Aalborg Universitet. Towards Trust Engineering for Opportunistic Cloud Services Kuada, Eric. Publication date: 2014

Transcription

1 Aalborg Unvertet Toward Trut Engneerng for Opportunt Cloud Serve Kuada, Er Publaton date: 2014 Doument Veron Author fnal veron (often known a potprnt) Lnk to publaton from Aalborg Unverty Ctaton for publhed veron (APA): Kuada, E. (2014). Toward Trut Engneerng for Opportunt Cloud Serve: A Sytemat Revew of Trut Engneerng n Cloud Computng. General rght Copyrght and moral rght for the publaton made aeble n the publ portal are retaned by the author and/or other opyrght owner and t a ondton of aeng publaton that uer reogne and abde by the legal requrement aoated wth thee rght.? Uer may download and prnt one opy of any publaton from the publ portal for the purpoe of prvate tudy or reearh.? You may not further dtrbute the materal or ue t for any proft-makng atvty or ommeral gan? You may freely dtrbute the URL dentfyng the publaton n the publ portal? Take down poly If you beleve that th doument breahe opyrght pleae ontat u at [email protected] provdng detal, and we wll remove ae to the work mmedately and nvetgate your lam. Downloaded from vbn.aau.dk on: oktober 03, 2015

2 Toward Trut Engneerng for Opportunt Cloud Serve: A Sytemat Revew of Trut Engneerng n Cloud Computng Er Kuada Department of Eletron Sytem Aalborg Unverty, Copenhagen, Denmark [email protected] Abtrat -The ytemat revew methodology ha been employed to revew trut related tude n loud omputng. It wa oberved that truted omputng tehnologe and reputaton baed approahe are the man approahe to trut engneerng n loud omputng. Alo, truted thrd party approahe and the deployment model play a gnfant role n enhanng trut between erve provder and onumer. It wa oberved that the onept of trut ued looely wthout any formal pefaton n loud omputng duon and trut engneerng n general. A a frt tep toward addreng th problem, we have ontextualzed the formal trut pefaton n mult-agent envronment for loud omputng. Keyword- eurty engneerng; trut engneerng; trut n loud omputng; trut modelng. 1 INTRODUCTION Th ntrodutory eton begn wth the motvaton for undertakng th tudy. Next, a bakground to the need for trut engneerng n loud omputng provded. An overvew to opportunt loud erve (whh the foundaton for the motvaton of th tudy) alo gven. Sne the methodologal approah to th tudy ytemat lterature revew, the eton end wth a bref ntroduton to ytemat lterature revew and the proee nvolved n ondutng uh a revew. 1.1 Motvaton We have over the pat three year been workng on the feablty of Opportunt Cloud Serve (OCS) for enterpre[1] [2]. One of the major hallenge that uh a platform fae data eurty and trut management ue. In order to degn and develop a trut management ytem for OCS platform, we needed to revew the urrent trut engneerng ue n loud omputng. It wa deded that we needed to perform a ytemat lterature revew on th top beaue ne the OCS onept telf new, any trut degn model of t ubytem mut be guded by exhautve knowledge of the tate-of-the-art n the feld. The rgorou methodologal approah offered by ytemat lterature revew wll enure that the top adequately overed. The objetve of th paper therefore to provde tateof-the-art knowledge on trut engneerng onept and model n loud omputng. 1.2 Bakground to Trut n Cloud Computng Cloud omputng eentally the pakagng of tradtonal Informaton Tehnology nfratruture and oftware oluton uh a torage, CPU, network, applaton, erve, et., a vrtualzed reoure and delvered by a erve provder to t utomer a an ondemand pay-per-ue elf-provoned erve, whh normally offered through a web portal over a network uh a the Internet[3] [4] [5]. Whle loud erve provder pledge to preerve data prvay, the urrent Software a a Serve (SaaS) arhteture make t dffult to provde any aurane that the oftware n the Cloud wll not be able to make ope or redtrbute the data t ued[6]. Seondly, the Cloud model baed on two key haratert: mult-tenany, where multple tenant hare the ame erve ntane, and elatty, where tenant an ale the amount of ther alloated reoure baed on urrent demand. Although both haratert target mprovng reoure utlzaton, ot reduton, and erve avalablty, thee gan are threatened by mult-tenany eurty mplaton. The harng of applaton that proe rtal nformaton wthout uffent proven eurty olaton, eurty SLA or tenant ontrol, reult n lo-of-ontrol and lak-of-trut problem[7]. Apart from thee onumer onern, loud arhteture alo ntrodue new lae of eurty rk and attak over the reoure of loud erve provder. Thee nlude pooned vrtual mahne, attak agant the loud erve provder management onole, attak baed on knowledge of default eurty ettng, abue of bllng ytem, and data leakage va unform reoure loator. Cloud erve provder tll do not urrently have uffently robut tehnal oluton that an 1

3 protet ther loud reoure from harmful malware, vru nfeton, botnet, dtrbuted denal of erve attak, or other type of yber-attak. Furthermore, there no effetve mehanm to help loud uer evaluate the eurty meaure of ther erve provder and enure the proteton of ther data whle takng nto onderaton ndutry tandard or peronal preferene [8]. 1.3 Opportunt Cloud Serve Opportunt Cloud Serve (OCS) a oal network approah to the provonng and management of loud omputng erve for enterpre. OCS about enterpre leveragng free loud erve to meet ther bune need wthout havng to pay or payng a mnmal fee for thee erve [9][10]. An OCS network a oal network of enterpre ollaboratng trategally for the ontrbuton and uage of loud erve wthout enterng nto any bune agreement[1]. Member normally wll pakage only ther pare IT reoure and make them avalable a Cloud erve on the OCS platform o that other ntereted an utlze them. Sne no bune agreement and hene no Serve Level Agreement (SLA) ext between the erve provder and the potental uer of ther erve, erve onumer do not enjoy the level of upport (n term of qualty of erve, relablty, avalablty, eurty, bllng tranpareny, et.) that ommeral loud erve provder offer to ther lent. Conderng the fat that ommeral loud erve provder are fndng t extremely hallengng to provde uh a upport, oupled wth havng to provde adequate tranpareny n ther management proee, the OCS platform more o need a well-rafted and oundly engneered trut management ytem n order to make reoure on the platform utable for bune ue. 1.4 Sytemat Lterature Revew A ytemat lterature revew a mean of dentfyng, evaluatng and nterpretng all avalable reearh - that are known to the reearher - and relevant to a partular reearh queton, top area, or phenomenon of nteret [11][12]. It a ytemat, explt, omprehenve, and reproduble method for dentfyng, evaluatng, and ynthezng the extng body of ompleted and reorded work produed by reearher, holar, and prattoner on a pef top of nteret [13]. The aumulaton of evdene through eondary tude an be very valuable n offerng new nght or n dentfyng where an ue mght be larfed by addtonal prmary tude. The ytemat lterature revew proe ont of three man tage - namely nput, proeng, and output [14]. The eght tep gude of [13] to ondutng ytemat lterature revew are: purpoe of the lterature revew, protool and tranng, earhng for the lterature, pratal reen, qualty appraal, data extraton, ynthe of tude, and fnally wrtng the revew. They reommend all thee tep are eental for a revew to be entfally rgorou. Aordng to[11] the tage n a ytemat lterature revew an be ummarzed nto three man phae: plannng the revew, ondutng the revew, and reportng the revew. The tage aoated wth plannng the revew are: dentfaton of the need for a revew, pefyng the reearh queton, and developng a revew protool; the tage aoated wth ondutng the revew are: dentfaton of relevant extng reearh, eleton of prmary tude, tudy qualty aement, data extraton and montorng, and data ynthe; and fnally, the tage aoated wth reportng the revew are: pefyng demnaton mehanm, and formattng the man report. 2 METHODOLOGY We adopt a blend of the gudelne of [11] and [13] beaue after a areful analy, we onder both gude to be utable for our purpoe; and t wa evdent that ther man ndvdual tage are n agreement and refer to the ame onept wth lghtly dfferent taggng. 2.1 Plannng the Revew The man atvte nvolved n plannng the revew are pefyng the objetve of the tudy, pefyng the reearh queton, developng and evaluatng the revew protool, and jutfyng the need for the tudy Need for the Study There have been effort on urvey on eurty ue n loud omputng [15] [16] but not on trut engneerng. Alo, even though eurty a key element of trut, thee tude are not ytemat revew and thoe that attempt a ytemat revew uh a [17] fou only on eurty; o to the bet of our knowledge, th tudy the frt attempt of ummarzng the body of knowledge on trut engneerng n loud omputng envronment Objetve and Reearh Queton The frt of the man objetve of th tudy to provde tate-of-the-art knowledge on trut engneerng onept and model n loud omputng. The eond objetve to provde a frm groundng for engneerng a trut model and trut management ytem for opportunt loud omputng erve. Baed on thee objetve, the reearh queton that are of nteret to th tudy are: a. What are the man approahe toward trut engneerng n loud omputng? b. What are the major trut model and trut management ytem for loud omputng?. What are the objetve of the dentfed prmary tude and n what ontext are thee trut management ytem beng developed? 2

