Maintaining Trust in Cloud Computing through SLA Monitoring

Maintaining Trust in Cloud Computing through SLA Monitoring Walayat Hussain1, Farookh Khadeer Hussain1, and Omar Khadeer Hussain2 1

School of Software, Centre for Quantum Computation and Intelligent Systems, University of Technology Sydney, Sydney, New South Wales 2007, Australia 2 School of Business, University of New South Wales Canberra [email protected], [email protected], [email protected]

Abstract. Maintaining trust in cloud computing is a significant challenge due to the dynamic nature of cloud computing and the fragility of trust. Trust can be established by conducting successful transactions and meeting all the parameters of the Service Level Agreement (SLA) drawn up between two interacting parties. Trust can be maintained by continuous monitoring of these predefined SLA parameters. There are number of commentaries on SLA monitoring that describe different frameworks for the proactive or reactive detection of SLA violations. The aim of this research is to present an overview of the literature and make a comparative analysis of SLA monitoring in respect of trust maintenance in cloud computing. Keywords: Service level agreement monitoring, cloud computing, maintaining trust, cloud monitoring, SLA monitoring metrics, proactive SLA monitoring, hierarchical self-monitoring.

1

Introduction

Contemporary technologies create great opportunities for multiple online users to connect to the network simultaneously, but they also present a number of challenges. One of the key challenges is trust management [1]. The need for effective trust management is inevitable, given the large number of service providers and service consumers, and it is very difficult to monitor disreputable activity by consumers or violations of agreed service commitments by providers [2]. Cloud computing is an emerging and popular new technology in parallel computing, thanks to the accessibility of resources irrespective of a user’s location, timing or platform [3]. As a result of the increased number of providers, however, several challenges arise for cloud consumers such as data security, efficiency, trustworthiness and the reliability of the provider. The cloud computing Service Level Agreement (SLA) is a mutual agreement between service provider and service consumer that describes such factors as Quality of Service parameters, mutually agreed services, service deliverability, transaction credits and penalties, based on which credibility and trustworthiness can be measured. C.K. Loo et al. (Eds.): ICONIP 2014, Part III, LNCS 8836, pp. 690–697, 2014. © Springer International Publishing Switzerland 2014

Maintaining Trust in Cloud Computing through SLA Monitoring

691

This paper attempts to integrate these findings by addressing the following research questions: • What are the safeguards in the SLA monitoring framework that guarantee the trustworthiness of the cloud provider? • What approaches have been suggested to maintain a trusting relationship between cloud consumer and cloud provider? The structure of the paper is organized as follows. Section 2 presents our proposed classification of SLA monitoring in cloud computing, which is based on the functionality and working attributes of each approach. Section 4 provides insights from the findings and a comparative analysis of all the approaches covered in this study. Section 4 concludes the paper.

2

Classification of SLA Monitoring Scheme

The credibility of the provider, trust feedback from consumers, and assurance that the terms of the SLA will be met are the key drivers for the successful adaptation and growth of cloud computing [4] and for understanding the fundamental limitations and invariants associated with the adaptation of cloud computing to include features such as SLA monitoring. In this work, we present a classification of approaches that contribute to the issue of maintaining trust in cloud computing by monitoring SLAs. We have divided these approaches into four classes, based on their functionality and working attributes. These classes are: ─ ─ ─ ─

Self-manageable case-based reasoning approach SLA-based trust model approach Broker-based approach Workflow composition and reputation-based approach

2.1

Self-manageable Case-Based Reasoning Approach

The self-manageable approach provides service providers with the opportunity to detect and prevent any possible threat before it affects end users. [5]proposed a selfmanageable monitoring mechanism in which low level hardware resource metrics are plotted to high level SLA parameters to detect possible future SLA violation threats and invoke an enactor component to undertake remedial action to avoid violation. A user-defined mapping rule is stored in the repository, and monitoring agents are responsible for measuring the resource metrics. A run-time monitor accesses the mapped metric repository and uses mapped SLA values to check the status of the deployed services and compare the mapped SLA metrics with the threat threshold. If any violation is identified, the enactor component is alerted to the possible threat. Low level metric conversion is used in hierarchical monitoring and combined with a bottom-up approach for the propagation of SLA violation threats [6]. The propagation of SLA violation continued till specific layer which is able to perform suggested

