Sheikh Mahbub Habib

Towards a Trust Management System for Cloud Computing

Cloud computing provides cost-efficient opportunities for enterprises by offering a variety of dynamic, scalable, and shared services. Usually, cloud providers provide assurances by specifying technical and functional descriptions in Service Level Agreements (SLAs) for the services they offer. The descriptions in SLAs are not consistent among the cloud providers even though they offer services with similar functionality. Therefore, customers are not sure whether they can identify a trustworthy cloud provider only based on its SLA. To support the customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted Trust Management (TM) system architecture for a cloud computing marketplace. This system provides means to identify the trustworthy cloud providers in terms of different attributes (e.g., security, performance, compliance) assessed by multiple sources and roots of trust information.

Cloud Computing Landscape and Research Challenges Regarding Trust and Reputation

Cloud Computing is an emerging computing paradigm. It shares massively scalable, elastic resources (e.g., data, calculations, and services) transparently among the users over a massive network. The Cloud market is growing rapidly and bringing up numerous research challenges. This paper provides a landscape of Cloud Computing and its research challenges, especially considering the areas of service selection, quality assurance of Cloud services, and trust establishment in Cloud environments. As the latter is known to be one of the major challenges of Cloud Computing, We also provide an overview of the important aspects that need to be considered when integrating trust and reputation concepts into Cloud Computing.

Trust as a facilitator in cloud computing: a survey

AbstractCloud computing offers massively scalable, elastic resources (e.g., data, computing power, and services) over the internet from remote data centres to the consumers. The growing market penetration, with an evermore diverse provider and service landscape, turns Cloud computing marketplaces a highly competitive one. In this highly competitive and distributed service environment, the assurances are insufficient for the consumers to identify the dependable and trustworthy Cloud providers.This paper provides a landscape and discusses incentives and hindrances to adopt Cloud computing from Cloud consumers’ perspective. Due to these hindrances, potential consumers are not sure whether they can trust the Cloud providers in offering dependable services. Trust-aided unified evaluation framework by leveraging trust and reputation systems can be used to assess trustworthiness (or dependability) of Cloud providers. Hence, cloud-related specific parameters (QoS + ) are required for the trust and reputation systems in Cloud environments. We identify the essential properties and corresponding research challenges to integrate the QoS + parameters into trust and reputation systems. Finally, we survey and analyse the existing trust and reputation systems in various application domains, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) why trust establishment is important in the Cloud computing landscape, 2) how trust can act as a facilitator in this context and 3) what are the exact requirements for trust and reputation models (or systems) to support the consumers in establishing trust on Cloud providers.

Certainlogic: a logic for modeling trust and uncertainty

The evaluation of the trustworthiness of complex systems is a challenge in current IT research. We contribute to this field by providing a novel model for the evaluation of propositional logic terms under uncertainty that is compliant with the standard probabilistic approach and subjective logic. Furthermore, we present a use case to demonstrate how this approach can be applied to the evaluation of the trustworthiness of a system based on the knowledge about its components and subsystems.

Towards a trust management system for cloud computing marketplaces: using CAIQ as a trust information source

Cloud computing enables information technology related services in a more dynamic and scalable way than before-more cost-effective than before due to the economy of scale and of sharing resources. Usually, cloud providers describe their promised behaviour-regarding functional and non-functional aspects of the service provision-by way of service level agreements SLAs. For different providers offering similar functionality, SLAs are often insufficiently claimable and inconsistent with the aspects considered important by customers. Therefore, customers face problems identifying a trustworthy cloud provider solely on the basis of its SLA. To support customers in reliably identifying trustworthy cloud providers, we propose a multi-faceted trust management system architecture for cloud computing marketplaces and related approaches. This system provides the means for identifying trustworthy cloud providers in terms of different attributes, for example, compliance, data governance and information security. In this article, we present the first realization of our proposed trust management system using the Consensus Assessment Initiative Questionnaire, initiated by the Cloud Security Alliance, as one of the sources of trust information. In particular, our proposed approach contributes to the challenge of extracting trust information from Consensus Assessment Initiative Questionnaires completed by cloud providers. Finally, our implemented system and related approaches are experimented using real datasets. Copyright

A formal approach towards measuring trust in distributed systems

Emerging digital environments and infrastructures, such as distributed security services and distributed computing services, have generated new options of communication, information sharing, and resource utilization in past years. However, when distributed services are used, the question arises of to what extent we can trust service providers to not violate security requirements, whether in isolation or jointly. Answering this question is crucial for designing trustworthy distributed systems and selecting trustworthy service providers. This paper presents a novel trust measurement method for distributed systems, and makes use of propositional logic and probability theory. The results of the qualitative part include the specification of a formal trust language and the representation of its terms by means of propositional logic formulas. Based on these formulas, the quantitative part returns trust metrics for the determination of trustworthiness with which given distributed systems are assumed to fulfill a particular security requirement.

Privacy, Security and Trust in Cloud Computing: The Perspective of the Telecommunication Industry

The telecommunication industry has been successful in turning the Internet into a mobile service and stimulating the creation of a new set of networked, remote services. In this paper we argue that embracing cloud computing solutions is fundamental for the telecommunication industry to remain competitive. However, there are legal, regulatory, business, market related and technical challenges that must be considered. In this paper we list such challenges and define a set of privacy, security and trust requirements that must be taken into account before cloud computing solutions can be fully integrated and deployed by telecommunication providers.

Fusion of Opinions under Uncertainty and Conflict -- Application to Trust Assessment for Cloud Marketplaces

The fusion of trust relevant information provided by multiple sources is one of the major challenges of trust establishment, which in turn is a key research topic in the growing field of cloud computing. We present a novel fusion operator for combining information from different sources, representing propositions under uncertainty. The operator especially extend the state-of-the-art by explicitly considering weights and the handling of conflicting dependent opinions. We provide a use case that demonstrates the applicability of our approach and shows the capability of the novel operator to a more reliable and transparent assessment of the trustworthiness of cloud providers.

An Analysis of the Robustness and Stability of the Network Stack in Symbian-based Smartphones

Smartphones are widely used today and their popularity will certainly not slow down in the near future due to improved functionality and new technology improvements. Becoming more and more similar to PCs and laptops, they will also begin to face the same security problems especially in terms of network security. In a previous paper, we have provided a detailed analysis of security issues along with penetration test results for Windows Mobile 5.0 platform based smartphones. In this paper, we extend our vulnerability testing with two more smartphones, both based on the Symbian 9.1 OS. A number of attacks have been done to test the stability of the network stack of the Symbian OS. Detailed results are provided from the tests performed and several vulnerabilities that can render the devices unusable have been found. The results should be very useful for security professionals, researchers and OS vendors and will hopefully result in more attention to be paid to security issues in smartphones and trigger the development of more secure software for mobile operating systems. The findings could also be of interest for end-users who are searching for the most stable platform for mobile applications where security and reliability are key factors.

A framework for evaluating trust of service providers in cloud marketplaces

The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self-assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSAs framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept.