Fuzzy trust evaluation based on consistency ... - Semantic Scholar

Kybernetes Fuzzy trust evaluation based on consistency intensity for cloud services Ying Huo Yi Zhuang Siru Ni Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

Article information: To cite this document: Ying Huo Yi Zhuang Siru Ni , (2015),"Fuzzy trust evaluation based on consistency intensity for cloud services", Kybernetes, Vol. 44 Iss 1 pp. 7 - 24 Permanent link to this document: http://dx.doi.org/10.1108/K-03-2014-0058 Downloaded on: 13 January 2015, At: 03:37 (PT) References: this document contains references to 31 other documents. To copy this document: [email protected] The fulltext of this document has been downloaded 15 times since 2015*

Users who downloaded this article also downloaded: Xiao Xue, Shufang Wang, Hao Chao, (2015),"Autonomous evolution of service system in cluster supply chain", Kybernetes, Vol. 44 Iss 1 pp. 139-158 http://dx.doi.org/10.1108/K-01-2014-0005

Access to this document was granted through an Emerald subscription provided by 453879 []

For Authors If you would like to write for this, or any other Emerald publication, then please use our Emerald for Authors service information about how to choose which publication to write for and submission guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.

About Emerald www.emeraldinsight.com Emerald is a global publisher linking research and practice to the benefit of society. The company manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as well as providing an extensive range of online products and additional customer resources and services. Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for digital archive preservation. *Related content and download information correct at time of download.

The current issue and full text archive of this journal is available on Emerald Insight at: www.emeraldinsight.com/0368-492X.htm

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

Fuzzy trust evaluation based on consistency intensity for cloud services Ying Huo, Yi Zhuang and Siru Ni

Fuzzy trust evaluation

7

College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautic, Nanjing, China Abstract Purpose – The purpose of this paper is to define an evaluation model for cloud services to deal with the fuzzy information and propose a novel fuzzy evaluation method based on consistency intensity to analyze the quantitative value from the fuzzy information. Design/methodology/approach – The cloud service evaluation framework is constructed, and different trusted indicators for the infrastructure services and the application services are designed, respectively. In the novel fuzzy evaluation method, the interval values can be aggregated by the Dempster-Shafer Theory and be transformed into the certain value by linguistic discount factor. The consistency intensity is proposed to determine the value of the linguistic discount factor, which can reflect the mainstream opinions in the assessment. Findings – The proposed method can solve the problem on the analysis and synthesis of the fuzzy evaluation information. An instance of trust evaluation of cloud storage service is illustrated to verify that the proposed method can express the opinions of all evaluators more adequately. Practical implications – A serial of experiments are carried out on NetLogo, and the results show that the proposed method is practical and efficient. Originality/value – Instead of obtaining only the qualitative results by the multi-attribute decisionmaking method, the fuzzy evaluation method based on consistency intensity can obtain the quantitative results from the fuzzy information according to linguistic discount factor and consistency intensity. Keywords World wide web, Fuzzy logic, Consistency intensity, Fuzzy evaluation method, Trustworthy service Paper type Research paper

1. Introduction Cloud computing is an emerging service paradigm for sharing computational and storage resources. With the advantages of dynamic deployment and high scalability, it has received extensive attention from the industry and government (Armbrust et al., 2010). Users can easily obtain computational and storage resources they need from the cloud, as long as pay a little rent to the cloud providers. In this pay-as-you-go mode, companies can reduce their IT operation and maintenance cost without purchasing a large number of hardware and software equipment, so that they can focus on their own business. However, the reduction of investment also results in that the quality of cloud services varies greatly. How to evaluate the trust degree of cloud services accurately is an important issue now. This work is supported by the National Natural Science Foundation for Youth of China under Grant No. 61202351, the National Postdoctoral Fund under Grant No. 2011M500124, funding of Jiangsu Innovation Program for Graduate Education and the Fundamental Research Funds for the Central Universities under Grant No. CXZZ13_0171.

