Assessment Criteria for Trust Models in CloudComputing

Ayesha Kanwal, Rahat Masood, Um E Ghazia, Muhammad Awais Shibli and Abdul Ghafoor AbbasiNational University of Sciences and Technology

Islamabad, Pakistan

Email: {11msccsakanwal, 10msccsmmasood, 10msccssghazia, awais.shibli, abdul.ghafoor}@seecs.edu.pk

Abstract—Cloud computing is an emerging technology thatprovides elastic and flexible computing resources to the existingcapabilities of business world. Besides several benefits of Cloudcomputing, there are still many challenging issues such as securityand privacy of data stored on Cloud and lack of trust on Cloudservice providers. Trust is one of the major barriers in the growthand adoption of Cloud by the IT industry due to absence ofany reliable and efficient trust evaluation mechanism. Varioustrust management models have been proposed, but there existsno criteria to evaluate the effectiveness of these models in Cloudcomputing. In this regard, we have proposed an assessmentcriterion for the evaluation of trust models; containing theessential features that are mandatory for trust establishment inCloud environment. We have also presented a detailed analysisof existing trust models and analyzed them with respect to ourproposed assessment criteria. The assessment and analysis oftrust models helps the customers to select the most appropriateand reliable model in accordance with their preferences andrequirements.

I. INTRODUCTION

Cloud computing is one of the most demanding and emerg-ing technology due to its several versatile benefits such ason-demand availability of computing resources and softwareservices [1]. The emergence of this technology has greaterimpact on business world with significant improvements tothe IT infrastructure. Besides several advantages of Cloudcomputing, there are security and privacy issues that hinderthe adoption of Cloud services by various organizations andIT industry [2]–[4]. Data confidentiality, data privacy and trustestablishment are considered to be the main security concernsfor an organization moving its data to the Cloud platform.Uncertainty about data protection and loss of data controlare the major reasons for reducing level of trust on Cloudproviders [5]–[8]. Therefore, it is required to establish trust onCloud provider for assuring the data security and obtaining theguarantee about Cloud performance and behavior [9]–[11].

Selection of trusted Cloud service provider is one ofthe challenging issues in Cloud environment, since trust isa subjective and context-sensitive term. When an enterpriseneeds to transfer its business critical data on Cloud, it prefersto evaluate the trustworthiness of Cloud service provider [12].Different mechanisms, techniques and protocols have beenproposed in Cloud computing to preferably evaluate the trustscore for different Cloud services. All these aspects of trustestablishment and evaluation methodologies are commonlyknown as the “Trust Models” in literature. A trust model canbe defined as a coded implementation that relay on conceptsof trust in order to assign a trust value for a Cloud entity on

the basis of which the interactions with that specific entity arerestricted and controlled [13].

Trust models in Cloud computing are very diverse in a waythat each model supports different features and evaluates Cloudservices on the basis of different parameters and requirements[14]–[16]. Therefore, it becomes difficult to decide for anenterprise (or any other interested party) which trust modelshould be selected and implemented that best satisfies therequirements. In Cloud environment, the security and QoSrequirements vary from one Cloud consumer to other Cloudconsumer (CS) as one may prefer to assure the data integrityand protection offered by CSP while the other CS selectsa Cloud service with best available bandwidth and responsetime. Therefore, it is very important to select an appropriatetrust model that assures most of the security, control and QoSattributes on Cloud.

However, to the best of our knowledge no benchmark hasbeen introduced for the evaluation of these trust models inCloud. There is need of assessment criteria that can analyzeand assess different trust models and techniques for the se-lection of most suitable model in Cloud computing. After theextensive literature survey [14]–[19], we have identified certainessential features that will help the enterprises in the selectionof trust evaluation model in line with their preferences andrequirements. The proposed assessment criteria helps the en-terprises to find the benefits and weaknesses of these modelsand in the selection of best model that is capable of establishingtrust in Cloud environment.

Paper is organized as fellows: section II contains the pro-posed evaluation criterion for trust models in Cloud computing.Section III presents the critical analysis of existing models withtheir brief description and section IV concludes the paper alongwith future research directions.

II. ASSESSMENT CRITERIA FOR TRUST MODELSIN CLOUD

Consumer’s trust towards CSP is dependent upon scopeand context of various applications e-g a Cloud consumer sub-scribing for online gaming service has different requirementsand competencies than the other consumer renting “databaseas a service” for the storage of sensitive information on theCloud. In case of online gaming application, consumer’s trustdepends upon the performance of a Cloud service, whereas fordata storage application, the degree of trust corresponds to thesecurity and control features offered by the CSP. When a userselects a trust model to evaluate the trustworthiness of Cloud

2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber,

Physical and Social Computing

978-0-7695-5046-6/13 $26.00 © 2013 IEEE

DOI 10.1109/GreenCom-iThings-CPSCom.2013.61

254

Fig. 1: Trust Models in Cloud Computing

services, it prefers to choose the one that is capable of assuringthe security and control of data on the Cloud. Similarly, thetrust models that can analyze and assure the QoS attributesoffered by Cloud providers are more practical and adoptablein the Cloud environment. Therefore, it becomes difficult toselect a trust model that best satisfies the user’s requirements.There is a need for assessment criteria that can evaluate thetrust models and helps the users in selection of most suitablemodel in line with their preferences. In this regard, we haveproposed assessment criteria for trust models based on specificparameters which have been identified with respect to securityand control of data in Cloud domain, as well as the QoSattributes. A brief description of all the assessment parametersis given below, and High, Medium or Low level is indicatedaccording to the compliance level of each feature.

