Beruflich Dokumente
Kultur Dokumente
Key Words: Information Broking System, Automation segmentation, coordinates broker, privacy preserving, and
Attribute-correlation attack.
been proposed to manage locally stored data on the embedded nondeterministic finite
with a federated DBMS and provide unified data automata the query brokering automata. To
access. However, the centralized DBMS still prevent curious or corrupted coordinators from
introduces data heterogeneity, privacy, and trust inferring private information, we design two
issues. Meanwhile, the peer-to-peer information novel schemes: (a) to segment the query
sharing framework is often considered a solution brokering automata, and (b) to encrypt
between sharing nothing and sharing corresponding query segments. While providing
everything. In its basic form, every pair of peers full capability to enforce in-network access
establishes two symmetric client-server control and to route queries to the right data
relationships, and requestors send queries to sources, these two schemes ensure that a curious
multiple databases. This approach assumes 2n or corrupted coordinator is not capable to collect
relationships for n peers, and is not scalable. In enough information to infer privacy, such as
the context of sensitive data and autonomous which data is being queried, where certain
data owners, a more practical and adaptable data is located, or what are the access control
solution is to construct a data centric overlay policies, etc. We show that PPIB provides
including the data sources and a set of brokers comprehensive privacy protection for on-demand
helping to locate data sources for queries Such information brokering, with insignificant
infrastructure builds up semantic-aware index overhead and very good scalability.
mechanisms to route the queries based on their
content, which allows users to submit queries
2. RELATED WORK
without knowing data or server location. In our Research areas such as information integration,
previous study, such a distributed system peer-to-peer file sharing systems and publish-
providing data access through a set of brokers is subscribe systems provide partial solutions to the
referred to as Information Brokering System problem of large scale data sharing. Information
(IBS). integration approaches focus on providing an
integrated view over large numbers of
While the IBS approach provides scalability and
heterogeneous data sources by exploiting the
server autonomy, privacy concerns arise, as
semantic relationship between schemas of
brokers are no longer assumed fully trustable
they may be abused by insiders or compromised different sources. The PPIB study assumes that a
global schema exists within the consortium,
by outsiders. In this article, we present a general
therefore, information integration is out of our
solution to the privacy-preserving information
scope. Peer-to-peer systems are designed to share
sharing problem. First, to address the need for
files and data sets (e.g. in collaborative science
privacy protection, we propose a novel IBS,
applications). Distributed hash table technology
named Privacy Preserving Information Brokering
(PPIB). It is an overlay infrastructure consisting is adopted to locate replicas based on keyword
queries. the coarse granularity (e.g. files and
of two types of brokering components: brokers
documents) still makes them short of our
and coordinators. The brokers, acting as mix
expressiveness needs. Further, P2P systems may
anonymizers, are mainly responsible for user
not provide complete set of answers to a request
authentication and query forwarding. The
while we need to locate all relevant data.
coordinators, concatenated in a tree structure,
enforce access control and query routing based
2.1. Vulnerabilities and the Threat model The proposed system is robust to deal
with various numbers of dynamic service
We adopt the semi-honest assumption for the
behavior from multiple cloud sites.
brokers, and assume two types of adversaries,
Some hybrid trust models are proposed
outside attackers and curious or corrupted
for cloud computing environment It is no
brokering components. Outside attackers
doubt that how to adaptively fuse direct
passively eaves drop communication channels.
trust (first-hand trust) and indirect trust
Curious or corrupted brokering components
(users feedback) should be an important
follow the protocols properly to fulfill their
problem, however, most current studies
functions, while trying their best to infer others
in hybrid trust models either ignore the
private information from the information
problem or using subjective or manual
disclosed in the querying process
methods to assign weight to this two
2.2. Attribute-correlation attack. trust factors (first-hand trust and users
feedback).
An attacker intercepts a query (in plaintext),
The proposed trust management
which typically contains several predicates. Each
framework for a multi-cloud
predicate describes a condition, which sometimes
environment is based on the proposed
involves sensitive and private data (e.g. name,
trust evaluation model and the trust
SSN or credit card number, etc.). If a query has
propagation network.
multiple predicates or composite predicate
First, a trusted third party-based service
expressions, the attacker can correlate the
brokering architecture is proposed for
corresponding attributes to infer sensitive
multiple cloud environment, in which
information about the data owner. This attack is
the T-broker acts as a middleware for
known as the attribute correlation attack:
cloud trust management and service
3. SYSTEM STUDY matching.
3.1. Presented System: T-broker uses a hybrid and adaptive
The existing brokering architecture for trust model to compute the overall trust
cloud computing do not consider user degree of service resources, in which
feedback only relying on some direct trust is defined as a fusion evaluation
monitoring information. result from adaptively combining the
There is no doubt that the efficiency of a direct monitored evidence with the social
trust system is an important requirement feedback of the service resources.
for multiple cloud environments. That is,
Problem Statement:
the trust brokering system should be fast
convergence and light-weight to serve for The development of trust awareness
a large number of users and providers. technology for cloud computing has become
However, existing studies paid little a key and urgent research direction .Today,
attention to this question, which greatly the problem of trusted cloud computing has
affects scalability and availability of the become a paramount concern for most users.
