• No results found

A Trust Based Approach for Security and User Confidence in Pervasive Computing Systems

N/A
N/A
Protected

Academic year: 2020

Share "A Trust Based Approach for Security and User Confidence in Pervasive Computing Systems"

Copied!
8
0
0

Loading.... (view fulltext now)

Full text

(1)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

A Trust Based Approach for Security and User

Confidence in Pervasive Computing Systems

1

S.Sivakumar,

2

V.Anuratha

Ph.D Research Scholar, Sree Saraswathi Thiyagaraja College, Pollachi, TN, India-642 107 Email: sivacsphd@gmail.com

Head, PG Department of Computer Science, Sree Saraswathi Thiyagaraja College, Pollachi, TN, India-642 107 Email: mailanuvinu@yahoo.co.in

Abstract: Cloud computing has turned into a piece of the focused market today. Numerous associations make utilization of

cloud administrations. As the cloud computing administrations is developing and picking up prominence, the dread about the

use of cloud administrations is as yet an open issue. Different issues are distinguished in the writing; one of which is security.

Security hazards in the territory of cloud computing has pulled in consideration since its start. New conventions and

instruments are dependably sought after to improve the safety effort by a cloud computing administration. Different cloud

computing specialist co-ops are accessible with their administrations in the cloud condition. These administrations have

different determinations, highlights and techniques for accomplishing security. Strategies received by different suppliers to

accomplish security are of fluctuating nature. A cloud client may choose an administration in view of his prerequisite and level

of security gave by the administration. To break down a specific administration in view of its different security properties is a

test. Measure of security and believing a cloud benefit is a test. A trust display measures the security quality and figures

confide in esteem. Trust esteem is a measure of different parts of security like validation, approval and so forth that are vital

for estimating security. Trust esteem speaks to different parameters that are critical measurements along which security of

cloud administrations can be estimated. These parameters rely upon sub-parameters and functionalities that are quantifiable.

Since this model depends on moderately static data, for example, sort of encryption calculation utilized, this trust demonstrate

gives static esteems. Cloud benefit particulars and highlights are removed to compute the security of an administration as far

as static parameters and named as static trust.

Keywords:

Resource Allocation, SaaS, PaaS, IaaS, Load Balancing.

I. INTRODUCTION

Cloud computing has transformed into a bit of the engaged market today[1]. Various affiliations make use of cloud organizations. In spite of the way that cloud computing organizations is creating and getting universality, the fear about the usage of cloud organizations is up 'til now an open issue. Diverse issues diverting gathering are recognized in the keeping in touch with; one of the genuine ones is security. Security risks in the zone of cloud computing has pulled in thought since its start[4]. New traditions and instruments are reliably looked for after to redesign the security nature of a cloud computing organization or master association.

(2)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

critical test is to trust a cloud organization and one can attempt to model such trust in a cloud advantage, as a kind of place stock in regard. This hypothesis explores the probability of building such a structure for trust in count, and its alternate points of view.

This investigation shows a trust based evaluation that a cloud customer can use to choose trust of a conveyed processing organization. A trust exhibit is characterized that can measure security of a cloud application or organization. Trust exhibit measures the security quality and gives trust in regard. Trust regard contains distinctive parameters that are principal estimations along which security can be evaluated. These parameters depend upon sub parameters and limits that are quantifiable units. The general trust regard that can be processed as various parameters is named as static trust. Over some extend of time advan tage utilize and customer experience gives hotspots for the dynamic lead of the trust. Dynamic parameters are characterized in perspective of these sources and make the model dynamic. Static and dynamic parameters both can be used and surveyed to choose security nature of a disseminated figuring application or organization. Trust model can be used by cloud customer to survey the cloud advantage security, and a cloud provider can use it to find the insufficiencies and change regions. Thusly trust exhibit goes about as a benchmark or a situating backing of evaluates security in a conveyed processing condition.