A. Data Integrity

Data integrity is the security of customer’s data againstmalicious threats, corruptions or unwanted modifications. Aproper data integrity mechanism is required to maintain theconsistency and accuracy of customer’s data on Cloud andprovide the security against different kinds of external attacksand malicious outsiders [5]–[7]. Trust model should be capableof assuring data integrity on Cloud for security of sensitive dataof customers. In our analysis, “High” level is assigned if trustmodel assures the data integrity on Cloud through differentencryption techniques. “Medium” level is assigned if dataintegrity is assured through SLAs or assessing the certificates(certified for supporting data encryption feature) issued to CPSby the accreditation bodies. “Low” level is assigned if the trustmodel does not provide any guarantee about the integrity ofdata on Cloud.

B. Data control and Ownership

Customers storing their data at distributed and unknownphysical locations need guarantee that it is still owned andcontrolled by them rather than the CSP. Control and ownership

of data means all the authorized and authenticated accesses tostored data on Cloud under the complete control of customer[20]. Trust model providing the assurance of data controland ownership on Cloud is a preferable choice to keep thedata secure on distributed locations. “High” level is assignedif the model assures data control and ownership throughaccess control policies, trust tickets or trusted platform module(controlled and managed by Cloud consumers). “Low” level isassigned to this feature if it is not assured by the trust model.

C. Process Execution Control

This feature can be defined as the “control over all thecomputational activities and processes” performed on appli-cations deployed at Cloud platform [20]. For instance, allthe computational activities (image temporary storage, imageupdate and image removal) for an image searching applicationdeployed at Cloud are usually controlled by the CSP inSaaS. However, a customer can control all the processes andtasks via remote access control (Virtual private networks) thatwill increase the level of trust on CSP [21]. A trust modelcapable of assuring the process execution control on Cloud isa preferable choice to be considered. In our analysis, “High”level is assigned to this feature if the trust model assuresprocess execution control through virtual trust infrastructuresor trusted platform module. “Low” level is assigned if themodel does not assure the process execution control on Cloud.

D. Quality of Service (QoS) attributes

Assurance of QoS attributes can be provided by directlymeasuring the different attributes like response time andthroughput or with the help of collected feedback and opinions.By measuring and analyzing various attributes, trust modelprovides guarantee that the CSP is delivering the servicein accordance with customer’s specifications mentioned inService level agreements [22]. “High” level indicates directmeasurement of any QoS attribute like applying the differentformulas to assure the required response time or latency time

255

provided by Cloud provider. “Medium” level is assigned forindirect analysis of QoS attributes via feedback or opinionsprovided by other Cloud entities. While, “Low” level isassigned to the feature if the model does not provide anyassurance about QoS requirements of customers.

E. Detection of Untrusted Entities

Trust model that can successfully detect the untrustedentities (that are providing inaccurate feedback) in Cloudenvironment is more reliable for customers. These entities canbe either the CSPs providing untrusted services to customersor those Cloud users that are providing inaccurate feedback fortrust evaluation by the trust model (e-g a user provides manynegative opinions to disadvantage a specific CSP) [23]. A trustmodel that can completely detect all untrusted entities is rep-resented by “High” level through different techniques e-g as-signing credibility weights or applying majority consensus etc.“Medium” level is assigned for partial detection of untrustedentities in Cloud environment by defining the static thresholdvalue below which the entities are included in untrusted zone(Some malicious entities in dynamic Cloud environment mayremain undetected due to this static threshold). The absenceof this feature is shown by assigning the “Low” level.

F. Dynamic trust update and logging

Trust model must be capable of supporting logging oftransactions (between Cloud customers and providers) as ittends to enhance the confidence level of customers. In Cloudenvironment it is important to maintain the logs of transactionhistory as well as dynamically update the trust score for Cloudprovider (to cater the changes in environment and experiencewith CSPs) [24]. In our analysis, this feature is consideredto be at “High” level of assurance if it supports loggingby monitoring the transaction history as well as dynamicallyupdates the trust score (via update polices, time decay functionor history records in logs). “Medium” level is assigned if themodel supports any of the above mentioned features as if itprovides the dynamic trust update but does not encounter anymechanism for logging of transactions or vice versa. “Low”level is assigned for absence of both logging and dynamic trustupdate features.

