Page 856 - Cloud computing: From paradigm to operation
P. 856

5                                            Intercloud and interoperability


                    management, authentication and authorization. In lower layers it focusses on resource control and
                    security  over  the  distributed  inter-cloud  infrastructure,  such  as  virtualization  and  encryption
                    management.
            –       The horizontal axis (cross-provider) is based on the interconnection of CSPs and relies on the inter-
                    cloud framework [ITU-T Y.3511]. The inter-cloud trust management in this dimension is realized over
                    functional components for managing security mechanisms. The trust management functionalities
                    located in the multi-layer function ("Authorization and security policy management") establish a
                    chain of trust between CSPs with peering, federation and intermediary patterns.

            6.3     Reputation-based trust management in inter-cloud environment
            In  an  inter-cloud  environment,  information  such  as  a CSP's  competence,  honesty,  availability,  quality of
            service and reputation will influence the selection of the CSP to transact with. Therefore, there is a need to
            assess and maintain the reputation of CSPs.
            Reputation is a measurement which could be derived from direct or indirect knowledge of earlier interactions
            of peers and is used to assess the level of trust to a peer. As an entity can trust another entity in the inter-
            cloud based on their reputation, we can use reputation to build trust.

            One approach to implementing reputation-based trust management is shown in Figure 6-1. It is a distributed
            framework  that  enables  interested  parties  to  determine  the  reputation  of  inter-cloud  entities.  In  this
            approach, each CSP has its own trust evaluation system which maintains and computes its trust values locally.
            Trust value is a reputation scoring for CSPs and could be referenced in selecting a CSP to transact with. It
            could  be  calculated  in  realtime  based  on  direct  observation  and  experience  (i.e.,  first-hand  reputation
            information) and indirect information by sharing observations and experience measures with other entities
            (i.e., second-hand reputation information).




























                         Figure 6-1 – One approach to implement reputation-based trust management


            The trust evaluation system is responsible for collecting and maintaining reputation information such as a
            CSP's  competence,  honesty,  availability,  quality  of  service  about  every  other  CSP  that  it  has  peering
            agreements with, and this information could be represented by parameters such as ''mean time between
            failures'',  ''mean  time  to  restore  service'',  ''ready  for  service  date''  and  so  on.  First-hand  reputation
            information should be updated when a CSP completes a transaction with other CSPs. At the same time, the
            trust evaluation system should publish its updated first-hand reputation information to a subset of their
            peers  that  they  have  a  peering  agreement  with.  Since  the  integrity  of  the  second-hand  reputation
            information  has  signally  influence  on  the  quality  of  a  trust  evaluation  system,  a  mechanism  should  be
            implemented to protect against unfair ratings from others.


            848
   851   852   853   854   855   856   857   858   859   860   861