Issues In Trust Establishment

Published Date: 02 Nov 2017

Abstract - Cloud computing is becoming one of the next industry buzz words. In the current cloud computing scenario, the need for establishing an SLA is highly essential, since it expresses the commitment of provider to create an affordable balance between hosting costs and high levels of service availability during the service offerings. It is also highly necessary to monitor dynamically whether the QoS mentioned in the SLA, is met by the service provider. Moreover, a reliable trust model is required to give a quantitative measure of the trust to the requester before choosing a service provider . In this paper, we portray a dynamic trust establishment framework, wherein the Third-party SLA monitor provides an on-demand QoS assessment module, on a real time basis. Based on the computed trust value, the service provider is chosen. Then, the concept of Adaptive window-based state monitoring is introduced, negating the drawbacks associated with the existing techniques, by reducing the amount of data sent over the network. The proposed approach is implemented and it proves to be efficacious than the existing techniques in most cases.

Keywords- SLA, Dynamic trust, Cloud monitoring, Adaptive Window based State Monitoring.

INTRODUCTION

Trust plays a key role in the emerging cloud computing paradigm. It is one of the less trodden areas of cloud computing, making it a bit vulnerable in that aspect. A Service LevelAgreement (SLA) is formulated between the service provider and the requester, for every service requested, by the consumer. Once the QoS is established, the sevice provider should assure that the service being provided doesnot violate the SLA framed. Of all the different elements that we need to consider when evaluating a cloud service provider, the service level agreement is probably the most important one. While many other factors are very relevant in such a choice, it’s the SLA that establishes the baselines of the relationship between the consumer and the provider. The SLA is the contract that defines the limits of the responsibility the service provider is willing to assume regarding any service you are hiring - the data, servers, application, or anything else. Since it serves many functions, reading and understanding the SLA that a cloud provider is offering is fundamental in order to properly work with them.

The actual issue arises when there are multiple service providers, for the requested service, and the requester needs to select the best, from the varied choices he has. This is because, the occurrence of service level degradation in the cloud, has a serious impact on the working system. SLA violation not only has an ill effect on the consumer’s side, by causing monetary loss, but also affects the reputation of the service provider. This issue of service level degradation can be eliminated if there exists an efficient QoS assurance system, that makes informed decisions regarding re-composition.

The development of such a framework for the cloud is difficult to formulate since, the existing QoS assurance framework is not dynamic in nature. One way to address this problem is to develop an on-demand QoS assessment service based on the concept that, just as cloud is on-demand, the QoS assessments applied to the cloud can be on-demand as well [5]. This assessment module, if implemented by a trusted third party monitor, will reduce the requester’s load of establishing trust with respect to any service provider. The same concept has been discussed by Dan et al. [6] who suggested that service monitoring can be delegated to third-party service providers. There are several real time examples in a cloud environment, where a third party is employed to assess both the consumer and provider, in an unbiased manner.

This paper mainly concentrates on addressing the above issues in the best possible manner. For a provider to be trusted, there should be enough feedback from the existing users, on the existing services, catered by the provider. There exists several QoS parameters by which the consumer’s confidence in any service provider may be measured, of which the trust value, if calculated accurately, will help in providing a reliable measure of the genuineness of the service provider in most of the transactions. And this implies that for computing the trust value,which is to be established after every service, there needs to be a QoS monitoring system, which involves extracting the QoS parameters from the SLA agreed upon by the service provider and the requester. Monitoring information about the parameters needs to be retrieved and checked for conformity with the QoS. This monitoring is done in an effective manner, reducing the unnecessary amount of data being sent over the network, at the same time, maintaining the accuracy of the monitored values.

The rest of this paper is organized as follows: Section 2 throws ample light on the issues and challenges involved in monitoring and trust establishment. The proposed solution for dynamic trust establishment and Adaptive WISE monitoring is presented in Section 3. Detailed design, implementation information and results are described in Section 4. Related works is discussed briefly in Section 5. Section 6 showcases the conclusion and the future work proposed in this context.

II. ISSUES IN TRUST ESTABLISHMENT

A. QoS Monitoring Issues :The first issue involved in trust establishment is monitoring the QoS parameter in a regular basis, to verify whether it is in compliance with the SLA. The real problem here is that monitoring the QoS involves monitoring all the parameters at the provider side and sending this information over the network to the QoS Monitor, which in most cases is a Trusted Third Party. Sending this monitoring data consumes some bandwidth. As QoS needs to be monitored in a continual basis, it involves sending quite a lot of monitoring data continuously over the network making it a bandwidth intensive task. As a result, QoS monitoring which has to be done as a supplementary process, becomes a real problem in a network with constrained bandwidth.

B. Trusted Third Party:The Third Party which performs this task of QoS monitoring should be a trusted entity. It should not be in any way inclined towards either the service provider or the requester. In either case it leads to various problems like Denial of Service and Non-Repudiation. If this third party is entitled with the task of trust establishment, then it could very well lead to Masquerading attack as well. To prevent any of this threats from occurring we need a Third Party which can be trusted. At present, the Qos Monitor is just assumed to be a Trusted Third Party [2].

C. Establishing Trust over a Provider :Current trust models rely mainly on the feedback from the provider’s earlier services and tends to be static in most occasions. Trust once established is difficult to modify even if the provider has not been good of late. This provides an opportunity for the provider to maintain enough trust even without living up to its reputation. Trust is an extremely significant entity in the present day scenario. So the trust established over a provider should very closely resemble the actual goodness of it. It should not deviate much from the actual service provided.

III. SLA ASSURANCE FRAMEWORK

As shown in Fig.1, the proposed framework consists of a Third-Party Service Level Agreement monitor (TP SLA monitor), a service provider that monitors the service provider based on the SLA [3]. The TP SLA monitor first needs to determine the time during which QoS has to be monitored and assessed. Consecutively, the period of time may be divided into the pre-interaction and post-interaction phases[7]. Namely, the evaluation in the pre-interaction phase is carried out by entreating the recommendations given by the Recommending Users(RU). These users, give their reply based on their past experience with the specified service provider. However the existing framework does not take into account the due importance, that should be given for more recent transactions, that provides a more accurate feedback about the service provider to the Third Party monitor.

Consecutively, once the Service Provider is chosen based on the reputation value calculated, by the third party monitor, on a weighted basis, the monitoring of the chosen service provider is done, that forms the post interaction phase. This process implements an Adaptive WIndow based StatE moitoring technique (A-WISE), thus reducing the unnecessary amount of data and control messages sent over the cloud.