Sage Journals: Discover world-class research

Abstract

Recently, more and more network fraud incidents have damaged the interests of cloud service traders. To enhance mutual trust and win–win cooperation between the users and the cloud service provider, in the article, we construct a trust access control model for cloud services. First, we propose a trust evaluation method based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to express the complexity and uncertainty of trust relationship. Second, we propose trust evaluation and weight algorithm of trust factor by information entropy and maximum dispersion; therefore, our model has a better scientific and higher practical application value. Finally, we design related comparative experiments of three models to verify the efficiency, success rate, accuracy of trust evaluation, and privacy disclosure date, and these results show that our research performance is quite superior.

Keywords

Cloud service access control trust information entropy privacy

Introduction

With the rapid development of Internet and information technology, more and more users upload data in cloud computing.¹ Cloud computing provides flexible and scalable services for individuals and organizations, which brings great convenience to users. However, complex architecture and data ownership bring great challenges and impacts on privacy and security in cloud computing.²

Motivation

Traditional access control model relies on certificate authority and complex cryptography algorithm, but its application is severely limited in the distributed network environment of cloud computing. Trust evaluation has become an important method for malicious nodes detection, security assurance, and privacy protection in cloud computing.

The relation between privacy protection and trust is not a new issue, many solutions have been extensively used in data publishing, data searching, data mining, data aggregation, and other areas. In recent years, many relevant articles effectively promote the development of privacy trust research, but there are still some of the following problems.

Many trust methods search feedback nodes through broadcast mode, which result in bandwidth overhead, further affect efficiency.

Trust computing is a process of multiattribute decision-making, and many studies calculate the weight-based expert opinions, which is very difficult to dynamically adjudication for the system.

Dynamics is a big challenge of trust evaluation, because the trust is a variable with time, many literature lack the description attenuation of trust, which affect the accuracy of prediction models.

Contributions

To deal with the above issues, the article proposes a model (Figure 1) for cloud computing service. The main contributions are as follows:

We establish a trust evaluation model based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to describe the complexity and uncertainty of trust relationship more comprehensively.

We propose weight method of trust decision factor by the information entropy and maximum dispersion, which surpasses the limitations of traditional weight methods for multiple attributes.

We design several experiments to describe and analyze the performance evaluation for the trust model, which is examined from efficiency, success rate and satisfaction degree, accuracy and privacy disclosure rate; results certify that our research can effectively complete trust tasks and can protect privacy in the cloud environment.

The structure of this article is as follows. In the second section, we conclude some related work on trust, security, and privacy protection. In the third section, we present the related concept definitions of the model approach based on trust, obligation, privacy, permission, and other elements. In the fourth section, we establish a multiattribute trust weight model based on information entropy. In the fifth section, we design and discuss several experiments. In the sixth section, we summarize research and discuss future work.

Figure 1.

A privacy protection model based on multiattribute.

Related work

Trust is a significant role in the cloud service that can verify the trust relationship between system entities and improve the security of the system. However, the collection and processing of trust evidence may lead to privacy disclosure, thus some related entities may be unwilling to provide related personal information for trust metrics.

Aluvalu and Muddana³ proposed an access control system based on obligation trust. Permission is determined by the role, and the trust degree of each user can be improved by the obligation. The popularity of composite services leads to important privacy and security issues. Rohit and Bharat⁴ designed an efficient solution to implement security policy in composite web services framework, which protected data privacy in the service life cycle. The solution enabled data owners to control data and reduced the risk of unauthorized access. Bhatia and Singh⁵ proposed a privacy-aware access control model, which included several privacy parameters, retention period, environmental conditions, and granularity level. Khaled and Zhu⁶ introduced a trust access control model (TB-AC) based on three factors (attribute, observation, and recommendation), the experimental results showed that TB-AC can evaluate access requests within acceptable processing time.

Both trust and risk become important research directions of privacy protection in cloud services. Junqi and Deyun⁷ constructed a fine-grained trust access control model, which combined risk and trust to allocate permission to reduce the privacy leakage. Further, Nogoorani and Jalili⁸ constructed a trust access control framework, the request of user can be permitted or denied by the access policies. In the framework, the site administrator can specify the user’s responsibility in the form of obligation. Matin and Nima⁹ proposed a method of opinion leader and control entity recognition based on reputation, input degree, and output degree, which eliminated the influence of troll entities in the cloud.

It is very difficult for service consumers to distinguish what is credible service or malicious service. Yan et al.¹⁰ proposed a formal policy specification language called P-SPEC, which can be used to describe the privacy policies of services and consumers’ privacy preferences. Furthermore, they proposed a privacy-aware service selection method, which consisted of a set of P-SPEC policies and introduced privacy metrics and privacy-sensitive specific policy matching algorithms, and implemented a prototype of concept to carry out relevant experimental research. Based on the customer feedback, global consultation feedback, and third-party feedback, Varalakshmi and Judgi¹¹ proposed to evaluate trust service providers based on contextual feedback from different sources. In addition, unfair feedback is filtered to improve accuracy. Based on a set of evaluation indicators, Halabi and Bellaiche¹² proposed a method to quantify and evaluate cloud security services, developed a paradigm using goal question measurement, and used a case to demonstrate the effectiveness and practicability.