4 2.1.3 Revew Protool A revew protool pefe the method that wll be ued to undertake a pef ytemat revew. The omponent of a protool nlude all the element of the revew plu ome addtonal plannng nformaton uh a the projet tmelne [11]. The entre methodology eton n th paper gve a ummary of revew protool that ha been appled n undertakng th tudy. The revew protool ha been under ontant re-evaluaton to enure that the appled earh trng are derved from the reearh queton; the extrated data properly addre the reearh queton; and the data analy proedure approprate to anwer the reearh queton. 2.2 Condutng the Revew The tage aoated wth ondutng the revew are dentfaton and eleton of relevant extng prmary tude, tudy qualty aement, data extraton and montorng, and data ynthe Searh Strategy The adopted earh trategy to earh for keyword n tandard metadata (.e. ttle, abtrat, and author keyword). The keyword derved from our top Trut Engneerng n Cloud Computng are trut, engneerng, and loud omputng. However, beaue prvay and eurty are two major element n trut n loud omputng, we expanded our earh keyword to nlude them. Addtonally, to enure the earh trng are derved from our reearh queton, we further expand the keyword to nlude model. We then ue a ombnaton of two or more of the reultng keyword a earh trng n earhng for the prmary reoure for th tudy. The reultng earh trng are: trut engneerng, trut loud omputng, trut model, eurty n loud omputng, prvay n loud omputng, eurty engneerng, and prvay engneerng Soure Conderng the top of th tudy, the major oure that the earh trategy wa appled n are IEEE Xplore Dgtal Lbrary, ACM Dgtal Lbrary, Google holar, and Journal of Elever and Sprnger Lnk. Thee oure were upplemented wth the general Internet and the Aalborg Unverty dgtal lbrary portal, Prmo, whh a portal nto well-known reearh databae Pratal Sreen and Qualty Appraal Refwork [18] wa ued a the bblograph management tool for managng the large number of over fve hundred tude reultng from the earh proe. Thee were taken through pratal reenng by readng through ther abtrat and thoe that ddn t have relaton to our reearh top were exluded; leavng about 320 prmary tude a our bae reoure. A eond and a thrd round of revew were performed to elet thoe that had dret bearng on the reearh queton. Th proe yelded about 140 artle that have been nluded n th tudy. All thee artle were then retreved and proeed for the data extraton phae. Th proe panned a perod of four month, from September to Deember Regular update to the lt of artle wa made durng data extraton and ynthe of tude phae n the ubequent month of undertakng th tudy Data Extraton NVvo10[19] wa the hoe of tool for the data extraton phae. Even though we are well aware of other qualtatve data analy tool uh a Atla.t [20], we dd not onder them ne the unverty had lene to only NVvo. All thee relevant prmary tude were manually read. The ba methodologal tep of ontant omparon for odng n grounded theory [21] [22]were appled n the data extraton proe wth help of Nvvo n the odng of the data a we read through eah artle. Furthermore the grounded theory methodology allowed extraton of relevant nformaton (e.g. the major hallenge of trut engneerng n loud omputng) from the prmary tude, even though thee were not ntally part of the fou of our tudy and hene dd not reflet n our reearh queton Synthe of Stude Durng the ynthe tage, major trend that had developed durng the odng proe were further nvetgated by earhng for new artle on thee pef top n order to hed more lght on them. We followed an teratve proe of ategorzaton and reorganzaton of the extrated data, upplemented wth fndng new artle that upport or weaken the trend beng oberved. Thoe ategore lakng adequate upport and ould alo not ft naturally under other ategore dd not mert further analy and were dropped n our duon a preented below. 3 ANALYSIS & DISCUSSION We have followed an teratve proe of ategorzaton and reorganzaton of the extrated data, upplemented wth fndng new artle that upport or weaken the trend beng oberved, n order to obtan the fnal headng that are dued n th eton. The man area overed n our analye and duon are: Trut, eurty and prvay hallenge n loud omputng Fou on trut engneerng n loud omputng Modelng trut: th deal wth the modelng of the onept of trut. Trut engneerng approahe Trut management ytem 3

