scispace - formally typeset
Search or ask a question
Book ChapterDOI

A Predictive Model for Risk and Trust Assessment in Cloud Computing: Taxonomy and Analysis for Attack Pattern Detection

TL;DR: The aim of the proposed solution is to combine information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns to detect the impact and likelihood of attacks directed at cloud computing environments.
Abstract: Cloud computing environments consist of many entities that have different roles, such as provider and customer, and multiple interactions amongst them Trust is an essential element to develop confidence-based relationships amongst the various components in such a diverse environment The current chapter presents the taxonomy of trust models and classification of information sources for trust assessment Furthermore, it presents the taxonomy of risk factors in cloud computing environment It analyses further the existing approaches and portrays the potential of enhancing trust development by merging trust assessment and risk assessment methodologies The aim of the proposed solution is to combine information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns Specifically, the approach suggests a new qualitative solution that could analyse each symptom, indicator, and vulnerability in order to detect the impact and likelihood of attacks directed at cloud computing environments Therefore, possible implementation of the proposed framework might help to minimise false positive alarms, as well as to improve performance and security, in the cloud computing environment

Summary (6 min read)

1.1 Introduction

  • Cloud computing environment combines known technologies, such as virtualization, big data, data warehousing and data mining.
  • Especially, for technological developments such as mobile applications and Internet-of-Things (IoT), a cloud computing environment becomes the preferred way of deployment.
  • Therefore, users might not be confident in terms of controlling the data stored in the cloud.
  • Firstly, basic vocabulary terms, such as vulnerability, risk, and threat, are usually adopted interchangeably.
  • In order to establish a clear understanding about cloud-specific security issues, an analysis of how cloud computing influences security issues is required.

1.2 Vulnerability: An Overview

  • Specifically, the ISO 27000 defines risk as “the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization” [11].
  • The Open Group has developed an overview of the factors contributing to risk [12].
  • The probable loss magnitude’s sub-factors influence a harmful event’s ultimate cost .
  • The frequency with which that develops is based on two factors: and 2) The difference between the threat agents’ attack capabilities and the sys- tem’s strength to resist the attack [11, 12].

1.2.1 Definition of Vulnerability

  • According to the aforementioned Open Group’s risk taxonomy factors a useful definition of vulnerability is developed.
  • It exists when there is a difference between the force being applied by the threat agent, and an object’s ability to resist that force [13].
  • The resistance of the car’s crumple zone is simply too weak compared to the truck’s force.
  • A buffer-overflow vulnerability weakens a system’s resistance to arbitrary code execution.
  • Whether attackers can exploit this vulnerability, or not, depends on how capable they are [5].

1.2.2 Vulnerabilities in Cloud Computing

  • Having defined and explained the term ‘vulnerability’, this section examines how cloud computing can influence the risk factors presented in Figure 1.
  • From a cloud-customer perspective, the right-hand side is related to the probable magnitude of future loss.
  • Specifically, cloud computing could cause significant changes in the vulnerability factors, because moving to a cloud infrastructure might alter the attackers’ access level and motivation, as well as effort and risk [15].
  • Depending on the context, the nature of interaction may differ.
  • Trust assessment in a cloud computing environment requires facilitation of a wide range of aspects involving services; such as software, platform, and infrastructure as a service, and deployment models; such as private, public, community, and hybrid [16].

1.3 Trust Assessment Models in Cloud Computing

  • A trust model is defined as a collection of rules, elements, and process’ to develop trust amongst the different entities in any computing paradigm.
  • Specifically, cloud computing environment components such as databases, virtual machines, cloud service providers, cloud service customers, and cloud services are examples of different entities.
  • Trust models are classified in two categories, decision models and evaluation models [17].
  • These models are applied to the cloud computing paradigm and are further developed through their connection with trust assessment techniques.
  • This leads to the development of taxonomy of trust models and trust assessment techniques.