692

W. Hussain, F.K. Hussain, and O.K. Hussain

operation. The holistic SLA validation framework proposed by Haq et al. [7] used LoM2HiS [5] for SLA violation detection, LAYSI [6] for the bottom-up propagation of violations, and the rule-based SLA aggregation method [8] to identify the reasons for such violations and to impose penalty for violation. [9] proposed CASViD architecture which monitors and detects SLA violations at application level. To detect violations, CASViD finds the effective measurement interval to identify resource consumption by each application. Effective measurement is conducted by sampling time intervals and checking the applications for each interval. If the utility of the current time interval is greater from previous interval then the current interval is set as an effective measurement interval. The process continues till end. The hierarchical self-healing SLA approach was proposed by [10]. Based on the hierarchical nature of cloud, SLA monitors its own parameters by itself. Each layer has multiple resources or providers. Each upper layer is dependent on the lower layer. Response time and throughput are used as measurement attributes. The monitoring function in each SLA continuously monitors the attributes based on the metric. When any violation is detected, then SLA first tries to prevent it by switching to another resource in that layer, otherwise it informs the SLA in the upper layer. This helps to prevent violations before they affect the end user. [11] proposed a self-adaptive monitoring mechanism that monitors both the application and infrastructure layer and triggers on-the-fly reconfiguration functionality which enables the system to monitor during runtime. The monitoring mechanism consists of six components arranged in three layers of cloud. All the hardware level information concerning the execution of the virtual machine unit is sent from IaaS to the global repository in PaaS. All high level parameters are first collected into the local SaaS repository and then sent to the global repository in PaaS. Self-adaption allows both the hardware and software monitoring components to readjust resources or monitor time intervals. 2.2

SLA-Based Trust Model Approach

Trust in the provider, trust representation, and the criteria for trust calculation are three issues which are always of concern to the consumer, and need to be addressed in any business. Proactive performance monitoring was proposed by [12] which introduced a third party agent. [13] presented an effective QOS monitoring technique in which they proposed two techniques i.e. state monitoring and derived monitoring to monitor the trust of the provider and the representation of that trust. The authors proposed a dynamic trust calculation method based on Markov Chain theory and formulated conditions of steady state, un-steady state or failure state. Trust value is calculated at regular intervals, and when a provider attains peak level of trust, then ‘extra’ trust is considered to be a surplus which can be used when there is failure, without affecting the trust value. Given the nature of cloud, a consumer can request services at any time. Scheduling the request is a difficult job, but if priorities are set in the SLA then the performance of both the cloud consumer and the cloud provider can be improved. [14] proposed a scheduling scheme using SLA by defining the priorities of requests in the SLA.

Maintaining Trust in Cloud Computing through SLA Monitoring

693

The trust monitor component acts as a third party agent. When a dishonest action is detected, the trust monitor considers it an intrusion and reports it immediately to the scheduler, also notifying both the provider and the consumer. [2] proposed a model that consists of a SLA agent, cloud consumer model, cloud service directory and cloud provider. Each provider advertises their services in a cloud service directory to assist consumers to find a suitable cloud provider. When a cloud consumer query for a related provider from cloud service directory, a list of providers is obtained this is submitted to the trust management system for scrutiny. The list of trusted cloud providers is sent to the SLA agent with the service level objectives. When a cloud consumer submits a request for service, the ID of the provider and complete detail of the SLA are released to the consumer. If the consumer accepts the agreement, the transaction will be finalized and communication with the chosen provider will commence. [3] proposed a cloud service registry and discovery (CSRD) model which acts as a monitoring agent between a cloud consumer and a provider. The trust of a provider is calculated according to feedback from credible service providers and credible service consumers. The credibility of a service provider is calculated by the length of time the provider has provided services divided by total number of services offered and the credibility of the service consumer is calculated by length of time services have been consumed. Trust is measured dynamically by standard deviation which is inversely proportional to trust. [15] proposed that trust between a provider and a consumer can be maintained by monitoring trust at each layer. Monitoring should be done periodically, and can be evaluated by complex formula. Trusted third party monitors conduct communication between consumer and provider; however, they cannot determine the internal state of either the consumer or the provider. The trust module on the provider side has access to the internal state of the provider and can deal with any violation by itself. Although a trust module on the consumer side is not very effective, it can nevertheless be used to create trust for an assured provider. 2.3