5 3.1 Trut, Seurty and Prvay Challenge n Cloud Computng Though the dentfaton of hallenge n loud omputng wa not part of the reearh objetve or queton that were pelt out durng the Plannng the Revew tage, t wa evdent durng the data extraton proe that t a paramount ue that needed ome attenton. The major hallenge n loud omputng a were reported by the revewed paper an be ategorzed nto trut hallenge, eurty hallenge, and prvay hallenge. Th ategorzaton however doe not mean the ategore are mutually exluve, a t wll be een later that for example, eurty and prvay ue mpat upon the pereved trut of varou entte n a loud omputng marketplae Trut Challenge An mportant ue n loud omputng the aountablty of the reoure uage data: who perform the meaurement to ollet reoure uage data t the provder, the onumer, a truted thrd party or ome ombnaton of them? Currently, provder de aountablty the ba for loud erve provder, although, a yet there are no equvalent falte of onumer-truted meterng a the ae n tradtonal utlty erve; rather, onumer have no hoe but to take whatever uage data made avalable by the provder a trutworthy [23]. Another ue onernng trut n loud omputng that, potental utomer of loud erve often feel that they loe the ontrol over ther data, and they are not ure whether they an trut the loud erve provder. A urvey onduted n 2011 among more than three thouand loud onumer from x ountre, how that 84 perent of the onumer are onerned about ther data torage loaton and 88 perent of the onumer worry about who ha ae to ther data. Though onumer onern an be mtgated by ung preventve meaure for prvay (e.g., demontratng omplane tandard) and eurty (e.g., eure hypervor, TPM baed erver), at preent, loud provder demontrate ther preventve meaure by nludng related derpton n the SLA; aurane and ompenaton for SLA volaton are however not onvnng enough for the onumer. Epeally, SLA wth vague laue and unlear tehnal pefaton lead the onumer nto a deon dlemma when onderng them a the only bae to dentfy trutworthy provder [24]. A thrd ue onernng trut n loud omputng that, the SaaS model gve oftware provder an unpreedented ae to data uploaded by uer. At exeuton tme the ontrol of the data handed over from the uer (data owner) to the oftware provder. Furthermore, the reult generated from the oftware exeuton, n theory, are under the ontrol of the oftware provder. Th rae a new onern about trut on oftware provder [6]. Data mut be derypted nto memory when performng the omputaton, even though they an be enrypted durng torage and tranmon. In th ae, the prvleged admntrator of SaaS provder are able to npet or modfy uer data and omputaton. A a reult, the uer are hetant to trut the SaaS provder [25] Seurty Challenge Poble mue of utomer data by loud erve provder a major hallenge n loud omputng. The prvleged admntrator of loud erve provder are able to npet, modfy, or mapply uer data and omputaton. Some of the eurty hallenge fang loud omputng are mult-tenany eurty mplaton, eurty olaton, loud erve provder and utomer need of modelng and enforng dfferent eurty requrement (epeally at runtme beaue eurty requrement may hange over tme a new rk emerge), and ntegratng wth dfferent eurty erve. After analyzng the loud omputng model eurty problem, and nformaton eurty management ytem (ISMS) proe, [26] ha dentfed the followng key problem: Eah takeholder ha ther own eurty management proe (SMP) that they want to mantan or extend to the loud hoted aet. No takeholder an ndvdually mantan the whole eurty proe of the loud erve beaue none of them ha the full nformaton requred to manage eurty and eah one ha a dfferent perpetve. Mult-tenany requre mantanng dfferent eurty profle for eah tenant on the ame erve ntane. No Seurty SLA avalable that an be ued to mantan agreement related to loud aet eurty. The extng tandard uh a ISO27000 and FISMA do not map well to the loud model beaue thee tandard onder the SMP from the perpetve of the platform/aet owner, not from a erve provder perpetve. Whle there mght be a multtude of operatng ytem (OS) deployed n a ngle loud, the majorty of uh OS have not been degned for the Cloud. In partular, tradtonal loggng proe and/or event-baed (for a partular uer or node). In the Cloud, however, there are no lear uer or node barrer; ntead, loggng hould be done wth repet to the key aet,.e., data and nformaton. In term of OS, th mean data-entr loggng. Bede provenane, other key onern mandatng data- entr loggng nlude the need for upport of onteny aurane, rollbak, reovery, replay, bakup, and retorng of data. Suh funtonalty uually enabled by ung operatonal and/or 4

6 tranatonal log. Suh log have alo been proven ueful for montorng of operatonal anomale. Whle thee onept are well etablhed n the databae doman, loud omputng haratert uh a eventual onteny, unlmted ale, and multtenany poe new hallenge. In addton, eure and prvay-aware mehanm mut be deved not only for onteny log but alo for ther bakup, whh are ommonly ued for meda/node reovery [27]. Data proeng loud, nludng Hadoop[28], exeute untruted, uer-ubmtted ode on truted loud node durng job proeng, and mut therefore reman vglant agant malou moble ode attak. Vrtualzaton tehnologe, nludng truted hardware, hypervor, eure operatng ytem, and truted VM are the typal mean by whh uh moble ode eured. However, a varety of tude have hown that loud ntrodue gnfant new eurty hallenge that make moble ode eurty a non-trval, ongong battle. For example, the Cloud Seurty Allane ha dentfed neure loud API, malou nder, hared tehnology ue, erve hjakng, and unknown rk profle all a top eurty threat to loud erve [29]. Adoptng mult-tenany wth SaaS reult n a et of requrement that mut be addreed by the SaaS applaton. Two key requrement n the area of SaaS applaton eurty engneerng have been dentfed by [7]. The frt one the eurty olaton among tenant aet at ret (torage), durng proeng (n memory), and durng tranent (among applaton omponent or between the applaton and the tenant te). Seondly, t requred to upport enforement of dfferent eurty requrement on the ame erve ntane at runtme. Applaton utomzaton approahe do not ft well wth runtme and mult-tenant pefaton and eurty enforement beaue thee eurty requrement may hange over tme a new rk emerge. Data ntegrty another major eurty hallenge for loud omputng. It mot often aumed that the underlyng torage array (mlar tehnologe of whh are beng employed by loud erve provder), reeve, tore and retreve data flawlely. Th aumpton however proven to be fale n the pat, a evdent from the CERN report[30] and other tude[31]. Therefore, prompt deteton of ntegrty volaton vtal for the relablty and afety of the tored data n the Cloud [32] Prvay Challenge In loud omputng, entte may have multple aount aoated wth a ngle or multple erve provder (SP). Sharng entve dentty nformaton (.e. Peronally Identfable Informaton (PII)) along wth aoated attrbute of the ame entty aro erve an lead to mappng of the dentte to the entty; and th lead to prvay lo. The major problem regardng prvay n the Cloud nlude how to eure PII from beng ued by unauthorzed uer; how to prevent attak agant prvay (uh a dentty theft) even when a loud SP annot be truted; and how to mantan ontrol over the dloure of prvate nformaton [33]. A ha been ndated by [34], there are tuaton where loud erve provder themelve nvade the prvay of ther uer, o a loud erve provder generally not the entty to fully rely on n order to protet one prvay. Conequently, there a need for addtonal external meaure to protet a uer prvay. Th need ha been reognzed n everal prevou approahe for protetng data n the Cloud [35] [36]. However, thee approahe uffer from bad uablty and requre too muh effort from the uer, a hown for example by Whtten and Tygar [37] and ubequent uer tet. There are theoretally many ryptograph mehanm that would perfetly ut the prvay need of today Internet uer, but ther ue avoded due to a lak of good uablty and hgh effort requred. For example, Publ Key Infratruture (PKI) burden the uer wth handlng ryptograph artfat. Although there are many effort to mplfy the uage of a PKI,e. g. [38] [39], the majorty of uer tll hy away from the extra work [34]. 3.2 Cloud Computng Trut Engneerng Fou We now analyze the man objetve of reearher on trut engneerng n loud omputng to determne what trut engneerng reearh ha foued on wthn the pat few year. We extrat the objetve of eleted work of whh the objetve had been learly tated (normally tated n the abtrat or n the ntrodutory eton), or an be ealy nferred from thee eton. We have dentfed fve man reearh foue on trut engneerng n loud omputng. They are performane and Qualty of Serve (QoS), eurty related, ae and Identty management, uer and provder upport on trut management, and bllng and aountablty. We end the eton wth ome onludng remark on ome of the alent pont of thee reearh area together wth the ontext wthn whh thee tude had been arred out Performane and QoS The objetve of the trut evaluaton model of [40] to onfgure the omplex et of erve dynamally n a loud envronment aordng to the predtve performane n term of tablty and avalablty of all erve that are to be provded; th wth the am of allowng a ytem to onfgure erve dynamally and dtrbute tak effently n uh a way that mnmze tak falure and tak mgraton rate. Sue of loud omputng requre that both utomer and provder an be onfdent that gned SLA are upportng ther repetve bune atvte to ther bet extent. The SLA urrently beng ued fal n provdng uh onfdene, epeally when provder outoure reoure to other provder. Thee reoure provder typally upport very mple metr lke 5

