Sebastian Ries

Towards a Trust Management System for Cloud Computing

Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dynamic, scalable, and shared services. Usually, cloud providers provide assurances by specifying technical and functional descriptions in Service Level Agreements (SLAs) for the services they offer. The descriptions in SLAs are not consistent among the cloud providers even though they offer services with similar functionality. Therefore, customers are not sure whether they can identify a trustworthy cloud provider only based on its SLA. To support the customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted Trust Management (TM) system architecture for a cloud computing marketplace. This system provides means to identify the trustworthy cloud providers in terms of different attributes (e.g., security, performance, compliance) assessed by multiple sources and roots of trust information.

Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation

Cloud Computing is an emerging computing paradigm. It shares massively scalable, elastic resources (e.g., data, calculations, and services) transparently among the users over a massive network. The Cloud market is growing rapidly and bringing up numerous research challenges. This paper provides a landscape of Cloud Computing and its research challenges, especially considering the areas of service selection, quality assurance of Cloud services, and trust establishment in Cloud environments. As the latter is known to be one of the major challenges of Cloud Computing, We also provide an overview of the important aspects that need to be considered when integrating trust and reputation concepts into Cloud Computing.

Trust as a facilitator in cloud computing: a survey

AbstractCloud computing offers massively scalable, elastic resources (e.g., data, computing power, and services) over the internet from remote data centres to the consumers. The growing market penetration, with an evermore diverse provider and service landscape, turns Cloud computing marketplaces a highly competitive one. In this highly competitive and distributed service environment, the assurances are insufficient for the consumers to identify the dependable and trustworthy Cloud providers.This paper provides a landscape and discusses incentives and hindrances to adopt Cloud computing from Cloud consumers’ perspective. Due to these hindrances, potential consumers are not sure whether they can trust the Cloud providers in offering dependable services. Trust-aided unified evaluation framework by leveraging trust and reputation systems can be used to assess trustworthiness (or dependability) of Cloud providers. Hence, cloud-related specific parameters (QoS + ) are required for the trust and reputation systems in Cloud environments. We identify the essential properties and corresponding research challenges to integrate the QoS + parameters into trust and reputation systems. Finally, we survey and analyse the existing trust and reputation systems in various application domains, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) why trust establishment is important in the Cloud computing landscape, 2) how trust can act as a facilitator in this context and 3) what are the exact requirements for trust and reputation models (or systems) to support the consumers in establishing trust on Cloud providers.

Extending Bayesian trust models regarding context-dependence and user friendly representation

Successful collaboration between independent entities depends on the selection of trustworthy interaction partners. Bayesian trust models provide a well-founded way for deriving trust from evidence. Yet, current approaches lack an integration of context-dependent parameters and a graphical representation for users. We propose a modification of the Bayesian approach that integrates context-dependent parameters in the prior knowledge and that allows to overcome the negative effects that are usually introduced with aging. Furthermore, we propose a mapping of this approach to a more intuitive representation of trust.

Certain trust: a trust model for users and agents

One of the challenges for ubiquitous computing and P2P systems is to find reliable partners for interactions. We believe that this problem can be solved by assigning trust values to entities and allowing them to state opinions about the trust-worthiness of others. In this paper, we develop a new trust model, called Certain Trust, which can easily be interpreted and adjusted by users and software agents. A key feature of Certain Trust is that it is capable of expressing the certainty of a trust opinion, depending on the context of use. We show how the trust values can be expressed using different representations (one for users and one for software agents) and present an automatic mapping to change between the representations.

Certainlogic: a logic for modeling trust and uncertainty

The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems.

Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source

Cloud computing enables information technology related services in a more dynamic and scalable way than before-more cost-effective than before due to the economy of scale and of sharing resources. Usually, cloud providers describe their promised behaviour-regarding functional and non-functional aspects of the service provision-by way of service level agreements SLAs. For different providers offering similar functionality, SLAs are often insufficiently claimable and inconsistent with the aspects considered important by customers. Therefore, customers face problems identifying a trustworthy cloud provider solely on the basis of its SLA. To support customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted trust management system architecture for cloud computing marketplaces and related approaches. This system provides the means for identifying trustworthy cloud providers in terms of different attributes, for example, compliance, data governance and information security. In this article, we present the first realization of our proposed trust management system using the Consensus Assessment Initiative Questionnaire, initiated by the Cloud Security Alliance, as one of the sources of trust information. In particular, our proposed approach contributes to the challenge of extracting trust information from Consensus Assessment Initiative Questionnaires completed by cloud providers. Finally, our implemented system and related approaches are experimented using real datasets. Copyright

A formal approach towards measuring trust in distributed systems

Emerging digital environments and infrastructures, such as distributed security services and distributed computing services, have generated new options of communication, information sharing, and resource utilization in past years. However, when distributed services are used, the question arises of to what extent we can trust service providers to not violate security requirements, whether in isolation or jointly. Answering this question is crucial for designing trustworthy distributed systems and selecting trustworthy service providers. This paper presents a novel trust measurement method for distributed systems, and makes use of propositional logic and probability theory. The results of the qualitative part include the specification of a formal trust language and the representation of its terms by means of propositional logic formulas. Based on these formulas, the quantitative part returns trust metrics for the determination of trustworthiness with which given distributed systems are assumed to fulfill a particular security requirement.

A classification of trust systems

Trust is a promising research topic for social networks, since it is a basic component of our real-world social life Yet, the transfer of the multi-facetted concept of trust to virtual social networks is an open challenge In this paper we provide a survey and classification of established and upcoming trust systems, focusing on trust models We introduce a set of criteria as basis of our analysis and show strengths and short-comings of the different approaches.

Analyzing the Robustness of CertainTrust

Trust in ubiquitous computing is about finding trustworthy partners for risky interactions in presence of uncertainty about identity, motivation, and goals of the potential interactions partners. In this paper, we present new approaches for estimating the trustworthiness of entities and for filtering and weighting recommendations, which we integrate in our trust model, called CertainTrust. We evaluate the robustness of our trust model using an canonical set of population mixes based on a classification of typical entity behaviors. The simulation is based on user traces collected in the Reality Mining project. The evaluation shows the applicability of our trust model to collaboration in opportunistic networks and its advantages in comparison to a distributed variant of the Beta Reputation System.