Simeon and Iraklis¹³ proposed several context semantic representations of access control policies. More specifically, the approach accurately infused specific security and business requirements of these policies with respect to relevant knowledge and cultural relics and can make semantic inferences about policy compliance through prescribed structures. Service of encryption data becomes a challenging problem. Yan et al.¹⁴ proposed two schemes to protect the privacy of providers based on additive homomorphic encryption to support the traditional trust evaluation. The first scheme achieved better computational efficiency, and the second one provided greater security at the consumption of computational cost. Specifically, these algorithms can overcome the attacks of internal malicious evidence providers to a certain extent, even if trust evaluation is partially implemented in the form of encryption.

Both role-based access control (RBAC) and attribute-based access control are developed to protect privacy in the cloud. Lan and Vijay¹⁵ proposed a trust model to analyze and improve the security of data in the cloud storage systems by cryptographic RBAC schemes. The trust model provided a method to determine user’s credibility, which considered the role inheritance and hierarchy in the trust evaluation, and explained how to use trust assessment to reduce risks and improve the quality of decision-making. Xue and Xue¹⁶ explored a special attribute-based access control scenario in which the data owner allowed multiple users with different attribute sets to gain access rights. Further, by specifying translation nodes in access structure, a controlled cooperative access control scheme based on attributes is proposed. Smari and Clemente¹⁷ proposed an extended access control model based on topic-related attributes, which combined trust and privacy issues to make access control decisions sensitive to cross-organizational collaborative contexts.

Access control based on multiple attributes

According to Figure 1, we express specific details and definitions in this section, and some important parameters are presented in Table 1.

Table 1.

Meaning of some parameters.

Parameter	Meanings
$D (S) = {D_{1}, D_{2}, \dots, D_{z}}$	Z entities of system
Y₁, Y₂, Y₃, Y₄, Y₅	Trust function
$ω_{i}$	Weight of trust function
$T G (D_{i}, D_{j}, S, t)$	Trust between D_i and D_j
$R S = {R_{1} \dots, R_{i}, \dots, R_{N}}$	N level trust degree
$ψ (T G (D_{i}, D_{j}))$	Trust decision
$T^{(i)}$	Decay time factor
$R (D_{i}, D_{j})$	Risk function
$S = {s_{1}, s_{2}, \dots, s_{P}}$	Service level
Level	The level of a trust tree
$ρ (F_{k})$	Feedback weight factor
$F (D_{i}) = {F_{1}, F_{2} \dots, F_{n}}$	Feedback entities of D_i
$η \in [0, 1]$	Quality factor
$χ \geq 1$	Distance factor
e_t	Evaluation error at time t
$E_{d i}$	Privacy disclosure of i’th access
$r q$	Interaction access

Model architecture

In the section, we propose to construct an access control model, which includes trust, obligation, and risk mechanism. The following paragraphs will introduce some related concepts, and details are shown in Figure 2.

Figure 2.

The relationship between elements in access control.

The model contains several basic elements: subject (user), object (resource), attribute, operation, obligation, trust, and policy. To effectively service, the access control system grants authorization to requester and then gives certain operation privileges.

Attribute: it represents the characteristics of the node. $Attr$ expresses an attribute, $Attr = {{attr}_{1}, {attr}_{2}, \dots, {attr}_{n}}$ denotes an attribute set.

Obligation: it plays a constrained role in access control systems, which means that some operations need to be performed after accessing objects. The obligation mechanism records the user operation process and allows the monitor to adjust the corresponding user rights in the policy, which can be expressed as $Obligation = {subject, trigger, action}$ . Under such an obligation mechanism, if a user finds a suspicious or malicious request in the record and notification table, the privacy settings can be updated in a timely manner to enhance privacy security.¹²

Permission: it can operate on object, such as allowed, or rejected, $Perm = {{perm}_{1}, {perm}_{2}, \dots, {perm}_{n}}$ .

Operation: it is the action that can be performed on the object, such as reading, writing, copying, editing, deleting, and so on, and the set of operation is described as follows: $OP = {{op}_{1}, {op}_{2}, \dots, {op}_{t}}$ .

Trust decision

Let $D_{1}, D_{2}, \dots, D_{Z} \in D (S)$ express Z nodes in the system, according to the different roles, there are two categories: cloud service provider (CSP) and users. Suppose that the trust evaluation has many several factors $Y_{1} (D_{i}, D_{j}), Y_{2} (D_{i}, D_{j}) \dots, Y_{M} (D_{i}, D_{j})$ between the node D_i and $D_{j}, (D_{j} \in D (S))$ , the decision factors are $Y = (Y_{1}, Y_{2} . \dots Y_{M}), 0 \leq Y_{m} (D_{i}, D_{j}) \leq 1, (m = 1, 2, \dots, M)$ . $ω_{m}$ is weight factor of $Y_{m} (D_{i}, D_{j})$ , it satisfies the constraint condition:

0 \leq ω_{m} \leq 1, \sum_{m = 1}^{M} ω_{m} = 1

$T G (D_{i}, D_{j}, S, t)$ expresses the trust value between D_i and D_j, as given in formula (2):

T G (D_{i}, D_{j}, S, t) = \sum_{m = 1}^{M} ω_{m} Y_{m} (D_{i}, D_{j})

where S is provided by D_j, $T G (D_{i}, D_{j}, S, t)$ determines the quality of service, the higher the value of $T G (D_{i}, D_{j}, S, t)$ , the better the quality of service, and t is the time interval.