Kybernetes Vol. 44 No. 1, 2015 pp. 7-24 © Emerald Group Publishing Limited 0368-492X DOI 10.1108/K-03-2014-0058

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

K 44,1

8

As an X-as-a-Service (XaaS) based computing model, the cloud encapsulates all types of computing-relevant resources as services to be provided for end users, including Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Virtualization is the mainly technical foundation of cloud computing, which virtualizes the hardware and platform as service components in the cloud service provisioning model (Huang et al., 2013a). It separates the application services from the underlying cloud infrastructures, thus can significantly enhance the flexibility, diversity, and manageability of cloud service so as to improve the cloud performance. With the increasing popularity of cloud, the issue of trusted cloud has become a paramount concern for most users. The lack of trust between cloud users and providers has hindered the universal acceptance of cloud. Adding trust concept into the decision-making mechanism for users can actuate the providers to prepare the most trustworthy service to satisfy the demand of users in advance. In recent years, scholars have accomplished a few of researches on trusted cloud service model. These models are proposed to perform trust assessment of cloud services from different aspects, such as the reputation of individual service (Wu et al., 2013), the allocation of resources (Kim et al., 2009), or the trust relation between partner services (Huang et al., 2013b). Some other researches focus on the trust elements like security, reliability, availability (Li and Du, 2013). However, the evaluation and management of cloud services are becoming more and more complex, thus sometimes the users are unable to make an accurate assessment. All of the above studies can only be deployed to deal with the accurate values. The situation has not been considered when the values are fuzzy. In the field of multi-attribute decision making (MADM), there have been many researches on the description and processing of fuzzy value. The MADM method is a systematic method used to select the optimal alternative from a number of alternatives to some certain attributes. Sometimes in the real-world situation, decision makers should make a decision under fuzzy environment. In this circumstance, the fuzzy multi-attribute decision making (FMADM) method, based on the fuzzy set theory (Zadeh, 1965), was proposed and has been under a rapid development (Chai et al., 2013; Herva and Roca, 2013). The FMADM methods differ primarily according to how to model the fuzzy values and how to aggregate evaluations across attributes to arrive at an overall evaluation. In the former aspect, extensions of the fuzzy sets are proposed to describe and character the fuzzy objective world more exquisitely, including the intuitionistic fuzzy set (Pei and Zheng, 2012), the linguistic fuzzy set (Wang et al., 2012), and the intuitionistic linguistic fuzzy set (Liu and Wang, 2014). In the latter aspect, Yang et al. (2006) proposed an intelligent decision making model based on the Dempster-Shafer Theory (DST), in which the fuzzy information is normalized based on utility theory. Based on this model, the DS-AHP model was proposed (Beynon et al., 2000; Hua et al., 2008), which can not only reduce the frequency of judgment and consistency inspection, but also solve the decision problems on incomplete information. Besides, some existing aggregation methods are improved to be able to handle the FMADM problem, such as fuzzy analytic hierarchy process (AHP) approach (Kilincci and Onal, 2011), elimination and choice expressing reality (Wu and Chen, 2011), technique for order performance by similarity to ideal solution (Ye and Li, 2014), and so on. The FMADM problem aims to select a preferred alternative according to the decision rules. When they are applied to the evaluation problems, only the

