Configuring Trust Model for Cloud Computing: Decision ... - IEEE Xplore

INES 2015 • IEEE 19th International Conference on Intelligent Engineering Systems • September 3–5, 2015, Bratislava, Slovakia

Configuring Trust Model for Cloud Computing: Decision Exploration Using Fuzzy Reasoning Manash Sarkar

Soumya Banerjee

Valentina E. Balas

Department of Computer Science and Engineering Birla Institute of Technology Mesra, Ranchi, India [email protected]

Department of Computer Science and Engineering Birla Institute of Technology Mesra, Ranchi, India [email protected]

Automatics and Applied Informatics Aurel Vlaicu University of Arad, Romania [email protected]

Abstract—The concept of cloud computing enhances the on-demand network access expediently to share a pool of configurable resources. The major advantage of cloud computing has been accomplished by business organizations through the use of shared services, service-oriented architecture and virtualizations. Cloud computing is deployed by the third-party or web-based providers. Therefore, security component would be considered all the layers of the cloud architecture. In this paper, a secured and trusted cloud system is proposed. Security could be embedded in middleware architecture of the cloud system. Threats related to the cloud security are dynamic in nature and recurrently changing the types of attacks encountered over time. Therefore, a computationally intelligent and adaptive decision mechanism based on fuzzy rules is introduced to take a proper decision according to the contextual variables. Fuzzy decision maker identify the anomalies and sustain the trust of the cloud computing. Keywords—Cloud computing; middleware; threats; trust; fuzzy projection; decision tree

I.

to the users. There is no abstraction of the system complexities present in this layer. These three cloud service layers provide different types of services to end users and also release information security issues for cloud computing systems. Different kind of security threats appear in different service model of a cloud system [5]. At present, cloud computing is enormously used in every field of distributive systems. The security threats embedded with cloud computing are directly proportional to its advantages. If security and privacy is not robust then the flexibility and benefit that offered by cloud computing will have slight credibility. The concept of security in cloud computing inherits the context of cloud infrastructure [6]. The research concern about the security issues in the area of cloud computing increases the knowledge about the security threats and corresponding countermeasures [7]. Besides the security and privacy, trust is also a crucial parameter to configure a healthy cloud environment. Jingwei Huang et al. [8] in their paper, analyzed the concept of trust in cloud system. The trust is evaluated with respect to terminology, examples an entity and cloud entity. In this paper, security and trust are measured for hybrid cloud system [9]. Hybrid cloud is basically a combination of more than one different clouds. It uses physical hardware and instances of virtual cloud server to provide a single common service. Therefore, security is essential to control the malicious activities and sustain the trust among the different applicants in the cloud. In this paper, a model based on fuzzy rules, is developed for decision making [10]. The model is deployed for the middle ware of the cloud architecture where the requests of every applicants’ are processed. If any anomaly has been triggered by any applicant, then fuzzy decision maker marked it as malicious activity and sustained the trust of entire system. Different applicants and there different architectures are available in hybrid cloud system. Therefore, trust preservation is essential when some common resources are shared by two or more applicants. The intruders are always ready to take advantage of these situations. The intruders perform some irregular activities hence, anomalies are created in cloud system. As a result, trust between innocent applicants is hinder. Fuzzy logic is used to resolve the uncertainty of the activities of attackers. Fuzzy projection method [11] is applied for developing a decision making model to detect

security

INTRODUCTION

Improvement of the efficiency and performance of Information Technology have been increased dramatically through centralization of resources with a technology such as cloud computing. Cloud computing is a model for ondemand service to share a pool of configurable resources through network access. It is flexible in design and cost effective also. Therefore, cloud computing established an arena for servicing enterprise or consumers’ requirements through the internet. Cloud computing emerges as a computational paradigm related to a distributed architecture. The major aspiration of cloud computing is to provide efficiency, convenient data storage and security services with all resources through the internet [1, 2]. Basically, the services provided by cloud computing are often outsourced to a third party. Hence, it becomes very essential to maintain security, privacy and service availability. Security is an important issue for every layers of cloud architecture [3, 4]. In cloud architecture, Software as a Service (SaaS) layer involves with users’ applications whereas, Platform as a Service (PaaS) completely abstracts the mechanism of the underlying host system. On the other hand, Infrastructure as a Service (IaaS) exposes the raw computing resources

978-1-4673-7939-7/15/$31.00©2015 IEEE

– 219 –

M. Sarkar et al. • Configuring Trust Model for Cloud Computing: Decision Exploration Using Fuzzy Reasoning

malicious activities in the cloud system. The remaining part of the paper is organized as follows: Section II briefly describes related work and section III explains the proposed model followed by the mathematical treatment and result. Finally, section IV represents conclusion and future scope of research in this regard.