1.3.1 Decision Models

  • The aim of a decision model is to provide an access control decision as a unique trust decision instead of following a relatively complex mechanism that includes authentication and authorization [5].
  • The policy model employs credentials and policies in order to control access to different resources.
  • The other type is the negotiation model that applies negotiation strategies in order to establish trust between two different entities [17].
  • Cloud service providers are not required to disclose the audit reports to the users [19].
  • In the cloud computing environment context, a Service Level Agreement (SLA) can be applied as a policy-based method that may provide trust assessment [6].

1.3.2 Evaluation Models

  • Evaluation models are defined as computational trust models; this is because trust assessment is dependent on evaluation of different parameters.
  • Specifically, these parameters categorise the evaluation models in behavior models and propagation models [6].
  • In propagation models, a new trust relationship is developed through the data distribution of pre-existing trust values in communication paths to other entities [21].
  • The measurement of trust may employ various methods like addition or averaging and fuzzy logic.
  • The resulting value of trust signifies the degree of cloud users’ trust to a specific cloud service [20].

1.4 Trust Assessment Information Sources in Cloud Computing

  • The cloud users’ service-related needs are constantly changing in the diverse environment of cloud computing.
  • The role of various factors, such as feedback, ratings, and Quality of Service (QoS), in trust assessment is very important.
  • In the following paragraphs, four trust assessment information sources are examined.
  • Specifically, direct and indirect interaction, Cloud Service Provider declarations, and Third Party assessment [6].
  • These information sources are, then, correlated with various factors of the cloud computing environment.

1.4.1 Direct Interaction

  • When a cloud user has past experiences with cloud services, then the source of information is the direct interaction between those two sides.
  • Specifically, this type of information can be expressed as ratings provided by the cloud user after interacting with a cloud service.
  • The factors for trust assessment can be in the form of QoS parameters and can be documented though monitoring during the process of interaction between a cloud service and a cloud user.
  • The advantage of storing and reviewing a cloud user’s previous experiences is that the most relevant information can be used for trust assessment.
  • Such reviews will also include information that is insufficient, and as a result, not suitable for the purpose of trust assessment [19].

1.4.2 Indirect Interaction

  • When a cloud user has insufficient, or no past experience with cloud services, then the source of information is the indirect interaction between a cloud user and a cloud service.
  • Specifically, assessment factors are calculated based on third party users’ experiences and can be in the form of feedback and/or ratings that are provided by third party cloud users regarding their cloud service experiences.
  • In addition, this type of information could be acquired through the processing of data recorded by the cloud service provider.
  • On the other hand, the information retrieved by third party users may be biased in terms of feedback quality and that is a potential concern.
  • Therefore, the feedback collected as part of indirect interaction could be employed as initial assessment until direct interaction is made available [21].

1.4.3 Cloud Service Provider declarations

  • A cloud service provider incorporates a set of parameters of cloud services that may include information related to privacy, security, integrity, and compliance.
  • Nevertheless, all this information is based on the assessment conducted and pub- lished by the cloud service providers themselves.
  • Therefore, the data authenticity needs to be confirmed [20].

1.4.4 Third Party Assessment

  • Third Party Auditor (TPA) in cloud computing is a mechanism that inspects cloud services by reflecting on parameters such as privacy, performance and security.
  • The reports generated by TPA form an objective and a formal source of information that may be used for trust assessment [22].

1.5 Trust Dimensions in Cloud Computing

  • A trust model measures the security strength and computes a trust value.
  • A trust value comprises of various parameters that are necessary dimensions to measure cloud services’ security.
  • In the consequent sections, the dimensions regarding effective trust assessment are identified.

1.5.1 Multi-Criteria

  • Trust assessment evaluation needs to entail various parameters like availability and reliability, in order to describe relevant qualities of the cloud provider and/or the cloud service [20].
  • Specifically, those parameters are categorised in objective and subjective parameters.
  • The objective parameters incorporate real-time measurement or ratings provided by users.
  • The subjective parameters incorporate factors such as feedback provided by third party cloud service customers [19].

