Talal H. Noor, Quan Z. Sheng, Lina Yao,

Slides:

Advertisements

Similar presentations

A Trust Management Framework for Service-Oriented Environments William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, and Klara Nahrstedt

Advertisements

Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.

Trust Management of Services in Cloud Environments:

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Modeling Pixel Process with Scale Invariant Local Patterns for Background Subtraction in Complex Scenes (CVPR’10) Shengcai Liao, Guoying Zhao, Vili Kellokumpu,

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Locality Optimizations in OceanStore Patrick R. Eaton Dennis Geels An introduction to introspective techniques for exploiting locality in wide area storage.

Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)

RATEWeb: Reputation Assessment Framework for Trust Establishment among Web Services Zaki Malik, Athman Bouguettaya Hung-Yuan Chung Yen-Cheng Lu.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

A User Experience-based Cloud Service Redeployment Mechanism KANG Yu.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Business Process Performance Prediction on a Tracked Simulation Model Andrei Solomon, Marin Litoiu– York University.

Free-riding and incentives in P2P systems name:Michel Meulpolder date:September 8, 2008 event:Tutorial IEEE P2P 2008.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.

FaceTrust: Assessing the Credibility of Online Personas via Social Networks Michael Sirivianos, Kyungbaek Kim and Xiaowei Yang in collaboration with J.W.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

A Framework For User Feedback Based Cloud Service Monitoring

BFTCloud: A Byzantine Fault Tolerance Framework for Voluntary-Resource Cloud Computing Yilei Zhang, Zibin Zheng, and Michael R. Lyu

20 October 2006Workflow Optimization in Distributed Environments Dynamic Workflow Management Using Performance Data David W. Walker, Yan Huang, Omer F.

NEURAL NETWORKS FOR DATA MINING

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

 Three-Schema Architecture Three-Schema Architecture  Internal Level Internal Level  Conceptual Level Conceptual Level  External Level External Level.

1 ACTIVE FAULT TOLERANT SYSTEM for OPEN DISTRIBUTED COMPUTING (Autonomic and Trusted Computing 2006) Giray Kömürcü.

Job scheduling algorithm based on Berger model in cloud environment Advances in Engineering Software (2011) Baomin Xu,Chunyan Zhao,Enzhao Hua,Bin Hu 2013/1/251.

WSP: A Network Coordinate based Web Service Positioning Framework for Response Time Prediction Jieming Zhu, Yu Kang, Zibin Zheng and Michael R. Lyu The.

Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.

Peer-to-Peer Systems: An Overview Hongyu Li. Outline  Introduction  Characteristics of P2P  Algorithms  P2P Applications  Conclusion.

Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.

Cloud Multi-domain Access Control Model Based on Role and Trust-degree Lixia Xie Chong Wang School of Computer Science and Technology Civil Aviation University.

Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University.

18 May 2006CCGrid2006 Dynamic Workflow Management Using Performance Data Lican Huang, David W. Walker, Yan Huang, and Omer F. Rana Cardiff School of Computer.

Dynamic Resource Allocation for Shared Data Centers Using Online Measurements By- Abhishek Chandra, Weibo Gong and Prashant Shenoy.

DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.

OceanStore : An Architecture for Global-Scale Persistent Storage Jaewoo Kim, Youngho Yi, Minsik Cho.

Presented by Edith Ngai MPhil Term 3 Presentation

Author(s): Rahul Sami, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution Noncommercial.

Lan Zhou, Vijay Varadharajan, and Michael Hitchens

Edinburgh Napier University

QianZhu, Liang Chen and Gagan Agrawal

Information Technology - Information Networks

Analyzing Security and Energy Tradeoffs in Autonomic Capacity Management Wei Wu.

Presented by Prashant Duhoon

Environment-Aware Reputation Management for Ad Hoc Networks

Replication Middleware for Cloud Based Storage Service

De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.

What is the Azure SQL Datawarehouse?

Providing Secure Storage on the Internet

Student: Fang Hui Supervisor: Teo Yong Meng

Fault Tolerance Distributed Web-based Systems

Autonomous Aggregate Data Analytics in Untrusted Cloud

Author(s): Rahul Sami, 2009 License: Unless otherwise noted, this material is made available under the terms of the Creative Commons Attribution Noncommercial.

Consistency and Replication

Design pattern for cloud Application

Pei Fan*, Ji Wang, Zibin Zheng, Michael R. Lyu

Pinjia He, Jieming Zhu, Jianlong Xu, and

Active Directory Sites

Spectrum Sharing in Cognitive Radio Networks

Replica Placement Model: We consider objects (and don’t worry whether they contain just data or code, or both) Distinguish different processes: A process.

Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.

Helen: Maliciously Secure Coopetitive Learning for Linear Models

A Trust Evaluation Framework in Distributed Networks: Vulnerability Analysis and Defense Against Attacks IEEE Infocom

Online rating system credibility

L. Glimcher, R. Jin, G. Agrawal Presented by: Leo Glimcher

Presentation transcript:

CloudArmor: Supporting Reputation-Based Trust Management for Cloud Services Talal H. Noor, Quan Z. Sheng, Lina Yao, Schahram Dustdar, Anne H.H. Ngu

Outline Introduction The CloudArmor Framework Zero-Knowledge Credibility Proof Protocol The Credibility Model The Availability Model Implementation and Experimental Evaluation Conclusion

Key Issues of Trust Management Cloud services are highly dynamic, distributed, and non-transparent. Challenges: Privacy: Consumer’s privacy. Sensitive information, behavioral information, consumers’ data. Security: Cloud services protection. Misleading feedbacks, creating several accounts, Hard to predict when the malicious behaviors occur. Availability: Trust management service’s (TMS) availability. Should be adaptive and highly scalable.