G. Model Complexity

Complexity of a model is measured in context of ease inapplicability in practical scenarios (less configurations steps),thus the trust models with minimum complexity level are moredesirable to be adopted. “High” level for model complexityindicates that trust model is difficult to apply and implementin practical scenario due to its complex functionality and oper-ations (or complex configurations). “Medium” level representsthe ease in applicability of model in practical scenarios but theinvolvement of complex mathematical algorithms, and “Low”level is assigned to relatively simple trust model without anycomplex mathematical algorithms.

III. ANALYSIS OF TRUST MODELS IN CLOUDCOMPUTING

We have presented a comprehensive analysis of varioustrust models on the basis of our proposed assessment criteria

as shown in table 1. Trust models have been analyzed to findtheir merits and demerits with respect to different security andcontrol features. Moreover, the analysis will provide a detailedguideline for future implementations and improvements of trustmodels in Cloud. Following is a detailed analysis of varioustrust models that have been classified into Agreement based,Certificate/Secret keys-based, Feedback based, Domain basedand Subjective trust categories as shown in figure 1.

A. Agreement based Trust Models

Trust establishment under this category is based on con-tracts and agreements signed by Cloud service providers forthe delivery of different services to customers as shown infigure 2. Service level agreements (SLA) and Service practicestatements (SPS) provide the basis for trust establishment.Various security concerns and quality of service attributes areincluded in contracts and agreements to establish trust onCloud service provider.

Fig. 2: Agreement based trust model

1) SLA-based Trust Model: This model is based on strongSLAs and contains the major components of Cloud services di-rectory, SLA-agent and Cloud consumer module. The processof trust evaluation is performed in three main steps; at initialstages, the customer discovers and selects CSPs in accordanceto the required functional features. After this, the SLA-agent isresponsible for designing and monitoring the SLA parametersand preparing a report for the reliable and trusted CSPs. Atthe final step, the trust management module calculates finaltrust value for specific CSP by using local experience withCloud provider, opinion of external Cloud providers and reportdelivered by SLA-agent [25].

Analysis: In SLA-based trust model, SLA agents areresponsible for asserting the required parameters of encryptionand key management in SLA, hence assuring the data integrityon Cloud up to the partial level. The SLA-management modulein SLA-agent is responsible for creating and negotiating theaccess control policies for stored data on Cloud, thus guar-anteeing the data control and ownership to customers. Thismodel does not encounter any procedure to assure the processexecution control. Trust management module collects feedback(from external Cloud providers) that is used to analyze andassure the QoS parameters offered by specific CSP. Detectionof untrusted entities is obtained via credibility weights whichare assigned to the sources of information and the aggregatedvalue is calculated for all the three sources. “Business activitymonitoring” module monitors and maintains the details ofcustomer’s transactions but due to static SLAs the model doesnot support the dynamic trust update. SLA agent has to only

256

design and select the required parameters for SLAs whilecreation and management related tasks are performed by CSPintroducing ease in applicability, thus supports low complexity.

2) Trust model for security aware Cloud: Sato et al. [26]have proposed Contracted trust that is based on service policystatement (SPS). The basic idea is to provide two levels ofhierarchy for trust which are internal trust layer and contractedtrust layer. Internal trust is established on Cloud platform ifall the underlying operations are under the internal controlof organization. The internal trust is achieved via TrustedPlatform Module that evaluates the underlying configurationsof Cloud and assertion of identity and key management underthe complete control of organizations. The Contracted trust isbased on SPS in a way that Cloud provider enters into this trustlayer by negotiating the desired security and QoS requirementsof customers.

Analysis: This trust model asserts the creation, revoca-tion and management of encryption keys under the control ofcustomer and negotiates the required encryption parametersthrough SPS, hence assuring the data integrity on Cloud.Furthermore, the identity provisioning and access control poli-cies are negotiated through SP that helps in assessing thelevel of data control and ownership. Trusted platform module(TPM) measures and validates the configurations of virtualmachine and keeps a track of all the processes running onCloud platform that assures the process execution control onCloud. However, the model does not provide any mechanismfor evaluation and assurance of QoS attributes. Detection ofuntrusted entities is supported by measuring the configurationsof provider’s platform via TPM. This model does not provideany feature to maintain the logs of consumer’s transactions.Likewise, there is no mechanism to facilitate the dynamic trustupdate. The applicability of service agreements is compara-tively easy in practical scenarios without any involvement ofcomplex configurations, thus supporting the low complexity inthe model.

B. Certificate/secret keys-based Trust Models

Trust establishment between customers and CSPs takesplace through certificates (issued by standardized bodies),trust tickets, private and public keys, TPM endorsement keysissued by trusted third party or certificate authority (CA).Trust tickets are issued to ensure the integrity, availability andconfidentiality of data on Cloud and elevate the confidence ofcustomers regarding the expected behavior of Cloud servicesas shown in figure 3.