Broker-Based Approach

A cloud service broker responsible for SLA negotiation using SaaS provisioning was proposed by [16]. Multi-attribute negotiation allows concurrent negotiating between two parties on multiple issues. The cloud service broker is responsible for delivering customized services to the cloud consumer. The service provider measures its Quality of Service by collecting data at predefined intervals, and if there is a decrease in the agreed level of QOS, the service provider may allocate further resources to meet its SLA obligations. Multilevel management and monitoring of SLAs in a federated cloud environment was proposed by [17]. Monitoring of the SLA is achieved by retrieving SLA metrics from a different layer, checking the current SLA parameters and comparing them with the SLA metrics. The monitoring agent has services which are responsible for monitoring the SLA periodically and assesses performance against respective thresholds.

694

W. Hussain, F.K. Hussain, and O.K. Hussain

Intercloud computing and a cloud service brokerage was proposed by [18]. SLA monitoring starts when the SLA manager receives a service request from a consumer; the SLA manager translates the SLA and a service request is sent to the deployment manager to arrange the requested service. The deployment manager then forwards the request to the appropriate Intercloud gateway for the creation of the service. The consumer can request agreed QOS metrics based on the service ID, as well as metrics which can monitor the SLA. The consumer can terminate the service once the agreement has been completed and all resources have been released. [19] proposed a cloud service broker portal which is a single entry point for the cloud service broker, cloud service provider, and cloud service consumer. It interacts with a unique interface designed for each stakeholder. Cloud service portals have a brokerage Application Programming Interface that is responsible for integrating various cloud service providers into the cloud service broker portal. 2.4

Reputation-Based and workflow Composition Approach

A reputation-based system approach was proposed by [20] that assists cloud consumers to select the most trustworthy and reliable cloud provider. It evaluates the reliability of reputation. To overcome biased evaluation, the authors proposed an IP monitoring mechanism. Management service is responsible to manage services by selective violation method to violate selective SLA to lower the monetary impact of penalties. [21] suggested the cancellation of service instances that have low priority and penalties. Unused resources which were reserved by the consumer are assigned to other consumers who are in need of those resources. A fuzzy logic approach was used by [22]. The selection of a provider is dependent on recommendations by other users. Credible recommending users receive reputation requests from a third party and, based on the previous record of the provider, which is stored in the information repository of the Recommending user, reply with the trust value. The third parties SLA monitoring components aggregates all the reputation values from all recommending users and calculates the final reputation value of the service provider. The third party SLA monitoring component accesses the runtime SLA parameter and compares it with the threshold to identify the probability of failure. A violation detection model was proposed by [23] which considers the utility function to measure the level of satisfaction for quality and control charts. The proposed model is comprised of three parts and considers four criteria for measurement. The Western Electric rule is used for SLA violation detection.

3

Comparative Analysis of Proposed Approaches

In the previous section, we presented our classification based on the functionality and working attributes of each approach. To select a better approach, we present a brief comparison of the different classes and candidate approaches in each class. This comparison is based on the monitoring approach, algorithm, SLA management and post procedure of SLA violation expressed in Table 1.

