Presentation is loading. Please wait.

Presentation is loading. Please wait.

Talal H. Noor, Quan Z. Sheng, Lina Yao,

Published byMartha Waters Modified over 6 years ago

Similar presentations

Presentation on theme: "Talal H. Noor, Quan Z. Sheng, Lina Yao,"— Presentation transcript:

1 CloudArmor: Supporting Reputation-Based Trust Management for Cloud Services
Talal H. Noor, Quan Z. Sheng, Lina Yao, Schahram Dustdar, Anne H.H. Ngu

2 Outline Introduction The CloudArmor Framework
Zero-Knowledge Credibility Proof Protocol The Credibility Model The Availability Model Implementation and Experimental Evaluation Conclusion

3 Key Issues of Trust Management
Cloud services are highly dynamic, distributed, and non-transparent. Challenges: Privacy: Consumer’s privacy. Sensitive information, behavioral information, consumers’ data. Security: Cloud services protection. Misleading feedbacks, creating several accounts, Hard to predict when the malicious behaviors occur. Availability: Trust management service’s (TMS) availability. Should be adaptive and highly scalable.

4 Features of the CloudArmor
Zero-knowledge credibility proof protocol. (Section 3) Preserve the consumer’s privacy Enable TMS to prove the credibility of a particular consumer’s feedback. A credibility model. (Section 4) Collusion detection: Feedback Density, Occasional Feedback Collusion. Sybil attack detection: Multi-identity recognition, occasional Sybil attacks. An availability model. (Section 5) #TMS nodes – operational power metric. #replicas for each node – replication determination metric.

5 Architecture of the CloudArmor

6 Zero-Knowledge Credibility Proof Protocol
Sybil attacks Identity management service Trust management service Invocations history records: Trust Results:

7 Assumptions and attack models
TMS is handled by a Trusted Third Party. TMS communications are secure. Attacks Models: Collusion attacks, also known as collusive malicious feedback behaviors. self-promoting attacks. slander attacks. can occur in a non-collusive way. Sybil attacks. malicious users have multiple identities to give misleading feedbacks. whitewashing attacks.

8 The Credibility Model Feedback Collusion Detection
Feedback Density Occasional Feedback Collusion Sybil Attacks Detection Multi-Identity Recognition Occasional Sybil Attacks Feedback Credibility Change Rate of Trust Results

9 Feedback Density The feedback density of a certain cloud service:
𝑠 𝑥 =89% 𝑠 𝑦 =92% Feedback Density The feedback density of a certain cloud service: The feedback volume collusion factor: 𝐷 𝑥 = ×( ) =0.0953 𝐷 𝑦 = 5 150×( ) =0.0175

10 Occasional Feedback Collusion
Since collusion attacks against cloud services occur sporadically, we consider time as an important factor in detecting occasional and periodic collusion attacks. The occasional feedback collusion factor 𝒪 𝑓 𝑠, 𝑡 0 ,𝑡 of cloud service 𝑠 in a period of time [ 𝑡 0 ,𝑡]:

11 Multi-Identity Recognition
The main goal of this factor is to protect cloud services from malicious users who use multiple identities (i.e., Sybil attacks) to manipulate the trust results. The frequency of a particular credential attribute: The multi-identity recognition factor: Trust Identity Registry Consumer’s Primary Identity-Credentials’ Attributes Matrix (IM) Multi-identity Recognition Matrix (MIRM)

12 Occasional Sybil Attacks
The sudden changes in the total number of established identities indicates a possible occasional Sybil attack. The occasional Sybil attacks factor 𝒪 𝑖 𝑠, 𝑡 0 ,𝑡 of cloud service 𝑠 in a period of time [ 𝑡 0 ,𝑡]:

13 Feedback Credibility TMS dilutes the influence of those misleading feedbacks by assigning the credibility aggregated weights to each trust feedback as shown in The aggregated weights:

14 Change Rate of Trust Results
To allow TMS to adjust trust results for cloud services that have been affected by malicious behaviors, we introduce an additional factor called the change rate of trust results. The change rate of trust results factor: The change rate of trust results is designed to limit the rewards to cloud services that are affected by slandering attacks because TMS can dilute the increased trust results from self-promoting attacks using the credibility factors.