In a trust system, authorization is determined by the value of trust evaluation. Assume that $T G (D_{i}, D_{j})$ has K level $R S = (R_{1}, R_{2}, \dots, R_{i}, \dots, R_{K})$ , $0 \leq R_{i} \leq 1, (i = 1, 2, \dots, K)$ . R is an ordered space, assume that CSP can provide $S = {s_{1}, s_{2}, \dots, s_{P}}$ , the relation function $ψ (T G (D_{i}, D_{j}))$ between $S = {s_{1}, s_{2}, \dots, s_{P}}$ and $T G (D_{i}, D_{j})$ is defined as in formula (3):

Ψ (T G (D_{i}, D_{j})) = {\begin{matrix} s_{P,} & R_{K} < T G (D_{i}, D_{j}) \leq 1 \\ s_{P - 1}, & R_{K - 1} \leq T G (D_{i}, D_{j}) < R_{K} \\ ⋮ & ⋮ \\ s_{2,} & R_{1} \leq T G (D_{i}, D_{j}) < R_{2} \\ s_{1}, & 0 \leq T G (D_{i}, D_{j}) < R_{1} \end{matrix}

where $R = (R_{1}, R_{2}, \dots, R_{i}, \dots, R_{K})$ is determined by the cloud service requirement, when D_i requests service from D_j, authorization is dependent on the trust value. For example, a cloud service system provides three ranks of service, $S = (s_{1}, s_{2}, s_{3})$ , s₁ represents denial of service, s₂ represents the reading services, and s₃ represents both reading and writing services. The decision level space is $R = {R_{1}, R_{2}, R_{3}} = {\begin{matrix} 0, & 0.3, & 0.5 \end{matrix}}$ , the trust operation authorization is expressed as in formula (4):

Ψ (T G (D_{i}, D_{j})) = {\begin{matrix} s_{3}, & 0.5 < T G (D_{i}, D_{j}) \leq 1 \\ s_{2}, & 0.3 \leq T G (D_{i}, D_{j}) \leq 0.5 \\ s_{1}, & 0 \leq T G (D_{i}, D_{j}) < 0.3 \end{matrix}

If trust degree of D_j is $T G (D_{i}, D_{j}) = 0.2$ , then the result is $Ψ (T G (D_{i}, D_{j})) = Ψ (0.2) = s_{1} = deny$ .

Trust computing

To express the complexity and dynamics of trust, several factors, such as direct trust, trust risk, feedback trust, obligation trust, reward penalty, are introduced to describe the concept of trust.¹⁸

Direct trust

Direct trust usually consists of multiple factors, and related elements are chosen from the CSP record table based on interaction history.¹⁹

Weight calculation

To quantify the different roles of multiple indicators, these weights of multiple attributes are determined based on maximum entropy. There are m users and n attributes, evaluation score matrix $E (D)$ is expressed in formula (5), $e_{i j}$ is the evaluation value of j’th attribute of the i’th user:

E (D) = [\begin{matrix} e_{11}, & e_{12,} & ... & e_{1 n} \\ e_{21} & e_{22} & ... & e_{2 n} \\ ... & ... & ⋱ & ... \\ e_{m 1} & e_{m 2} & ... & e_{m n} \end{matrix}]

Weight method of entropy: $E = {(e_{i j})}_{m \times n}$

e_{j} = - k \sum_{i = 1}^{m} p_{i j} \cdot ln p_{i j}, p_{i j} = e_{i j} / \sum_{i = 1}^{m} e_{i j}, (i \leq j \leq n), k = 1 / ln m

Weight of the j’th attribute:

λ_{j} = (1 - e_{j}) / \sum_{j = 1}^{n} (1 - e_{j}), (1 \leq j \leq n), 0 \leq λ_{j} \leq 1, \sum_{j = 1}^{n} λ_{j} = 1

Decay time factor

Trust has timeliness, so the decay time factor is introduced to reflect trust more accurately. t_i is the time slot of the i’th successful transaction and the origin of the time, $t_{i}^{1}$ expresses the start time of the i’th service, and $t_{i}^{2}$ represents the end time of the i’th service. t₀ is the time slot of the origin time, n is the amount of successful service, and the decay time factor $T^{(i)}$ is given in formula (8):

T^{(i)} = \frac{1}{2} [\frac{t_{i} - t_{0}}{\sum_{j = 1}^{n} (t_{j} - t_{0})} + \frac{{t_{i}}^{2} - {t_{i}}^{1}}{\sum_{j = 1}^{n} ({t_{j}}^{2} - {t_{j}}^{1})}], and \sum_{i = 1}^{n} T^{(i)} = 1

Compute direct trust

The comprehensive of formulas (6) to (8) can be used to evaluate the direct $T_{1} (D_{i}, D_{j})$ from D_i to D_j, n is the amount of interaction times, as given in formula (9):

Y_{1} (D_{i}, D_{j}) = \sum_{j = 1}^{n} e_{j} λ_{j} T^{(i)}

Feedback trust

Feedback trust is the expected quantification of the transmission content of the node, such as D_i trusts D_j, D_j trusts D_k, so, D_i trusts D_k. There are many possibilities in the trust network, how to select, aggregate, and calculate trust paths is a problem. Assume that D_i is the parent node, all the nodes are children of D_i, neighbors also have neighbor nodes, so we construct a multilayer weighted digraph (MWD, a sample in Figure 3). $D (S)$ is a set of nodes, C represents the trust value from grand node to the subnode, and Y₁ is the trust value. In the MWD, if the layer of root node is $level = 0$ , the layer of the direct neighbor is $level = 1$ , the level of neighbor’s neighbor is $level = 2$ , and so on

Figure 3.