1.5.2 Context

  • Each type of cloud service requires different performance specification based on the various applying scenarios.
  • Therefore, a trust model should consider the different types of cloud services applied.
  • The types that form distinct contexts for trust assessment are Platform as a Service (PaaS), and Software as a Service (SaaS) [23].

1.5.3 Pesronalisation

  • In the cloud computing environment, there is a wide variety of user requirements about the trust assessment of the previously mentioned cloud services.
  • A personalised service allows users to determine suitable requirements regarding trust evaluation from their perspective [6].
  • This enables users’ flexibility to specify their own unique preferences, needs, and information sources about trust assessment.

1.5.4 (De)-Centralised Trust Assessment

  • In the centralised trust assessment approach the architecture consists of a centralised repository that stores the trust assessment related data.
  • The mechanism can be simple to implement and the trust assessment data, such as ratings and processing are conducted in a centralised entity/site.
  • The main disadvantage is the possibility of failure of that centralised entity [21].
  • Furthermore, the de-centralised architecture allows computation of trust data and storage in multiple sites of the distributed cloud computing environment.
  • Therefore, it enables the scalability and redundancy characteristic to all its users.

1.5.5 Adaptability

  • In the various applications of a cloud computing environment there is a number of actors, such as cloud customer, cloud provider, cloud broker, cloud carrier, and cloud auditor, who could be situated around the globe.
  • In addition, new cloud providers may be added or current users may be withdrawn from the cloud computing environment.
  • In such a diverse environment with the potential for rapid change, alterations in the cloud infrastructure may occur constantly.
  • The term adaptability signifies the degree of which a trust evaluation model adapts to the aforementioned changes.

1.5.6 Credibility

  • In the trust evaluation context of a cloud computing environment, credibility refers to the degree of service parameters or the data quality given as input for the trust assessment process [6, 21].
  • Therefore, encouraging the credibility of cloud services or the credibility of feedback provided by the cloud users is an essential task.

1.5.7 Trust Dynamics

  • In the dynamic cloud computing environment associations between two or more different entities are not fixed but evolve with experience.
  • Therefore, trust amongst entities needs to be assessed and revised regularly [21].

1.6 Analysis of Trust Assessment Frameworks in Cloud Computing

  • In the last ten years, researchers have been investigating the various aspects of trust assessment in the cloud computing environment.
  • A series of important trust assessment frameworks are presented in the subsequent paragraphs.
  • This framework performs the trust assessment of cloud provider in the context of SaaS, PaaS and IaaS.
  • The first column of the table includes the Existing Work.
  • This analysis and taxonomy of information is considered crucial to better comprehend the novel approach recommended in the current research.

1.7.1 Intrusion Detection System

  • An IDS conducts a security system diagnosis to discover all suspicious activities based on detection algorithms.
  • Specifically, those systems can help to deter and prevent actions relat- ed to security breaches, system flaws, as well as potential threats that may lead to system violations [35].
  • On the other hand, an IDS system may detect many false actions, but it may also lead to a number of false positive alarms and authorized users identified as intruders.
  • In a cloud computing environment where all resources are shared amongst cloud customers, this point becomes even more critical.
  • In order to minimise the number of false positive alarms and improve the efficiency of attack detection in all cloud computing environments, the proposed framework includes both cloud service providers and cloud customers as part of the correlation process in all cloud layers (SaaS, PaaS, IaaS).

1.7.2 Risk Assessment System

  • According to the ISO 27005 Risk Management, risk is measured by evaluating the probability of successful attacks and the subsequent impact of those attacks, should they occur [5].
  • Specifically, the term Impact refers to the degree of which a risk event might affect an enterprise, expressed in terms of: Confidentiality, Integrity, and Authentication.
  • The term Likelihood refers to the possibility that a given event may occur [5].
  • The implementation of the aforementioned equation in the proposed framework aims to stimulate cloud customers to evaluate security risks and simplify the analysis of all identified events.

