A Trust Evaluation Model for Cloud Computing
| Site: | Saylor Academy |
| Course: | BUS610: Advanced Business Intelligence and Analytics |
| Book: | A Trust Evaluation Model for Cloud Computing |
| Printed by: | Guest user |
| Date: | Monday, 19 May 2025, 3:46 PM |
Description
Another trust model based on D-S evidence theory and sliding windows can bolster system security in cloud computing by enhancing the detection of malicious entities and how entities are evaluated for credibility in general.
Abstract
Trust has attracted extensive attention in social science and computer science as a solution to enhance the security of the system. This paper proposes a trust evaluation model based on D-S evidence theory and sliding windows for cloud computing. The timeliness of the interaction evidence as the first-hand evidence is reflected by introducing sliding windows. The direct trust of entities is computed based on the interaction evidence by D-S evidence theory. The conflict of the recommendation trust as the second-hand evidence is eliminated with a help of an improved fusion approach as far as possible. Finally, the combination of the recommendation trust exposes the credibility of entities. Experimental results show that the proposed model is effective and extensible.
Keywords: Cloud computing; Trust evaluation; Evidence theory; Sliding windows
Source: Elsevier B.V, https://www.sciencedirect.com/science/article/pii/S1877050913002822
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.
1. Introduction
Cloud computing is an emerging information technology that changes the way IT architectural solutions. It is a new pattern of business computing, and it can dynamically provide computing services supported by state-of-the-art data centers that usually employ Virtual Machine (VM) technologies. One of the most critical issues in cloud computing is security.
The trust mechanism provides a good way for improving the system security. It is a new and emerging security mode to provide security states, access control, reliability and policies for decision making by identifying and distributing the malicious entities
based on converting and extracting the detected results from security mechanisms in different systems and collecting feedback assessments continually. In recent years, many scholars have made a lot of research on trust model. Hwang et al. assessed
the security demands of three cloud service models: IaaS, PaaS and SaaS. Integrated cloud architecture was presented to reinforce the security and privacy in cloud applications. Some security protection mechanisms were suggested, such as finegain
access control, trust delegation and negotiation, reputation system of resource sites. Zissis et al. pointed out that security in a cloud environment requires a systemic point of view, from which security will be constructed on trust, mitigating protection
to a trusted third party. Takabi et al. illustrated the unique issues of cloud computing that exacerbate security and privacy challenges in clouds. Various approaches to address these challenges were discussed. It explores the future work needed to
provide a trustworthy cloud computing environment. Tian et al. put forward basic criteria about evaluating node behavior trust and evaluation strategy in the cloud computing. Based on the basic criteria of the evaluation, the sliding window was used
to carry out the evaluation of node behavior trust. Then a kind of evaluation mechanism on node behavior trust based on sliding windows model was brought forward. Jiang et al. proposed a new evidential trust model for open distributed systems. This
model was based on an improved D-S evidence theory by the introduction of time efficiency factor calculation function and the modification of D-S combination rules. It is highly effective in defending attacks on the system for malicious behaviors.
In this paper, we propose a trust evaluation model based on D-S evidence theory and sliding windows to evaluate the credibility of entities and detect the malicious entities for cloud computing. In our model, direct interactions among entities are regard
as first-hand evidences. We evaluate the timeliness of the interaction evidence by means of sliding windows. Trust computing of entities is based on D-S theory with the help of the interaction evidences. Recommendation trust values from different
entities are regard as second-hand evidences. The combination of the recommendation trust values forms the reputation of entities. Finally, experiments were carried out to estimate the effectiveness and the anti-attack of the proposed model.
The remainder of this paper is organized as follows. Section 2 describes the proposed trust evaluation model. In section 3, the experimental results are shown and discussed. Finally, section 4 provides the conclusion and mentions our future research
directions.
2. Trust Evaluation Model
The entities are divided into Cloud Server Provider (CSP) and Cloud User (CU) in cloud computing. Trust evaluation depends on interactions evidences between the CSP and the CU. The interaction evidence is dynamic. And it has fine timeliness. Below we
present our trust evaluation model.
2.1. The timeliness of interaction evidence and sliding window
In cloud computing, CUs send service requests to CSPs, and then CSPs provide the corresponding services for CUs. Entities rate each other after each interaction, as in the E-commerce System. Here, we don't consider the cooperation among CSPs and among CUs. For trust evaluating, the interaction and assessment between CSPs and CUs are evidence information.
In this paper, the evidence set E is defined as follows.
\(E = \{E_1,E_2,...,E_i,...,E_k\}\)
Where, \(k \in N\), N is a natural number. \(E_i(1 \leq i \leq k)\) is defined by 5-tuple.