Fig. 3: Certificate based Trust Model

1) Ticket based trust model: Mahbub et al. [27] haveproposed ticket based trust model to establish the trust onCloud providers. The data owner (DO) encrypts the datawith secret keys shared between DO and users, and sendsthe encrypted data to CSP along with capability lists (userid,dataid, access rights AR) of already registered users. In trustticket generation protocol, a new user registers itself with theDO by sending the required credentials and then the data ownergenerates the capability list and Trust ticket (TT). In trustticket deployment protocol, the user sends encrypted TT tothe CSP to access the stored data on Cloud. The CSP sendsthe encrypted data to user after verifying the credentials andtrust ticket.

Analysis: High level of data integrity is assured byticket based trust model via encryption techniques such thatthe secret key is shared between registered user and the DO.Trust tickets are issued by the data owner for authorized users,whereas capability lists define the access rights of users on datastored at Cloud, thus assuring the data control and ownershipoffered by CSP. The model does not provide any mechanismto ensure the process execution control and QoS attributespresented by CSP. Capability lists and TT are verified andvalidated by CSP before sending the encrypted data to userthat helps in detection of untrusted entities in Cloud domain.The model does not encounter any logging feature; likewise itdoes not support the dynamic trust update. The applicability ofcapability lists and TT is easy in practical scenarios; howevera unique secret key for each single user introduces complexityin management and distribution of keys up to medium level.

2) Trusted Virtual Environment Module (TVEM) based trustmodel: TVEM based model contains a TVEM manager, avirtual trust network (VTN) and a TVEM Factory (TF). TVEMis a software module that is created in TF under the control ofdata owner (DO) platform. TF is the authorized DO modulethat manages to create TVEMs, root VTN master key, VTNcertificate and trusted environment key (TEK). VTN rootcertificate key is also generated by TF module which is themaster key to secure and revoke all other keys for each VTN.TEK is the endorsement key for TVEM that is rooted bothin host Cloud platform and VTN; and used to establish thetrust in virtual Cloud environment. TVEM measures the Cloudplatform trust through the core root of trust for measurement(CRTM) and trusted computing base (TCB) that contains theBIOS and other platform configurations attested by the TPM[28].

Analysis: The TEK and VTN encryption keys are usedto assure the data integrity on Cloud platform. TCB measurethe configurations and Virtual Environment Configuration Reg-isters (VECR) evaluates polices of virtual environment, thusassuring the data control and ownership on Cloud. Virtual trustnetwork is provided by the model to remotely control all thecomputational activities running on Cloud and assuring theprocess execution control. The measurements and configura-tions of CRTM and TCB help in detection of untrusted entitiesin Cloud, however the model does not offer assurance of QoSattributes for Cloud services. The TVEM manager hosted onCloud platform continuously measures the configurations ofCRTM and TCB to support the dynamic trust update but thereis no feature to maintain the logs of virtual environment. Thecreation, management and migration of TVEM, VTN certifi-

257

cates and TEKs introduce high complexity in applicability ofTF at DO’s end.

C. Feedback based Trust Models

This category includes trust models that collect the feed-back and opinions from other customers to evaluate the truston Cloud services as shown in figure 4. Trust model collectsand manages the feedback regarding different QoS and securityparameters offered by Cloud providers. The most trusted andreliable CSP is the one that encounters all the necessary QoSand security attributes for its customers.

Fig. 4: Feedback based Trust Model

1) Trust as a service model: ‘Trust as a service’ frameworkhas been designed and implemented that contains one Registryservice component and three main layers which are CSPlayer, trust management service layer (TMSL) and the Cloudconsumer layer. The TMSL is responsible for collecting thecustomer’s feedback about different services and evaluatingthe trust values based on received feedback. Trust feedback iscollected in form of history record that includes the identity ofCSP, identity of customer giving the feedback, a set of feed-backs and weighted credibility feedback. Cloud consumer’scapability and majority consensus are the two techniques thatare used to distinguish inaccurate feedback [23].

Analysis: Integrity of data stored at Cloud platformis not assured by this trust model. Similarly, there are nomechanisms to assure process execution control of customers.In this model, the feedback received from Cloud customershelps in analyzing and assuring the QoS attributes offered byvarious Cloud providers. It doesn’t provide any assurance thatall the accesses to data will be under the complete control ofCloud users, thus no data ownership and control is guaranteed.Majority consensus and Cloud consumer’s capability providesdynamic credibility to detect the untrusted entities in Cloudwhich are providing malicious feedback to lower the rankingof particular CSP. It offers medium level support to dynamictrust update and logging feature due to the absence of anymechanism for maintaining the transaction logs. However,the aggregated feedback used to calculate the trust score forparticular CSP is updated dynamically with addition of newfeedback records. The trust management layer is deployedat completely separate infrastructure between consumer andCloud layers that introduces complexity in applicability of thismodel.

2) Prepositional logic terms (PLT) based trust model:The PLT based trust evaluation model contains main modules

which are Consensus Assessments Initiative Questionnaire(CAIQ) Engine, registration manager (RM), Trust semanticengine (TSE), Trust computation engine (TCE), Trust manager(TMg) and Trust update engine (TUE). TSE configures thedifferent formations of prepositional logic terms (PLT) thatrepresent the trustworthy behavior of CSP in terms of specificattributes. Whereas TUE is used to update the trust values andcollect the feedback from various resources in form of opinions[29].

