|| Volume 2 ||Issue 12 ||JULY 2017||ISSN (Online) 2456-0774
INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH
AND ENGINEERING TRENDS
Effective Handling of Credibility and Reputation-
Based Trust Management for Cloud Services
Ms.Shital Subhash Sangle
ME in Computer Science and Engineering, Everest College of Engineering & Technology, Aurangabad, Maharashtra India.
Abstract Trust management is a standout amongst the
most challenging issue for the tackling and development
of cloud computing. There are several challenging issues
in the trust management such as privacy, security, and
availability due to non-transparent, highly dynamic, and
distributed nature of cloud services. Saving customers'
protection is not a simple assignment because of the
sensitive information involved in the connection between
consumer and the trust management service. Protecting
cloud services against misleading behaviour of clients is a
complicated issue. Ensuring the availability of the trust
administration is another important challenge because of
dynamic behaviour cloud services. In this article, we
present the outline and usage of Cloud Armor, a
credibility and reputation based trust administration
system that gives a set of functionalities to convey Trust
as a Service (TaaS), which incorporates i) a novel
protocol to preserve users privacy and to demonstrate
the Believability of trust feedbacks ii) a versatile and
robust credibility model which works to measure the
credibility of trust feedbacks to protect cloud services
from malicious users and iii) an availability model to
deal with the availability of the decentralized usage of
the trust management service. The possibility and
advantages of our approach have been approved by a
model and test studies with a collection of true trust
feedbacks on cloud services.
Keywords: - Trust management, reputation, credibility,
security, privacy, availability, Trust as a Service.
I INTRODUCTION
Cloud computing has become a prominent
paradigm of computing and IT service delivery. However,
for any actual user of cloud services dont have any reason
to trust cloud services easily. So user will ask can I trust this
cloud service? On what basis user should trust cloud
service? How the trust factor is calculated? If the trust
judgement will depend on attributes of a cloud service, on
what basis should users believe the attributes claimed by
cloud providers? Who will monitor, measure, assess, or
validate cloud attributes? The answers to each these
questions are essential for adoption of cloud computing and
for cloud computing to evolve into a trustworthy computing
paradigm.
WWW.IJASRET.COM
The trust management in cloud environments is a
significant challenge due to the highly dynamic, distributed, and
non-transparent nature of cloud services. According to one of
the researcher at Berkeley, top 10 obstacles for the adoption of
cloud computing contain trust and security. Initially only
Service-Level Agreements (SLAs) are used for establishing
trust between cloud consumers and providers. But now days
SLAs are inadequate to provide guaranteed trust because of its
unclear and inconsistent clauses. So we can use consumers
feedback as a source to find the overall trustworthiness of cloud
services. Several researchers have suggested solutions to assess
and manage trust based on feedbacks collected from
participants. This system mainly works on improving trust
management in cloud environments by proposing various ways
to ensure the credibility of trust feedbacks [1].
In CloudArmor, we work on the following key issues
of the trust management in cloud environments.
Consumers Privacy: The privacy concern is raised with the
adoption of cloud computing. During the interaction between
cloud consumer and cloud provider sensitive information or
behavioural information may exchange. Sensitive information
means date of birth and address. Behavioural information means
with whom the consumer interacted, the kind of cloud services
the consumer showed interest. In some cases this information
may leak that means privacy will get break. so services which
involve consumers information should preserve their privacy.
Cloud service protection: Sometimes cloud service experiences
attacks from its users. Attacks on cloud service means trying to
take advantage of cloud service by creating several accounts or
by giving multiple misleading feedbacks. The detection of such
malicious behaviours poses several challenges. First challenge
is detection of consumer dynamism (i.e. New users login the
cloud service and old users leave at the before one two
seconds). Second challenge is detection of Sybil attack (users
may contain multiple accounts for a particular cloud service).
Finally, it is significant challenge to find when malicious
behaviours occur.
Trust management service (TMS) availability: Another issue is
availability of Trust management services (TMS). An interface
between users and cloud services is provided by a trust
management service. As there are unpredictable number of
users and highly dynamic nature of cloud environment it is
difficult to guarantee the availability of TMS. Approaches with
understanding of users capabilities and interests through
370
 || Volume 2 ||Issue 12 ||JULY 2017||ISSN (Online) 2456-0774
INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH
AND ENGINEERING TRENDS
operational availability measurements or similarity
measurements are incompatible in cloud environments. So
TMS should be available and it should be highly scalable
and adaptive to be functional in cloud environments.