II. OVERVIEW OF CLOUD COMPUTING

Cloud computing is a kind of registering framework that comprises of an accumulation of between associated processing hubs, servers, and other equipment and programming administrations and applications that are powerfully provisioned among contending clients. It centers around conveying solid, secure, blame tolerant, reasonable, and adaptable administrations, stages and frameworks to the end-users[2]. These frameworks have objectives of giving for all intents and purposes boundless figuring and capacity, and concealing the intricacy of substantial scale disseminated registering from clients. Administrations are conveyed over the Internet or private systems, or blend of these. The cloud administrations are gotten to over these systems in light of their accessibility, execution, ability, and Quality of Service (QoS) necessities.

Figure-1: Cloud computing service models

Contingent upon the sort of administration gave, there are three kinds of cloud benefits likewise named as conveyance models; Infrastructure as an administration, (IaaS), Platform as an administration (PaaS) and Software as an administration (SaaS)[3].

IaaS manages giving figuring office, stockpiling or some other equipment asset. Amazon is one of the cloud suppliers offering IaaS. Cases of these administrations are EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service).

PaaS provides platforms in terms of operating system and any other system software that can be used to build custom applications by the users. User can configure and develop their application on the specific platform. Microsoft Azure is an example of PaaS.

SaaS deals with using any application or service via cloud. Google calendar is one of the examples that provide collaboration on various applications, like event management, project management etc. via internet. Salesforce is also a common and popular example of CRM SaaS Application.

Table-1: Cloud Services and Cloud Providers

Cloud Service Models Cloud Providers

Software as a Service(SaaS) Salesforce.com, Microsoft office 365, workday.

Platform as a Service(PaaS) Google App. Engine, Force.com

(3)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

III. FEATURESANDBENEFITS

Cloud computing began its base in the mid of 2007 and is becoming quickly up until now. It has different highlights that do clients to change to the cloud computing condition. Some of these highlights are talked about beneath;

A. Versatility and Scalability: The cloud assets can be provisioned or de-provisioned according to the expansion or lessening in the client request. The processing force, memory and other office can be scaled up or down according to the client prerequisite.

B. Usability: There is no compelling reason to possess and keep up costly equipment, programming and different assets by the cloud client. The cloud administrations are straightforwardly gotten to utilizing a web program. No additional assets are expected to run and execute cloud administrations. A basic work area with ordinary web network is adequate.

C. Gadget and Location Independent: Since the cloud administrations can be gotten to through web program, it can be gotten to geologically from anyplace and from any gadget that backings web interface. A cloud administration can be gotten to like any web benefit.

D. Arrangement for custom application advancement utilizing PaaS: Software improvement utilizing PaaS is simpler contrasted with in-house application improvement, which requires equipment and programming support and additionally essential improvement apparatuses to be claimed, introduced and overseen. In cloud computing condition, improvement devices and programming are accessible as administration, which makes advancement simple and quicker.

E. Decreased cost: For influencing a section in to a business, to cost required for foundation is diminished by moving to the cloud. As figuring force, stockpiling and different assets are utilized from cloud; cost to buy and in addition oversee them is enormously influenced. It is profitable for the associations if the assets are required by them just for little term and furthermore when the need emerges in course of time.

F. Multi-Tenancy: A solitary information server, registering and different assets are shared among various clients by utilizing virtualization and detachment. This element named as Multi-tenure, permits proficient usage of assets.

G. Unwavering quality: Multiple channels are accessible for processing power, stockpiling and so forth to provide more dependable administrations to the clients. Additionally the information might be put away at various areas by supplier. This repetition regarding information stockpiling and other asset empowers arrangement for calamity recuperation and accomplishes better unwavering quality and accessibility of information and additionally benefits contrasted with what one can oversee when all these are to be given at one's own premises.

IV. OBSTACLES FOR ADOPTION

Alongside points of interest for utilizing cloud computing applications and administration, there are a few deterrents that go about as a hindrance in its development. They include:

A. Secure: It is the issue of compactness and Inter-operability. Secure issue could be for information and seller.

B. Information Lock-in: Data put away at one cloud site can't be effectively reclaimed, if a client wishes to change a cloud supplier. It might be because of absence of institutionalized API. These outcomes in an issue of information secure.

