A Trust Evaluation Model For Cloud Computing

Published Date: 02 Nov 2017

Cloud computing is an emerging information technology that changes the way IT architectural solutions. It is a new pattern of business computing, and it can dynamically provide computing services supported by state-of-the-art data centers that usually employ Virtual Machine (VM) technologies. One of the most critical issues in cloud computing is security .

The trust mechanism provides a good way for improving the system security. It is a new and emerging security mode to provide security states, access control, reliability and policies for decision making by identifying and distributing the malicious entities based on converting and extracting the detected results from security mechanisms in different systems and collecting feedback assessments continually. In recent years, many scholars have made a lot of research on trust model. Hwang et al. assessed the security demands of three cloud service models: IaaS, PaaS and SaaS. Integrated cloud architecture was presented to reinforce the security and privacy in cloud applications. Some security protection mechanisms were suggested, such as fine-gain access control, trust delegation and negotiation, reputation system of resource sites. Zissis et al. pointed out that security in a cloud environment requires a systemic point of view, from which security will be constructed on trust, mitigating protection to a trusted third party. Takabi et al. illustrated the unique issues of cloud computing that exacerbate security and privacy challenges in clouds. Various approaches to address these challenges were discussed. It explores the future work needed to provide a trustworthy cloud computing environment. Tian et al. put forward basic criteria about evaluating node behavior trust and evaluation strategy in the cloud computing. Based on the basic criteria of the evaluation, the sliding window was used to carry out the evaluation of node behavior trust. Then a kind of evaluation mechanism on node behavior trust based on sliding windows model was brought forward. Jiang et al. proposed a new evidential trust model for open distributed systems. This model was based on an improved D-S evidence theory by the introduction of time efficiency factor calculation function and the modification of D-S combination rules. It is highly effective in defending attacks on the system for malicious behaviors.

In this paper, we propose a trust evaluation model based on D-S evidence theory and sliding windows to evaluate the credibility of entities and detect the malicious entities for cloud computing. In our model, direct interactions among entities are regard as first-hand evidences. We evaluate the timeliness of the interaction evidence by means of sliding windows. Trust computing of entities is based on D-S theory with the help of the interaction evidences. Recommendation trust values from different entities are regard as second-hand evidences. The combination of the recommendation trust values forms the reputation of entities. Finally, experiments were carried out to estimate the effectiveness and the anti-attack of the proposed model.

The remainder of this paper is organized as follows. Section 2 describes the proposed trust evaluation model. In section 3, the experimental results are shown and discussed. Finally, section 4 provides the conclusion and mentions our future research directions.

Trust Evaluation Model

The entities are divided into Cloud Server Provider (CSP) and Cloud User (CU) in cloud computing. Trust evaluation depends on interactions evidences between the CSP and the CU. The interaction evidence is dynamic. And it has fine timeliness. Below we present our trust evaluation model.

The timeliness of interaction evidence and sliding window

In cloud computing, CUs send service requests to CSPs, and then CSPs provide the corresponding services for CUs. Entities rate each other after each interaction, as in the E-commerce System. Here, we don’t consider the cooperation among CSPs and among CUs. For trust evaluating, the interaction and assessment between CSPs and CUs are evidence information.

In this paper, the evidence set E is defined as follows.

Where, , N is a natural number. is defined by 5-tuple.

Where, each attribute of evidence is described as follows:

time is the emerging time of evidence .

cspid is ID of the CSP. It is unique.

cuid is ID of the CU. It is unique also.

csp_eva is the assessment of the CU to the CSP. The CSP maybe provide good service or denial of service. If the CU is satisfied with services of the CSP, this interaction is positive. So csp_eva is 1. Otherwise, if services of the CSP are negative, csp_eva is -1. If the CU is unsure for services of the CSP, csp_eva is 0.

cu_eva is the assessment of the CSP to the CU. The CU’s behavior may be normal or fraud. If the CU carries out normal or positive interaction, cu_eva is 1; otherwise, if the CU carries out fraud or negative interaction, cu_eva is -1. If the system can not decide whether it is normal or fraud for the CU’s behavior, cu_eva is 0.

The interaction evidence would keep on increasing with the realization of interactions by time. And it is basis for trust computing. In addition, the importance of evidence information would decay over time. The importance of negative evidence would decay more slowly than positive evidence. In order to evaluate reasonably trust of entities based on the evidence information, we employ sliding windows to describe the timeliness of evidence information.