III.

PROPOSED MODEL

In hybrid cloud system, different applicants (users, systems) are present in different cloud and their architectures are also different from each others. Thus, trust becomes crucial when they share some common resources. As an example, two applicant use some common resource and their platforms are different e.g. Windows and Linux. Hence, the protocol for communication will be differed for same resources. It is necessary to identify the anomalies for providing the security and trust of the system. An intelligent model based on fuzzy logic is implemented due to the uncertainty of the anomalies. In hybrid cloud system, collective decision is acceptable even though every cloud individually has its own decision maker to decide anomalies.

II. RELATED WORK Security and privacy is more crucial parameter for healthy organized a cloud system. Today different kind of researches are going on vulnerabilities, attacks, threat detection and other security and privacy issues for cloud computing. In addition, the research also engages to provide countermeasures, strategies and service oriented architectures [12, 13]. All the security issues and vulnerabilities which are non-virtualized and non-cloud deployments also present in cloud. Lawrence Pingree [14] in his research, described that if the infrastructure of entire cloud provider is violated, then all cloud system enhanced the potential risks by introducing potentially the issue of violation for crowd data and virtualization software. Theft of Service Attack is deployed in Central Processing Unit (CPU) at the period of scheduling mechanism. Zhou et al. [15] in their paper, described a mechanism for counter measure to prevent this type of attack. They modified the scheduler to provide protection against the attack. This type of attacks is occurred generally in public cloud. Gruschka et al. [16] in their research, also described another type of countermeasure to prevent Theft of Service Attack. According to their strategy, a new instance is used between cloud and used surface in victim machine. Therefore, scheduling of parallel instances is monitored. One of the most serious attack in cloud computing is Denial of Service (DoS) attack. The attackers initiate DoS attack with the help of HTTP, XML and Representational State Transfer (REST). It is easy for attackers to implement DoS attack in cloud due to vulnerabilities in the system interface. Riquet et al. [17] in their paper, describer that the DoS attack cannot be stopped by any permanent solution. The authors explore an experiment to estimate the efficiency of the security against distributed attacks. In extension of DoS, Distributed Denial of Service (DDoS) attacks based on XML and HTTP are more dangerous than traditional DDoS. In cloud system, DDoS are widely used with no strong anticipation mechanism. The security and privacy over HTTP protocol become vital to provide strong trust in cloud system [18]. The concept of Virtual Machine (VM) is also an important component of cloud computing. Another kind of attack in cloud computing is Cross VM side-channel attacks. It is an access-driven attack in which execution of victim’s VM is swapped by the attacker’s VM. If the attacker’s VM and victim’s VM both are present in the same physical layer then only possible for cross VM sidechannel attacks. Ristenpart et al. [19] in their paper, cross VM side-channel attack was used to collect information from a victim’s VM.

A. Exploring Mathematical Treatment In this section, fuzzy projection method is implemented to develop a decision matrix. Let Y be a fixed set and set A be an intuitionistic fuzzy set [20] in Y. Fuzzy set A is an object of Y in the form of (1) A = { (y , μ (y) , ν (y)) y ∈ Y } where, μ

A A (y) :Y → [0,1] and ν (y) :Y →[0,1] A A

Equation (1) denotes the degree of membership value and degree of non-membership value respectively of the element y∈Y . Assumed Y = {y , y , y ,........, y } be a finite set 1

2

3

n

represents Universe of Discourse. Set A and set B are two IF’s in Y then projection of A on B represent as equation (1) 1 n ∑ (μ α μ β + ν α ν β + π α π β ) i i i i B i =1 i i

(A ↓ B) =

(2)

where, α = μ i αi, ν αi, π αi represent the ith IFNs of A and β = μ ,ν , π i

βi

βi

βi

and B respectively. π (y) is called Intuitionistic fuzzy set index. It is the A degree of indeterminacy of y ∈Y to the IFS A which is the subset of Y. According to the Intuitionistic fuzzy set, π (y) :Y → [0,1] for every y ∈Y and π (y) denotes lack A

A

of knowledge that y belongs to IFS of A or not. There is more than one rule, so individual weight is applied to the rules then the weight projection of A on B is as equation (3) (A ↓ B) =

n 2 +π π ) ∑ w i (μ μ + ν ν α β α β α β B i =1 i i i i i i w 1

(3)