Features of the CloudArmor Zero-knowledge credibility proof protocol. (Section 3) Preserve the consumer’s privacy Enable TMS to prove the credibility of a particular consumer’s feedback. A credibility model. (Section 4) Collusion detection: Feedback Density, Occasional Feedback Collusion. Sybil attack detection: Multi-identity recognition, occasional Sybil attacks. An availability model. (Section 5) #TMS nodes – operational power metric. #replicas for each node – replication determination metric.

Architecture of the CloudArmor

Zero-Knowledge Credibility Proof Protocol Sybil attacks Identity management service Trust management service Invocations history records: Trust Results:

Assumptions and attack models TMS is handled by a Trusted Third Party. TMS communications are secure. Attacks Models: Collusion attacks, also known as collusive malicious feedback behaviors. self-promoting attacks. slander attacks. can occur in a non-collusive way. Sybil attacks. malicious users have multiple identities to give misleading feedbacks. whitewashing attacks.

The Credibility Model Feedback Collusion Detection Feedback Density Occasional Feedback Collusion Sybil Attacks Detection Multi-Identity Recognition Occasional Sybil Attacks Feedback Credibility Change Rate of Trust Results

Feedback Density The feedback density of a certain cloud service: 𝑠 𝑥 =89% 𝑠 𝑦 =92% Feedback Density The feedback density of a certain cloud service: The feedback volume collusion factor: 𝐷 𝑥 = 20 150×(1+ 60 150 ) =0.0953 𝐷 𝑦 = 5 150×(1+ 136 150 ) =0.0175

Occasional Feedback Collusion Since collusion attacks against cloud services occur sporadically, we consider time as an important factor in detecting occasional and periodic collusion attacks. The occasional feedback collusion factor 𝒪 𝑓 𝑠, 𝑡 0 ,𝑡 of cloud service 𝑠 in a period of time [ 𝑡 0 ,𝑡]:

Multi-Identity Recognition The main goal of this factor is to protect cloud services from malicious users who use multiple identities (i.e., Sybil attacks) to manipulate the trust results. The frequency of a particular credential attribute: The multi-identity recognition factor: Trust Identity Registry Consumer’s Primary Identity-Credentials’ Attributes Matrix (IM) Multi-identity Recognition Matrix (MIRM)

Occasional Sybil Attacks The sudden changes in the total number of established identities indicates a possible occasional Sybil attack. The occasional Sybil attacks factor 𝒪 𝑖 𝑠, 𝑡 0 ,𝑡 of cloud service 𝑠 in a period of time [ 𝑡 0 ,𝑡]:

Feedback Credibility TMS dilutes the influence of those misleading feedbacks by assigning the credibility aggregated weights to each trust feedback as shown in The aggregated weights:

Change Rate of Trust Results To allow TMS to adjust trust results for cloud services that have been affected by malicious behaviors, we introduce an additional factor called the change rate of trust results. The change rate of trust results factor: The change rate of trust results is designed to limit the rewards to cloud services that are affected by slandering attacks because TMS can dilute the increased trust results from self-promoting attacks using the credibility factors.

The Availability Model Factors used to spread distributed TMS nodes to manage trust feedbacks. Operational power: Compare the workload for a particular TMS node with the average workload of all TMS nodes Replication determination: Minimize the possibility of the crashing of a node hosting a TMS instance.

Operational power The operational power factor of a particular TIMS node is calculated as the mean of Euclidean distance and the TMS node workload. Based on operational power, TMS uses a workload threshold to automatically adjust the number of nodes as follows.

Replication determination To predict the availability of a node, TMS instance’s availability is modeled using the point availability model d, where the point availability probability is denoted as The failure free density function: The renewal density function:

Replication determination The Laplace transform of the point availability probability: In time domain, it can be obtained using

TMS instance’s availability prediction The prediction model is defined via state function and measurement function. The particle filtering technique is used to estimate and track the availability.

Particle filtering algorithm

The number of replicas At least one replica is available, represented as Then the optimal number of TMS instance’s replicas is calculated as

Trust result caching Used to cache the trust results and credibility weights based on the number of new trust feedbacks to avoid unnecessary computations. Two thresholds controls the TMS update of the trust result in the cache: The number of new trust feedbacks given by a particular consumer The number of new feedbacks given to a particular cloud service

Trust results caching

Instances management Main instance (one): Normal instances (the rest): Optimal number of nodes estimation Feedbacks reallocation Trust result caching (consumer side) Availability of each node prediction TMS instance replication Normal instances (the rest): Trust assessment and feedback storage Trust result caching (cloud service side) Frequency table update

Instances management Each TMS instance is responsible for feedbacks given to asset of cloud services and updates the frequency table.

Credibility model evaluation – Attacking behavior models

Credibility model evaluation Collusion attacks Sybil attacks

Availability model evaluation

Availability model evaluation--Reallocation

Conclusion Cloud service users’ feedback is a good source to assess the overall trustworthiness of cloud services. Introduce a credibility model that not only identifies misleading trust feedbacks from collusion attacks but also detects Sybil attacks. Develop an availability model that maintains the trust management service at a desired level. The experimental results demonstrate the applicability of the approach and show the capability of detecting such malicious behaviors.

Thanks