transparency of cloud service providers using selcspijdcst.com/pdf/v4-i7-28.pdf · transparency of...
TRANSCRIPT
IJDCST @ Nov,-2016, Issue- V-4, I-7, SW-28 ISSN-2320-7884 (Online) ISSN-2321-0257 (Print)
43 www.ijdcst.com
Transparency of Cloud Service Providers Using SelCSP CH. Durga Bhavani1, Roy Choudary, M.Tech .PH.D2
1M.Tech (CSE), UshaRama College of Engineering & Technology, A.P., India. 2Assistant Professor , Dept. of Computer Science & Engineering, UshaRama College of Engineering & Technology, A.P.,
India.
Abstract — Service level agreements (SLAs) are one
of the major considerations for every buyer of cloud
computing services. Each service is typically
accompanied by a service level agreement (SLA)
which defines the minimal guarantees that a provider
offers to its customers. The lack of standardization in
cloud-based services implies a corresponding lack of
clarity in the service level agreements offered by
different providers. . In service outsourcing
environments, like cloud, the quality of service levels
are of prime importance to customers, as they use
third-party cloud services to store and process their
clients’ data. If loss of data occurs due to an outage,
the customer’s business gets affected. Therefore, the
major challenge for a customer is to select an
appropriate service provider to ensure guaranteed
service quality. To support customers in reliably
identifying ideal service provider, this work proposes
a framework, SelCSP, which combines
trustworthiness and competence to estimate risk of
interaction. Trustworthiness is computed from
personal experiences gained through direct
interactions or from feedbacks related to reputations of
vendors. Competence is assessed based on
transparency in provider’s SLA guarantees. Cloud
Service Level Agreements (Cloud SLAs) form an
important component of the contractual relationship
between a cloud service customer and a cloud service
provider of a cloud service. Given the global nature of
the cloud, SLAs usually span many jurisdictions, with
often varying applicable legal requirements, in
particular with respect to the protection of the personal
data hosted in the cloud service.
Keywords — Cloud Computing, SLAs , Services
Quality, CSP, SelCSP .
1. Introduction
Cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of
configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal
management effort or service provider interaction.
Cloud computing provides an emerging paradigm
where computing resources make available as service
of the Internet. For any service, a cloud customer may
have many service providers to choose from. Major
challenge lies in choosing an “ideal” service provider
among them. By the term ideal, we suggest that a
service provider is trustworthy as well as competent.
Range of an ideal service provider is non-trivial
because a customer practises third-party cloud
services to serve its clients in cost-effective and
efficient manner. In this situation, from the cloud
customer’s perspective, persevering to a guaranteed
level of service, as negotiated through starting service
level agreement (SLA), is crucial.[10] Data loss owing
to provider’s incompetence or malicious intent can
never be replaced by service credits. In the present
work, we focus on selection of a trustworthy and
competent service provider for business outsourcing.
In 2010-11, a series of cloud outages1,2 have been
reported which include commercial service providers
viz. Amazon EC2, Google Mail, Yahoo Mail, Heroku,
Sony, and soon. In most cases, it has been observed
that the failover time is quite long and customers’
businesses were hugely affected owing to lack of
recovery strategy on vendor side. Moreover, in some
instances, customers were not even intimated about
the outage by providers. Cloud providers may use the
high-quality first-replication (HQFR) strategy
proposed in [4] to model their recovery mechanism. In
this work, authors propose algorithms to minimize
replication cost and the number of QoS-violated data
replicas. It is desirable from customer’s point-of-view
to avoid such loss, rather than getting guarantees of
service credits following a cloud outage. Averting of
data loss needs consistent identification of capable
service provider. As customer does [16] not have
control over its data deployed in cloud, there is a need
to evaluation risk prior to outsourcing any business
onto a cloud. A risk estimation scheme which makes a
quantitative assessment of risk involved while
interacting with a given service provider. The
IJDCST @ Nov,-2016, Issue- V-4, I-7, SW-28 ISSN-2320-7884 (Online) ISSN-2321-0257 (Print)
44 www.ijdcst.com
estimation of risk of collaboration in cloud
environment has not been addressed in prior works .
The assistances of the scheme are: developing a
framework, called SelCSP, to calculate overall
perceived interaction risk, establish a relationship
among perceived interaction risk, trustworthiness and
capability of service provider, a mechanism by which
credibility of a service provider may be projected.