C. Merchant Lock-in: A cloud supplier gives benefits as far as APIs. Programming interface made for one supplier of cloud may not be helpful for another suppliers cloud. In the event that a difference in supplier is required then APIs likewise must be changed, prompting at any rate incomplete re-advancement of the application. This issue is named as merchant secure.

D. Administration Availability: For a cloud client, administration ought to be accessible at unequalled. At whatever point a client demands for a cloud administration, supplier and client needs to sign SLA (Service Level Agreement). This characterizes the terms and conditions and particulars for cloud benefit. It additionally incorporates level of time benefit is accessible. A cloud client expects a high accessible administration with no or insignificant downtime. A cloud supplier and its comparing administration, is chosen in light of administration accessibility and business needs.

E. Bottleneck: Data exchange bottleneck and administration interruption are a portion of the issues caused because of transfer speed impediment.

(4)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515 Particular concerns include:

G. Loss of administration: A cloud supplier site is situated in one nation and the cloud client utilizing the administration from another nation. Client information which is put away from one nation is claimed and is under the control of cloud supplier nation. The information, in this way, might be outside the association's immediate control, notwithstanding it being the proprietor and maker of the information. Its abuse may significantly affect protection, security and licensed innovation claims.

H. Administrative consistence: This property expresses that however information may live in the cloud, the commitment for administrative consistence may even now falls with the association that possesses the information and henceforth is verifiabl y capable to any issues emerging out of the cloud supplier's abuse.

I. Absence of straightforwardness: Cloud sellers don't generally reveal the points of interest of how their administrations function, which outsider accomplices they utilize, and precisely where the information is found. The data about the client information, safety efforts and so on are for the most part not known to client.

For worldwide organizations with workplaces and clients in various nations, the issues are significantly more mind boggling, as legitimate prerequisites and arrangements shift between nations. Such snags as talked about above, goes about as huge hindrances in the development of cloud computing. Among them security and protection of information and applications are the significant rising concerns.

V. SECURITY IN CLOUD ENVIRONMENT

In cloud computing paradigm[4], a cloud supplier makes, conveys and deals with the assets, application and administrations relying upon the supplier being IaaS, SaaS, or PaaS. Multi occupancy and virtualization are the key highlights to make proficient usage of the current assets and applications. A solitary server, processing office, server farm and working framework has numerous clients by utilizing virtualization. Countless are getting served by a cloud supplier by this idea of assets sharing. Information insurance, correspondence, asset administration [5] for segregation and virtualization are a portion of the security issues emerging due to multi-tenure and virtualization in the cloud condition. Significant sorts of security dangers with regards to cloud application are caught in Figure-2.

Figure-2: Classification of Security

A. Information Protection: The cloud computing foundation is shared among numerous clients anytime of time. Client information is put away and prepared in a common domain that is under gives control. Client information might be messed with by different malignant element. Absence of straightforwardness about the information stockpiling area in the cloud condition, administrative issue because of cross outskirt stockpiling, and so on makes the prerequisite of information security and assurance in cloud condition more unmistakable. In this way information assurance issues including information classification, trustworthiness and accessibility are enter security issues in cloud computing.

B. Application Security: Application programming running on or being produced for cloud computing stages presents distinctive security challenges. Application that is running from the remote ought to be from true supplier and without malware. Adaptability, transparency and open accessibility of cloud framework are dangers for application security. Safeguarding trustworthiness of uses being executed from remote machines is likewise one of the worries.

C. System Security: A cloud computing can be of sort open or private, in light of the arrangement demonstrate. Administration and applications are gotten to from remote areas in a cloud domain. Nonstop accessibility of cloud benefit with no interruption because of system security issues like foreswearing of administration, and different assaults are imperative security challenges.