II OBJECTIVE
The major concept implemented is to increase the
security or scrutiny levels while sharing any kind of
resource, space or system (PC, Printer or any other). When
cloud is used to store the resource data or any other data and
user with hierarchy level try to access the this services, there
is a risk of fraud or any user getting naughty and try to insert
a virus or spyware or any kind of threat that may damage the
system or cloud infrastructure. This will cause a very heavy
loss in big companies. When group is using a cloud various
threats are caused, here in this system a hierarchical scrutiny
functioning is designed which at every level checks the
request which is received and also the root sender and level
sender. i.e., when cloud consumer send a request to
consumer agent, the consumer agents check the request from
cloud agent and also scrutinize the user status and details
and then he forwards it to next level. The idea doing this to
maintain a secure hierarchy for resource sharing and data
sharing which will avail the user and the end resource
provider a trusted network of checks and Balances. This in
result returns a secure Cloud Armor with following
objectives:
By establishing and maintaining a secure cloud
infrastructure, an organization can reduce the number of
data breaches that occur and minimize the impact of
breaches that cannot be stopped.
This system will provide the most convenient mode of
data sharing and distribution of space in cloud for data
storage.
Automatically block lesser threat actors so that the
security controls including people may focus on finding
and stopping the most sophisticated threats.
Minimize dwell time from weeks or months to days or
even hours. Dwell time is the amount of time that a
threat actor remains undiscovered and unmitigated
within an environment.
III LITERATURESURVEY
In Trust Mechanisms for Cloud Computing by J.
Huang and D. M. Nicol the authors studied about Trust is a
critical factor in cloud computing. In present practice it
depends largely on perception of reputation, and self-
assessment by providers of cloud services[2]. They begin
this paper with a survey of existing mechanisms for
establishing trust, and comment on their limitations. They
then address those limitations by proposing more rigorous
mechanisms based on evidence, attribute certification, and
validation, and conclude by suggesting a framework for
integrating various trust mechanisms together to reveal
WWW.IJASRET.COM
chains of trust in the cloud. Author studied and categorized
existing research of trust mechanisms for cloud computing in
five categories- SLA verification based, reputation based,
transparency mechanisms, trust as a service, formal
accreditation, audit and Standards. Author says that the current
work on trust in the cloud focus narrowly on certain aspects of
trust which is insufficient. Whereas, Trust is a complex social
phenomenon, and a systemic view of trust mechanism analysis
is necessary. In this paper develop a informal and abstract
framework as a route map for analysing trust in the clouds. In
that, they suggest: (1) a policy-based approach of trust
judgment, by which the trust placed on a cloud service is
derived from a formal audit proving that the cloud entity
conforms to some trusted policies; (2) a formal attribute-
based approach of trust judgment, by which particular
attributes of a cloud service or attributes of a service provider
are used as evidence for trust judgment, and the belief in those
attributes is based on formal certification and chains of trust
for validation.For supporting this mechanism author explained
a general structure of evidence-based trust judgement, which
provides a basis to find the trust in a cloud entity, they define
the attributes to be examined are in a space of two-dimensions
domain of expectancy and source of trust including
competency, integrity, and goodwill.
Talal H. Noor and Quan Z. Sheng [3] proposed a
framework inCredibility-based trust management for services
in cloud environments which improves ways on trust
management in cloud environments. In particular, they
introduce a credibility model that not only distinguishes
between credible trusts feedbacks, but also has the ability to
detect the malicious trust feedbacks from attackers. We also
present a replication determination model that dynamically
decides the optimal replica number of the trust management
service so that the trust management service can be always
maintained at a desired availability level. The approaches have
been validated by the prototype system and experimental results
.They present a trust management framework to manage trust in
cloud environments. They introduce a credibility model that
assesses cloud services trustworthiness by distinguishing
between credible trust feedbacks and amateur or malicious trust
feedbacks. Also, the credibility model has the ability to detect
the malicious trust feedbacks from attackers (i.e., who intend to
manipulate the trust results by giving multiple trust feedbacks to
a certain cloud service in a short period of time).
R. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M.
Kirchberg, L. Qianhui, and L.B. Sung [4] proposed
TrustCloud: A framework for accountability and trust in cloud
computing is a paper which shows use of detective controls to
achieve a trusted cloud and a framework which uses technical
and policy based approaches to address accountability in cloud
computing. The sheer amount of virtualization and data
distribution carried out in current clouds generates the
complexity has also revealed an urgent need for research in
371
 || Volume 2 ||Issue 12 ||JULY 2017||ISSN (Online) 2456-0774
INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH
AND ENGINEERING TRENDS
cloud accountability, as has the shift in focus of customer
concerns from server health and utilization to the integrity
and safety of end-users data. In this paper, they establish the
urgent need for research in accountability in the cloud, and
outline the risks of not achieving it. For that purpose author
propose detective approach instead of preventive approaches
to increasing accountability. We are using detective
approaches because it enables the investigation not only of
external risks, but also risks from within the CSP. Detective
approaches require less invasive manner than preventive
approaches. Author also indicates that end user concerns
about file centric perspective in case of system health and
performance to the integrity and accountability. Conceptual
model will provide a cloud user a single point of view for
accountability of the CSP. For this they implemented Cloud
Accountability Life Cycle and the abstraction layers of logs.