An MWD of computation feedback trust. MWD: multilayer weighted digraph.

${F_{1}, F_{2}, \dots F_{l}}$ is set of feedback node, F_k is a feedback node, and the feedback trust (such as in Figure 3) function is expressed as formula (10):

Y_{2} (D_{i}, D_{j}) = {\begin{matrix} \frac{\sum_{k = 1}^{l} (ρ (F_{k}) \times Y_{1} (F_{k}, D_{j}))}{\sum_{k = 1}^{l} ρ (F_{k})} & l \neq 0 \\ 0 & l = 0 \end{matrix}

where l is the number of feedback nodes, $ρ (F_{k})$ is a trust feedback factor, and according to the “six degrees of separation”²⁰ and each level of feedback node, it is expressed as formula (11):

ρ (F_{k}) = {\begin{matrix} 1 & , & level = 0 \\ \prod_{m = 0}^{l} Y_{1} (D_{m}, D_{n}) & , & 6 \geq level > 0 \end{matrix}

where $Y_{1} (D_{m}, D_{n})$ expresses the direct trust value between D_m and D_n, and $level$ represents the layer of the feedback trust node. In Figure 3, $level = 1$ , $ρ (D_{1}) = 0.5$ ; $level = 2,$ $ρ (D_{3}) = 0.5 \times 0.8 = 0.40$ ; and $level = 3,$ $ρ (D_{9}) = 0.8 \times 0.7 \times 0.5 = 0.28$ . Assume that the node D₀ needs the trust value of $D_{10}$ , and there are two nodes D₅ and D₆ interacting with $D_{10}$ , the value is $Y_{1} (D_{5}, D_{10}) = 0.4$ , $Y_{1} (D_{6}, D_{10}) = 0.5$ . According to formula (10), $ρ (D_{5}) = 0.4 \times 0.6 = 0.24$ , $ρ (D_{6}) = 0.5 \times 0.6 = 0.30$ , and $Y_{2} (D_{0}, D_{10}) = (0.24 * 0.4 + 0.3 * 0.5) / (0.24 + 0.3) \approx 0.455$ .

According to formula (11), with the increment of $level$ , the $ρ (F_{k})$ will gradually decrease. To improve the efficiency of trust computation in the cloud environment, this section introduces distance factor and quality factor to adjust feedback trust.

The quality factor $η \in [0, 1]$ is a normal number, when the trust value of feedback node is $Y_{1} (D_{i}, D_{j}) \geq η$ , the feedback information is credible; otherwise, $Y_{1} (D_{i}, D_{j}) < η$ , the feedback node is incredible. The quality factor can enhance the convergence of the system by controlling the aggregation scale of feedback trust.

We define the distance factor $χ \geq 1$ as a normal number to limit the propagation range of feedback trust. When $level (D_{i}, D_{j}) \leq χ$ , the node will transfer the data to the adjacent node; otherwise, it will stop transmission. According to formulas (10) and (11), we can aggregate and select the trust of k feedback entities, propose Algorithm 1 by combining feedback trust and distance factor, and $level (D_{i}, D_{j})$ represents the distance between D_i and D_j in the MWD.

Algorithm 1.

Feedback node search.

Input l,

level

η

χ

Output

F (D_{i})

N (D_{i})

is neighbor node set of D_i;

F (D_{i}) = {F_{1}, F_{2}, \dots F_{l}}

is feedback node set of D_i;

3 if

level (D_{i}, D_{j}) > χ

then end;

4 for (all

D_{k} \in N (D_{i})

)do

5 if

Y_{1} (D_{i}, D_{k}) > η

then

6 query

Y_{1} (D_{i}, D_{k}) > η

in the database of D_k;

7 if

Y_{1} (D_{i}, D_{k})

exists then

F (D_{i}) = F (D_{i}) + D_{k}

;

9 request feedback nodes

(D_{k}, D_{j}, χ, η)

;

10 return

F (D_{i})

;

11 end.

Obligation trust

According to obligation description, it is generally necessary to introduce the obligation concept in the access control system. Because a manager must perform obligation when a request can execute, the obligation trust function of node D_i can be expressed as formula (12):

Y_{3} (D_{i}, D_{j}) = \frac{\sum_{b \in B} γ * G B}{\sum_{b \in B} γ * G B + \sum_{b \in B} γ * O B}

Obligation has an important impact on users’ trust and help to protect privacy in the cyberspace. In formula (12), $γ$ represents the obligation weight; b represents the number of obligations that return the system; OB represents the number of obligations that D_i has not been completed during the certain time; GB represents the number of obligations of D_i in the certain time; and B is the number of obligations of D_i in the cloud system.

Trust risk

Although the literature⁸ also introduced the risk mechanism, the system did not consider the relationship between risk and quality of service. According to the principle of economics and perspective of service, risk function is expressed by formula (13):

\begin{array}{l} R (D_{i}, D_{j}) = s_{j} \times (1 - T G (D_{i}, D_{j}, S, t)) \\ = ψ (T G (D_{i}, D_{j}, S, t)) \times [1 - T G (D_{i}, D_{j}, S, t)] \end{array}

where s_j represents the service quality of D_j, according to experience, the trust value is higher, the risk is smaller. $T G (D_{i}, D_{j}, S, t)$ shows the trust evaluation of the latest time, it is a positive proportional relationship between $R (D_{i}, D_{j})$ and $1 - T G (D_{i}, D_{j}, S, t)$ .