(5)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

administration segments. There is no dependable intends to survey security of Virtual servers and applications. Multi-occupancy in cloud frameworks for sharing physical assets between VMs (Virtual Machine), can offer ascent to man-in-the-center assault at the season of approval for any administration. VMs are made and return as and when required in the cloud condition. Since VMs can rapidly be returned to past examples, and effectively moved between physical servers, it is hard to accomplish and keep up reliable security. In this way virtualization security is a worry while utilizing the cloud assets.

E. Character Management: Identities are produced at the season of enrolment process for cloud administrations to get to it. Every client utilizes his character for getting to a cloud benefit. Unapproved access to cloud assets and applications is a noteworthy issue. A pernicious substance can mimic as a honest to goodness client and access a cloud benefit. Numerous such malevolent elements procure the cloud assets prompting un-accessibility of an administration for true blue client. Additionally it might happen that the client crosses his limit at the season of administration utilization. This could be regarding access to ensured territory in memory or playing out any task that are not kept up in Access control List for a particular asset and application. Accordingly Identity Management framework for giving validation and approval is an issue for both supplier and in addition client in a cloud computing condition.

VI. PROBLEM DEFINITION

Numerous cloud administrations are accessible in the market with their particulars and features[6]. Security worries for administrations are significant criteria for clients to choose one among the accessible in light of their necessities and request. A cloud client who need to choose a specific administration based the security issues tended to by the suppliers, requires a fe w instruments or positioning administration for cloud benefit assessment. A structure which assesses the security of cloud administrations is the request by cloud clients to choose a specific administration in light of their security needs. Postulation is concentrating on the security quality assessment of the cloud administrations. The attention here is on a structure for such an assessment of administration security in a cloud situation. Such a structure ought to distinguish the methods for giving security in a cloud computing condition to be assessed and positioned. Security of a cloud administration should covers numerous perspectives like validation, approval information assurance and so forth. These are the essential security objectives which constitute standards of security and end up significant while proceeding onward towards the cloud. In this way a device that surveyed and assesses these security worries concerning cloud benefits before choice is the need in the cloud condition.

Here a trust model[7] is recommended that is utilized to assess cloud benefit security quality. It comprises of a trust esteem that is general security quality of the cloud benefit. Demonstrate incorporates a rundown of parameters that spreads every single important part of security. A trust based assessment is planned to assess put stock in esteem. A rundown of such parameters is distinguished. The assessment method and formulae are recognized to ascertain the general trust related with a cloud computing application and administration. The arrangement of parameters and their formulae will shape a trust show for a cloud administration or application. The plan of such a trust display in cloud computing condition is the result of this exploration.

The trust esteem computation talked about so far gives static esteem. As the administration is utilized by numerous clients and different circumstances, related parameter esteems may change. Estimation of trust is influenced, in view of client experience and exchanges over some undefined time frame. A more refined trust esteem called dynamic trust can be assessed which can increment or decline concerning the already figured or static trust. Dynamic trust is required for getting the refreshed estimation of trust over some undefined time frame. At long last a foundation and system will be exhibited where the trust esteems are figured both statically and progressively. Different administrations that are accessible in cloud condition can be assessed for confide in values. A notoriety and trust administration framework will be given to register the notoriety about the cloud suppliers and their administrations.

VII. TRUST MODEL

(6)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

In a cloud computing condition there is a need to choose a cloud benefit in view of client determinations. The real request is as far as security needs. The security level expected by the client fluctuates. Some are expecting solid verification; some require information insurance or some other security desire. A security assessor instrument that measures different parts of security by cloud clients is a test. Here a trust show that fuses different security challenges looked by any cloud application or administration is exhibited. It is utilized as methods for estimating security of any cloud benefit regarding put stock in esteem. It is utilized to assess the security quality of the administration. It covers all angle that requires while assessing the security. The trust model can be going about as a benchmark or positioning administration for deciding a cloud benefit security, its weaknesses and upgrades zones. Trust demonstrates is a piece of put stock in figuring motor. A trust based assessment motor is recommended that computes security quality of a cloud benefit. It contains different segments that take an interest in the estimation. Key part of the proposed trust assessment conspire is a trust display that ascertains the general trust related as far as confide in esteem. The engin eering talked about in the following area shows the segments for put stock in assessment motor.