7 avalablty, or metr that hnder an effent explotaton of ther reoure. A reoure-level metr for pefyng fne-gran guarantee on CPU performane ha been propoed by [41]. Due to the dynam nature of loud omputng, how to aheve atfatory QoS n loud workflow ytem beome a hallenge. Meanwhle, ne QoS requrement have many dmenon, a unfed ytem degn for dfferent QoS management omponent requred to redue the ytem omplexty and oftware development ot;[42] ha therefore propoed a gener QoS framework for loud workflow ytem. The framework over the major tage of a workflow lfeyle. It ont of QoS requrement pefaton, QoS-aware erve eleton, QoS onteny montorng and QoS volaton handlng Seurty The am of [43] to provde a ytem that make t poble to detet that at leat the onfguraton of the loud nfratruture -a provded n the form of a hypervor and admntratve doman oftware- ha not been hanged wthout the utomer onent. They preent a ytem that enable perodal and neetydrven ntegrty meaurement and remote attetaton of vtal part of loud omputng nfratruture. The objetve of [43] to takle the problem of protetng entte ung the Cloud from malou or neglgent entte provdng the loud nfratruture. They preent the BonaFde ytem for remote attetaton of eurtyrelevant part of the loud nfratruture, whh guarantee to erve provder at runtme the deteton of unntended or malou modfaton of loud nfratruture onfguraton. Ther approah doe not prevent the loud nfratruture provder from alterng rual omponent and ubequently tealng data, but thee atvte wll at leat be deteted by the loud onumer. The objetve of [25] to provde a truted SaaS platform (TSP) whh wll guarantee data eurty durng torage and tranmon, and alo enfore a truted exeuton envronment (TEE) that guarantee the onfdentalty and ntegrty of the uer data and omputaton. The objetve of [7] to provde a eurty management arhteture- Tenant Orented SaaS Seurty Management Arhteture (TOSSMA) - that allow erve provder to enable ther tenant n defnng, utomzng and enforng ther eurty requrement wthout havng to go bak to applaton developer for mantenane or eurty. The objetve of [32] to offer a eure loud torage erve arhteture wth the fou on Data Integrty a a Serve (DIaaS) baed on the prnple of Serve-Orented Arhteture and Web erve. The approah releae the burden of data ntegrty management from a torage erve by handlng t through an ndependent thrd party data Integrty Management Serve (IMS); t alo redue the eurty rk of the data tored n the torage erve by hekng the data ntegrty wth the help of IMS. In order to addre prvay and eurty ue, and to norporate eurty and trut funtonalte that omple wth EU and government prvay law, [44] ha preented the Cloud Data Seurty (CloudDataSe) projet that am to degn loud erve adherng to government prvay law. In partular, they ntrodued a x-layer eurty model for loud omputng and three level of eurty aurane for SME to take advantage of. Fnally, they propoed Seurty Management a a Serve (SMaaS) module to enable uer to apply neeary eurty and prvay operaton, baed on the entvty of ther data. The objetve of [26] to ntrodue a loud eurty management framework baed on algnng the FISMA tandard[45][46] to ft wth the loud omputng model; th wth the am of enablng loud provder and onumer to be eurty ertfed through mprovng ollaboraton between loud nfratruture provder, loud erve provder and erve onumer n managng the eurty of the loud platform and the hoted erve Ae and Identty Management Beaue avalable oluton to dentty management n loud omputng ue truted thrd party (TTP) n dentfyng entte to erve provder, and thee oluton provder do not reommend the uage of ther oluton on untruted hot, the objetve of [33] to develop a framework for dentty management whh ndependent of TTP and ha the ablty to ue dentty data on untruted hot. The objetve of [47] to provde a mehanm (Trut Tket) of enurng trut and eurty n Software a a Serve (SaaS). Ther Trut Tket, together wth the upportng protool, a mehanm that help a data owner n etablhng a lnk between a loud erve provder and a regtered uer. In th mehanm, a uer frt get regtered wth a data owner before reevng a Trut Tket and a eret key from that data owner. Eah Trut Tket unque and enrypted. On ompletng the regtraton of eah uer, the data owner appre the loud erve provder of the Trut Tket Uer and Provder Trut Management Support Due to the vat dverty n the avalable loud erve, from the utomer pont of vew, t ha beome dffult to dede whoe erve they hould ue and what the ba for ther eleton. Currently, there no framework that an allow utomer to evaluate Cloud offerng and rank them baed on ther ablty to meet the uer QoS requrement. Referene [48] ha propoed a framework and a mehanm that meaure the qualty and prortze loud erve. The objetve of [24] to upport the utomer n relably dentfyng trutworthy loud provder. The objetve of [49] to 6

