Information Technology Reference
In-Depth Information
The trust model for P2P systems in [21] considers transactions and shared experiences
as recommendations and uses Bayesian estimation methods to compute trust values.
The Beta reputation model in [8] is based on beta distribution that considers the direct
experience as well as feedback from other agents to model the behavior of a system.
Both models [8][21] are based on the belief theory, but in [21] the use of Bayesian
estimation expects probabilities for each question of interest.
The study of trust is closely related to
uncertainty
and we observe that many of the
reputation system proposed have given either no importance or a very low importance
to uncertainty. Exceptions are found in the works described in [7][14][10][13][20].
The belief model in [7] uses metric called
opinion
to describe
belief
and
disbelief
about a proposition as well as the degree of
uncertainty
regarding probability of an
event. The work on [13][20] proposes opinion metric as in [7] but giving importance
to uncertainty due to the evidence that impacts the belief and disbelief about a
proposition. In [7] the uncertainty is modeled only based on the amount of total
evidence i.e. as the total evidence increases, the uncertainty decreases, while in
[13][20] the uncertainty also takes into account the amount of positive and negative
evidence contained in total evidence. The work in [13] shows that it provides low
prediction errors compared to [7][20]. Opinion models have been extensively used
for estimating the quality by combining multiple factors. The opinion model proposed
in [13] uses the subjective logic to combine evidences and due to its low prediction
errors forms the best choice for building reputation of the cloud service providers.
In the recent years reputation systems have also been used in the cloud computing
paradigm [1][3][5][13]. In [3], trust is one of the core component used by software as
a service provider, along with risk, eco-efficiency and cost for evaluating the cloud
infrastructure provider, for their service. The trust of the cloud infrastructure provider
in [3] is evaluated by the model proposed in [13]. The work in [5] identifies several
vulnerabilities in cloud services provided by Google, IBM, Amazon and proposes an
architecture to reinforce the security and privacy by suggesting a hierarchy of P2P
reputation system to protect cloud resources. The focus in [13] and [5] has been on
use of conventional trust within a cloud service ecosystem and no specific context of
security to build reputation of the cloud service providers is considered.
The concept of a broker as intermediaries between the service providers and
service consumers with the aim of relieving the customer from evaluating trust and
risk of the service provider has been used in the grid and cloud environments before
[11][4][19][2]. The work in [4] proposes broker architecture in grids with the focuses
on evaluating the reliability of the risk information from the resource providers.
Within the context of cloud computing environment [11], cloud broker can be used as
i) cloud service intermediation:
intermediation for multiple services to add value-
additions like identity management or access control
ii) cloud service aggregation:
bringing together two or more fixed cloud based service
iii) cloud service arbitrage:
similar to cloud service aggregation, but more dynamic aggregation to provide
flexibility. The work in [11][4] have been focusing in identifying trust and risk of the
service providers without any security context.
This paper proposes a broker architecture that enables the gathering of security
related events of the cloud service providers, which otherwise is difficult to be shared
with the end users, and uses the reputation model proposed in [13] to build the
security reputation of the cloud service providers.