Analysis: CAIQ engine designs the questions aboutvarious encryption techniques adopted by Cloud providers forthe assessment of data integrity. Similarly, TUE collects expertassessments, CSPs statements and consumer’s feedback tovalidate and assure the different encryption techniques offeredby a CSP. The information from CAIQ engine and TUE iscombined via PLTs to assess the encryption techniques, thusassuring medium level of data integrity on Cloud. On the otherhand, there is no mechanism to create access control policiesfor assuring the data control and ownership of customers.The model does not assure process execution control presentedby CSP to its customer. Various feedback opinions regardingthe required QoS attributes are combined via PLTs and theevaluated customized trust value is presented to the customer,thus offering partial support to assuring the QoS attributes.Moreover, consensus and discounting operators provide meansto aggregate the statement opinions and assign credibilityweights to these opinions hence supporting the detection ofuntrusted entities. The deployment of trust evaluation andupdate modules is comparatively easy in practical scenarios;however the configurations and formulation of PLTs introducemedium level of complexity. On the other hand, it does notsupport the dynamic trust update and logging features.

D. Domain based Trust Models

Domain based trust models as shown in figure 5, aremostly used in grid computing but very few trust modelshave been proposed under this category with respect to Cloudenvironment. Basic idea is to divide the Cloud into numberof autonomous domains and distinguish two types of within-domain and inter-domain trust relationships that are extractedfrom direct and recommended trust tables respectively. Within-domain trust values depend upon the transactions between theentities that are in the same domain. If an entity needs tocompute the trust value for some other entity, it checks thedirect trust table but if the direct trust value is not found thenit looks for the recommended trust values from other entities.

Fig. 5: Domain based Trust Model

1) Collaborative trust model: This trust model divides theCloud into various autonomous domains such that every node

258

maintains a trust table (TT) that keeps the trust value of allthe nodes which have been traded with that node within thedomain. Every domain contains a domain agent maintainingthree main tables that includes the domain inside trust table(DITT), domain outside trust table (DOTT) and risk valuetable (RVT). Direct trust value (dtv) in TT is incremented ordecremented according to the success or failure of transactionhistory with that specific node. If no transaction history ispresent in TT for some specific node then either the trustvalue in DITT (within-domain) or DOTT (inter-domain) isused depending upon the location of node [30].

Analysis: This trust model does not assure the securityrequirements of customers for trust establishment on CSP,hence no guarantee is provided for data integrity on Cloud.Likewise, there is no functionality to create and enforce accesscontrol policies for customer; hence it does not ensure the datacontrol and ownership offered by CSP. Time decay functiongradually decreases the trust value between two entities ifthey haven’t communicated since long time thus supportingthe detection of untrusted entities. On the other hand, thereis no support to process execution control and assuring theQoS attributes. Domain agent is responsible to maintain thelogs of all history records for users which include bothabortive and successful transactions with particular CSP. Thesetransaction records are further used to dynamically update thetrust score for specific CSP. The algorithm proposed to updatethe trust value in tables and the time decay function has lowcomputational complexity and domain based trust evaluation iseasily applicable in Cloud environment.

2) Security and interoperability centered trust model:Two main kinds of roles, Cloud customers and Cloud serviceproviders are differentiated in proposed model where eachdomain includes the resources that belong to the same provider.Cloud customers and CSPs have Customer trust table anddomain trust table respectively that includes the domain name,service type, trust degree and generation time. Every domainincludes a domain trust agent that manages the trust tablesto store the required attributes for corporation between Cloudproviders. In initial step of trust decision when a customerwants to evaluate the trust value for certain CSP, it matches therequired domain name and service type in local customer trusttable. Customer can start the transactions only if the trust valueis greater than the defined threshold otherwise the process issuspended. If there is no value in direct trust table then therecommended trust score will be used [31].

Analysis: This trust model does not facilitate the assur-ance of data integrity and process execution control featureson Cloud. A customized and static threshold value has beendefined by the customer according to the preferred securitylevel along with recommendation factor of recommended trustthat is used in detection of untrusted entities. Assurance of QoSattributes is another essential feature of trust models which isnot considered by this model. Likewise, there is no mechanismto assure data control and ownership of customer over thestored data. The trust agent in each domain is responsibleto maintain the logs of transactions between inter-domain aswell as within-domain nodes. Along with this, domain agentsupports dynamic trust update via time stamp associated witheach transaction and re-evaluation of trust value after eachtransaction between the respective nodes in domain. Domain

based trust model is easily applicable as within-domain trustevaluation only depends upon number of entities in thatdomain, whereas inter-domain trust evaluation corresponds tothe total number of domains, thus introducing low complexity.

E. Subjective Trust Models

Subjective based trust models divide the trust into varioussubclasses such as authority trust, code trust, and executiontrust on Cloud platform. Either of the two different approaches,probabilistic or fuzzy theory algorithms are applied to assignthe weights and evaluate the individual subclasses of trust.Probability set theory and fuzzy set theory are the maintechniques for assessment of trust information about certainCSP and the provided services.