\(E_i = \{time,cspid,cuid,csp \_ eva,cu \_ eva\}\)
Where, each attribute of evidence \(E_i\) is described as follows:
(1) time is the emerging time of evidence \(E_i\).
(2) \(cspid\) is ID of the CSP. It is unique.
(3) \(cuid\) is ID of the CU. It is unique also.
(4) \(csp\_eva\) is the assessment of the CU to the CSP. The CSP maybe provide good service or denial of service. If the CU is satisfied with services of the CSP, this interaction is positive. So \(csp_eva\) is 1. Otherwise, if services of the CSP
are negative, \(csp\_eva\) is -1. If the CU is unsure for services of the CSP, \(csp\_eva\) is 0.
(5) \(cu\_eva\) is the assessment of the CSP to the CU. The CU's behavior may be normal or fraud. If the CU carries out normal or positive interaction, \(cu\_eva\) is 1; otherwise, if the CU carries out fraud or negative interaction, \(cu\_eva\) is
-1. If the system can not decide whether it is normal or fraud for the CU s behavior, \(cu\_eva\) is 0.
The interaction evidence would keep on increasing with the realization of interactions by time. And it is basis for trust computing. In addition, the importance of evidence information would decay over time. The importance of negative evidence would decay more slowly than positive evidence. In order to evaluate reasonably trust of entities based on the evidence information, we employ sliding windows to describe the timeliness of evidence information.
The direct interaction is divided into three categories: positive interaction, negative interaction and uncertain interaction. Accordingly, we set three time windows: positive interaction window \((Wp)\), negative interaction window \((Wn)\) and uncertain
interaction window \((Wu)\). \(Wp\) is used to sift the positive interaction evidence. \(Wn\) is used to sift the negative interaction evidence. \(Wu\) is used to sift the uncertain interaction evidence. Sliding window mechanism is shown in Fig 1.
Fig. 1. Sliding window mechanism
Here, t_curr expresses the current time; t_pos, t_neg and t_unc are the critical time. Separately, we denote every time window size as \(S_p\), \(S_n\) and \(S_u\) \((S_p \leq S_u \leq S_n)\) for Wp ,Wn and Wu. There exists follow quantitative relationship:
\(\left\{\begin{array}{l}
\mid t_ \text {curr }-t_ \text {pos } \mid=S_{p} \\
\mid t_ \text {curr }-t_ \text {unc } \mid=S_{u} \\
\mid t_ \text {curr }-t_ \text {neg } \mid=S_{n}
\end{array}\right.\)
After introducing Sliding windows, the interaction evidences only inside the windows are valid. Supposed there is positive interaction evidence \(E_k\) at time \(t\). If \(|t\_curr = t| \leq S_p , E_k\) is valid; otherwise, it is invalid. This is
similar for negative and uncertain interaction evidence. In the process of trust computing, only valid interaction evidences affect the trust degree of entities. In this way, the trust degree of entities would not be increased or decreased by over-ranging
interaction evidence. In addition, negative interaction window is bigger than positive interaction window. So negative interaction evidences can affect the trust of entities for longer time. It is in keeping with law of nature.
2.2. Direct Trust
Each interaction is considered as evidence. By querying the evidence set \(E\), we can count up the number of valid interactions in time windows. Suppose that positive interaction evidence is marked as \(\alpha\), negative interaction evidence is \(\beta\),
and uncertain interaction evidence is \(\gamma\). At time \(t\), the number of every kind of valid direct interaction between entity \(i\) and entity \(j\) can be marked as \(\alpha_{i,j}^t,\beta_{i,j}^t,\) and \(\gamma_{i, j}^t\). In \(t = t_0\),
there is no interaction between entity \(i\) and entity \(j\) so \(\alpha_{i,j}^0 = \beta_{i,j}^0 = \gamma_{i,j}^0 = 0\). Direct trust between entity \(i\) and entity \(j\) is computed by direct interactions. Here, we compute direct trust between
entities using D-S evidence theory, because D-S evidence theory can express the uncertainty of practical problems with a probability range.
We set the trust distinguish framework \(\Omega = \{T, -T\}\), so \(2^{\Omega} = \{f, \{T\}, \{-T\},\{T, -T\}\}\). Here, \(\{T\}, \{-T\}, \{T, -T\}, f\) respectively represent trust, distrust, uncertain and impossibility. We denote the direct trust as
dt. In time \(t\), entity \(i\) evaluates the direct trust degree on the entity \(j\), which is expressed as \(dt_{i,j}^t = (dm_{i,j}^t(\{T\}), dm_{i,j}^t(\{-T\}), dm_{i,j}^t(\{T, -T\}))\).
