking. International Journal of Automation and Computing, 2011. 8(3), 280-285. Ko, R. K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., & Lee, B. S. TrustCloud: A framework for accountability and trust in cloud computing. In: World Congress on Services 2011, IEEE. 584-588. Habib, S. M., Ries, S., & Muhlhauser, M. Towards a trust management system for cloud computing. In: 10th International Conference on Trust, Security and Privacy in Computing and Communications, 2011, IEEE. 933-939. Abbadi, I. M., & Alawneh, M. A framework for establishing trust in the Cloud. Computers & Electrical Engineering, 2012. 38(5), 10731087. Abbadi, I. M. A framework for establishing trust in Cloud provenance. International journal of information security, 2013. 12(2), 111-128. Huang, J., & Nicol, D. M. Trust mechanisms for cloud computing. Journal of Cloud Computing, 2013. 2(1), 1-14. Zou, D., Zhang, W., Qiang, W., Xiang, G., Yang, L. T., Jin, H., & Hu, K. Design and implementation of a trusted monitoring framework for cloud platforms. Future Generation Computer Systems .2013. 29(8), 2092-2102. Manuel, P. A trust model of cloud computing based on Quality of Service. Annals of Operations Research, 2013. 1-12. Wu, X., Zhang, R., Zeng, B., & Zhou, S. A trust evaluation model for cloud computing. Procedia Computer Science, 2013. 17, 1170-1177.