– 220 –

INES 2015 • IEEE 19th International Conference on Intelligent Engineering Systems • September 3–5, 2015, Bratislava, Slovakia

where, α β

i i

= μ = μ

α β

,ν

α

i ,ν

i

β

M = Wij ij

and

α

i ,π

β

i

,π

represent the ith IFNs of A and

Fuzzy rules are generated by using a training set T :{ X ; Y } where, i=1,2,….,m and j=1,2,…,n.

and

ij

A ij

ij

n

j

The evaluation values for the Aj alternatives with respects to the Hj attributes taken by the t number of decision makers (expert) given as equation (4) = { μ ij

(t)

, ν ij

(t)

, π ij

(t)

}

(4)

Mean value is calculated to evaluate the average decision by the t number of experts. The average decision value as equation (5) C

* * * * μ ν π ij = { ij , ij , ij }

(5)

and π

ν

* 1 t (l) ∑ ν ij ij = tl =1

Rule 3: IF (Number of Redirection=medium) and (number of iframe and frame tag = medium) THEN malicious activities= medium

(l) The weight for Cij can be defined by equation (6)

(l) ij

=

[ C ij

ij

Rule 2: IF (Number of Redirection=high) and (number of iframe and frame tag = medium) THEN malicious activities= high

* 1 t (l) ∑ π ij ij = tl =1

W

i

Rule 1: IF (Number of Redirection=high) and (number of iframe and frame tag = high) THEN malicious activities= high

defined * 1 t (l) ∑ μ ij ij = tl=1 ,

A

The rules are as follows:

* * * where, μij , νij and πij represent the mean value as

μ

i = 1,2,...,m

B. Experimental Result and Discussion Basically, intuitionistic fuzzy set is considered in the challenging area of decision making problem. A cloud system is considered to develop a decision making concept where multiple activities are involved. In this paper, different malicious activities in cloud system are predicted to sustain the entire system trust. To accomplish the goal two types of activities of cloud computing are considered one is “Number of Redirection” and “number of iframe and frame tag”. In this restricted experiment, membership values of these activities are also considered. Different set of rules are developed to establish the trust between applicants. Six different rules from C1, C2, ……,C6 are considered with their three categories e.g. high, medium and low.

attributes w ∈ [0,1] and ∑ w = 1 j=1

B j

the data set process to select the maximum value Mij of membership function. (9) M = max (μ (x ))

when group decision making is applied then set of finite alternatives A= {A1, A2, A3,…., An}, set of decision makers C= {C1, C2, C3,…..,Cn} and set of attributes H= {H1, H2, H3,….,Hn} and weight vector for the

(t)

j

The membership value of fuzzy set A and B within Z are represented as μ (X ) and μ (Y). Every data point Xij of

n w ∈ [0,1] , ∑ w = 1 j j j=1

j

(8)

M = (M ) ij m × n

i

j

ij

(7)

i

B respectively and weight vector is w. where, w = (w1, w2, …..,wn) of y ∀ j = 1,2,3,...n

C

(1) (1) (2) (2) (t) (t) C W C W C ij + ij ij + .........+ ij ij

(l)

Rule 4: IF (Number of Redirection=medium) and (number of iframe and frame tag = low) THEN malicious activities= medium

* ↓ C ij ]

Rule 5: IF (Number of Redirection=low) and (number of iframe and frame tag = medium) THEN malicious activities= low

t (l) * ∑ [C ij ↓ C ij ] l =1

where, 1≤ i ≤ m , 1≤ j ≤ n and 1≤ l ≤ t

Rule 6: IF (Number of Redirection=low) and (number of iframe and frame tag = low) THEN malicious activities= low.

(6)

The value of experts’ weights is different with respect to different attributes. Aggregation operation is performed among the different experts’ values to calculate the collective decision matrix M in equation (8)

Membership values for these three activities are considered. Number of Redirection ( μ ), number of ij

– 221 –

M. Sarkar et al. • Configuring Trust Model for Cloud Computing: Decision Exploration Using Fuzzy Reasoning

iframe and frame tag ( ν ) and malicious activities ( π ) ij ij have three different membership values for high (H), medium (M) and low (L). μ

ij

=

H [0.5

M

L

0.3

0.2]

,

H ν = ij [0.5

M

L

0.4

0.1]

The value of table 2 is used for evaluating decision matrix Mij by equation (7) M

ij

=

(0.5, 0.5, 0.6) (0.5, 0.5, 0.6)

The Decision is taken from Mij. The value of the two and

H π = ij [0.6

M 0.3

activities Number of Redirection and Number of iframe

L 0.1]

and frame tag are both 0.5. The value of malicious activity is 0.6 when the others two are 0.5. It is cleared

TABLE I.

from Mij that, when the two properties obtain their

MEMBERSHIP VALUE FOR EVERY RULE

maximum values within the universe of discourse, then Rules

Membership Values

the value of malicious activities also becomes high. If the

C1

{0.5, 0.5, 0.6}

membership’s value of these two activities is 0.5 then

C

2

{0.5, 0.4, 0.6}

there is high possibility for malicious activity across the

C

3

{0.3, 0.4, 0.3}

cloud paradigm. The decision supports rule 1.