8 provde peronalzed trut management n whh the uer may play any of the three role of onumer, broker, or provder. The objetve of [50] to provde deon makng gudane to erve provder to ntalze ollaboraton by eletng trutworthy partner wthn the ontext of a loud marketplae. The objetve of [51] to provde a framework that enable trut-baed loud utomer and loud erve provder nteraton wthn the ontext of hybrd loud omputng envronment. The objetve of [27] to employ a data-entr, detetve approah to provde a framework (TrutCloud) to nreae trut, eurty of data, and aountablty n the Cloud at all level of granularty. The am of [34] to provde uable onfdentalty and ntegrty, through ther Confdentalty a a Serve (CaaS) paradgm for the majorty of uer for whom the urrent eurty mehanm are too omplex or requre too muh effort Bllng and Aountablty The objetve of [23] to provde openne and tranpareny. They propoe the noton of onumer entr reoure aountng model uh that onumer an programmatally ompute ther onumpton harge of a remotely ued erve. In partular, the noton of trongly onumer entr aountng model propoed that requre that all the data needed for alulatng bllng harge an be olleted ndependently by the onumer (or a truted thrd party, TTP). Aordng to [8], one of the major eurty obtale to wdepread adopton of loud omputng the lak of near-real-tme audtablty. In partular, near-real-tme loud audtng, whh provde tmely evaluaton reult and rapd repone, the key to aurng the Cloud. Ther objetve therefore to preent tratege for relable loud audtng Conludng Remark and Context of Stude Uually, loud provder provde aurane by pefyng tehnal and funtonal derpton n SLA for the erve they offer. The derpton n SLA are not ontent among the loud provder even though they offer erve wth mlar funtonalty. Cutomer are not ure whether they an dentfy a trutworthy loud provder only baed on t SLA. To upport the utomer n relably dentfyng trutworthy loud provder, [24] ha propoed a mult-faeted trut management ytem arhteture for a loud omputng marketplae. The ontext of [50] the provon of gudane n the eleton of trutworthy partner wthn a loud omputng marketplae. The ontext of [51] to provde a framework that enable trut-baed loud utomer and loud erve provder nteraton wthn the ontext of hybrd loud omputng envronment, where reoure harng between multple Cloud to meet loud uer requrement are enabled by peerng arrangement etablhed between the partpatng Cloud. The ontext of [40] the hedulng of reoure of erve n loud omputng envronment by adoptng a trut model baed on Probablt Latent Semant Analy (plsa) whh analyze the htory nformaton of eah node and alloate relable reoure aordng to uer requet. Baed on the fndng from the above, the man arrear of trut engneerng reearh fou ha been on qualty of erve, eurty, ae and dentty management, uer upport on trut management, and aountablty n n the ontext of a loud omputng marketplae. A major obervaton that I made from the revewed tude that the onept of trut treated looely wthout any formal pefaton or defnton n the duon of trut n loud omputng and trut engneerng n general. Formal trut modelng and defnton are however very neeary n enurng a unfed vew of the onept of trut n the degn and engneerng of trut management ytem for loud omputng; th therefore deerve more attenton from the loud omputng reearh ommunty. 3.3 Modelng Trut Referene [52] ha arred out a urvey on the trut management ytem mplemented on dtrbuted ytem wth a peal empha on loud omputng. They reported on everal trut model uh a CubodTrut [53], EgenTrut [54], Bayean Network baed Trut Management (BNBTM) [55], GroupRep [56], AntRep[57], Global Trut[58] [59], Peer Trut [60], and Trut Ant Colony Sytem (TACS)[61]. Thee model were manly propoed for ytem lke luter, grd and wrele enor network, and have not been ued or teted n loud omputng envronment. Seondly, thee model do not model the onept of trut but rather model pratal trut management ytem for dtrbuted ytem and ther algorthm for aqurng and omputng trut value. Th eton about the atual modelng of the onept of trut wth a peal fou on trut n loud omputng. We begn wth lookng at ome defnton of trut and move on to obtanng a formalzed model of the defnton of the onept of trut n the ontext of loud omputng envronment Defnton of Trut Though there ha been ome work on trut modelng and trut management ytem, and even n the new doman of trut management ytem for loud omputng envronment [62] [51] [63], the ubjetve nature of trut ha made a old defnton eluve. Reearher have mot often ued the term looely n ther work; more pefally, a rgorou formal defnton ha not been appled n mot ae. A few of the attempt at the defnton of trut n the doman of trut engneerng for loud omputng that wa found durng th tudy orroborate th obervaton. Salah and Eltowey [49] defned trut a the belef or 7

9 dbelef of a party that another party, for a ad ubjet of trut, n a gven ontext, ha the ntent, ntegrty, reult and apablty to exhbt a et of aeptable aton n the future, for the welfare of the trutng party. Vryatavat and Martn [64] ha developed trut defnton n the applaton doman of erve workflow. They defned trut a Trut a ubjetve mutual meaurable between nteratng entte wllng to at dependably, eurely, and relably, n a gven tuaton wthn pef ontext of a gven tme. Ther defnton an adaptaton of that of Olmedlla, et al [65] whh tate that Trut of a party A to a party B for a erve X the meaurable belef of A n that B behave dependably for a pefed perod wthn a pefed ontext (n relaton to erve X). It hould be noted that whlt n the doman of erve workflow, beng able to etablh trut n both dreton rual, a one erve may need to verfy trutworthne of a ubequent erve before pang nformaton, and the ubequent erve perhap requre trut that an outome mut be orgnated from a truted oure, the defnton of Vryatavat & Martn ontradt the generally aepted aymmetry property of trut relatonhp. Dellaroa defnton of trut [66] adopted n th work. It alent pont are ummarzed below and explaned n the ontext of loud omputng. The level of trut T t of a erve onumer for a erve provder n the ontext of a tranaton t T the a pror probablty that the utlty of wll meet or exeed t mnmum threhold of atfaton u0 at the end of tranaton t, gven pereved ' trutworthne of erve provder. Smply tated, trut the level of onfdene of that the outome of a tranaton wth another agent wll be atfatory for t. More formally:,. T t R t dr, where U ( R ) the U R u0 utlty funton of erve onumer ; and Rt, - the trutworthne of erve provder a pereved by onumer n the ontext of a tranaton t T the a pror ubjetve jont probablty dtrbuton funton of the rtal ratng vetor R t from the perpetve of. It not only loud erve onumer that need the onderaton of trut n ther tranaton wth the loud erve provder. Mot often than not, loud erve provder alo need to be wary of the atvte of loud erve onumer. Thu, trut modelng ueful n the analy of the genune and potentally malou erve onumer. Therefore a trut model needful for the pereved trutworthne of erve onumer by the provder of the erve. So mlarly, the level of trut T t of a erve provder for a erve onumer n the ontext of a tranaton t T the a pror probablty that the utlty of wll meet or exeed t mnmum threhold of atfaton u0 at the end of tranaton t, gven erve provder pereved trutworthne of erve onumer. Agan, more formally:,. T t R t dr, where U ( R ) U R u0 the utlty funton of erve provder ; and Rt, - the trutworthne of erve onumer a pereved by erve provder n the ontext of a tranaton t T the a pror ubjetve jont probablty dtrbuton funton of the rtal ratng vetor R t from the perpetve of. Pleae note that t for notatonal mplty that the rtal ratng vetor R t are denoted by R (wthout the full R t and omplement of the ubrpt) n the denotaton of the trutworthne. The above defnton have a number of nteretng properte whh orrepond wth the ntutve properte of trut n our everyday lfe uh a trutworthne ubjetve, and t defned relatve to a partular et of rtal attrbute; trutworthne defned at a gven pont n tme, and t defned a a probablty dtrbuton. Some other mportant ntutve attrbute of trut are that trut ha dualty - t ubjetve and objetve; that, ome of the rtal attrbute are ubjetvely meaureable and other are objetvely meaureable; trut not alway ymmetral; and trut dynam, that, trut related to envronment (ontext) and temporal fator [67] Cloud Computng Parameter of Trut When eletng a loud erve provder, multple mportant parameter that are of relevane to the loud erve onumer need to be dentfed properly. Alo, there need for mehanm to meaure thoe parameter and aggregate thee meaurement baed on the utomer preferene regardng the mportane of the parameter[68]. Ref. [69] and [68] have dentfed everal of thee parameter whh have been ategorzed nto qualty of erve related, eurty and prvay related, rk management related, and reputaton related attrbute. Thee parameter (attrbute) are termed rtal attrbute; more formerly, a rtal attrbute of a erve provder, from the perpetve of a erve onumer, n the ontext of a tranaton t T an attrbute whoe value affet the utlty of and ontngent upon the behavor of n the oure of tranaton t [66]. A non-exhautve lt of eleted et of the potental rtal attrbute n loud erve are brefly outlned below under eah of thee ategore. 8