Where, if \(t=t_0 , dt_{i,j}^0 = ( 0,0,1)\). And the BPA (basic probability assignment) function \(dm_{i,j}^t(\{ \cdot \})\) is defined as follows:
\(\left\{\begin{array}{l}
d m_{i, j}^{t}(\{T\})=u \times d m_{i, j}^{t-1}(\{T\})+(1-u) \times \frac{\alpha_{i, j}^{t}}{\alpha_{i, j}^{t}+\beta_{i, j}^{t}+\gamma_{i, j}^{t}} \\
d m_{i, j}^{t}(\{-T\})=u \times d m_{i, j}^{t-1}(\{-T\})+(1-u) \times \frac{\beta_{i, j}^{t}}{\alpha_{i, j}^{t}+\beta_{i, j}^{t}+\gamma_{i, j}^{t}} \\
d m_{i, j}^{t}(\{T,-T\})=1-d m_{i, j}^{t}(\{T\})-d m_{i, j}^{t}(\{-T\})
\end{array}\right.\)
Here, \(u \in\) is a weight factor. After setting the sliding windows as Figure 2, interactions beyond the window size are regarded as invalid evidence. And the invalid evidence would not be cited in trust computing. However, the invalid evidence still is behavior of entities ever, and the effect of the invalid evidence can not be dispelled suddenly, but rather gradually. By introducing the weight factor u and \(dm_{i,j}^{t-1} (\{ \cdot \})\), the past interactions can affect the trust degree of entities to some extent. Of course, its effect will disappear gradually. We can control the influence of the past interactions by adjusting the weight factor \(u\).
2.3. Reputation
The entity obtains the recommendation information from other entities which have ever interacted with the evaluated entity. If the entity has no direct interaction with the evaluated entity, its recommendation information will not be considered. And we
do not consider recommendation's iteration. So it avoids large recommendation chains.
Suppose entity s has direct interaction with entity \(j\). Entity \(i\) can gain the recommendation information about entity \(j\) from entity \(s\) according to direct trust from entity \(s\) to entity \(j\), which is denoted as \(r t t_{s, j}^{t}=\left(r m_{s, j}^{t}(\{T\}), r m_{s, j}^{t}(\{-T\}), r m_{s, j}^{t}(\{T,-T\})\right)\). Here, \(r m_{s, j}^{t}(\cdot)\) is the corresponding BPA function. And we take the direct trust value \(d t_{s, j}^{t}\) as the recommendation trust value \(r t_{s, j}^{t}\) for entity \(i\), so \(r t_{s, j}^{t}=d t_{s, j}^{t}\) and \(r m_{s, j}^{t}(\cdot)=d m_{s, j}^{t}(\cdot)\).
In the trust network, there exists more than one recommendation information from different entities. Based on Dempster rule, we can combine these recommendations. However, the conclusion may be inconsistent with the evidence if there is serious conflict among recommendations. Referring to fusion approach for conflicting evidence in reference, we compute the weight of every recommendation, which is denoted as \(\omega_{s}\). According to \(\omega_{s}\), the BPA function \(r m_{i, j}^{t}(\{\cdot\})\) of the recommendation trust \(r t_{s, j}^{t}\) is revised as follows.
\(\left\{\begin{array}{l}
r m_{s, j}^{t}(\{T\})=\omega_{s} \times r m_{s, j}^{t}(\{T\})=\omega_{s} \times d m_{s, j}^{t}(\{T\}) \\
r m_{s, j}^{t}(\{-T\})=\omega_{s} \times r m_{s, j}^{t}(\{-T\})=\omega_{s} \times d m_{s, j}^{t}(\{-T\}) \\
r m_{s, j}^{t}(\{T,-T\})=1-r m_{s, j}^{t}(\{T\})-r m_{s, j}^{t}(\{-T\})
\end{array}\right.\)
Finally, the combination of the all recommendation trusts form reputation of entities. Reputation of the entity \(j\) is represented by \(r t_{j}^{t}\) at time \(t\). It is calculated as follows according to Dempster's rule.
\(r t_{j}^{t}(A)=r t_{1, j}^{t}(A) \oplus r t_{2, j}^{t}(A) \oplus \cdots \oplus r t_{q, j}^{t}(A), q=1,2, \cdots, m ; \quad A \neq f, A \in 2^{\Omega}\)
3. Experimental Evaluation
3.1. Simulation setup
To evaluate the performance of above model, we performed simulation experiments in Netlogo. In the simulation experiments, the CSPs and the CUs are independent.