A. Trust Calculation

Cloud clients need to choose one of the cloud administrations relying on their prerequisites. Numerous cloud suppliers are accessible with their separate administration in a cloud. A cloud client can choose one of the accessible by assessing the security quality of the administration. To compute the quality related with the administration trust display is utilized. Trust demonstrates computes the trust estimation of the administration relying upon the different security properties that are extricated utilizing its portrayals and particular subtle elements. This trust esteem is named as static put stock in figured anytime of time. Contingent upon the administration utilization, dynamic nature of the cloud administrations are likewise should be considered for deciding the put stock in esteem. Dynamic parameters are drawn that can be utilized for dynamic trust. Taking a gander at the dynamic parameters characterized by confide in show, a cloud client can likewise assess the dynamic trust of the administration. These two kinds of count i.e. static and dynamic both all things considered can be utilized to decide the security quality of a cloud computing administration and application. Different obstructs that include trust computation are portrayed in Figure-3.

Figure-3: Trust Calculation components

B. Static Trust Computation: Each cloud benefit is planned with some determination. These details incorporate arrangement for client enlistment process, character administration, confirmation for verification and approval and some more. These details are utilized for estimating the trust esteem named as static trust. It is utilized as a reason for choosing any cloud benefit anytime of time.

C. Dynamic Trust Computation: As and when an administration is utilized by different clients, trust esteem ought to be influenced in view of the utilization designs. The displaying conduct of the administration is estimated by computing dynamic trust [8]. As an administration is utilized, its log records are created. These log records can be included reaction time, effective verification and approval, add up to number of fruitful exchanges, client demands and some other insights about a particular cloud benefit. These can be utilized to examine the administration conduct and usage. Likewise client fulfillment and requests as client remarks, input or proposals are recorded. These wellsprings of data alongside the administration use example can be utilized to assess benefit quality powerfully.

D. Trust data base: It is a database for different cloud administrations. It keeps up rundown of trust esteems both static and dynamic of the cloud administrations. Trust show gives measure regarding particular property of a cloud benefit, similar to verification quality, information assurance quality and so forth.

(7)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

In this manner trust figuring parts assess a confide in an incentive for a particular cloud application or administration. The key piece of trust figuring is the trust demonstrates which ascertains the static and dynamic trust of the cloud benefit. It gives a base to the cloud clients to choose a specific cloud benefit in light of its quality esteem. Additionally for suppliers it helps in making a benchmark for their composed administrations and applications.

F. Trust Model

Trust in a cloud computing condition is urgent for utilizing any cloud supplier benefit. Different perspectives are considered while choosing one among the accessible services[10,11,12]. Accessibility of administration, on time adaptability, information security and protection are a portion of the worries which client checks at the season of administration choice process. Security issues are additionally a noteworthy concern while choosing a cloud benefit. Different parts of security like validation, personality administration, virtualization[13] and so forth are a portion of the parameters for which cloud clients need to confirm administrations. A thorough rundown of parameters have related to regard to security related parts of a cloud computing condition. A trust display is exhibited that is utilized to gauge the security quality of the cloud benefit. Quality esteem covers run of the mill perspectives like confirmation, approval and so on that are required while estimating the security of any application. Quality of any cloud administration can be estimated over these measurements. Quality is estimated as a trust esteem which is the result of confide in show. Trust esteem can be a solitary esteem giving the idea of general security of a cloud benefit. It can likewise be separated to different parts of security in view of the parameters and spoke to as vector esteem.