10 Qualty of Serve Related Attrbute Internatonal Teleommunaton Unon ha defned a methodology for apturng the qualty requrement of a uer of ommunaton erve whh ue even general rtera [70]. Th vew modfed n [71] by addng apablty, uablty, and fdelty - a a upplement to auray. Eah of thee gener apet an be appled at dfferent tage of the SLA lfeyle, and are applable to loud erve. They therefore reman ueful dmenon along whh to lafy loud erve [72]. The QoS related element are performane metr uh a lateny, avalablty, auray, relablty, and apablty [72]. Thee metr have alo been emphazed by [48] and alo aerted by [73] to be part of ther ten ommon denomnator that mut be ondered to make loud torage valuable Seurty and Prvay Related Attrbute Some of the eurty and prvay related parameter that are pertnent to loud onumer and loud erve provder are data onfdentalty and ntegrty, federated dentty management oluton, eure authentaton and eon management, and eure ryptograph mehanm. Other prevalent vulnerablte n tate-ofthe-art loud omputng offerng that loud onumer are wary of nlude SQL njeton, ommand njeton and ro-te rptng. Some of the eurty parameter that are more pertnent to loud erve provder are key management, phyal eurty upport, network eurty upport, unauthorzed ae to management nterfae, and nternet protool vulnerablte Rk Management Related Attrbute Some of the rk management related fator that are of mportane to loud onumer are tandardzed SLA wth unambguou guarantee, near-real tme audtng erve [8] and vblty nto the eurty ontrol and proee employed by the erve provder a well a ther performane over tme that offer tranpareny, omplane (aredtaton or ertfaton), eurty meaure, nteroperablty, utomer upport falte, geographal loaton of loud torage (data proteton law and other jurdtonal mplaton of where data tored), and loud erve deployment model Reputaton Related Attrbute Reputaton related parameter form ome of the potental rtal attrbute that uer onder n eletng loud erve. Some of thee parameter are reommendaton from extng uer of the erve, feedbak and publly avalable revew of the pef loud erve, ategory of the erve and reputaton of the loud erve provder General Cloud Metr of Trut In addton to the loud pef attrbute, ome general attrbute that are dependent on the atvte of an entty to be truted are of relevane for our duon. The four man attrbute of th ategory are ntent, ntegrty, apablty and reult. Intent onttute nformaton about delared agenda (what parte prome to provde through ther erve), ntegrty onttute nformaton about honety (f parte delver what they promed), apablty onttute nformaton about owned or outoured reoure, and reult onttute nformaton about produt they are pealzed n [49]. 3.4 Trut Engneerng Approahe The varou major approahe toward trut engneerng n loud omputng preented n th eton. It hould be evdent to reader that any reearh work that target one or more of the trut attrbute (or other related trut attrbute) dued n Seton above ontrbute to trut engneerng n loud omputng. We dentfy two broad ategore baed on whether t targeted toward beneftng loud erve onumer or the loud erve provder. The dentfed major approahe to trut engneerng n loud omputng are loud audt baed, reputaton baed, truted thrd party baed, truted omputng tehnology baed, and loud erve deployment baed approahe End Uer Support Orented Trut Engneerng Th about mehanm that faltate buldng loud onumer trut n hoong and managng loud erve uage Cloud Audt Approahe Referene [23] ha propoed the noton of a Conumer entr Reoure Aountng Model for a loud reoure. An aountng model weakly onumer-entr f all the data that the model requre for alulatng bllng harge an be quered programmatally from the provder. Further, an aountng model trongly onumer entr f all the data that the model requre for alulatng bllng harge an be olleted ndependently by the onumer (or a TTP); n effet, th mean that a onumer (or a TTP) hould be n a poton to run ther own meaurement erve. They ontend that t n the nteret of the provder to make ther aountng model at leat weakly onumer-entr. Strongly onumer entr model hould prove even more attratve to onumer a they enable onumer to norporate ndependent onteny or reaonable hek a well a rae alarm when apparent drepane are upeted n onumpton fgure. Strongly onumer-entr aountng model have the derable property of openne and tranpareny, ne erve uer are n a poton to verfy the harge blled to them. One of the mot ommon groupng or layer n loud omputng the vew of IaaS, PaaS and SaaS. Thee abtraton layer are manly ytem-entr. In ontrat, the TrutCloud framework take a dfferent perpetve,.e., an arhtetural, data-entr vew. Beaue of the 9

11 ale of loud omputng, the type of data-entr log range from ytem-level fle-entr log to workflowlevel audt tral log. The TrutCloud framework attempt to derbe the layer of loud aountablty. The fve abtraton layer of the type of log needed for an aountable loud are ytem layer addree trakng of fle aro the Cloud, data layer addree trakng of hange of data and nformaton aro the Cloud, workflow layer addree data and nformaton flow n the Cloud, law and regulaton layer addree dataentr loggng requrement mandated by external law and regulaton, and fnally, pole layer addree data-entr audt requrement mandated by nternal governane and audt requrement [27] Reputaton Baed Approahe Referene [51] preent a fully dtrbuted framework that enable trut-baed loud utomer and loud erve provder nteraton. The framework ad a erve onumer n agnng an approprate weght to the feedbak of dfferent rater regardng a propetve erve provder. They developed a mehanm baed on ther framework for ontrollng falfed feedbak ratng from teratvely exertng trut level ontamnaton due to falfed feedbak ratng. Seure ntegrty attetaton of omputaton reult the fou of [29]. Wherea AdapTet [74] and RunTet [75] mplement loud erve ntegrty attetaton for the IBM Sytem S tream proeng ytem [76] ung attetaton graph n whh alway-agreeng node form a lque n the graph, faltatng deteton of malou olletve; n ontrat, the work of [29] onder a reputaton-baed trut management approah to ntegrty volaton deteton n Hadoop loud. Trut management ytem probabltally antpate future mbehavor of untruted agent baed on ther htore of pat behavor Truted Thrd Party Baed Approahe The goal of [43] the remote aement of the loud nfratruture ntegrty by a loud ertfer. They hene need to detet all hange n the remote ytem that an pobly omprome eurty. All hange n the hardware or oftware hould be reported to the loud ertfer, even f the nfratruture provder ha uper-uer ae to the mahne. Ther BonaFde ytem montor the nfratruture provder phyal hot by obervng fle modfaton on a low level and pertently tore the htory of thee ntegrty meaurement and fle hange. Fle are meaured at regular nterval and whenever hange n the fle are deteted. BonaFde meaure the hypervor, kernel, kernel module, dk and network utlte, and ytem onfguraton fle n the Dom0 (the admntratve doman of the Xen hypervor that manage ae to the phyal hot reoure) Truted Computng Tehnology Bae Approahe Ref. [77] ha preented a mult-tenany truted omputng envronment model (MTCEM) to upport the eurty duty eparaton between Cloud Serve Provder (CSP) and utomer. MTCEM degned for IaaS erve delvery model, and t ntend to eparate the eurty reponblty of the CSP and ther utomer on loud nfratruture. In MTCEM model, CSP reponble to aure a truted hot and Vrtual Mahne Montor (VMM) envronment, and utomer are reponble for the aurane of truted vrtual ntane they rent from CSP. MTCEM ue the two man mehanm of trantve trut and platform attetaton of the truted omputng tehnology. It ue trantve trut mehanm to buld a truted omputng platform and attetaton mehanm to mprove the utomer onfdene on CSP. Ref. [25] how how to degn the Truted SaaS Platform (TSP) by takng advantage of truted omputng tehnologe. Conventonal truted omputng platform lke Terra [78] are able to prevent the owner of a phyal mahne from npetng or nterferng wth a omputaton runnng n a vrtual mahne (VM) that hoted n the phyal mahne, and thu an effetvely eure the omputaton runnng n the VM. However, thee platform annot addre eurty and trut ue n SaaS envronment due to the followng two reaon. Frt, they do not pefy who wll launh the VM that reponble for performng the omputaton. The approah preented n Toward Truted Cloud Computng [79] on Truted Cloud Computng Platform (TCCP) an only be ued for IaaS and not utable for SaaS envronment. In TCCP, the protool are manly utlzed for node regtraton and eurng VM launh and mgraton. However, n SaaS ytem, the uer man purpoe guaranteeng that the SaaS provder proe ther data and repond wth the reult wthout npeton or modfaton, rather than guaranteeng the eurty of ther VM. To addre th problem, [25] propoed a truted SaaS platform that enable a truted thrd party to launh a VM a a truted exeuton envronment(tee) on the omputaton erver. Thu though the prvleged admntrator of SaaS provder an ae the phyal hot of TEE, they annot ae the TEE beaue the TEE not launhed by them. The TSP leverage the truted vrtual mahne montor (TVMM) [78] o prvleged admntrator annot tamper wth the TEE. The TEE alo where all of the derypton, omputaton and enrypton take plae, o t an enure the onfdentalty and ntegrty of uer data and omputaton outoured to SaaS erve Cloud Serve Deployment Approahe Referene [69] ha deved fve referene deployment model for loud omputng that progrevely addre uer eurty onern and nreae uer trut n loud omputng. Thee are the eparaton model, avalablty model, mgraton model, tunnel model, and enrypton 10