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

qualitative assessment results can be obtained. However, in some practical cases, we need to calculate the quantitative results from the fuzzy information while solving the fuzzy evaluation problems. The existing models and methods are no longer applicable. Aiming at the above problems, this paper proposes a fuzzy trust evaluation model and method for cloud services. First, the cloud service evaluation framework is designed, in which the different trusted indicators are designed for the infrastructure services and the application services, respectively. The fuzzy evaluation method based on consistency intensity is proposed in order to analyze the certain value from the fuzzy information, according to the linguistic discount factor and consistency intensity. An instance of trust evaluation of cloud storage service is illustrated to verify that the proposed method can solve the analysis and synthesis of fuzzy evaluation information effectively. Furthermore, a serial of experiments are carried out on the simulation tool – NetLogo, and the results show that the proposed method is practical and efficient. The remainder of this paper is organized as follows. Section 2 describes our cloud service evaluation framework and the trusted indicators for different types of services. In Section 3, we model the fuzzy evaluation problem and describe our fuzzy evaluation method in detail. Experiments to validate the proposed method are presented in Section 4. Finally, Section 5 gives our conclusion. 2. Cloud service trust evaluation model 2.1 Cloud service overview The concept and theory of cloud computing is attempted in different ways over the past decade, such as distributed computing, grid computing, utility computing, etc. Cloud computing is an expression used to describe a variety of computing concepts that involve a large number of computers connected through internet. Enabled by tremendous advances in computing, storage, and networking, cloud computing has become one of the most promising developments. It allows companies to avoid paying much money for infrastructure, so that they can totally focus on their own business. Cloud computing also helps enterprises to get their applications up and running faster. With improved manageability and less maintenance, they can adjust resources to meet the fluctuating and unpredictable business demand more rapidly. Virtualization, the technical foundation of cloud computing, which separates software and hardware to a certain extent. In cloud, servers, storage devices, network equipment, and other infrastructure are virtualized as services to be provided for end users. Users do not need to understand the whole details of infrastructure or have professional knowledge, even need not to control the devices directly. Only should they do is focus on what they really need and select the appropriate service from cloud. This transparent way simplifies the operation of end users, but also leads to some serious security risks. The insecure element in software or device would be hidden by virtualizing, and may cause serious threat on privacy and property. Furthermore, the number of services increases rapidly because of the reduction of investment, which results in that the quality of cloud services varies greatly. In order to ensure the security of cloud, we must pay attention to the designing of trust evaluation model of cloud services. In our research, cloud services are divided into two categories: infrastructure service and application service. The former is formed by the physical resource through

Fuzzy trust evaluation

9

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

K 44,1

10

virtualization, and is evaluated by performance parameters, such as CPU, memory capacity, network bandwidth, and so on. The latter is constituted by the application releasing on the network. It is evaluated according to the quality indicators, such as availability, reliability, etc. 2.2 Evaluation framework First, we propose a cloud service evaluation framework. As shown in Figure 1, it consists of cloud physical resources layer, cloud services layer, trust evaluation layer, and cloud users layer: •

Cloud physical resources layer. This layer contains the various infrastructure components in the cloud. The physical resources are virtualized as infrastructure services based on IaaS in order to avoid exposing the details.

•

Cloud services layer. This layer includes infrastructure service (Cloud IV Service) and application service (Cloud A Service). Infrastructure service is formed by the physical resource through virtualization, which makes it available as a soft component that is easy to use and manage. Application service is the business application service on the network. Because of the different types of services, we should evaluate them based on different evaluation indicators. Cloud Users

...

Trust Evaluation Trusted Service Evaluation Indicators

Fuzzy Evaluation Method

Collecting Assessment Information

Dynamic Trusted Evaluation Module

Trusted Resources Set

Cloud Services Infrastructure Virtual Service Cloud IV Service 1

Cloud IV Service 2

Application Service Cloud IV Service 3

...

Cloud A Service 1

Cloud A Service 2

Cloud Physical Resources

Figure 1. Cloud service evaluation framework

...

Cloud A Service 3

...

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

•

•

Trust evaluation layer. This layer contains all modules needed for evaluating cloud services. First, the users evaluate the services based on their experience and preference according to the trusted service evaluation indicators. Then the initial evaluation information is obtained from users by the collecting module. Second, the dynamic trust evaluation module integrates the initial value and calculates the trusted value of each service by the proposed fuzzy evaluation method. Finally, the service with high trust value will be placed in the trusted resources set, which is the basis for users to select. Since the subjective factors and information may loss during the network transmission, there may be inaccurate or missing assessment information. Cloud users layer. Cloud users collect information on the behavior of cloud services and choose the appropriate service according to the evaluation results.