The direct interaction is divided into three categories: positive interaction, negative interaction and uncertain interaction. Accordingly, we set three time windows: positive interaction window(Wp), negative interaction window(Wn) and uncertain interaction window(Wu). Wp is used to sift the positive interaction evidence. Wn is used to sift the negative interaction evidence. Wu is used to sift the uncertain interaction evidence. Sliding window mechanism is shown in Fig 1.

Fig. 1. Sliding window mechanism

Here, t_curr expresses the current time; t_pos, t_neg and t_unc are the critical time. Separately, we denote every time window size as Sp, Sn and Su() for Wp ,Wn and Wu. There exists follow quantitative relationship:

(1)

After introducing Sliding windows, the interaction evidences only inside the windows are valid. Supposed there is positive interaction evidence Ek at time t. If , Ek is valid; otherwise, it is invalid. This is similar for negative and uncertain interaction evidence. In the process of trust computing, only valid interaction evidences affect the trust degree of entities. In this way, the trust degree of entities would not be increased or decreased by over-ranging interaction evidence. In addition, negative interaction window is bigger than positive interaction window. So negative interaction evidences can affect the trust of entities for longer time. It is in keeping with law of nature.

Direct Trust

Each interaction is considered as evidence. By querying the evidence set E, we can count up the number of valid interactions in time windows. Suppose that positive interaction evidence is marked as , negative interaction evidence is , and uncertain interaction evidence is . At time t, the number of every kind of valid direct interaction between entity i and entity j can be marked as ,, and . In , there is no interaction between entity i and entity j, so . Direct trust between entity i and entity j is computed by direct interactions. Here, we compute direct trust between entities using D-S evidence theory, because D-S evidence theory can express the uncertainty of practical problems with a probability range.

We set the trust distinguish framework, so . Here, respectively represent trust, distrust, uncertain and impossibility. We denote the direct trust as dt. In time t, entity i evaluates the direct trust degree on the entity j, which is expressed as .

Where, if , . And the BPA (basic probability assignment) function is defined as follows:

(2)

Here, u∈[0,1] is a weight factor. After setting the sliding windows as Figure 2, interactions beyond the window size are regarded as invalid evidence. And the invalid evidence would not be cited in trust computing. However, the invalid evidence still is behavior of entities ever, and the effect of the invalid evidence can not be dispelled suddenly, but rather gradually. By introducing the weight factor u and , the past interactions can affect the trust degree of entities to some extent. Of course, its effect will disappear gradually. We can control the influence of the past interactions by adjusting the weight factor u.

Reputation

The entity obtains the recommendation information from other entities which have ever interacted with the evaluated entity. If the entity has no direct interaction with the evaluated entity, its recommendation information will not be considered. And we do not consider recommendation’s iteration. So it avoids large recommendation chains.

Suppose entity s has direct interaction with entity j. Entity i can gain the recommendation information about entity j from entity s according to direct trust from entity s to entity j, which is denoted as . Here, is the corresponding BPA function. And we take the direct trust value as the recommendation trust value for entity i, so and .

In the trust network, there exists more than one recommendation information from different entities. Based on Dempster rule, we can combine these recommendations. However, the conclusion may be inconsistent with the evidence if there is serious conflict among recommendations. Referring to fusion approach for conflicting evidence in reference [9], we compute the weight of every recommendation, which is denoted as . According to , the BPA function of the recommendation trust is revised as follows.

(3)

Finally, the combination of the all recommendation trusts form reputation of entities. Reputation of the entity j is represented by at time t. It is calculated as follows according to Dempster's rule.

(4)

Experimental Evaluation

Simulation setup

To evaluate the performance of above model, we performed simulation experiments in Netlogo. In the simulation experiments, the CSPs and the CUs are independent.

The CSPs are classified into 3 types: good CSP, bad CSP and random CSP. Their respective proportions in all CSPs are 80%, 10% and 10%, and they provide different services are as follows.

The good CSP always provides reliable services.

The bad CSP always provides unreliable services.

The random CSP provides reliable or unreliable services randomly.

The CUs are classified into 3 types: honest CU, malicious CU and random CU. The proportional distribution of each kind of the CUs is similar to the CSPs.

The honest CU always takes legal actions.

The malicious CU always takes illegal actions.

The random CU takes legal or illegal actions randomly.