12 model. The Separaton Model the bae model for all the other four model. It eparate data torage from data proeng, requrng at leat two ndependent loud erve provder to proe data and to tore data, repetvely. Th an help eae uer onern on havng a ngle provder n omplete ontrol over the data and the erve they ue. The Avalablty Model ntrodue redundany nto the Separaton Model, n both the data proeng and the data torage. Wth the redundany n the Avalablty Model, falure of one data proeng erve and one data torage erve an be tolerated. The Tunnel Model further enhane the Separaton Model by ung a Tunnel Serve to mpoe olaton between the Data Proeng Serve and the Cloud Storage Serve. The Tunnel Serve prevent olluon by uttng the dret ommunaton between the Data Proeng Serve and the Cloud Storage Serve, aumng that t very unlkely for two olated provder to ollude. The Cryptography Model augment the Tunnel Model wth ryptography upport, uh a data enrypton, derypton, and dgtal gnng. Even though there are approahe to provde onfdentalty for the uer data n the Cloud, thee are not wdely adopted due to both awarene and uablty ue. Therefore, [34] propoed the Confdentalty a a Serve (CaaS) paradgm to provde uable onfdentalty and ntegrty for the bulk of uer for whom the urrent eurty mehanm are too omplex or requre too muh effort. The CaaS paradgm ombne data eurty wth uablty by degn and ntegrate effortlely nto avalable loud erve applaton and workflow. They leverage the plttng of trut between the loud erve provder and one or more CaaS provder to mprove uablty. CaaS foue on unobtruve onfdentalty by hdng all ryptograph artfat from the prevalently non-tehnal uer [34] Serve Provder Orented Trut Engneerng Th faltate buldng trut between the loud erve provder and ther utomer n enurng that ther reoure and admntratve platform wll not be abued by the onumer Reputaton Baed Approahe Referene [50] onder the enaro where a erve provder, termed the Mater Serve Provder (MSP), dentfe a great bune opportunty or other enaro whh need ollaboraton wth other erve provder, termed Guet Serve Provder (GSP), to offer a et of new erve to the utomer. Ther approah to derve trutworthne of guet erve provder (GSP) aordng to t pat behavor Identty and Ae Management Identty management one of the ore omponent n loud prvay and eurty and an help allevate ome of the uer trut ue aoated wth loud omputng. Avalable oluton ue truted thrd party n dentfyng entte to erve provder. The oluton provder do not reommend the uage of ther oluton on untruted hot. Ref. [33] ha propoed an approah for dentty management that ndependent of truted thrd parte and ha the ablty to ue dentty data on untruted hot. The approah baed on the ue of predate over enrypted data and mult-party omputng for negotatng a ue of a loud erve. It ue atve bundle - whh a mddleware agent that nlude PII, prvay pole, a vrtual mahne that enfore the pole, and ha a et of proteton mehanm to protet t. An atve bundle nterat on behalf of a uer to authentate to loud erve ung uer prvay pole Fnal Remark Ref. [80] ha argued that ryptography alone an t enfore the prvay demanded by ommon loud omputng erve, even wth uh powerful tool a fully homomorph enrypton (FHE). They formally defne a herarhy of natural lae of prvate loud applaton, and how that no ryptograph protool an mplement thoe lae where data hared among lent. Employng truted omputng tehnologe and reputaton baed approahe are two key approahe to trut engneerng n loud omputng marketplae. Alo the adopted loud deployment model play a gnfant role n mprovng trut n loud envronment. 3.5 Trut Management Sytem Trut management the atvty of reatng ytem and method that allow relyng parte to make aement and deon regardng the dependablty of potental tranaton nvolvng rk, and that alo allow player and ytem owner to nreae and orretly repreent the relablty of themelve and ther ytem [81]. There a need for methodologe that enable relyng parte to determne the trutworthne of remote parte through omputer medated ommunaton and ollaboraton. At the ame tme, trutworthy entte need methodologe that enable them to be reognzed a uh; developng and applyng thee methodologe an be alled trut management. A urvey on the trut management ytem mplemented on dtrbuted ytem wth empha on loud omputng ha been arred out by [52]. They reported on everal trut model uh a CubodTrut [53], EgenTrut[54], Bayean Network baed Trut Management (BNBTM) [55], GroupRep[56], AntRep[57], Global Trut[58] [59], Peer Trut [60], and Trut Ant Colony Sytem (TACS)[61]. Thee model were manly propoed for ytem lke luter, grd and wrele enor network, and have not been ued or teted n loud omputng envronment; hene ther utablty for ue n loud omputng annot be reommended wthout an extenve evaluaton. Though a few work on trut 11