2.3 Trusted indicators of service The attributes of Quality of Service (QoS) are the traditional criteria to describe the nonfunctional characteristics of services, and have been discussed a lot in previous researches. During the service selection and composition, five generic quality attributes were considered: execution price, execution duration, reputation, reliability, and availability (Zeng et al., 2004). The similar five QoS properties were also employed: execution time, availability, price, reputation, and data quality (Ardagna and Pernici, 2007). In addition, a tree-like QoS model for service is proposed in (Tong et al., 2009), five quality criteria are reported: cost, time, operation QoS, general QoS and domain QoS, and each criterion is composed of several sub-QoS criteria. For example, general QoS includes invocation successful times, reputation, etc. With the increasing diversification and scale of cloud services, ensuring their quality is becoming more and more difficult. People realized the importance of trusted service model, there have been a few of researches on the trust evaluation of cloud service. The criteria are reputation (Wu et al., 2013), trust relation (Huang et al., 2013b), and security, reliability, availability (Li and Du, 2013). However, these researches are evaluating the service from one or several aspects, without conducting a comprehensive assessment of the trust of services. According to the existing research, we combine the trust elements with the traditional QoS criteria to design the trusted criteria of services. The trust of service is evaluated mainly from the following aspects: performance, reliability, security, price, and reputation. From the technology perspective, the traditional QoS criterion – performance should be considered, which includes the basic performance parameters of service, such as throughput, execution time, availability, etc. Besides, another traditional QoS criterion – price also needs to be considered. Furthermore, the trust criteria, like reliability, security, and reputation are also the important criteria for evaluating the trust of the service. The specific meaning of criteria is as follows: •

Performance. This is an important basis for users to select the service. Whether the infrastructure service or the application service, its performance parameters are available in the Service Level Agreement (Patel et al., 2009).

•

Reliability. It means the service can complete the required function under the specified conditions within the specified time.

•

Security. It refers to the security measurement of the service. The data security is the problem that users are most worried about.

Fuzzy trust evaluation

11

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

K 44,1

12

•

Price. The price is often in inverse proportion to the performance. More excellent performance does the service have, the cost usually gets higher. Users need to make a tradeoff between them in reality.

•

Reputation. It is the comprehensive evaluation of the credibility of services, which mainly from the feedback of users.

Both the infrastructure services and the application services are treated as cloud services. Therefore, we evaluate them from the same aspects. But based on their different characteristics, we design the different evaluation indicators for them. For example, in the performance criterion, we evaluate the infrastructure services by the performance parameters of infrastructure, such as CPU, memory capacity, network bandwidth, throughput, and so on, whereas for the application services, we evaluate the basic quality parameters such as execution time, throughput, available time, and so on. Other indicators and measurement are described in Tables I and II. 3. Fuzzy evaluation method 3.1 Evaluation problem modeling We model the evaluation problem as follows: E ¼ ðS; A; D; V Þ S is the evaluated grades set S ¼ {sα|α ¼ 1, 2, …, l}, where sα denotes an evaluated grade. If α Wβ, then sα is better than sβ. A denotes the nonempty set of evaluation indicators, A ¼ {ai | i ¼ 1, 2, …, M}. ωi denotes the importance weight of trusted P indicator ai, where ωi W 0 and M i¼1 oi ¼ 1. D ¼ {dj | j ¼ 1, 2, …, N} denotes the set of Indicator

Description and measurement

Performance

The performance parameters of infrastructure, such as CPU, memory capacity, network bandwidth, throughput, and so on The probability that a device will perform without failure, which can be measured by Mean Time between Failures (MTBF), Mean Time to Failure (MTTF), or Mean Time to Repair (MTTR) The security evaluation of the service running status, such as security of the operating environment or their own security policy The fees should be paid for renting infrastructure The credibility evaluation of the infrastructure provider

Reliability Table I. Security Evaluation indicators of infrastructure Price service Reputation

Indicator

Description and measurement

Performance

The basic quality parameters of the application service, such as execution time, throughput, available time, and so on The probability that service will perform without failure, which can be measured by the ratio of successful invocations to the total invocations The security evaluation of service itself, such as permission control, the security policy on storage, and so on The fees should be paid for invoking the service The credibility evaluation of the service itself