From this they have identified the importance of both real-
time and post-mortem approaches to address the nature of
cloud computing at different levels of granularity.
Talal H. Noor, Quan Z. Sheng, and Abdullah Alfazi
(2013) propose Reputation attacks detection for effective
trust assessment of cloud services provides techniques for
the detection of reputation attacks to allow consumers to
effectively identify trustworthy cloud services [5]. Here we
use reputation based trust management technique which
represents high influence that consumers have over a cloud
service. The previous study by Habib et al.[8] or by Hwang
et al [9] didnt consider the problem of unpredictable
reputation attack against cloud services. They introduce a
credibility model that not only identifies misleading trust
feedbacks from collusion attacks but also detects Sybil
attacks, either strategic (in a long period of time) or
occasional (in a short period of time).This model has the
ability to adaptively adjust trust results for cloud services
that have been affected by malicious behaviours. Author
collected large number of consumers trust feedbacks given
on real world cloud services to evaluate the proposed
system. It also demonstrate the applicability of their
approach and show the capability of detecting malicious
behaviour.
IV PROPOSED WORK
A. Silent Features of Proposed system
Zero-knowledge credibility proof protocol (ZKC2P): Zero
knowledge credibility proof protocol is mainly works to
preserves the consumers privacy. Also it works with TMS
to measure the credibility of consumers feedback. For this
TMS uses the identity management service (IdM). However,
processing the IdM information can breach the privacy of
users. We bring forward this protocol to allow TMS to
process IdMs information using the Multi-Identity
Recognition factor. Rather we can say that, TMS will prove
the consumers feedback credibility without knowing the
WWW.IJASRET.COM
consumers credentials. TMS processes consumers credentials
without breaching the consumers privacy.
A credibility model: We can use feedbacks to measure the trust
value of cloud service provider. So the credibility of these
feedbacks plays an important role in the trust management
systems performance of cloud service provider. Therefore, we
propose the Feedback Density and Occasional Feedback
Collusion metrics for the feedback collusion detection. These
metrics are used to differentiate between misleading feedbacks
from malicious users. System also has the ability to detect
occasional and strategic behaviours of collusion attacks
.Collusion attack means attackers try to manipulate the trust
results by giving multiple trust feedbacks to a certain cloud
service in a long or short period of time. We also present several
metrics for the Sybil attacks detection including the occasional
Sybil attacks and multi-identity recognition. These metrics will
identify misleading feedbacks from Sybil attacks with the help
of TMS.
An availability model: Availability of trust management service
in cloud environment is necessary. Thus, we propose a
mechanism to manage feedbacks given by consumers in a
decentralised way through spreading several distributed nodes.
For maintaining desired availability level Load balancing
techniques are exploited to share the workload. An operational
power metric is used to determine the number of TMS nodes.
Some inoperable TMS instances are excluded by using
Replication techniques. A replication determination metric is
introduced to determine the number of replicas of each node.
Also this replication determination metric overworks to particle
filtering techniques to exactly predict the availability of each
node.
B. System Architecture
The figure 1 shows the cloud Armor framework which delivers
trust as a service. It based on the service oriented architecture
(SOA).In particular, the trust management service spans several
distributed levels that expose interfaces so that users can give
their feedbacks or inquire the trust results at each level. The
framework consists of three layers, i) the Cloud Service
Provider Layer, ii) the Trust Management Service Layer, and ii)
the Cloud Service Consumer Layer.
i) The cloud service provider layer: This layer consists of
different cloud service providers who offer one or several cloud
services. These cloud services are accessible through web
portals and indexed on web search engines such as Google,
Yahoo, and Baidu on Internet. All the providers will able to
advertise their services on the web. Interactions with IdM
Services are completed at each level for checking identity and
finding out the malicious or fraud users. Resource agent, service
agent and cloud consumer agent are three levels for checking
trust. Resource agent will interact with trust management
system before final decision.