1) A novel weighted trust model based on Cloud: Thenovel weighted trust model is based on the qualitative andquantitative Cloud transform model that can precisely de-scribe the randomness and fuzziness of trust values and thecorrelation between the two. Any one of the two importantCloud generation algorithms know as normal Cloud generationalgorithm or backward Cloud generation algorithm can beused to represent Cloud model. Cloud-Based Weighted TrustModel (CBWT Model) is proposed, including the WeightedTrust Information Transfer Algorithm (WTIT Algorithm) andWeighted Trust Information Combination Algorithm (WTICAlgorithm). CBWT model is based on subjective nature oftrust that uses Expectation Ex, Entropy En, Hyper-entropy Heto express the trust score of an entity. The WTIT algorithm isused to transfer the trust information from one entity to anotheralong certain path using recommended trust values providedby other Cloud providers [32].

Analysis: This subjective trust model does not assurethe security concerns of customers like data integrity and pro-cess execution control offered by Cloud providers. Proposedsubjective trust model caters the randomness and fuzziness inevaluation of trust providing high success rate for detection ofuntrusted entities. On the other hand, it does not assure datacontrol and ownership of customer that is a significant featureto escalate the level of trust on CSP. Similarly, there is nosupport to assure the QoS attributes which is very essentialto provide guarantee that the CSP is delivering the servicesin accordance with customer’s specifications mentioned in theSLA. The practical applicability of Cloud generation algo-rithms in real scenarios presents high complexity as comparedto feedback and domain based trust models. It provides partialsupport for dynamic trust update and logging feature due toabsence of any mechanism to record the transaction historybut providing the dynamic trust update via CBWT Model (thevalues for entropy and expectation are continuously updatedeach time the algorithm is executed).

2) Fuzzy comprehensive evaluation based trust model:The proposed model divides Cloud trust system into two partsthat are Service trust subsystem and User trust subsystem. Inthe service trust subsystem, it sets up a Cloud InformationService Center (CISC) which is the trusted third party and thetrust management center for all the providers. Trust evaluationmodel represents the CSP with three main attributes that areidentity of provider, name of provider and service trust. Trustevaluator executes trust fuzzy comprehensive evaluation (FCE)

259

TABLE I: Comparative Analysis of Trust Models in Cloud Computing

Agreementbased TrustModels

Certificates based Trust Models Feedback based Trust Models Domain basedTrust Models

Subjective Trust Models

AssessmentFeatures

SLAbasedtrustmodel[25]

TrustmodelforsecurityawareCloud[26]

Ticketbasedtrustmodel[27]

Certificatesbasedtrustmodel[34]

(TVEM)basedtrustmodel[28]

Trustevaluationmodelbased onresponsetime [35]

Trustas aservicemodel[23]

PLTbasedtrustmodel[29]

Collabora-tive TrustModel [30]

Securityandinterop-erabilitycenteredtrustmodel[31]

A novelweightedtrustmodel[32]

Fuzzycompre-hensivebasedtrustmodel[33]

Data Integrity Medium Medium High Medium High Low Low Medium Low Low Low Low

DataControl andOwnership

High High High High High Low Low Low Low Low Low Low

Model Com-plexity

Low Low Medium High High Medium High Medium Low Low High High

Detection ofUntrustedEntities

High High High Low High Low High High High Medium High Medium

ProcessExecutionControl

Low High Low Low High Low Low Low Low Low Low Low

Qualityof ServiceAttributes

Medium Low Low Low Low High medium medium Low Low Low Low

DynamicTrust Updateand Logging

Medium Low Low Medium Medium High Medium Low High High Medium High

algorithm and helps to make reasonable trust decisions inselection of most credible Cloud services [33].

Analysis: The model does not encounter various im-portant security features like integrity, control and ownershipof data stored at Cloud. Similarly, there is no mechanism inproposed trust evaluation and Cloud discovery algorithms tomeasure and analyze the QoS attributes offered by CSP. Simplemalicious nodes and role malicious nodes are two kinds ofmalicious nodes where role malicious nodes are difficult to de-tect using FCE algorithm thus provides detection of untrustedentities up to the partial level. High complexity is achievedthrough the difficulty in implementing the FCE algorithms anddeploying the model in practical scenarios. The model does notassure process execution control to the customer. It offers highlevel support to dynamic trust update and logging feature asCISC maintains the logs of all transactions (between CSPsand consumers in each domain) and fuzzy trust evaluationalgorithm creates a new trust judgment matrix each time itgets executed to dynamically update the calculated trust value.