2. Literature Survey
1) A metric-based approach to assess risk for “on
cloud” federated identity management
AUTHORS: P. Arias-Cabarcos, F. Almenarez-
Mendoza, A. Marın-Lopez, D. Dıaz-Sanchez, and R.
Sanchez-Guerrero
The cloud computing paradigm is set to become the
next explosive revolution on the Internet, but its
adoption is still hindered by security problems. One of
the fundamental issues is the need for better access
control and identity management systems. In this
context, Federated Identity Management (FIM) is
identified by researchers and experts as an important
security enabler, since it will play a vital role in
allowing the global scalability that is required for the
successful implantation of cloud technologies.
However, current FIM frameworks are limited by the
complexity of the underlying trust models that need to
be put in place before inter-domain cooperation. Thus,
the establishment of dynamic federations between the
different cloud actors is still a major research
challenge that remains unsolved. Here we show that
risk evaluation must be considered as a key enabler in
evidence-based trust management to foster
collaboration between cloud providers that belong to
unknown administrative domains in a secure manner.
In this paper, we analyze the Federated Identity
Management process and propose a taxonomy that
helps in the classification of the involved risks in order
to mitigate vulnerabilities and threats when decisions
about collaboration are made. Moreover, a set of new
metrics is defined to allow a novel form of risk
quantification in these environments. Other
contributions of the paper include the definition of a
generic hierarchical risk aggregation system, and a
descriptive use-case where the risk computation
framework is applied to enhance cloud-based service
provisioning.
2) Security and privacy challenges in cloud
computing environments
AUTHORS: H. Takabi, J. B. D. Joshi, and G. J. Ahn
Cloud computing is an evolving paradigm with
tremendous momentum, but its unique aspects
exacerbate security and privacy challenges. This
article explores the roadblocks and solutions to
providing a trustworthy cloud computing environment.
3) Cloud computing landscape and research
challenges regarding trust and reputation
AUTHORS: S. K. Habib, S. Ries, and M.
Muhlhauser
Cloud Computing is an emerging computing paradigm.
It shares massively scalable, elastic resources (e.g.,
data, calculations, and services) transparently among
the users over a massive network. The Cloud market is
growing rapidly and bringing up numerous research
challenges. This paper provides a landscape of Cloud
Computing and its research challenges, especially
considering the areas of service selection, quality
assurance of Cloud services, and trust establishment in
Cloud environments. As the latter is known to be one
of the major challenges of Cloud Computing, We also
provide an overview of the important aspects that need
to be considered when integrating trust and reputation
concepts into Cloud Computing.
4) Filtering out unfair ratings in Bayesian
reputation systems
AUTHORS: A. Withby, A. Jøsang, and J. Indulska
The quality of a reputation system depends on the
integrity of the ratings it receives as input. A
fundamental problem is that a rater can rate an agent
more positively or more negatively than the real
experience with the agent would dictate. When ratings
are provided by agents outside the control of the
relying party, it is a priori impossible to know when a
rater provides such unfair ratings. However, it is often
the case that unfair ratings have a different statistical
pattern than fair ratings. This paper uses that idea, and
describes a statistical filtering technique for excluding
unfair ratings, and illustrates its effectiveness through
simulations.
5) Towards a trust management system for cloud
computing
AUTHORS: S. K. Habib, S. Ries, and M. Muhlhauser
Cloud computing provides cost-efficient opportunities
for enterprises by offering a variety of dynamic,
scalable, and shared services. Usually, cloud providers
provide assurances by specifying technical and
functional descriptions in Service Level Agreements
(SLAs) for the services they offer. The descriptions in
IJDCST @ Nov,-2016, Issue- V-4, I-7, SW-28 ISSN-2320-7884 (Online) ISSN-2321-0257 (Print)
45 www.ijdcst.com
SLAs are not consistent among the cloud providers
even though they offer services with similar
functionality. Therefore, customers are not sure
whether they can identify a trustworthy cloud provider
only based on its SLA. To support the customers in
reliably identifying trustworthy cloud providers, we
propose a multi-faceted Trust Management (TM)
system architecture for a cloud computing
marketplace. This system provides means to identify
the trustworthy cloud providers in terms of different
attributes (e.g., security, performance, compliance)
assessed by multiple sources and roots of trust
information.