372
 || Volume 2 ||Issue 12 ||JULY 2017||ISSN (Online) 2456-0774
INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH
AND ENGINEERING TRENDS
A. System Flow Diagram
In Figure No 2, the process represents the flow from
user login to receiving the requested service or resource. As we
can see that when user need to login, he will be asked for
username and password. If the asked authentication fails the
request for log in declined and a message is reflected. If the user
succeeds in authentication he is allowed to enter the request
zone. Now when user enters request zone he can request to
various service or resources such as cloud space, printers,
scanners or data sharing request, anything which is registered
with the resource agent and is available for sharing. When user
request is send to authorized level of request processing
department/section his every aspect is monitored and check for
any fraud or malicious or unauthorized features. If the user gets
clean in this process is forwarded to higher authority, now when
the next higher authority get the request from the lower one, he
can also do the same process if he wants. When request reaches
Figure 1: Architecture of proposed system to SA (service agent) it generally that the status of request is
ii) The trust management service layer: This trust nearly done, but now when SA forwards it to RA the RA has
management service layer is the main working layer which right to have scrutiny on every aspect of request send by user. If
consists of several distributed TMS nodes. These nodes are he founds that the user is not OK or trying to access what he not
hosted in multiple cloud environments in different or pretending a general user he can decline the request and send
geographical areas. These TMS nodes will work as interface a notification touser. This is working structure is so well design
between consumer and provider. So users can give their done that every step is check by the higher step and then it is
feedback or inquire the trust results in a decentralized way to forwarded to next level.
TMS nodes. Trust Management System contains five
different blocks namely; trust set policy, trust update,
reputation, Trust detection, Trust Inference device.
Interactions for this layer include: i) interaction enabling
TMS to prove the credibility of a particular consumers
feedback with the help of Zero knowledge credibility proof
protocol, ii) interaction between cloud consumer and cloud
service provider through TMS.
iii) Cloud service consumer layer: Finally, this layer
consists of different users who use cloud services. For
example, a new start up that has limited funding can
consume cloud services (e.g., using cloud space of IBM soft
layer cloud). Interactions for this layer include: i) interaction
for discovery of a new cloud service and other services
through the Internet, ii) interaction through consumers are
able to give their feedback or retrieve the trust result of a
cloud service results in trust and service interactions
between them, And iii) consumer need to follow a
registration process which establishes consumers identity to
IdM by registering their credentials in IdM.
This framework also provides automatic cloud
service discovery on the internet and storing it in a cloud
service repository is known as web crawling approch.
Moreover, this framework contains an identity management
service ( Figure 1) where consumer register their credential
before using TMS by following registration process.
Consumer needs this IDM for proving the credibility of a
particular consumers feedback through ZKC2P.
Figure 2: Flow diagram of activities

WWW.IJASRET.COM 373
 || Volume 2 ||Issue 12 ||JULY 2017||ISSN (Online) 2456-0774
INTERNATIONAL JOURNAL OF ADVANCE SCIENTIFIC RESEARCH
AND ENGINEERING TRENDS
V CONCLUSION
Techniques that help in detecting trustworthy
consumers and credible feedbacks. Also helps consumers to
effectively identify trustworthy cloud services. In particular,
proposed a zero knowledge credibility proof protocol that
works to preserve consumers privacy as well as helps TMS
to measure credibility of consumers feedback. Also in this
project introduce a credibility model to identify misleading
trust feedbacks from collusion attacks and detect Sybil
attacks. We also develop an availability model that
maintains the trust management service availability at a
desired level.
REFERENCES
[1] Talal H. Noor, Quan Z. Sheng, Lina Yao, Schahram
Dustdar and Anne H.H. Ngu,CloudArmor: Supporting
Reputation-based Trust Management for Cloud
ServicesIEEE Trans. Vol.27, No2, February 2016, PP
367-380.
[2] J. Huang and D. M. Nicol, Trust mechanisms for cloud
computing, J. Cloud Comput.,vol. 2, no. 1, pp. 114,
2013.
[3] T. Noor and Q. Z. Sheng, Credibility-based trust
management for services in cloudenvironments, in
Proc. 9th Int. Conf. Service- Oriented Comput., 2011,
pp. 328343.
[4] R. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M.
Kirchberg, L. Qianhui, and L.B. Sung,TrustCloud: A
framework for accountability and trust in cloud
computing,
[5] T. H. Noor, Q. Z. Sheng, and A. Alfazi, Reputation
attacks detection for effective trustassessment of cloud
services, in Proc. 12th Int. Conf. Trust, Security
Privacy Comput.Commun, 2013, pp. 469476.
[6] T. H. Noor and Q. Z. Sheng, Trust as a service: A
framework for trust management incloud
environments, in Proc. 12th Int. Conf. Web Inf. Syst.
Eng., 2011, pp. 314321.
[7]Y. Wei and M. B. Blake, Service-oriented computing
and cloud computing: Challengesand opportunities,
IEEE Internet Comput., vol. 14, no. 6, pp. 7275,
Nov./Dec.2010.
[8]S. Habib and et al., Towards a Trust Management
Systemfor Cloud Computing, in Proc. of
TrustCom2011, 2011.
[9] K. Hwang and D. Li, Trusted Cloud Computing with
SecureResources and Data Coloring, IEEE Internet
Computing,vol. 14, no. 5, pp. 1422, 2010.

WWW.IJASRET.COM 374