The CSPs are classified into 3 types: good CSP, bad CSP and random CSP. Their respective proportions in all CSPs are 80%, 10% and 10%, and they provide different services are as follows.
(1) The good CSP always provides reliable services.
(2) The bad CSP always provides unreliable services.
(3) The random CSP provides reliable or unreliable services randomly.
The CUs are classified into 3 types: honest CU, malicious CU and random CU. The proportional distribution of each kind of the CUs is similar to the CSPs.
(1) The honest CU always takes legal actions.
(2) The malicious CU always takes illegal actions.
(3) The random CU takes legal or illegal actions randomly.
For all CSPs and CUs, the initial trust degree follows (0,0,1). This is to say, they are all unknown for the system at first. New interactions are continuously generated with an arrival rate 80 interaction per simulationtime step, between a random CSP and a random CU.
Table 1. Summarizes the parameters used in simulation experiments
| Parameter | Description | value |
| n | number of CSPs | 50 |
| m | number of CUs | 200 |
| u | weight factor | 0.2 |
| Sp | positive interaction window size | 50 |
| Su | uncertain interaction window size | 80 |
| Sn | negative interaction window size | 150 |
3.2. The effectiveness of proposed model
At first, we evaluate the effectiveness of our model. The experimental result is as follows. Fig 2 reveals the changing of the trust degree for three kinds of entities. The credibility of the good/honest entities continues to grow as the steady accumulation
of positive interactions. On the contrary, the credibility of the bad/malicious entities decreases as negative interactions. And the trust degree of the malicious entities has no changing when the distrust degree reaches a certain degree. The reason
is that the entities would be considered to be malicious if its distrust degree is greater than the assumed threshold value. The entities would not be permitted to interact with any other entities. So the trust degree of the malicious entities would
not change any more. For random entities, the change in behavior results in the change of the credibility of random entities. Besides, we can notice that the credibility of entities increases slowly and the incredibility of entities increase quickly.
This is contributed to the feature of sliding windows. In sliding window mechanism, positive interactions are valid for a short period of time and negative interactions are valid for a long period of time. So the credibility of entities can increase
by recent positive interactions slowly. But early negative interactions continue to have bad effects on the trust degree of entities so that the distrust degree of entities would increase quickly. It is accord with the feature of the trust in
human society.
Fig. 2. The changing of trust degree for different entities
3.3. Anti-attack of the system
Success interaction rate is the ratio of successful interactions to overall interactions in the simulation time. It can reflect the anti-attack of the system in a certain extent. Thus we measure anti-attack of the system by success interaction rate. With
a help of the trust computing based on evidence theory and sliding windows, we can identify the malicious entities efficiently. Thank to it, we can restrict the interaction of malicious entities further. It can help to increase the success interaction
rate of the system. The experiment results are shown in Fig 3. Results show that the success interaction rate with trust computing is higher than that without trust computing. From Figure 3, we can see that the changing of success interaction rate
is divided into two stages: decline stage and rise stage. The success interaction rate declines with malicious interactions at the beginning. After a time, the success interaction rate keeps rising. It is because that the system with trust computing
has begun to identify the malicious entities and refuse to provide service for them. The result shows that trust computing can enhance the anti-attack of the system because it can help to the system correctly identifying the malicious entities.
Fig. 3. Success interaction rate
4. Conclusions
Trust evaluation model is of importance to supporting system security. This paper has presented a trust
evaluation model based on evidence theory and sliding windows for cloud computing. The proposed model has
a number of advantages as follows. Firstly, it is simple to be executed. The time complexity of our algorithm is
O(n×m) if there are n CSPs and m CUs in the system. Secondly, the timeliness of interactions is reflected by
introducing sliding windows. In sliding window mechanism, interactions are divided into valid interactions and
invalid interactions. Only valid interactions can affect the trust degree of entities. So it improved the
extensibility of the system. Thirdly, the trust degree of entities changes dynamically according to the behavior
of entities based on D-S evidence theory. We evaluate the trust of both the CSPs and the CUs. In this way, we
can provide security protection for the CSPs and the CUs. Finally, it can help the system identifying malicious
entities to some extent and improve the success interaction rate. It enhances the anti-attack of the system.
Simulation experiments show that the trust degree of entities increases slowly and decreases quickly using our
model. It can effectively identify malicious entities, and provide reliable information to correctly make the
security decisions for the system. Future, we will look for ways to overcome the collusive deception behaviors.
And the data mining and knowledge discovery method will be combined with our trust evaluation model
to evaluate the changes of CUs and CSPs.