trust system Its not that the users dont trust cloud
3.2. Proposed System: computings capabilities; rather, they mainly
requirements, to get a customized trust value of types. An instance type is defined in terms of
the cloud providers hardware metrics such as CPU frequency,
memory size, hard disk capacity, etc. In this
(iii)Maximizing deviation method(MDM):
work, the VIM component is based on the
A maximizing deviation method to compute the OpenNebula virtual infrastructure manager this
direct trust of service resource, which can module is used to collect and index all these
overcome the limitations of traditional trust resources information from multiple cloud
models, in which the trusted attributes are providers. It obtains the information from each
weighted manually or subjectively. At the same particular cloud provider and acts as a resource
time, this method has a faster convergence than management interface for monitoring system.
other existing approaches. Cloud providers register their resource
information through the VIM module to be able
(iv)Sensor-Based Service Monitoring (SSM): to act as sellers in a multi-cloud marketplace.
This module is used to monitor the real-time This component is also responsible for the
service data of allocated resources in+ order to deployment of each VM in the selected cloud as
guarantee the SLA (Service Level Agreement) specified by the VM template, as well as for the
with the users. In the interactive process, this management of the VM life-cycle. The VIM caters
module dynamically monitors the service for user interaction with the virtual infrastructure
parameters and is responsible for getting run- by making the respective IP addresses of the
time service data. The monitored data is stored in infrastructure components available to the user
the evidence base, which is maintained by the once it has deployed all VMs.
broker. To calculating QoS-based trustworthiness (vi)Service level agreement Manager(SLA)
of a resource we mainly focus on five kinds of
trusted attributes of cloud services, which In the multiple cloud computing environment,
consists of node spec profile, average resource SLA can offer an appropriate guarantee for the
usage information, average response time, service of quality of resource providers, and it
average task success ratio, and the number of serves as the foundation for the expected level of
malicious access. The node spec profile includes service between the users and the providers An
four trusted evidences: CPU frequency, memory SLA is a contract agreed between a user and a
size, hard disk capacity and network bandwidth. provider which defines a series of service quality
The average resource usage information consists characters. Adding trust mechanism into the SLA
of the current CPU utilization rate, current management cloud brokering system can prepare
memory utilization rate, current hard disk the best trustworthiness resources for each
utilization rate and current bandwidth utilization service request in advance, and allocate the best
rate. The number of malicious access includes the resources to users. In general, the service
number of illegal connections and the times of resource register its services on the cloud
scanning sensitive ports. brokering system. The service user negotiates
with the service provider about the SLA details;
(v)Virtual Infrastructure Manager (VIM) they finally make a SLA contract. According to
Each cloud provider offers several VM the SLA contract, the resource matching module
configurations, often referred to as instance
selects and composites highly trusted resources distributed systems, such as grid computing, P2P
to users from the trusted resource pool. computing, wireless sensor networks, and so on,
feedback provides an efficient and effective way
Multiple cloud computing:
to build a socialevaluation- based trust
MULTIPLE cloud theories and technologies are relationship among network entities. By the same
the hot directions in the cloud computing token, feedback also can provider important
industry, which a lot of companies and reference in evaluating cloud resource
government are putting much concern to make trustworthiness. Consider large-scale cloud
sure that they have benefited from this new collaborative computing environment which host
innovation However, compared with traditional hundreds of machines and handles thousands of
networks, multiple cloud computing request per second, the delay induced by trust
environment has manyunique features such as system can be one big problem. So, there is no
resources belonging to each cloud provider, and doubt that the computational efficiency of a
such resources being completely distributed, feedback aggregating mechanism is the most
heterogeneous, and totally virtualized; these fundamental requirement. As depicted in Fig. 3,
features indicate that unmodified traditional trust we build cloud social evaluation system using
mechanisms can no longer be used in multiple feedback technology among virtualized data
cloud computing environments. A lack of trust centers and distributed cloud users, and we use a
between cloud users and providers has hindered lightweight feedback mechanism, which can
the universal acceptance of clouds as outsourced effectively reduce networking risk and improve
computing services. Thus, the development of system efficiency.
trust awareness technology for cloud computing
5. CONCLUSION:
has become a key and urgent research direction
Today, the problem of trusted cloud computing In this paper, we present T-broker, a trust-aware
has become a paramount concern for most users. service brokering system for efficient matching
Its not that the users dont trust cloud multiple cloud services to satisfy various user
computings capabilities; rather, they mainly requests. Experimental results show that T-
question the cloud computings trustworthiness . broker yields very good results in many typical
cases, and the proposed mechanism is robust to
FeedBack Aggregation:
deal with various number of service resources. In
The Trust as a Service (TaaS) framework to the future, we will continue our research from
improve ways on trust management in cloud two aspects. First is how to accurately calculate
environments . In particular, the authors the trust value of resources with only few
introduce an adaptive credibility model that monitored evidences reports and how to
distinguishes between credible trust feedbacks motivate more users to submit their feedback to
and malicious feedbacks by considering cloud the trust measurement engine. Implementing and
service consumers capability and majority evaluating the proposed mechanism in a large-
consensus of their feedbacks. However, this scale multiple cloud system, such as distributed
framework does not allow to assess data sharing and remote computing, is another
trustworthiness based on monitoring information important direction for future research.
as well as users feedback. In large-scale