1.8 Proposed Framework for Attack Pattern Detection through Trust and Risk Assessment

  • The proposed framework is a predictive model that detects attack patterns based on trust assessment and risk assessment analysis.
  • The proposed framework applies a correlation process that intends to unify different steps of correlation by adding risk and trust assessment analysis in the diagnosis step, before the taxonomy step takes place.
  • The pseudonymised information from those two databases is then combined in the Processing Knowledge Base.
  • The Decision Making server determines the impact of each attack pattern and the risk of the attack.
  • The Impact (Im) is a value consisting of the following indicators: Trust Assessment Indicator (TaI), Vulnerability (Vu) and Symptoms (Sy).

1.9 Recommendations for further research and Conclusion

  • In the current study a taxonomy and analysis of risk and trust assessment techniques in the cloud computing paradigm are presented.
  • Furthermore, information sources and factors for trust assessment are categorised.
  • The analysis of the techniques studied shows that most of the approaches should involve both cloud providers and cloud customers in the process of attack pattern detection.
  • These factors keep changing in the dynamic and constantly evolving cloud computing paradigm.
  • Therefore, risk and trust assessment needs of cloud providers and cloud customers’ have to be addressed in more detail.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

A Predictive Model for Risk and Trust
Assessment in Cloud Computing: Taxonomy
and Analysis for Attack Pattern Detection
Alexandros Chrysikos
1
, Stephen McGuire
2
1
Dr. Alexandros Chrysikos, Cyber Security Research Group, School of
Computing & Digital Media, London Metropolitan University, London, UK.
A.Chrysikos@londonmet.ac.uk
2
Stephen McGuire, School of Computing, University of Huddersfield, UK.
S.Mcquire@hud.ac.uk
Abstract: Cloud computing environments consist of many entities that have dif-
ferent roles, such as provider and customer, and multiple interactions amongst
them. Trust is an essential element to develop confidence-based relationships
amongst the various components in such a diverse environment. The current chap-
ter presents the taxonomy of trust models and classification of information sources
for trust assessment. Furthermore, it presents the taxonomy of risk factors in cloud
computing environment. It analyses further the existing approaches and portrays
the potential of enhancing trust development by merging trust assessment and risk
assessment methodologies. The aim of the proposed solution is to combine infor-
mation sources collected from various trust and risk assessment systems deployed
in cloud services, with data related to attack patterns. Specifically, the approach
suggests a new qualitative solution that could analyse each symptom, indicator,
and vulnerability in order to detect the impact and likelihood of attacks directed at
cloud computing environments. Therefore, possible implementation of the pro-
posed framework might help to minimise false positive alarms, as well as to im-
prove performance and security, in the cloud computing environment.
Keywords: Cloud computing environment, Trust Assessment, Risk Assess-
ment, Taxonomy, Attack Pattern, Detection, Framework
1.1 Introduction
Cloud computing environment combines known technologies, such as virtual-
ization, big data, data warehousing and data mining. The advantages that it pro-
vides are increased performance, ease of deployment, elasticity of a service, and