Trust risk function is mainly used to measure the potential unsafe between CSP and users, as expressed in formula (14):

Y_{4} (D_{i}, D_{j}) = 1 - R (D_{i}, D_{j})

According to formulas (13) and (14), the risk is related to the importance of service, the better service means greater risk, which is an inverse proportion between $Y_{4} (D_{i}, D_{j})$ and $R (D_{i}, D_{j})$ .

Reward penalty

In the trust evaluation, we should reward honest behavior and penalize malicious behaviors. So, the reward penalty function can be expressed by formula (15):

Y_{5} (D_{i}, D_{j}) = 1 - \frac{\sum_{H} F (D_{i}, D_{j})}{H}

where $\sum_{H} F (D_{i}, D_{j})$ is the number of failure times and H is the number of service times. Because malicious nodes often intentionally destroy or provide false services, the service failure rate is very high, and the reward penalty function can penalize malicious behaviors.

Weight of trust attribute

In the process of trust quantification, the effects of different attributes are different, so we propose a weight method. Let $W = (ω_{1}, ω_{2}, \dots, ω_{m})$ expresses the different weight of the trust attribute,²¹ so, we get $Orness (W) = \frac{1}{m - 1} \sum_{i = 1}^{m} (m - i) ω_{i}$ and maximum dispersion degree $Disp (W) = - \sum_{i = 1}^{m} ω_{i} ln ω_{i}$ , further deduction, $0 \leq Disp (W) \leq l nm$ , which satisfies three conditions:

maximize : - \sum_{i = 1}^{m} ω_{i} ln ω_{i}

Orness (W) = α, α \in [0, 1]

\sum_{i = 1}^{m} ω_{i} = 1, ω_{i} \in [0, 1], i = 1, 2, \dots m

From formulas (16) to (18) and the maximum dispersion degree, we get formulas (19) to (22):

α = Orness (W) = \frac{1}{m - 1} \sum_{i = 1}^{m} (m - i) ω_{i}

ln ω_{i} = \frac{i - 1}{m - 1} ln ω_{m} + \frac{m - i}{m - 1} ln ω_{1} \Rightarrow ω_{i} = \sqrt[m - 1]{ω_{1}^{m - i} ω_{m}^{i - 1}}

\begin{array}{l} ω_{1} {[(m - 1) α + 1 - m ω_{1}]}^{m} \\ = {[(m_{- 1}) a]}^{m - 1} [((m - 1) a - m) ω_{1} + 1] \end{array}

ω_{m} = \frac{((m - 1) α - m) ω_{1} + 1}{(m - 1) a + 1 - m ω_{1}}

Based on specific practical requirements, participant can compute $ω_{1}, ω_{i}, ω_{m}$ by reasonable values of α and formulas (20) to (22). Further, an algorithm is proposed to compute the trust attribute weight.²²

In Algorithm 2, the weight of the trust attribute is determined by m and a. In a specific application, m is a definite value, the key is how to reasonably determine the value of a. In Table 2, when $α = 1$ , then $ω_{1} = 1$ and $ω_{2} = ω_{3} = \dots ω_{i} = \dots = ω_{m} = 0$ ; when $α = 0$ , then $ω_{m} = 1$ and $ω_{1} = ω_{2} = \dots ω_{i} = \dots = ω_{m - 1} = 0$ ; when $α = 0.5$ , then $ω_{1} = ω_{2} = \dots ω_{i} = \dots = ω_{m} = 1 / m$ ; and when $0 < α < 1, a \neq 0.5$ , we can obtain several values of $ω_{i}$ .

Algorithm 2.

Weight of the trust attribute.

1 if

0 < m \leq 2

2 then

ω_{1} = a

ω_{2} = 1 - a

;

4 if

m > 2

ω_{1} {[(m - 1) α + 1 - m ω_{1}]}^{m} = {[(m - 1) a]}^{m - 1} [((m - 1) a - m) ω_{1} + 1]

ω_{m} = \frac{((m - 1) α - m) ω_{1} + 1}{(m - 1) a + 1 - m ω_{1}}

;

7 for

i = 2

m - 1

ω_{i} = \sqrt[m - 1]{ω_{1}^{m - i} ω_{m}^{i - 1}}

;

9 when

ω_{1} = ω_{2} = \dots = ω_{m} = \frac{1}{m}

\Rightarrow d i s p (W) = In m, a = 0.5

;

11 end.

Table 2.

The $(ω_{1}, ω_{2}, ω_{3}, ω_{4}, ω_{5})$ for different a.

Weight	$a = 0$	$a = 0.1$	$a = 0.2$	$a = 0.3$	$a = 0.4$	$a = 0.5$	$a = 0.6$	$a = 0.7$	$a = 0.8$	$a = 0.9$	$a = 1.0$
w ₁	0.0	0.0050	0.0389	0.0715	0.1177	0.20	0.2483	0.3961	0.5116	0.7004	1.0
w ₂	0.0	0.7004	0.5116	0.3961	0.2483	0.20	0.1177	0.0715	0.0389	0.0050	0.0
w ₃	0.0	0.0144	0.0436	0.0683	0.0840	0.20	0.0840	0.0683	0.0436	0.0144	0.0
w ₄	0.0	0.0601	0.1039	0.1572	0.1419	0.20	0.1419	0.1572	0.1039	0.0601	0.0
w ₅	1.0	0.2151	0.3020	0.4089	0.4111	0.20	0.4111	0.4089	0.3020	0.2151	0.0

Total trust computing

In cloud computing, malicious node can submit dishonest feedback to raise another malicious agents’ reputation. It is an effective way to avoid malicious feedback by quality factor $η$ . For example, $η = 0.60$ expresses that the system does not use nodes whose trust value is less than 0.60, Algorithm 3 is given below.