VIII. CONCLUSION

Security issues in the zone of cloud computing are dynamic zone of research and experimentation. Different issues are distinguished one of which is the security of client information and applications. Cloud administrations are accessible to accomplish security with the shifting strategies and techniques. To address the test of choosing one of the cloud benefits in light of the client prerequisites of security, an assessor device is proposed. Trust based assessment is proposed as put stock in display. It covers different parts of security that are important to be checked at the season of cloud benefit choice. Trust esteem is the yield of the trust demonstrates that measures the security quality. Quality as far as different parameters is proposed for cloud administrations. Static and dynamic parameters are proposed and can be all things considered used to assess security of the cloud administrations. Trust model can be viably utilized by the client to choose a specific administration. It can likewise be utilized by suppliers as a benchmark to discover the inadequacies and change zones of a cloud administration or application. The trust esteem measures can be utilized to choose an administration universally by the clients.

REFERENCES

[1] Abdul rahman and A. Almutairi, “A Cloud Access Control Architecture for Cloud Computing”, 9(2), 2012.

[2] ACM. Fong, Baoyao Zhou, Hui S.C., Hong G.Y. and The Anh Do, “Web Content Recommender System based on Consumer Behavior Modeling”, IEEE Transactions on Consumer Electronics, 57(2), 2011.

[3] Anuj Sehgal, “Introduction to OpenStack”, 6th

International Conference on Autonomous Infrastructure, Management and Security, 2012.

[4] Arshad J, Townend P and Jie Xu, “Quantification of Security for compute Intensive Workloads in Clouds”, 15th International Conference on Parallel and Cloud Systems, School of Computation, Pp. 478-486, 2009.

[5] Artur A, Kondo D and Anderson D P, “Exploiting Non-Dedicated Resources for Cloud Computing”, IEEE Network Operations and Management Symposium, PP. 341-348, 2012.

[6] At&T Cloud Architect, Downloaded from http://cloudarchitect.att.com/Home.

[7] Awang, N.F.B, “Trusted Computing - Opportunities & Risks”, 5th

International Conference on Collaborative Computing: Networking, Applications and Work sharing, Pp.1-5, 2009.

[8] Barsoum, A. and HASAN A, “Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems”,IEEE Transactions on Parallel and Cloud Systems, 2012.

[9] J Basu and V Callaghan, “Towards A trust based Approach to Security and User Confidence in pervasive computing Systems”, The IEE International Workshop on Intelligent Environments, Pp. 223 – 229, 2005.

(8)

S.Sivakumar et al, International Journal of Computer Science and Mobile Applications, Vol.6 Issue. 2, February- 2018, pg. 108-115 ISSN: 2321-8363 Impact Factor: 5.515

[11] B. Johnson and YanzhenQu, “A Holistic Model for Making cloud Migration Decision”, IEEE International Symposium on Parallel and Cloud Processing with Applications, 2012.

[12] Carl Almond, “A Practical Guide to Cloud Computing Security”

http://www.avanade.com/Documents/Research%20anad%20Insights/practicalguidetocloudcomputingsecurity 574834.pdf, August 2009.

References

Related documents

In analysis of risk in family farms, it is useful to use an integrated approach because integrated risk assessment helps simultaneously identify threats caused by several

Policy and Regulatory Interventions on Agriculture Finance : this would involve investigative and identification of matters on the state of agricultural finance within

To elucidate how levels of different circulating SFAs are associated with AF, we examined the associations of plasma phospholipid 16:0, 18:0, 20:0, 22:0, and 24:0 with incident AF

The latter respiratory complications of poliomyelitis interfere seri- ously with oxygen supply to the body, whereas deficiency of ventilation due to muscle paralysis or other

Good focus Alternative fuel sources will create a safer environment, improve our health, and are essential to reverse the negative impact that global warming has had on the

system, the mono azide 21 containing multifunctional group ( Scheme 21 ) with multifunctional group's built-in single alkynes containing compound effectively the click

Based on the properties of software execution in general, and on the, for our purposes, quite good design choices made in the Java language, we are now ready to tackle the issue

The method based on CBNA and SVM successfully discriminated 65 (39 schizophrenia and 26 healthy persons) signals with an overall accuracy of 85.5% for fNIRS classification on test-