2
anytime-anywhere access. A cloud computing environment with the aforemen-
tioned benefits, as well as its dynamic resource sharing and its cost effectiveness,
draws the attention of many enterprises and individual users [1]. Especially, for
technological developments such as mobile applications and Internet-of-Things
(IoT), a cloud computing environment becomes the preferred way of deployment.
Cloud services are provided dynamically to its users in a non-transparent man-
ner. Due to its complex infrastructure, it exhibits heterogeneous capabilities of
services and resources [2, 3]. Therefore, users might not be confident in terms of
controlling the data stored in the cloud. In addition, safeguarding users’ privacy
and providing secure cloud based transactions is challenging. Establishing con-
sistent operational practices and performance, as well as reliable cloud services
has also a level of difficulty. Therefore, from a cloud-user point of view, the relia-
bility of a cloud service is an important issue [4].
Every day a new announcement is released regarding cloud computing threats
and security risks. Furthermore, security is highlighted as the most critical obsta-
cle in adapting cloud computing for a service [5]. As a result, cloud computing se-
curity issues lead to difficulties in terms of developing a well-defined assessment
structure regarding the actual impact on security. This is justified by two key rea-
sons. Firstly, basic vocabulary terms, such as vulnerability, risk, and threat, are
usually adopted interchangeably. Secondly, not all issues identified are specifical-
ly related to cloud computing [6, 7]. In order to establish a clear understanding
about cloud-specific security issues, an analysis of how cloud computing influ-
ences security issues is required. A key factor is security vulnerabilities [8, 9].
This is important because security vulnerabilities could function as indicators that
could in turn help detect cloud computing based attack patterns and vulnerabili-
ties. Before expanding on that, though, it is important to first establish what is a
'vulnerability'?
1.2 Vulnerability: An Overview
Vulnerability is characterised as a prominent risk factor [10]. Specifically, the
ISO 27000 defines risk as the potential that a given threat will exploit vulnerabil-
ities of an asset or group of assets and thereby cause harm to the organization
[11]. The Open Group has developed an overview of the factors contributing to
risk [12]. Specifically, as presented in Figure 1 it uses the same two top-level risk
factors as ISO 27000, the likelihood of a harmful event (in diagram: loss event
frequency) and its consequence (in diagram, probable loss magnitude). The proba-
ble loss magnitude’s sub-factors influence a harmful event’s ultimate cost (see
Figure 1 on the right). On other hand, the loss event’s frequency sub-factors occur

3
when a threat agent, for instance a hacker, successfully exploits a vulnerability
(see Figure 1 on the left). The frequency with which that develops is based on two
factors:
1) The frequency is determined by both the agent’s motivation and how much
access the agents have to the attack targets. What is the level of effort?
What is the risk level for the attackers? What can they gain from the at-
tack? and
2) The difference between the threat agents’ attack capabilities and the sys-
tem’s strength to resist the attack [11, 12].
Figure 1: Taxonomy of Risk Factors (Open Group) based on [11]
1.2.1 Definition of Vulnerability
According to the aforementioned Open Group’s risk taxonomy factors a useful
definition of vulnerability is developed. Vulnerability is defined as the probability
that an asset will be unable to resist the actions of a threat agent. It exists when
there is a difference between the force being applied by the threat agent, and an
object’s ability to resist that force [13].
Thus, vulnerability should always be expressed in terms of resistance to a cer-
tain attack type. For instance, in a real world example, a car is not able to protect
its driver against injury when hit frontally by a truck traveling at 60mph, is a vul-

4
nerability. The resistance of the car’s crumple zone is simply too weak compared
to the truck’s force. On the other hand, against the “attack” of a biker, or even a
small car driving at a more moderate speed, the car’s resistance strength is perfect-
ly adequate [12].
Computer vulnerability can also be described as a removal or weakening of a
certain resistance strength. For example, a buffer-overflow vulnerability weakens
a system’s resistance to arbitrary code execution. Whether attackers can exploit
this vulnerability, or not, depends on how capable they are [5].
1.2.2 Vulnerabilities in Cloud Computing
Having defined and explained the term ‘vulnerability, this section examines
how cloud computing can influence the risk factors presented in Figure 1. From a
cloud-customer perspective, the right-hand side is related to the probable magni-
tude of future loss. Similarly to conventional IT infrastructure, in cloud computing
the consequences and ultimate cost of, for instance, data confidentiality breach, is
the same [14]. From a cloud-service perspective it looks a bit different. Cloud
computing systems were previously separated on the same infrastructure; there-
fore, a loss event could be more impactful. However, this fact can be easily in-
cluded into a risk assessment, as no conceptual work is required to adapt impact
analysis to cloud computing [8].
The left-hand side, in Figure 1, deals with the loss event frequency. Cloud
computing could potentially alter the probability of a harmful event’s occurrence.
Specifically, cloud computing could cause significant changes in the vulnerability
factors, because moving to a cloud infrastructure might alter the attackers’ access
level and motivation, as well as effort and risk [15]. To support a cloud-specific
risk assessment it is important to start investigating the exact nature of cloud-
specific vulnerabilities. However, is there such thing as a “cloud-specific” vulner-
ability? If so, certain factors in a cloud computing environment should make a
vulnerability cloud-specific.
A cloud computing environment consists of many components with different
roles that need to interact with each other. Depending on the context, the nature of
interaction may differ. Trust is an essential aspect to achieve confidence-based in-
teractions amongst various entities in a cloud computing environment. Therefore,
the taxonomy of trust models and classification of information sources for cloud-
specific risk assessment is needed for an effective trust assessment in a cloud
computing environment. This in return might help identify factors that make a
vulnerability cloud specific.

