trust management of services in cloud environments: obstacles and solutions paper by: talal h. noor,...

Trust Management of Services in Cloud Environments:

Obstacles and SolutionsPaper by: Talal H. Noor, Quan Z. Sheng, Sherali Zeadally, and Jian Yu

Presentation by: Jeremy Tate

Outline

• Could Definition

• Types of Clouds

• Service Level Agreements

• Trust management models of Clouds

• Analytical Framework for Trust Management

• Prototypes

• Real-world examples

Cloud

• Definitiono Delivering network resources (typically from a data

center) to a user as a service

• Users log into the service (website) to gain access

Types of Cloud

• Infrastructure as a Service

• Platform as a Service

• Software as a Service

Infrastructure as a Service (IaaS)

• Provides full virtual servers/storage/networking to a user

• Allows user to install exact operating system, software, and architecture for a specified project

• Amazon Elastic Compute Cloud (EC2) and Simple Storage Service (S3)

Platform as a Service (PaaS)

• Provides a service container for the deployment of an application

• Customer deploys select software/applications but does not control infrastructure

• Microsoft Azure, Google Apps

Software as a Service (SaaS)

• Service provider provides all services and the user provides content

• User has no control over software or infrastructure

• Google Docs and Facebook

Service Level Agreements (SLAs)

• Private Cloud

• Community Cloud

• Public Cloud

• Hybrid Cloud

Private Cloud

• Computing resources are for the sole use of a single organization/companyo Could include multiple business units

• Interactions are B2B

Community Cloud

• Resources are shared among members of a community o All have the same goal

Public Cloud

• Resources are available to everyone

• B2C interactionso EC2, S3

Hybrid Cloud

• Two or more of the previous models are used togethero One portion could be private, another public

• B2B and B2C

Trust Models

• Service provider’s perspective (SPP)o Trust from the provider POV

• Service requester’s perspective (SRP)o Trust from the consumer POV

Techniques

• Policy as a Trust Management technique

• Recommendation as a TM technique

• Reputation as a TM technique

• Prediction as a TM technique

Policy as a TM Technique

• Uses a set of policies to control authorization and specify minimum trust levelso Trust thresholds based on trust results or credentials

• A cloud service consumer x, has policies Px, credentials Cx and minimum trust threshold Tx

• Provider has all the same attributes (as y)

• Relationship is considered trusted if Tr(x,y) = 1

Recommendation as a TM Technique

• Use prior experiences to determine trusto Can use either explicit recommendation or transitive

recommendation

• Consumer x, trust relation with cloud z, service provider y

Reputation as a TM Technique

• Use consumer feedback to rate service providero Amazon, eBay, Epinions

• Consumer x, trust threshold Tx, service provider y, set of trusted relations Tr(y) which give trust feedback T f(y)

Prediction as a TM Technique

• Useful when there is no prior information

• Similarly minded entities are more likely to trust one another

• Consumer x has interests ix (as vector) and minimum trust threshold Tx (service provider is y)

Trust Management Analytical Framework

• Trust Feedback Sharing Layer o Different parties giving trust feedback to each other

• Trust Assessment Layer o Determining the level of trust for each party,

potentially using multiple metrics

• Trust Results Distribution Layero Different parties requesting the trust level for other

parties

Trust Management Framework

Trust Feedback Sharing Layer

• Credibilityo The quality of the information or service that makes people

trust the cloud The credibility of the cloud as well as that of the feedback

• Privacyo The degree of potential information exposure that users of the

cloud could face when interacting with the cloud

• Personalizationo The degree to which people adhere to the trust management

rules Users selecting their preferred feedback mechanism

• Integrationo Ability to integrate other trust management principles

Trust Assessment Layer

• Perspectiveo From whose perspective is trust determined? User or provider?

• Techniqueo The flexibility of a technique to being adopted

• Adaptabilityo Responsiveness of the system to changes from requesting parties

• Security o Degree of robustness to operate in the face of attack and malicious

behaviour

• Scalabilityo Amount the system can be scaled

• Applicabilityo How useful the system is for cloud trust

Trust Results Distribution Layer

• Response timeo How long it takes trust system to respond to request

• Redundancyo How much redundancy is used to handle load

• Accuracyo The degree of correctness of trust results

• Securityo Protection of trust results have from being tampered

with

Prototypes

• Security Aware Cloud Architecture• Hwang 2009; Hwang and Li 2010

• Compliant Cloud Computing Architecture• Brandic et al. 2010

• Trust Cloud • Ko et al. 2011

• Multifaceted Trust Management System Architecture for Cloud Computing• Habib et al 2011

Prototypes

• CLOUD-ARMOR• Noor and Sheng 2011

• Dynamic Policy Management Framework• Yu and Ng (2006, 2009)

• Sabotage Tolerance and Trust Management in Desktop Grid Computing• Domingues 2007

• Grid Secure Electronic Transaction (gSET)• Weishaupl 2006

• Role Based Trust Chains• Chen et al. 2008

Prototypes

• Bootstrapping and Prediction of Trust• Skopik et al. 2009

• Negotiation Scheme for Access Rights Establishment• Koshutanski and Massacci 2007

• Trust Management Framework for Service Oriented Environments (TMS)• Conner et al. 2009

• Reputation Assessment for Trust Establishment among Web Services (RATEWeb)• Malik and Bouguettaya 2009

Assessment of Prototypes

Assessment of Prototypes

Assessment of Prototypes

Evaluation of trust management prototypes across all dimensions

Trust Characteristics of Real Clouds

• Authenticationo Techniques and mechanisms used for authentication

in a cloud

• Securityo Security of Communication, Data, and Physical layer

• Privacy Responsibilityo … of cloud provider and consumer

• Virtualizationo At either operating system level or application level

• Cloud Consumer Accessibilityo Tools/interface by which cloud is used

Real Clouds

• Microsoft

• Google

• Amazon

• IBMo targeting mostly B2B users

Real Cloud Issues

• Identificationo Of both users and providers

o Evaluate Credibilityo Protect integrity of trust management data

• Privacyo Preventing the accidental leakage of user personal data

• Personalizationo Have control over all aspects of trust feedback system

• Integrationo Ability to use multiple trust systems together

• Securityo Protection against attacks and malicious users

• Scalability