Algorithm 3.

Feedback trust $Y_{2} (D_{i}, D_{j})$ .

Input: N, n, H

χ

η

L E V E L

;

Output:

Y_{2} (D_{i}, D_{j})

;

1 construct MWD by formula (5) to (9);

2 compute

F (D_{i})

by Algorithm 1;

3 for (all

D_{k} \in F (D_{i})

) do

4 compute

Y_{1} (D_{i}, D_{j})

by formulas (5) to (9);

5 compute

ρ_{k}

by formula (12);

6 compute

Y_{2} (D_{i}, D_{j})

by formula (11);

7 end.

D_i request service from the provider D_j, if the D_j has no interaction record of D_i in the database, according to Algorithms 1 to 3, so we can obtain Algorithm 4.

Algorithm 4.

Total trust computing.

Input

H, P, M

F (D_{i}) = {F_{1}, F_{2}, \dots F_{l}}

Output

T G (D_{i}, D_{j}, S, t)

1 construct feedback node net

2 calculate decision factors:

Y_{1} (D_{i}, D_{j})

→ direct trust function,

Y_{2} (D_{i}, D_{j})

→ feedback trust function,

Y_{3} (D_{i}, D_{j})

→ obligation trust function,

Y_{4} (D_{i}, D_{j})

→ trust risk function,

Y_{5} (D_{i}, D_{j})

→ reward penalty function;

8 compute the weight

ω_{m}

of trust function;

9 compute total trust

T G (D_{i}, D_{j}, S, t)

;

10 end.

According to Algorithms 1 to 4, the system can decide to accept or reject request, whether s_j is consistent with the trust function $T G (D_{i}, D_{j}, S, t)$ . If $Ψ (T G (D_{i}, D_{j}, S, t)) \geq s_{j}$ , the system can provide s_j to D_i, else refuse request.

Experiment design

In this article, we construct a trust model for cloud service (TACM), contain comparison and analysis of the two methods, multifaceted trust management framework (MTMF) based on a trust level agreement in a collaborative cloud¹¹ and NMTR (a new method for trust and reputation evaluation in the cloud environments using the recommendations of opinion leaders’ entities and removing the effect of troll entities⁹). Experiment parameters are presented in Table 3. Datasets are on the http://www.uoguelph.ca/qmahmoud/qws/, which contains 5000 services (Table 4).

Table 3.

Parameter description of experiment.

Parameter	Value	Description
N	1000	Number of entities
n	2000	Number of transactions
H	100	Number of failure times
$χ$	4	Distance factor
$η$	0.60	Quality factor
Level	4	The parameter in MWD
$λ$	0.4	Weight of obligation
a	0.5	Parameter situation

MWD: multilayer weighted digraph.

Table 4.

Attributes of QWS.

Attribute value

Cost (0, 2000)

Response time(ms) (0, 400)

Reputation (1, 10)

Success rate (0, 100)

Reliability (0, 100)

Location {shanghai Beijing London}

Privacy {visible to anyone, visible to the network, not visible}

Number of concurrent (0,1000)

Availability (0,100)

QWS: quality of web service datasets.

Efficiency evaluation

In the section, we define t_c as the time cost of trust aggregation under various network entities.m_c represents the average storage space of all kinds of data structures, $m_{total}$ is the total storage space, N is the number of nodes, and m_c is defined as formula (23):

m_{c} = \frac{m_{total}}{N}

Time cost

In Figure 4, with the enlargement of network node size, the aggregation time t_c of three models increases rapidly, TACM needs less computation time than NMTR and MTMF. This shows that the TACM has better convergence performance, because feedback weight factor can adjust the polymerization calculation scale, the trust computing does not take too much time; however, NMTR and MTMF do not have these functions.

Figure 4.

The aggregation time of three models.

Storage cost

Average storage cost is also an important index to measure cloud services.

As can be seen from Figure 5, with the increase of network size, the m_c of the three models increases quickly, and the average storage of TACM is much less than NMTR and MTMF. In the TACM model, quality factor, trust risk, distance factor, and feedback weight factor can effectively reduce the search length of the trust chain, filter out many malicious nodes; but NMTR and MTMF do not have these factors, further analysis, although NMTR has many factors of trust evaluation, lacks relevant constraint conditions of trust process; therefore, the storage space is the most in the three models.

Figure 5.

Average storage space of three models.

Success rate and satisfaction degree

In the section, we use two indicators: interaction success rate and satisfaction degree to compare the three models.

Success rate of normal service

As can be seen in Figure 6, the success rate of interaction is different in three methods. Because NMTR lacks risk defense mechanism and the reward penalty factor, when malicious nodes appear, which cannot guarantee the actual service capacity. MTMF introduces trust to meet personal requirement, but it lacks the time decay factor and reward penalty function. TACM does not have these shortcomings, multiple factors can guarantee a higher success rate, such as reward penalty can increase the probability of interaction and service willingness. Therefore, the rank of success rates is TACM > NMTR > MTMF.