5
Trust assessment in a cloud computing environment requires facilitation of a
wide range of aspects involving services; such as software, platform, and infra-
structure as a service, and deployment models; such as private, public, communi-
ty, and hybrid [16]. For that reason, the evolving dynamic of trust relationships
amongst those entities makes trust assessment a vital area that needs addressing.
In the following sections the taxonomy of trust assessment models, trust assess-
ment information sources, and trust dimensions in cloud computing are presented.
1.3 Trust Assessment Models in Cloud Computing
A trust model is defined as a collection of rules, elements, and process to de-
velop trust amongst the different entities in any computing paradigm. Specifically,
cloud computing environment components such as databases, virtual machines,
cloud service providers, cloud service customers, and cloud services are examples
of different entities. Trust models are classified in two categories, decision models
and evaluation models [17]. These models are applied to the cloud computing par-
adigm and are further developed through their connection with trust assessment
techniques. This leads to the development of taxonomy of trust models and trust
assessment techniques. Figure 2 presents taxonomy of trust models, in the follow-
ing sections a detailed description is provided.
Figure 2: Taxonomy of Trust Assessment Models based on [17]

Citations
More filters
01 Jan 2018
TL;DR: This paper aims to solve the problems in a trust management-based model by introducing a credibility model on top of a new trust management model, which addresses these use-cases, and also provides reliability and availability.
Abstract: Cloud services have become predominant in the current technological era. For the rich set of features provided by cloud services, consumers want to access the services while protecting their privacy. In this kind of environment, protection of cloud services will become a significant problem. So, research has started for a system, which lets the users access cloud services without losing the privacy of their data. Trust management and identity model makes sense in this case. The identity model maintains the authentication and authorization of the components involved in the system and trust-based model provides us with a dynamic way of identifying issues and attacks with the system and take appropriate actions. Further, a trust management-based system provides us with a new set of challenges such as reputation-based attacks, availability of components, and misleading trust feedbacks. Collusion attacks and Sybil attacks form a significant part of these challenges. This paper aims to solve the above problems in a trust management-based model by introducing a credibility model on top of a new trust management model, which addresses these use-cases, and also provides reliability and availability.