15 The Availability Model
Factors used to spread distributed TMS nodes to manage trust feedbacks. Operational power: Compare the workload for a particular TMS node with the average workload of all TMS nodes Replication determination: Minimize the possibility of the crashing of a node hosting a TMS instance.

16 Operational power The operational power factor of a particular TIMS node is calculated as the mean of Euclidean distance and the TMS node workload. Based on operational power, TMS uses a workload threshold to automatically adjust the number of nodes as follows.

17 Replication determination
To predict the availability of a node, TMS instance’s availability is modeled using the point availability model d, where the point availability probability is denoted as The failure free density function: The renewal density function:

18 Replication determination
The Laplace transform of the point availability probability: In time domain, it can be obtained using

19 TMS instance’s availability prediction
The prediction model is defined via state function and measurement function. The particle filtering technique is used to estimate and track the availability.

20 Particle filtering algorithm

21 The number of replicas At least one replica is available, represented as Then the optimal number of TMS instance’s replicas is calculated as

22 Trust result caching Used to cache the trust results and credibility weights based on the number of new trust feedbacks to avoid unnecessary computations. Two thresholds controls the TMS update of the trust result in the cache: The number of new trust feedbacks given by a particular consumer The number of new feedbacks given to a particular cloud service

23 Trust results caching

24 Instances management Main instance (one): Normal instances (the rest):
Optimal number of nodes estimation Feedbacks reallocation Trust result caching (consumer side) Availability of each node prediction TMS instance replication Normal instances (the rest): Trust assessment and feedback storage Trust result caching (cloud service side) Frequency table update

25 Instances management Each TMS instance is responsible for feedbacks given to asset of cloud services and updates the frequency table.

26 Credibility model evaluation – Attacking behavior models

27 Credibility model evaluation
Collusion attacks Sybil attacks

28 Availability model evaluation

29 Availability model evaluation--Reallocation

30 Conclusion Cloud service users’ feedback is a good source to assess the overall trustworthiness of cloud services. Introduce a credibility model that not only identifies misleading trust feedbacks from collusion attacks but also detects Sybil attacks. Develop an availability model that maintains the trust management service at a desired level. The experimental results demonstrate the applicability of the approach and show the capability of detecting such malicious behaviors.

31 Thanks

Download ppt "Talal H. Noor, Quan Z. Sheng, Lina Yao,"

Similar presentations

A Trust Management Framework for Service-Oriented Environments William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, and Klara Nahrstedt

A Trust Management Framework for Service-Oriented Environments William Conner, Arun Iyengar, Thomas Mikalsen, Isabelle Rouvellou, and Klara Nahrstedt
Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.

Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Modeling Pixel Process with Scale Invariant Local Patterns for Background Subtraction in Complex Scenes (CVPR’10) Shengcai Liao, Guoying Zhao, Vili Kellokumpu,

Modeling Pixel Process with Scale Invariant Local Patterns for Background Subtraction in Complex Scenes (CVPR’10) Shengcai Liao, Guoying Zhao, Vili Kellokumpu,
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Locality Optimizations in OceanStore Patrick R. Eaton Dennis Geels An introduction to introspective techniques for exploiting locality in wide area storage.

Locality Optimizations in OceanStore Patrick R. Eaton Dennis Geels An introduction to introspective techniques for exploiting locality in wide area storage.
Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)

Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)
RATEWeb: Reputation Assessment Framework for Trust Establishment among Web Services Zaki Malik, Athman Bouguettaya Hung-Yuan Chung Yen-Cheng Lu.

RATEWeb: Reputation Assessment Framework for Trust Establishment among Web Services Zaki Malik, Athman Bouguettaya Hung-Yuan Chung Yen-Cheng Lu.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
A User Experience-based Cloud Service Redeployment Mechanism KANG Yu.

A User Experience-based Cloud Service Redeployment Mechanism KANG Yu.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Business Process Performance Prediction on a Tracked Simulation Model Andrei Solomon, Marin Litoiu– York University.

Business Process Performance Prediction on a Tracked Simulation Model Andrei Solomon, Marin Litoiu– York University.
Free-riding and incentives in P2P systems name:Michel Meulpolder date:September 8, 2008 event:Tutorial IEEE P2P 2008.

Free-riding and incentives in P2P systems name:Michel Meulpolder date:September 8, 2008 event:Tutorial IEEE P2P 2008.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Similar presentations

Ads by Google