Figure 6.

The success rate of three models.

Success rate of malicious services

In Figure 7, when the proportion of malicious services increases, the interaction success rate of NMTR and MTMF declines rapidly. However, in the TACM, the trust risk function can filter out some malicious nodes, and the quality factor can filter out some feedback nodes with lower trust value, so the success rate is higher than the other two models. The NMTR and MTMF lack reward penalty function and antirisk capability, so they perform poorly against malicious service.

Figure 7.

Interaction success rate of malicious services.

Satisfaction with different service

As can be seen in Figure 8, NMTR has a lower satisfaction that does not guarantee the actual service in the cloud environment. In the TACM, time decay function solves the trust dynamic change of over time, reward penalty can increase the probability of successful interaction, quality factor enhances the quality of service, trust risk function can filter out the malicious nodes, so the user’s service satisfaction degree is high. The trust weight of MTMF model is subjective, the experiment result is not very good. In a word, the service satisfaction rate of TACM is best in the three models.

Figure 8.

The average satisfaction degree of three models.

Accuracy evaluation

To further prove research on privacy protection, in the following experiments, we manually generated 50 K data, each data includes 1000 kinds of attributes, and the value of the attribute is in the $[0, 1]$ .

The accuracy is measured by the error to test whether the proposed algorithm can accurately provide confidence calculation. The error is smaller, the accuracy is higher. If $A_{t + 1}$ is the true value, $T G_{t + 1}$ is the evaluation value at $t + 1$ , these following three methods are introduced to measure the accuracy of trust evaluation.

Mean absolute deviation

MAD = \frac{\sum_{t = 1}^{n} | T G_{t} - A_{t} |}{n} = \frac{\sum_{t = 1}^{n} | e_{t} |}{n}

Mean absolute deviation (MAD) can be used to metrics the deviation of evaluation results; thus, e_t is the error at time t, $e_{t} = T G_{t + 1}, - A_{t + 1}$ , and n is the amount of service transaction times.

According to Figure 9, the average MAD of TACM, MTMF, and NMTR is 0.0928, 0.1145, and 0.1009, respectively. When the number of transactions is more than 1000, the curve of TACM changes more smoothly than do those of NMTR and MTMF, this shows that fewer simulation interactions can also improve the accuracy of our model. TACM can integrate information entropy into trust evaluation algorithm, so the MAD of trust evaluation is lower than NMTR and MTMF.

Figure 9.

MAD under different transaction times. MAD: mean absolute deviation.

Root mean square error

Root mean square error (RMSE) is the variance of the arithmetic square root, which is used to measure the deviation between the real value and evaluation value. The RMSE is shown in the following formula (25):

RMSE = \sqrt{\frac{\sum_{t = 1}^{n} {(T G_{t} - A_{t})}^{2}}{N}}

According to Figure 10, the RMSE of TACM, MTMF, and NMTR is 0.0958, 0.1145, and 0.1044, respectively. When the number of transactions is more than 1000, the curve of TACM changes more smoothly than those of NMTR and MTMF, this shows that fewer simulation interactions can also show the accuracy of our model. TACM adopts time decay, trust feedback, and obligation, the dynamic performance is relatively good, but MTMF and NMTR lack similar mechanisms, so the RMSE is the lower than NMTR and MTMF.

Figure 10.

RMSE under different transaction times. RMSE: root mean square error.

Mean absolute percentage error

Mean absolute percentage error (MAPE) is an error measurement way, which represents the accuracy of the evaluation. e_t is the error at time t, $e_{t} = T G_{t + 1}, - A_{t + 1}$ , $T G_{t + 1}$ is the evaluation value, and n is the amount of experiment times:

MAPE = \frac{1}{n} \sum_{t = 1}^{n} | \frac{e_{t}}{A_{t}} | (\times 100 %)

In Figure11, the average MAPE of TACM, NMTR, and MTMF is 10.61%, 11.91%, and 12.25%, respectively. When the number of transactions exceeds 1000, MAPE of TACM is much lower than the other two models. Based on the comparison among Figures 9 to 11, TACM is better than NMTR and MTMF. Because the trust model of TACM has good dynamic adaptability and each weight factor is objective and accurate, the error rate is low, while NMTR and MTMF do not have the ability.

Figure 11.

MAPE under different transaction times. MAPE: mean absolute percentage error.

Privacy disclosure analysis

Based on the above sections, we further divide the 50 K data set into three categories of privacy sensitivity: high (H), medium (M), and low (L). Assuming that the trust level of consumer T_r is below the threshold requirement for the $i' th$ interaction, this is considered as a privacy disclosure $E_{d i}$ . So, we define privacy disclosure rate as follows:

Privacy disclosure rate = \sum_{i = 1}^{n} E_{d i} / r q

where $r q$ expresses all possible request, and n is the amount of transactions.

Figures 12 to 14 show the privacy disclosure rates, respectively, when these categories of L, M, and H vary from 0 to 1. In Figure 12, the privacy disclosure rates of NMTR, TACM, and MTMF are from 0.289, 0.352, 0.361 to 0, respectively. In Figure 13, with the improvement of M, the privacy disclosure rates of TACM, NMTR, and MTMF are finally settled in 0.215, 0.272, and 0.285, respectively. In Figure 14, with the increment of H, the privacy disclosure rates of TACM, NMTR, and MTMF are settled in 0.281, 0.350, and 0.361, respectively. These experimental results show that TACM is better than MTMF and NMTR in terms of privacy protection.