3.PROPOSED SYSTEM DESCRIPTION
The current work is significant as it proposes a
framework, SelCSP, which attempts to compute risk
involved in interacting with a given cloud service
provider (CSP). The framework estimates perceived
level of interaction risk by combining trustworthiness
and competence of cloud provider. Trustworthiness is
computed from ratings obtained through either direct
interaction or feedback. Competence is estimated from
the transparency of SLA guarantees. A framework,
termed as SelCSP, has been proposed to facilitate
customers in selecting an ideal cloud service provider
for business outsourcing which depicts different
modules of the framework and how these modules are
functionally related. SelCSP framework provides APIs
through which both customers and providers can
register themselves. After registering, customer can
provide trust ratings based on interactions with
provider. Cloud provider needs to submit its SLA to
compute competence. At present, verifying the
correctness of submitted ratings or sanitizing the
erroneous data in the framework is beyond the scope.
We assume that only registered customers can provide
referrals/feedbacks and they do not have any
malicious intents of submitting unfair ratings.
The proposed system has following advantages.
Percentage of successful requests: describes the
number of requests processed by the service without
an error over the total number of submitted requests,
expressed as a percentage.
Percentage of timely service provisioning requests:
describes the number of service provisioning requests
completed within a defined time period over the total
number of service provisioning requests, expressed as
a percentage. Average response time: refers to the
statistical mean over a set of cloud service response
time observations for a particular form of request.
Maximum response time: refers to the maximum
response time target for a given particular form of
request.
Maximum resource capacity: refers to the maximum
amount of a given resource available to an instance of
the cloud service for a particular cloud service
customer. Example resources include data storage,
memory, number of CPU cores. It compares the new
coming cloud service providers with existing cloud
providers.
4.RELATED WORK
SYSTEM DESIGN: SELCSP FRAMEWORK:
Sel CSP framework runs APIs through which both
customers and providers can list themselves. After
registration, customer can provide trust ratings based
on communications with provider. Cloud provider
requests to submit its SLA to compute proficiency. At
present, confirming the correctness of submitted
ratings of the erroneous data in the framework is
beyond the scope. A supposition that only registered
customers can provide referrals and they do not have
any malicious intents of submitting unfair ratings.
Different modules constituting the framework are as
follows:[12] 1) Risk estimate: Estimating professed
communication risk pertinent to a customer-CSP
interaction by coalescing reliability and competency. 2)
Trust estimate: It calculates trust between a customer-
CSP pair provided straight interaction has happened
among them. 3) Reputation estimate: It evaluates
reputation of a CSP based on referrals from many
sources and calculates the belief a customer has on
former’s reputation. 4) Trustworthiness computation:
Function to evaluate a customer’s trust on a given CSP.
5) SLA manager: This module manages SLAs from
different CSPs. It takes into account unlike standards
and controls which are supposed to be satisfied by the
SLAs. 6) Competence estimate: It evaluates
competence of a CSP based on the information
available from its SLA. 7) Competence computation:
It computes limpidity with respect to a given SLA and
hence evaluates the competence of the CSP. 8) Risk
computation: It computes perceived interaction risk
relevant to a customer-CSP interaction. 9) Interaction
ratings: It is a data repository where customer
provides feedback/ratings for CSP.
Good SLA sets boundaries and expectations of service
provisioning and provides the following benefits:
Enhanced customer satisfaction level: A clearly and
concisely defined SLA increases the customer
IJDCST @ Nov,-2016, Issue- V-4, I-7, SW-28 ISSN-2320-7884 (Online) ISSN-2321-0257 (Print)
46 www.ijdcst.com
satisfaction level, as it helps providers to focus on the
customer requirements and ensures that the effort is
put on the right direction.
Improved Service Quality: Each item in an SLA
corresponds to a Key Performance Indicator (KPI) that
specifies the customer service within an internal
organisation.
Improved relationship between two parties: A clear
SLA indicates the reward and penalty policies of a
service provision. The consumer can monitor services
according to Service Level Objectives (SLO) specified
in the SLA. Moreover, the precise contract helps
parties to resolve conflicts more easily.
Algortihm 1. SLA-oriented Dynamic Provisioning
When a task finishes or a new job is received: Updates
estimation of task runtime; Defines estimated job
completion time with current amount of resources;
If completion time > deadline Determines number of
extra resources required Submits a request for
resources to the Provisionary
Else
If resources can be released Submits request for
release of resources to the Provisioner
SLAs are defined in terms of deadline for execution of
applications. The deadline, along with an estimation of
execution time of each task of the application is
supplied by the user during a job submission. This
process is briefly described proposed algorithm.