C

4

{0.3, 0.1, 0.3}

C

5

{0.2, 0.4, 0.1}

C

6

{0.2, 0.1, 0.1}

Table 1 represents the membership value for six different rules. The values are selected according to the value of μ , ν and π ij ij ij

After assigning the values for the rules the average of these three activities are evaluated. The average decision Cij* is also calculated * * * μ = 0.33 ν = 0.316 π = 0.33 ij ij ij , , * and Cij ={0.33, 0.31, 0.33} Fig.1. Fuzzy Decision Tree for trust rules

Weight Wij is calculated by using equation (6) and also decision matrix Mij is also calculed by equation (7)

Accomplishing the given set of mathematical frame work of Fuzzy rules, a consolidated pattern of decision

TABLE II.

WEIGHT AND DIFFERENT DECISION VALUES Wij

tree (Refer Fig. 1) can be configured with the help of python script and library available1 . It could be observed

WijCij

(0.5, 0.5, 0.6)

(0.5, 0.5, 0.6)

that there are six set fuzzy rules and decisions describing

(0.5, 0.5, 0.6)

(0.5, 0.5, 0.6)

( 0 .5 , 0 .4 , 0 .6 ) ( 0 .5 , 0 .5 , 0 .6 )

( 0 .5 , 0 .4 , 0 .6 ) ( 0 .5 , 0 .5 , 0 .6 )

number of re -directions; iframe and frame tags could

( 0 . 33 , 0 . 4 , 0 . 33 ) ( 0 .5 , 0 .5 , 0 .6 ) ( 0 . 33 , 0 . 31 , 0 . 33 ) ( 0 .5 , 0 .5 , 0 .6 ) ( 0 . 33 , 0 . 4 , 0 . 33 ) ( 0 .5 , 0 .5 , 0 .6 )

( 0 .3 , 0 .4 , 0 .3 ) ( 0 .5 , 0 .5 , 0 .6 ) ( 0 .3 , 0 .1, 0 .3 ) ( 0 .5 , 0 .5 , 0 .6 ) ( 0 .2 , 0 .4 , 0 .1) ( 0 .5 , 0 .5 , 0 .6 )

( 0 . 33 , 0 . 31 , 0 . 33 ) ( 0 .5 , 0 .5 , 0 .6 )

( 0 .2 , 0 .1, 0 .1) ( 0 .5 , 0 .5 , 0 .6 )

imply precise predictable values of malicious domain again different random data points. The depth of decision can also vary to define the pruning ability of fuzzy rules, primarily traversing towards black dots shown in the figure. The compositions of decisions could be more engrossed and thus the depth of the decision tree could be

1

– 222 –

https://code.google.com/p/peach/

INES 2015 • IEEE 19th International Conference on Intelligent Engineering Systems • September 3–5, 2015, Bratislava, Slovakia [7]