Figure 12.

Disclosure rate (proportion change of level L).

Figure 13.

Disclosure rate (proportion change of level M)

Figure 14.

Disclosure rate (proportion change of level H).

In MTMF, trust relationship model is relatively simple, which cannot protect privacy well in cloud computing. In the NMTR, the lack of objective quantitative formula for the weight of trust attributes seriously impacts on privacy protection. TACM can not only use weight algorithm to adjust trust but also filter out the hidden dangers of insecurity through risk and penalty factors. Therefore, it is superior to MTMF and NMTR in privacy protection.

Conclusion

To mutual trust and win–win cooperation between the users and the CSP, in this article, we establish an access control model based on trust evaluation. First, we propose a multiattribute trust model based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to describe the complexity of trust relationship; second, we propose a weight method of the trust attribute by the information entropy, which transcends the limitations of traditional multiple attribute weighting methods; third, we design several relevant experiments to evaluate adaptability, accuracy, and efficiency in the cloud environment.

Of course, there are still some shortcomings in this article, the dynamic cloud service selection model needed further improvement; the obligation can be optimized to improve the service accuracy.²³ Further, we will study access control in the mobile networks; in addition, cloud service performance, reliability, and other aspects can be researched more depth in the future.²⁴

Footnotes

Acknowledgment

The author thanks the critics for their detailed comments and valuable suggestions, which greatly improve the quality of this article.

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work is financially supported by the National Development and Reform Commission, Information Security Special Project, Development and Reform Office, no. 1424 [2012].

ORCID iD

Panjun Sun

References

Cloud Security Alliance. Security Guidance for Critical Areas of Focus in Cloud Computing V4.0. 2017. https://cloudsecurityalliance.org/artifacts/security-guidance-v4/.

Zhifeng

Yang

. Security and privacy in cloud computing. IEEE Commun Surv Tut 2013; 15(2): 843–859

Aluvalu

Muddana

. A survey on access control models in cloud computing. India: Springer, 2015. Emerging ICT for Bridging the Future.

Rohit

Bharat

. EPICS: a framework for enforcing security policies in composite web services. IEEE Trans Serv Comput 2019; 12(3): 415–428

Bhatia

Singh

. A novel trust-based privacy preserving access control framework in web services paradigm. Adv Intell Syst, Adv Intel Syst Comput 2015; 308: 441–453.

Khaled

Zhu

. Multi-factor synthesis decision-making for trust-based access control on cloud. Int J Coop Inf Syst 2017; 26(4): 1750003.

Junqi

Deyun

. TC-BAC: a trust and centrality degree-based access control. Ad Hoc Networks 2013; 11(8): 2675–2692.

Nogoorani

Jalili

. TIRIAC: a trust-driven risk-aware access control framework for Grid environments. Future Gener Comp Sys 2016; 55: 238–254.

Matin

Nima

. A new method for trust and reputation evaluation in the cloud environments using the recommendations of opinion leaders’ entities and removing the effect of troll entities. Comput Hum Behav 2016; 60: 280–292.

10.

Yan

Ding

Niemi

, et al. A privacy preserving authorisation system for the cloud. Future Gener Comp Syst 2016; 62 (C): 175–189.

11.

Varalakshmi

Judgi

. Multifaceted trust management framework based on a trust level agreement in a collaborative cloud. Comput Electr Eng 2017; 59: 110–125.

12.

Halabi

Bellaiche

. Towards quantification and evaluation of security of cloud service providers. J Inf Sec Appl 2017; 33: 55–66.

13.

Simeon

Iraklis

. Achieving security by design through ontology-driven attribute-based access control in cloud environments. Future Gener Comp Sys 2019; 93: 373–391.

14.

Yan

Ding

Niemi

, et al. Two schemes of privacy-preserving trust evaluation. Future Gener Comp Sys 2016; 62 (C): 175–189.

15.

Lan

Vijay

. Trust enhanced cryptographic role-based access control for secure cloud data storage. IEEE Trans Inf Forensics Secur 2015; 10(11): 2381–2395.

16.

Xue

. An attribute-based controlled collaborative access control scheme for public cloud storage. IEEE Trans Inf Forensics Secur 2019; 14(11): 2927–2942.

17.

Smari

Clemente

. An extended attribute based access control model with trust and privacy: application to a collaborative crisis management system. Future Gener Comp Sys 2014; 31: 147–168.

18.

Ray

. Trust-based access control for secure cloud computing. In: Han

Choi

B-Y

Song

(eds) High performance cloud auditing and applications. New York, NY: Springer, 2014, pp. 189–213.

19.

. A method for trust quantification in cloud computing environments. Int J Distrib Sens N 2016; 12: 1–7.

20.

Rudolph-Lilith

Muller

LE.

Algebraic approach to small-world network models. Physical Review E 2014; 89: 012812.

21.

Fuller

Majlender

. An analytic approach for obtaining maximal entropy OWA operator weights. Fuzzy Set Syst 2001; 124(1): 53–57.

22.

Kim

. An entropy-based analytic model for the privacy protection in open data. In: IEEE International Conference on Big Data, Washington, 5–8 December 2016. IEEE.

23.

Tyagi

Niladhuri

. Never trust anyone: trust-privacy tradeoffs in vehicular Ad-Hoc Networks. Brit J Math Comp Sci 2016; 19(6): 1–23.

24.

Shynu