Reliability Security Table II. Evaluation indicators Price of application service Reputation

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

P evaluators. tj is the trust weight of each evaluator dj, where tj W 0 and Nj¼1 t j ¼ 1. V ¼ (Vij)M × N denotes the matrix of evaluation, in which Vij denotes the evaluation value of the jth evaluator dj to the ith evaluation indicator ai. According to the evaluation framework of Figure 1, each user collects the behavior information of cloud services. These information can be obtained from the service provider (such as price and performance), or from the feedback of other users (such as reputation). They also can be calculated from the historical records (such as security and reliability). Users evaluate the cloud service according to these indicators, and the initial evaluation value can be obtained. The measurement methods of each indicator are different. Such as the reputation evaluation is a qualitative assessment, while the price of service is a quantitative indicator. In order to aggregate the all values, uniform dimension should be done first. Equivalence rules (Yang, 2001) are designed to transform a quantitative value into an equivalent qualitative expectation, so that the quantitative attribute can be aggregated in conjunction with other qualitative attributes. In an actual assessment, when the users are not sure about their judgment, the evaluation values will be imprecise. Thus, the belief degree rα is added to describe ij the assurance degree of their  ij own  judgment, r a A ð0; 1. Then the evaluation value can ij be expressed as V ij ¼ sa ; r a , which denotes that the evaluator dj identifies the evaluation value of the indicator ai is sija at a belief degree of r ija . r ija ¼ 1 means the evaluator is very sure about this decision. 3.2 Evaluation value aggregated The DST is a mathematical theory of dealing with uncertainty, which is proposed by Shafer (1976). It allows one to combine evidence from different sources and arrive at a degree of belief with taking into account all the available evidence. It can shrink the assumption set by accumulating evidence, so that it can handle the uncertainty resulting from fuzziness. In this paper, we aggregate the evaluation value based on the DST. Let the evaluated grades set S be the universal set, the set represents all possible states under consideration, which is the all grades could be evaluated. The power set 2s is the set of all subsets of S, 2S ¼ {∅,{s1}, …, {s1},{s1, s2}, …, {s1, sl}, …, S}, which is the all possible combinations of elements in S. The evidence theory assigns a belief mass to each s element of the P power set. The basic probability assignment (BPA) is m: 2 →[0,1], while mð+Þ ¼ 0; sa D 2S mðsa Þ ¼ 1, where m(sα) expresses the proportion of all relevant and available evidence that supports the claim that the actual state belongs to sα. Suppose the BPA of the evaluation value for the trusted indicator ai is mðsia Þ. According to the trust weight of each evaluator tj, it can be calculated as follows: N    X    m sia ¼ (1) r ija  t j ; if sia ¼ sija j¼1

  Because of then a¼1 m sai p 1, which means there is missing assessment information. In order to keep integrity, let m(S i) be the complement value, which denotes the remaining probability mass unassigned to any evaluation grade after all the grades have been considered. m(S i) is calculated by the following equation: l X     m S i ¼ 1 (2) m sia r ija A ð0; 1,

Pl

a¼1

When dealing with the missing information, we consider its belief degree of each grade is equal (Yang and Xu, 2002). Therefore the grade of the complement value

Fuzzy trust evaluation

13

Downloaded by NANJING UNIVERSITY OF AERONAUTICS & ASTRONAUTICS At 03:37 13 January 2015 (PT)

K 44,1

is S. After that, we can obtain the evaluation matrix of each indicator to each grade in Table III. In the following steps, we aggregate the evidence of all indicators based on the DST and calculate the aggregation BPA to obtain the final evaluation value of the cloud service: Definition 1. (D-S combination rule) Suppose sγ∈2s, m(sγ) is the BPA of grade Sγ after   Q P m sia o1, integrating all evaluation indicators. If K ¼

14

\i sia ¼|1 p i p M

m(Sγ) can be aggregated by the following equation (Shafer, 1976): 8 0; s ¼ +