Issa M. Khalil , Abdallah Khreishah and Muhammad Azeem, “Cloud computing security: A survey,” Computers 2014, 3, pp. 135, doi:10.3390/computers3010001. [8] Jingwei Huang and David M Nicol, “Trust mechanisms for cloud computing,” Journal of Cloud Computing, Advances, Systems and Applications 2013 , Springer-Verlag, Vol. 2, No. 9, April 2013. [9] Scott Densmore, Alex Homer, Masashi Narumoto, John Sharp and Hanz Zhang, “Building hybrid applications in the cloud,” Microsoft Corporation, January 2012. [10] Timothy J. Ross, Fuzzy logic with Engineering Applications. second edition. John Wiley & Sons, 2005. [11] Shouzhen Zeng, Tomas Baležentis, Ji Chen, Gangfei Luo, “A Projection Method for Multiple Attribute Group Decision Making with Intuitionistic Fuzzy Information”, INFORMATICA, Vol. 24, No. 3, 2013, pp. 485–503. [12] Cong Wang, Qian Wang, Kui Ren, Ning Cao and Wenjing Lou, “Towards secure and dependable storage services in cloud computing,” IEEE Transaction on Services Computing, Vol. 5, No. 2, 2012, pp. 220–232. [13] Lingfeng Chen, Hoang D.B, “Towards scalable, fine-grained, intrusion-tolerant data protection models for healthcare cloud,” In Proceedings of the IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Changsha, China, 16–18 November 2011, pp. 126– 133. [14] I. Khalil, “MCC: Mitigating colluding collision attacks in wireless sensor networks,” Proceedings of the IEEE Global Communications Conference (IEEE GLOBECOM’10), Miami, Florida, USA, December 6 – 10, 2010, pp. 1-5. [15] Fangfei Zhou, Goel M, Desnoyers P and Sundaram, R, “Scheduler vulnerabilities and coordinated attacks in cloud computing,” In Proceedings of the 10th IEEE International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA, 25–27 August 2011; pp. 123–130. [16] Gruschka N and Jensen M, “Attack surfaces: A taxonomy for attacks on cloud services,” In Proceedings of the IEEE 3rd International Conference on Cloud Computing (CLOUD), Miami, FL, USA, 5–10 July 2010, pp. 276–279. [17] Damien Riquet, Gilles Grimaud, Michael Hauspie, “Large-scale coordinated attacks: Impact on the cloud security,” In Proceedings of the 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), Palermo, Italy, 4–6 July 2012, pp. 558–563. [18] Karnwal T, Sivakumar T and Aghila G, “A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack”, In Proceedings of the IEEE Students’ Conference on Electrical, Electronics and Computer Science (SCEECS), Bhopal, India, 1–2 March 2012, pp. 1– 5. [19] Thomas Ristenpart, Eran Tromer, Hovav Shacham and Stefan Savage, “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds,” In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), Chicago, IL, USA, 9–13 November 2009, ACM: New York, NY, USA, 2009, pp. 199–212. [20] P. A.Ejegwa, S.O. Akowe, P.M. Otene and J.M. Ikyule, “An Overview On Intuitionistic Fuzzy Sets,” International Journal of Scientific & Technology Research Vol. 3, No. 3, March 2014.

for random and the black dots could be more distributed and scattered in nature.

IV.

CONCLUSION

In cloud system, the end service provider or enterprise control the access of cloud services. Therefore, the cloud provider needs to provide enhanced security and trust to protect their network from different kinds of vulnerabilities. The concept of security insists a new approach to end users’ security which supports strong isolation of users from attackers. In this paper, a rudimentary security model based on fuzzy logic is designed for middleware architecture of the cloud system to identify the anomalies. In hybrid cloud, different applicant can share some common resources. Hence, intruder also involve sharing the same. Intruder performs unauthentic activities to decrease the trust of the cloud system. In hybrid cloud, different applicants are involved with the diversity of their platforms. Hence, any kind of anomalies may dissolve the trust among them. The research explores a computationally intelligent model to make a decision for identifying the anomalies. Fuzzy projection method is applied to accomplish the goal. Different set of fuzzy rules are implemented to develop the decision making model and decision tree. The decision making model is deployed in the middleware able to identify the anomalies and block the activities. The distribution and scattered formation of data points under fuzzy decision tree also signifies the depth and precession of decisions towards the detection of malicious activities under the domain of hybrid cloud. The security of the cloud system is preserved. To identify the offender in SaaS layer incorporation fuzzy projection could be the possible future extension of this research work.

REFERENCES [1]

[2]

[3]

[4]

[5]

[6]

Gansen Zhao, Jiale Liu, Yong Tang, Wei Sun, Feng Zhang, Xiaoping Ye, Na Tang, “Cloud computing: a statistics aspect of users,” In: First International Conference on Cloud Computing (CloudCom), Vol 5931, 2009, pp. 347-358. Shuai Zhang, Shufen Zhang, Xuebin Chen and Xiuzhen Huo, “Cloud computing research and development trend,” Second International Conference on Future Networks (ICFN’10), Sanya, Hainan, China, IEEE Computer Society, Washington, DC, USA, 2010, pp. 93–97. Ajith Ranabahu and E. Michael Maximilien, “A Best practice model for cloud middleware systems,” 24th ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2009, pp. 41-51. NIST Cloud Computing Standards Roadmap, NIST Cloud Computing Standards Roadmap Working Group, NIST Special Publication 500-291, Version 2, Supersedes Version 1.0, July 2011. Te-Shun Chou, “Security threats on cloud computing vulnerabilities,” International Journal of Computer Science & Information Technology (IJCSIT) Vol. 5, No. 3, June 2013. Monjur Ahmed and Mohammad Ashraf Hossain, “cloud computing and security issues in the Cloud,” International Journal of Network Security & Its Applications (IJNSA), Vol. 6, No.1, January 2014.

– 223 –