31 citations

Journal ArticleDOI
TL;DR: In this paper, an Efficient Dempster Shafer algorithm for Classification is proposed for analyzing the risks with the cloud service providers based on CAI Questionnaires in which 16 different parameters of CAIQ are classified and reduced to three different risk parameters such as privacy risk, security risk and service risk.
Abstract: Cloud is an environment where the resources are outsourced as service to the cloud consumers based on their demand. The cloud providers follows pay as you go model for charging the service provided to the cloud consumer. In recent days the number of cloud consumers increases tremendously which results in increase of the cloud providers. Since there exists many numbers of providers in the cloud environment, the cloud consumers are unhinged in selecting an ideal cloud provider for their needs, as they were unaware of risks with them. Hence the proposed work indulges in supporting the cloud consumers for selecting an optimal cloud service provider by analyzing the risks with them. An Efficient Dempster Shafer algorithm for Classification is proposed for analyzing the risks with the cloud service providers. The analysis is based on CAI Questionnaires in which 16 different parameters of CAIQ are classified and reduced to three different risk parameters such as privacy risk, security risk and service risk. Six different providers are analysed where all the three levels of risks are estimated for each providers and are compared to each other based on both total risks at each parameter and overall risk rate of the providers. The accuracy of classification of the proposed algorithm is compared with two other algorithms and found that the proposed one is efficient with 94.6% efficiency.

3 citations

Proceedings ArticleDOI
01 Sep 2019
TL;DR: A comprehensive taxonomy for cloud specific vulnerabilities is proposed on the basis of several parameters like attack vector, CVSS score, complexity etc which will be further act as input for the analysis and mitigation of cloud vulnerabilities.
Abstract: The world is witnessing an exceptional expansion in the cloud enabled services which is further growing day by day due to advancement & requirement of technology. However, the identification of vulnerabilities & its exploitation in the cloud computing will always be the major challenge and concern for any cloud computing system. To understand the challenges and its consequences and further provide mitigation techniques for the vulnerabilities, the identification of cloud specific vulnerabilities needs to be examined first and after identification of vulnerabilities a detailed taxonomy must be positioned. In this paper several cloud specific identified vulnerabilities have been studied which is listed by the NVD, ENISA CSA etc accordingly a unified taxonomy for security vulnerabilities has been prepared. In this paper we proposed a comprehensive taxonomy for cloud specific vulnerabilities on the basis of several parameters like attack vector, CVSS score, complexity etc which will be further act as input for the analysis and mitigation of cloud vulnerabilities. Scheming of Taxonomy of vulnerabilities is an effective way for cloud administrators, cloud mangers, cloud consumers and other stakeholders for identifying, understanding and addressing security risks.

2 citations


Cites background from "A Predictive Model for Risk and Tru..."

  • ...handle the cloud specific vulnerabilities and its further mitigation taxonomy must be prepared for the categorisation of above vulnerability [10,12]....

    [...]

Proceedings ArticleDOI
01 Nov 2019
TL;DR: This paper aims at identifying how users or consumers of Cloud services measure trust on cloud computing services, and presents a comprehensive mapping of works that deal with cloud trust aspects from user perspective.
Abstract: Information Security is an aggregation of people effort, processes and technology to help organizations at providing confidentiality, integrity and availability in their information assets. Nowadays, almost all technology services are heavily dependent on cloud computing under their various forms of service models. We realize there are weaknesses in cloud services concerning issues of performance, reliability, security, and privacy, among other issues. Cloud services consumers do not have enough information on these issues neither on compliance with laws and regulations. In this paper, we present a comprehensive mapping of works that deal with cloud trust aspects from user perspective. We aim at identifying how users or consumers of Cloud services measure trust on cloud computing services. Our main contributions are: (i) an updated study on the state of the art of cloud trust models; (ii) a taxonomy of characteristics and contributions to cloud trust; (iii) a discussion on works which present hard problems of research on cloud trust models and gaps of contributions in the literature.

2 citations


Cites background from "A Predictive Model for Risk and Tru..."

  • ...A taxonomy of trust models and classification of information sources for trust assessment is presented in [7]; it presents the taxonomy of risk factors in a cloud computing environment aimed at combining information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns....

    [...]