Maintaining Trust in Cloud Computing through SLA Monitoring

695

Table 1. Comparative analysis of monitoring SLA mechanism Sour ce

Domain

Monitoring Approach

Framework

Predict Approach (host + future SLA violation broker) Host + Yes based Broker on threat threshold Host + Yes based Broker on threat threshold Negotia- Yes based tor + on threat Broker threshold

[5]

Cloud IaaS

LoM2HiS + SelfFoSII manageable

[24]

Cloud IaaS

[6]

Cloud IaaS

DeSVi = SelfFoSII + manageable LoM2HiS LAYSI= SelfLoM2HiS + manageable Threat

[7]

Cloud IaaS

[9]

Cloud SaaS

[25]

Cloud.

HS-SLA Selfmanageable

[11]

Cloud IaaS, SaaS Cloud IaaS

Selfadaptive

Multi layer monitoring

Trust model

Dynamic trust model

[14]

Cloud SaaS

SLA-based scheduling

Broker

[2]

Cloud SaaS

Trust model Trust model

SLA-based trust model

[3]

Cloud

CSRD

[16]

Cloud SaaS

Trust model Brokerbased

[17]

Cloud

Brokerbased

[18]

Cloud IaaS

[20]

Cloud SaaS

[22]

Cloud

Brokerbased Reputationbased Reputationbased

[13]

propagation Holistic SLA Selfvalidation= manageable LoM2HiS + LAYSI + Rule based CASViD Selfmanageable

Algorithm

Proactive

Procedure after SLA violation Not defined

Proactive

Not defined

Proactive. Threat propagation

Self handle or propagated to upper layer. Propagate to upper layer. Renegotiate or abort service. Calculate SLA violation penalties Propagate to upper layer.

Negotiator + Broker

Yes based on threat threshold

Proactive. Threat propagation. Penalty enforcement

Negotiator

Yes based on threat threshold No

Proactive. Threat threshold. Reactive. Violation propagation and prevention. Reactive Not defined

Hierarchical self monitoring Platform monitoring Third party broker

No

Yes based on Markov Chain model No

Proactive. Markov Chain

Not defined

Reactive

Not defined

cloud service directory Broker

No

Reactive

Not defined

No

Reactive

Not defined

Broker

No

Not defined

Broker

No

Proactive by collecting data at predefined intervals Reactive

Broker

No

Reactive

Not defined

Reputation system

Broker

No

Reactive

Not defined

TP SLA monitor

Broker

No

Reactive

Not defined

Multiattribute negotiation model Holistic SLA management model Generic cloud broker

Not defined

696

4

W. Hussain, F.K. Hussain, and O.K. Hussain

Conclusion

A service level agreement is a document which defines all the service level objectives and business norms and methods. Trust is dynamic and fragile in nature, and it is very difficult to maintain trust in cloud computing. One method of maintaining trust in cloud computing is real-time monitoring of SLA, to ensure that interacting parties fulfill all the service level objectives predefined in the SLA document. In this paper, we have described state-of-the art SLA monitoring frameworks in cloud computing. We divided our work into four groups based on functionality and working attributes, and made a comparative analysis of all these approaches.