5.CONCLUSION & FUTURE WORK
In this Sel CSP-a frame work to enable selection with
transparency of cloud service providers, the main task
for a cloud customer is to choose an suitable service
provider from the cloud market place to backing its
business essentials. Nevertheless, service guarantees
provided by vendors through SLAs contain mystifying
openings which makes the job of selecting an perfect
provider even more problematic. As customers use
cloud services to route and hoard their individual
client’s data, assurances related to service quality level
is of utmost importance. It is imperative from a
customer’s perspective to create trust relationship with
a provider. Furthermore, as customers are outsourcing
their businesses onto a third-party cloud, competence
of CSP determines if former’s objectives are going to
be accomplished. In future, for selecting the cloud
service providers, data mining techniques and
aggregation methodologies may apply for combines
trustworthiness and competence to estimate risk of
interaction and compute the Trustworthiness from
personal experiences gained through direct
interactions or from feedbacks related to reputations of
vendors If the experimental study is tested with real
environment, then it can assist the further proceeding
of the algorithm implementation practically.
REFERENCES
[1] Y. Chen, V. Paxson, and R. H. Katz, “What’s new
about cloud computing security,” EECS Dept., Univ.
California, Berkeley, CA, USA, Tech. Rep.
UCB/EECS-2010-5, Jan. 20, 2010.
[2] S. K. Habib, S. Ries, and M. Muhlhauser,
“Towards a trust management system for cloud
computing,” in Proc. IEEE 10th Int. Conf. Trust,
Secur. Privacy Comput. Commun., 2011, pp. 933–939.
[3] K. M. Khan and Q. Malluhi, “Establishing trust in
cloud computing,” IT Prof., vol. 12, no. 5, pp. 20–27,
Oct. 2010.
[4] J. Lin, C. Chen, and J. Chang, “Qos-aware data
replication for data intensive applications in cloud
computing systems,” IEEE Trans. Cloud Comput., vol.
1, no. 1, pp. 101–115, Jan.–Jun. 2013.
[5] D. Gambetta, “Can we trust trust?” in Trust:
Making and Breaking Cooperative Relations, D.
Gambetta, Ed. Oxford, U.K.: Blackwell, 1990, ch. 13,
pp. 213–237.
[6] D. H. Mcknight and N. L. Chervany, “The
meanings of trust,” Manage. Inf. Syst. Res. Center,
Univ. Minnesota, Minneapolis, MN, USA, Tech. Rep.
MISRC Working Paper Series 96-04, 1996.
[7] D. Manchala, “Trust metrics, models and protocols
for electronic commerce transactions,” in Proc. 18th
Int. Conf. Distrib. Comput. Syst., 1998, pp. 312–321.
[8] A. Jøsang and S. L. Presti, “Analysing the
relationship between risk and trust,” in Proc. 2nd Int.
Conf. Trust Manage., Mar. 2004, pp. 135–145.
[9] L. Freeman, “Centrality on social networks,”
Social Netw., vol. 1, pp. 215–239, 1979.
[10] T. Grandison and M. Sloman, “A survey of trust
in internet applications,” IEEE Commun. Surv.
Tutorials, vol. 3, no. 4, pp. 2– 16, Fourth Quarter 2000.
[11] A. Jøsang, R. Ismail, and C. Boyd, “A survey of
trust and reputation systems for online service
provision,” Decision Support Sys., vol. 43, no. 2, pp.
618–644, Mar. 2007.
[12] P. Resnick and R. Zeckhauser, “Trust among
strangers in internet transactions: Empirical analysis
of ebay’s reputation system,” in The Economics of
the Internet and ECommerce, series Advances in
IJDCST @ Nov,-2016, Issue- V-4, I-7, SW-28 ISSN-2320-7884 (Online) ISSN-2321-0257 (Print)
47 www.ijdcst.com
Applied Microeconomics, vol. 11, M. Baye, Ed.
Amsterdam, The Netherlands: Elsevier, 2002, pp.
127–157.
Student:
CH. Durga Bhavani is a student of
Usha Rama College of Engineering
and Technology, Telaprolu,
VIJAYAWADA. She is presently
pursuing her M.Tech degree from
JNTU, Kakinada. She has obtained B.Tech, degree
from JNTU, Kakinada.
Guide :
Roy Choudary is presently working
as Assistant professor in CSE
department, Usha Rama College of
Engineering and Technology,
Telaprolu Vijayawada.