For all CSPs and CUs, the initial trust degree follows (0,0,1). This is to say, they are all unknown for the system at first. New interactions are continuously generated with an arrival rate 80 interaction per simulation-time step, between a random CSP and a random CU.

Table 1. Summarizes the parameters used in simulation experiments

Parameter

Description

value

n

number of CSPs

50

m

number of CUs

200

u

weight factor

0.2

Sp

positive interaction window size

50

Su

uncertain interaction window size

80

Sn

negative interaction window size

150

The effectiveness of proposed model

At first, we evaluate the effectiveness of our model. The experimental result is as follows. Fig 2 reveals the changing of the trust degree for three kinds of entities. The credibility of the good/honest entities continues to grow as the steady accumulation of positive interactions. On the contrary, the credibility of the bad/malicious entities decreases as negative interactions. And the trust degree of the malicious entities has no changing when the distrust degree reaches a certain degree. The reason is that the entities would be considered to be malicious if its distrust degree is greater than the assumed threshold value. The entities would not be permitted to interact with any other entities. So the trust degree of the malicious entities would not change any more. For random entities, the change in behavior results in the change of the credibility of random entities. Besides, we can notice that the credibility of entities increases slowly and the incredibility of entities increase quickly. This is contributed to the feature of sliding windows. In sliding window mechanism, positive interactions are valid for a short period of time and negative interactions are valid for a long period of time. So the credibility of entities can increase by recent positive interactions slowly. But early negative interactions continue to have bad effects on the trust degree of entities so that the distrust degree of entities would increase quickly. It is accord with the feature of the trust in human society.

(a) the trust degree of the good CSP (b) the trust degree of the bad CSP (c) the trust degree of the random CSP

(d) the trust degree of the honest CU (e) the trust degree of the malicous CU (f) the trust degree of the random CU

Fig. 2. The changing of trust degree for different entities

Anti-attack of the system

Success interaction rate is the ratio of successful interactions to overall interactions in the simulation time. It can reflect the anti-attack of the system in a certain extent. Thus we measure anti-attack of the system by success interaction rate. With a help of the trust computing based on evidence theory and sliding windows, we can identify the malicious entities efficiently. Thank to it, we can restrict the interaction of malicious entities further. It can help to increase the success interaction rate of the system. The experiment results are shown in Fig 3. Results show that the success interaction rate with trust computing is higher than that without trust computing. From Figure 3, we can see that the changing of success interaction rate is divided into two stages: decline stage and rise stage. The success interaction rate declines with malicious interactions at the beginning. After a time, the success interaction rate keeps rising. It is because that the system with trust computing has begun to identify the malicious entities and refuse to provide service for them. The result shows that trust computing can enhance the anti-attack of the system because it can help to the system correctly identifying the malicious entities.

Fig. 3. Success interaction rate

Conclusions

Trust evaluation model is of importance to supporting system security. This paper has presented a trust evaluation model based on evidence theory and sliding windows for cloud computing. The proposed model has a number of advantages as follows. Firstly, it is simple to be executed. The time complexity of our algorithm is O(n×m) if there are n CSPs and m CUs in the system. Secondly, the timeliness of interactions is reflected by introducing sliding windows. In sliding window mechanism, interactions are divided into valid interactions and invalid interactions. Only valid interactions can affect the trust degree of entities. So it improved the extensibility of the system. Thirdly, the trust degree of entities changes dynamically according to the behavior of entities based on D-S evidence theory. We evaluate the trust of both the CSPs and the CUs. In this way, we can provide security protection for the CSPs and the CUs. Finally, it can help the system identifying malicious entities to some extent and improve the success interaction rate. It enhances the anti-attack of the system. Simulation experiments show that the trust degree of entities increases slowly and decreases quickly using our model. It can effectively identify malicious entities, and provide reliable information to correctly make the security decisions for the system. Future, we will look for ways to overcome the collusive deception behaviors. And the data mining and knowledge discovery method [10] will be combined with our trust evaluation model to evaluate the changes of CUs and CSPs.

Acknowledgements

The authors would like to thank the support by the Foundation of Science and Technology on Communication Security Laboratory (9140C110404110C1106), the GuangXi National Natural Science Foundation of China (2012GXNSFAA053224), the Guangxi Graduate Education Innovation project of China (2010105950810M18), and the Foundation of Guangxi Department of Education (201010LX156,CD10066X).