More literature exists on cloud based trust models [14]–[19], but due to limitation of space we are unable to present allthe models [34], [35]. Our critical analysis has enlightenedvarious weaknesses and strengths of trust models in Cloudcomputing. A complete holistic representation of analysis isshown in table 1.We have not provided absolute ranking inanalysis to highlight the most appropriate and best trust modelas it depends upon the requirements of Cloud users which varyfrom user to user. For instance, a user having data integrity

requirement can select a trust model with “High” level ofassurance assigned to this feature. However, there is a needfor a trust model that can cover all the essential featureswith an objective to evaluate trust in efficient, reliable anda secure way. We have made the contribution by proposing anassessment criterion that can be applied to evaluate most ofthe previous, existing or upcoming trust models in the Cloudcomputing.

IV. CONCLUSION AND FUTURE WORK

Establishment of trust on CSPs is a challenging issue due towhich many enterprises are reluctant to deploy their businessat Cloud. Currently, there exists no related work that can helpthe enterprises to choose a trust model in accordance withsuitable security and control of data features. In this paper, wehave proposed assessment criteria for evaluation and analysisof trust models in Cloud computing. Our proposed assessmentcriterion contains the potential security and control featuresthat are indispensible for evaluation of trust in Cloud paradigm.Furthermore, we have presented a detailed analysis to helpvarious Cloud users in the selection of most suitable trustmodel according to their requirements.

Our future work is directed to classify the identified trustfeatures into functional and non-functional categories andpresent them in form of panoramic taxonomies. We have iden-tified an important research direction, presented by the trustestablishment and evaluation in federated Cloud environment.Cloud federation is one of the emerging domains in Cloud

260

computing paradigm that lacks trust establishment protocolsand models. All the existing trust models are not enoughto establish and propagate trust in federated Cloud domain.Therefore, there is a need to propose new trust establishmentprotocols that can also handle the trust propagation in federatedCloud environment. In this regard, the research should befocused on introducing a new trust model that can facilitatethe CSPs to establish and propagate trust, when customer’srequests are redirected from one CPS to another CSP duringthe demand spikes.

REFERENCES

[1] L. Wang, G. Von Laszewski, A. Younge, X. He, M. Kunze, J. Tao,and C. Fu, “Cloud computing: a perspective study,” New GenerationComputing, vol. 28, no. 2, pp. 137–146, 2010.

[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski,G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A viewof cloud computing,” Commun. ACM, vol. 53, no. 4, pp. 50–58, Apr.2010. [Online]. Available: http://doi.acm.org/10.1145/1721654.1721672

[3] B. P. Rimal, E. Choi, and I. Lumb, “A taxonomy and survey of cloudcomputing systems,” in INC, IMS and IDC, 2009. NCM’09. FifthInternational Joint Conference on. Ieee, 2009, pp. 44–51.

[4] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloudcomputing and emerging it platforms: Vision, hype, and reality fordelivering computing as the 5th utility,” Future Generation computersystems, vol. 25, no. 6, pp. 599–616, 2009.

[5] S. Sengupta, V. Kaulgud, and V. S. Sharma, “Cloud computing security–trends and research directions,” in Services (SERVICES), 2011 IEEEWorld Congress on. IEEE, 2011, pp. 524–531.

[6] S. Subashini and V. Kavitha, “A survey on security issues in servicedelivery models of cloud computing,” Journal of Network and ComputerApplications, vol. 34, no. 1, pp. 1–11, 2011.

[7] D. Zissis and D. Lekkas, “Addressing cloud computing security issues,”Future Generation Computer Systems, vol. 28, no. 3, pp. 583–592, 2012.

[8] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud computing: state-of-the-artand research challenges,” Journal of Internet Services and Applications,vol. 1, no. 1, pp. 7–18, 2010.

[9] S. M. Habib, S. Ries, and M. Muhlhauser, “Cloud computing landscapeand research challenges regarding trust and reputation,” in Ubiqui-tous Intelligence & Computing and 7th International Conference onAutonomic & Trusted Computing (UIC/ATC), 2010 7th InternationalConference on. IEEE, 2010, pp. 410–415.

[10] I. M. Abbadi and A. Martin, “Trust in the cloud,” information securitytechnical report, vol. 16, no. 3, pp. 108–114, 2011.

[11] S. Pearson and A. Benameur, “Privacy, security and trust issues arisingfrom cloud computing,” in Cloud Computing Technology and Science(CloudCom), 2010 IEEE Second International Conference on. IEEE,2010, pp. 693–702.

[12] C. Chaowen, L. Chen, and W. Yuqiao, “A subjective trust modelbased on two-dimensional measurement,” in Computer Engineeringand Technology, 2009. ICCET’09. International Conference on, vol. 1.IEEE, 2009, pp. 37–41.

[13] M. Wojcik, H. Venter, and J. Eloff, “Trust model evaluation criteria:A detailed analysis of trust evaluation,” in Proceedings of the ISSA2006 from Insight to Foresight Conference, Information Security SouthAfrica, 2006, pp. 1–9.

[14] J. Abawajy, “Establishing trust in hybrid cloud computing environ-ments,” in Trust, Security and Privacy in Computing and Communica-tions (TrustCom), 2011 IEEE 10th International Conference on. IEEE,2011, pp. 118–125.