References 1. Resnick, P., Zeckhauser, R.: Trust among strangers in Internet transactions: Empirical analysis of eBay’s reputation system. Advances in Applied Microeconomics 11, 127–157 (2002) 2. Alhamad, M., Dillon, T., Chang, E.: Sla-based trust model for cloud computing. In: 2010 13th International Conference on Network-Based Information Systems (NBiS). IEEE (2010) 3. Muchahari, M.K., Sinha, S.K.: A New Trust Management Architecture for Cloud Computing Environment. In: 2012 International Symposium on Cloud and Services Computing (ISCOS). IEEE (2012) 4. Almathami, M.: Service level agreement (SLA)-based risk analysis in cloud computing environments, p. 91. Ann Arbor, Rochester Institute of Technology (2012) 5. Emeakaroha, V.C., et al.: Low level Metrics to High level SLAs-LoM2HiS framework: Bridging the gap between monitored metrics and SLA parameters in cloud environments. In: HPCS (2010) 6. Brandic, I., et al.: Laysi: A layered approach for sla-violation propagation in selfmanageable cloud infrastructures. In: 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops (COMPSACW). IEEE (2010) 7. Haq, I.U., Brandic, I., Schikuta, E.: Sla validation in layered cloud infrastructures. In: Altmann, J., Rana, O.F. (eds.) GECON 2010. LNCS, vol. 6296, pp. 153–164. Springer, Heidelberg (2010) 8. Haq, I.U., et al.: Rule-based workflow validation of hierarchical service level agreements. In: Workshops at the Grid and Pervasive Computing Conference, GPC 2009. IEEE (2009) 9. Emeakaroha, V.C., et al.: Casvid: Application level monitoring for sla violation detection in clouds. In: 2012 IEEE 36th Annual Computer Software and Applications Conference (COMPSAC). IEEE (2012) 10. Mosallanejad, A., et al.: HS-SLA: A Hierarchical Self-Healing SLA Model for Cloud Computing. In: The Second International Conference on Informatics Engineering & Information Science (ICIEIS 2013). The Society of Digital Information and Wireless Communication (2013) 11. Katsaros, G., et al.: A Self-adaptive hierarchical monitoring mechanism for Clouds. Journal of Systems and Software 85(5), 1029–1041 (2012) 12. Fachrunnisa, O., Hussain, F.K.: A methodology for maintaining trust in industrial digital ecosystems. IEEE Transactions on Industrial Electronics 60(3), 1042–1058 (2013)

Maintaining Trust in Cloud Computing through SLA Monitoring

697

13. Chandrasekar, A., Chandrasekar, K., Mahadevan, M., Varalakshmi, P.: QoS monitoring and dynamic trust establishment in the cloud. In: Li, R., Cao, J., Bourgeois, J. (eds.) GPC 2012. LNCS, vol. 7296, pp. 289–301. Springer, Heidelberg (2012) 14. Daniel, D., Lovesum, S.: A novel approach for scheduling service request in cloud with trust monitor. In: 2011 International Conference on Signal Processing, Communication, Computing and Networking Technologies (ICSCCN). IEEE (2011) 15. Quillinan, T.B., et al.: Negotiation and monitoring of service level agreements. In: Grids and Service-Oriented Architectures for Service Level Agreements, pp. 167–176. Springer (2010) 16. Badidi, E.: A Cloud Service Broker for SLA-based SaaS provisioning. In: 2013 International Conference on Information Society (i-Society). IEEE (2013) 17. Falasi, A.A., Serhani, M.A., Dssouli, R.: A Model for Multi-levels SLA Monitoring in Federated Cloud Environment. In: 2013 IEEE 10th International Conference on Autonomic and Trusted Computing (UIC/ATC) Ubiquitous Intelligence and Computing. IEEE (2013) 18. Jrad, F., Tao, J., Streit, A.: SLA based Service Brokering in Intercloud Environments. In: CLOSER (2012) 19. Lee, J., et al.: Cloud Service Broker Portal: Main entry point for multi-cloud service providers and consumers. In: 2014 16th International Conference on Advanced Communication Technology (ICACT), pp. 1108–1112. IEEE (2014) 20. Wang, M., et al.: A conceptual platform of SLA in cloud computing. In: 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC). IEEE (2011) 21. Schulz, F.: Towards measuring the degree of fulfillment of service level agreements. In: 2010 Third International Conference on Information and Computing (ICIC). IEEE (2010) 22. Hammadi, A.M., Hussain, O.: A framework for SLA assurance in cloud computing. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE (2012) 23. Sun, Y., et al.: SLA detective control model for workflow composition of cloud services. In: 2013 IEEE 17th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE (2013) 24. Emeakaroha, V.C., et al.: Towards autonomic detection of sla violations in cloud infrastructures. Future Generation Computer Systems 28(7), 1017–1029 (2012) 25. Mosallanejad, A., Atan, R.: HA-SLA: A Hierarchical Autonomic SLA Model for SLA Monitoring in Cloud Computing. Journal of Software Engineering and Applications 6(3B), 114–117 (2013)