Book ChapterDOI
01 Jan 2020
TL;DR: A conceptual framework with indicators and processes for trust assessment of cloud computing environments, a lightweight ontology of key concepts of trust assessment, and an application scenario to illustrate the practical adequacy of the conceptual framework are presented.
Abstract: Consumers are heavily dependent on secure and reliable cloud computing services. However, there are various shortcomings in cloud services, such as those concerning performance, security, trust and privacy, among others. Cloud services consumers do not have enough information on these critical issues neither on compliance with laws and regulations. We present a conceptual framework for trust assessment of cloud computing environments. Our proposal is based on a consumer-centric approach, since it deals with cloud trust aspects from the perspective of end users. For this purpose, metrics and indicators are proposed to allow consumers to assess the trust of cloud services providers. Our contributions are: (1) a conceptual framework with indicators and processes for trust assessment; (2) a lightweight ontology of key concepts of trust assessment; and (3) an application scenario to illustrate the practical adequacy of the conceptual framework.

2 citations

References
More filters
ReportDOI
28 Sep 2011
TL;DR: This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Abstract: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

15,145 citations


"A Predictive Model for Risk and Tru..." refers background in this paper

  • ...trust assessment are Platform as a Service (PaaS), and Software as a Service (SaaS) [23]....

    [...]

Journal ArticleDOI
TL;DR: A survey of the different security risks that pose a threat to the cloud is presented and a new model targeting at improving features of an existing model must not risk or threaten other important features of the current model.

2,511 citations

Proceedings ArticleDOI
25 Aug 2009
TL;DR: This paper develops a comprehensive taxonomy for describing cloud computing architecture and uses this taxonomy to survey several existing cloud computing services developed by various projects world-wide, to identify similarities and differences of the architectural approaches of cloud computing.
Abstract: The computational world is becoming very large and complex. Cloud Computing has emerged as a popular computing model to support processing large volumetric data using clusters of commodity computers. According to J.Dean and S. Ghemawat [1], Google currently processes over 20 terabytes of raw web data. It's some fascinating, large-scale processing of data that makes your head spin and appreciate the years of distributed computing fine-tuning applied to today's large problems. The evolution of cloud computing can handle such massive data as per on demand service. Nowadays the computational world is opting for pay-for-use models and Hype and discussion aside, there remains no concrete definition of cloud computing. In this paper, we first develop a comprehensive taxonomy for describing cloud computing architecture. Then we use this taxonomy to survey several existing cloud computing services developed by various projects world-wide such as Google, force.com, Amazon. We use the taxonomy and survey results not only to identify similarities and differences of the architectural approaches of cloud computing, but also to identify areas requiring further research.

1,425 citations

Proceedings ArticleDOI
14 Mar 2010
TL;DR: This paper utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements.
Abstract: Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

1,408 citations

Proceedings ArticleDOI
20 Apr 2010
TL;DR: This paper first discusses two related computing paradigms - Service-Oriented Computing and Grid computing, and their relationships with Cloud computing, then identifies several challenges from the Cloud computing adoption perspective.
Abstract: Many believe that Cloud will reshape the entire ICT industry as a revolution. In this paper, we aim to pinpoint the challenges and issues of Cloud computing. We first discuss two related computing paradigms - Service-Oriented Computing and Grid computing, and their relationships with Cloud computing We then identify several challenges from the Cloud computing adoption perspective. Last, we will highlight the Cloud interoperability issue that deserves substantial further research and development.

1,298 citations


"A Predictive Model for Risk and Tru..." refers background in this paper

  • ...A cloud computing environment with the aforementioned benefits, as well as its dynamic resource sharing and its cost effectiveness, draws the attention of many enterprises and individual users [1]....

    [...]

Frequently Asked Questions (2)
Q1. What are the contributions mentioned in the paper "A predictive model for risk and trust assessment in cloud computing: taxonomy and analysis for attack pattern detection" ?

The aim of the proposed solution is to combine information sources collected from various trust and risk assessment systems deployed in cloud services, with data related to attack patterns. Specifically, the approach suggests a new qualitative solution that could analyse each symptom, indicator, and vulnerability in order to detect the impact and likelihood of attacks directed at cloud computing environments. 

Finally, future work should test the implementation of the suggested framework in an actual cloud computing environment.