[15] P. Pawar, M. Rajarajan, S. K. Nair, and A. Zisman, “Trust model foroptimized cloud services,” in Trust Management VI. Springer, 2012,pp. 97–112.

[16] H. Kim, H. Lee, W. Kim, and Y. Kim, “A trust evaluation model forqos guarantee in cloud systems,” International Journal of Grid andDistributed Computing, vol. 3, no. 1, p. 1, 2010.

[17] K. Hwang, S. Kulkareni, and Y. Hu, “Cloud security with virtualizeddefense and reputation-based trust mangement,” in Dependable, Auto-nomic and Secure Computing, 2009. DASC’09. Eighth IEEE Interna-tional Conference on. IEEE, 2009, pp. 717–722.

[18] Y.-C. Liu, Y.-T. Ma, H.-S. Zhang, D.-Y. Li, and G.-S. Chen, “A methodfor trust management in cloud computing: Data coloring by cloudwatermarking,” International Journal of Automation and Computing,vol. 8, no. 3, pp. 280–285, 2011.

[19] X. Sun, G. Chang, and F. Li, “A trust management model to enhancesecurity of cloud computing environments,” in Networking and Dis-tributed Computing (ICNDC), 2011 Second International Conferenceon. IEEE, 2011, pp. 244–248.

[20] K. M. Khan and Q. Malluhi, “Establishing trust in cloud computing,”IT professional, vol. 12, no. 5, pp. 20–27, 2010.

[21] F. J. Krautheim, “Private virtual infrastructure for cloud computing,” inProceedings of the 2009 conference on Hot topics in cloud computing.USENIX Association, 2009, pp. 5–5.

[22] S. M. Habib, S. Hauke, S. Ries, and M. Muhlhauser, “Trust as afacilitator in cloud computing: a survey,” Journal of Cloud Computing,vol. 1, no. 1, pp. 1–18, 2012.

[23] T. H. Noor and Q. Z. Sheng, “Trust as a service: a framework fortrust management in cloud environments,” in Web Information SystemEngineering–WISE 2011. Springer, 2011, pp. 314–321.

[24] S. Ruohomaa and L. Kutvonen, “Trust management survey,” in TrustManagement. Springer, 2005, pp. 77–92.

[25] M. Alhamad, T. Dillon, and E. Chang, “Sla-based trust model for cloudcomputing,” in Network-Based Information Systems (NBiS), 2010 13thInternational Conference on. IEEE, 2010, pp. 321–324.

[26] H. Sato, A. Kanai, and S. Tanimoto, “A cloud trust model in a securityaware cloud,” in Applications and the Internet (SAINT), 2010 10thIEEE/IPSJ International Symposium on. IEEE, 2010, pp. 121–124.

[27] M. Ahmed and Y. Xiang, “Trust ticket deployment: a notion of a dataowner’s trust in cloud computing,” in Trust, Security and Privacy inComputing and Communications (TrustCom), 2011 IEEE 10th Interna-tional Conference on. IEEE, 2011, pp. 111–117.

[28] F. J. Krautheim, D. S. Phatak, and A. T. Sherman, “Introducing thetrusted virtual environment module: a new mechanism for rooting trustin cloud computing,” in Trust and Trustworthy Computing. Springer,2010, pp. 211–227.

[29] S. M. Habib, S. Ries, and M. Muhlhauser, “Towards a trust managementsystem for cloud computing,” in Trust, Security and Privacy in Com-puting and Communications (TrustCom), 2011 IEEE 10th InternationalConference on. IEEE, 2011, pp. 933–939.

[30] Z. Yang, L. Qiao, C. Liu, C. Yang, and G. Wan, “A collaborative trustmodel of firewall-through based on cloud computing,” in Computer Sup-ported Cooperative Work in Design (CSCWD), 2010 14th InternationalConference on. IEEE, 2010, pp. 329–334.

[31] W. Li and L. Ping, “Trust model to enhance security and interoperabilityof cloud environment,” in Cloud Computing. Springer, 2009, pp. 69–79.

[32] h. x. Zhao-xiong zhou and suo-ping wang, “A novel weighted trustmodel based on cloud,” Advances in Information Sciences and ServiceSciences, vol. 3, no. 3, 2011.

[33] W. LI, L. PING, Q. QIU, and Q. ZHANG, “Research on trustmanagement strategies in cloud computing environment,” Journal ofComputational Information Systems, vol. 8, no. 4, pp. 1757–1763, 2012.

[34] M. Bezzi, S. P. Kaluvuri, and A. Sabetta, “Ensuring trust in ser-vice consumption through security certification,” in Proceedings ofthe International Workshop on Quality Assurance for Service-BasedApplications. ACM, 2011, pp. 40–43.

[35] M. Firdhous, O. Ghazali, and S. Hassan, “A trust computing mechanismfor cloud computing,” in Kaleidoscope 2011: The Fully NetworkedHuman?-Innovations for Future Networks and Services (K-2011), Pro-ceedings of ITU. IEEE, 2011, pp. 1–7.

261