13 targetng loud omputng envronment were ondered n [52], t wa found that none of the propoed ytem wa baed on old theoretal foundaton and alo doe not take any qualty of erve attrbute nto aount for formng the trut ore. Th obervaton may be due n part to the fat that, although the ondered tude dealt wth element of trut n loud omputng and hene wll pa for approahe to trut engneerng n loud omputng, thee were not really trut management ytem ne they do not poe element for the gener operaton of trut management ytem whh nlude expetaton, data montorng, data management, analy, and deon makng. Seondly, th obervaton alo partly due to the fat that the onept of trut telf tll not well undertood by the reearh ommunty due to t looe uage wthout formal pefaton. Hene a old formulaton of the onept of trut eental for the reearh ommunty, and more epeally n the ontext of loud omputng n order to lay old theoretal foundaton for buldng trut management ytem for loud omputng. Some of the trut related work n loud omputng that have provded ome gener methodologe n developng trut management ytem for loud omputng envronment are [49] and [24]. The gener operaton of trut management nlude expetaton, data montorng, data management, analy, and deon makng. Separaton of thee operaton upport data prvay, onfdentally and ntegrty, where data an be kept at ther oure and aeed only on a need to know ba[49]. The model buld trut ung the four parameter: ntent, ntegrty, apablty and reult. Intent onttute nformaton about delared agenda about what entte prome to provde through ther erve. Integrty onttute nformaton about honety whh a meaure of, to what extent entte delver on what they promed. Capablty onttute nformaton about owned or outoured reoure; and fnally, reult onttute nformaton about produt and erve that entte pealzed n through ontently delverng thee produt and erve atfatorly to ther lent Fnal Remark on Trut Management Sytem The urrent tate-of-the-art n trut management ytem are that, they are manly for peer-to-peer ytem. Seondly, urrent trut ytem provde no eparaton of onern among dfferent trut management operaton. Alo mot urrent trut management ytem provde lmted or no utomzaton aordng to trutng entte requrement. The fou kewed toward erve provder beng evaluated by erve onumer for ther trutworthne, but not ve vera[49]. In addton to degnng trut management ytem that fator n the above mentoned pont, the old formulaton of the onept of trut eental for the reearh ommunty, and more epeally n the ontext of loud omputng n order to lay old theoretal foundaton for buldng trut ytem for loud omputng envronment. 4 CONCLUSION & FUTURE WORK Th work ha revewed dentfed prmary tude on trut engneerng approahe n loud omputng. The entral motvatng objetve of th work ha been to lay the foundaton for degnng a trut management ytem for OCS platform, and provde ummary of trut engneerng approahe n loud omputng for eay referene by the reearh ommunty. The tudy ha been pefally ntereted n fndng the man approahe toward trut engneerng n loud omputng, the objetve of the dentfed prmary tude and n what ontext thee trut management ytem are beng developed; and fnally, the major trut model and trut management ytem for loud omputng. It wa oberved that truted omputng tehnologe and reputaton baed approahe are the man approahe to trut engneerng n loud omputng. Alo truted thrd party approahe and the deployment model play a gnfant role n enhanng trut between erve provder and onumer. Baed on the fndng durng the tudy, the man arrear of trut engneerng reearh fou ha been on qualty of erve, eurty, ae and dentty management, uer upport on trut management, and aountablty n n the ontext of a loud omputng marketplae. We oberved that the onept of trut ued looely wthout any formal pefaton n loud omputng duon and trut engneerng n general. A a frt tep toward addreng th problem, we have ontextualzed the formal trut pefaton n multagent envronment for loud omputng. Th hould prove very ueful for other reearher ntereted n trut related reearh n a loud omputng marketplae. The fndng n th paper have been appled n the degn of a trut management ytem for opportunt loud erve [82]. We wll a part of our future work, expand on the onept of ompote (group) trut, and provde utable formal pefaton and defnton for t. 5 LIMITATIONS OF STUDY There ould be a poble ba of the author durng the pratal reenng proe toward eletng relevant prmary tude baed on peronal nteret n tude that are baed on onept mlar to that of opportunt loud erve. Th beaue ne the entral motvatng objetve of th work to lay the foundaton for degnng a trut management ytem for opportunt loud erve platform, tude that have element of onept mlar to that th are of nteret to the author. Wth th onern n mnd from the 12

14 begnnng of th work, delberate tep were however taken to enure that th nherent ba doe not affet the eleton of the nluded prmary tude. REFERENCES [1] E. Kuada and H. Oleen, A Soal Network Approah to Provonng and Management of Cloud Computng Serve for Enterpre, n Proeedng of The Seond Internatonal Conferene on Cloud Computng, GRID, and Vrtualzaton, 2011, pp [2] E. Kuada, H. Oleen, and A. Henten, Publ Poly and Regulatory Implaton for the Implementaton of Opportunt Cloud Computng Serve for Enterpre, n 9th Internatonal Workhop on Seurty n Informaton Sytem, Wrolaw, Poland, 2012, pp [3] W. Janen and T. Grane, Gudelne on eurty and prvay n publ loud omputng, NIST Speal Publaton, pp , [4] L. Badger, T. Grane, R. Patt-Corner, and J. Voa, Draft loud omputng ynop and reommendaton, NIST Speal Publaton, vol. 800, p. 146, [5] P. Mell and T. Grane, The NIST defnton of loud omputng (draft), NIST peal publaton, vol. 800, p. 145, [6] Z. Song, J. Molna, and C. Strong, Truted Anonymou Exeuton: A Model to Rae Trut n Cloud, n th Internatonal Conferene on Grd and Cooperatve Computng (GCC), 2010, pp [7] M. Almory, J. Grundy, and A. S. Ibrahm, TOSSMA: A Tenant-Orented SaaS Seurty Management Arhteture, n 2012 IEEE 5th Internatonal Conferene on Cloud Computng (CLOUD), 2012, pp [8] J. S. Park, E. Spetka, H. Raheed, P. Ratazz, and K. J. Han, Near-Real-Tme Cloud Audtng for Rapd Repone, n th Internatonal Conferene on Advaned Informaton Networkng and Applaton Workhop (WAINA), 2012, pp [9] E. Kuada and H. Oleen, Inentve mehanm for Opportunt Cloud Computng Serve, n th Internatonal Conferene on Collaboratve Computng: Networkng, Applaton and Workharng (CollaborateCom), Pttburgh, PA, USA, 2012, pp [10] E. Kuada, K. Adanu, and H. Oleen, Cloud Computng and Informaton Tehnology Reoure Cot Management for SME, n Proeedng of IEEE Regon 8 Conferene EuroCon 2013, Unverty of Zagreb, Croata, 2013, pp [11] B. Kthenham and S. Charter, Gudelne for performng Sytemat Lterature Revew n Software Engneerng, [12] P. Brereton, B. A. Kthenham, D. Budgen, M. Turner, and M. Khall, Leon from applyng the ytemat lterature revew proe wthn the oftware engneerng doman, Journal of Sytem and Software, vol. 80, no. 4, pp , Apr [13] C. Okol and K. Shabram, A Gude to Condutng a Sytemat Lterature Revew of Informaton Sytem Reearh, n Workng Paper on Informaton Sytem, [14] Y. Levy and T. J. Ell, A Sytem Approah to Condut an Effetve Lterature Revew n Support of, INFORMATION SYSTEMS RESEARCH. INFORMING SCIENCE JOURNAL, vol. 9, p , [15] L. M. Vaquero, L. Rodero-Merno, and D. Morán, Lokng the ky: a urvey on IaaS loud eurty, Computng, vol. 91, no. 1, pp , Jan [16] C. Mod, D. Patel, B. Boranya, A. Patel, and M. Rajarajan, A urvey on eurty ue and oluton at dfferent layer of Cloud omputng, J Superomput, pp. 1 32, Ot [17] K. Hahzume, D. G. Roado, E. Fernández-Medna, and E. B. Fernandez, An analy of eurty ue for loud omputng, Journal of Internet Serve and Applaton, vol. 4, no. 1, p. 5, Feb [18] RefWork, RefWork, [Onlne]. Avalable: [19] nvvo10, Nvvo, nvvo10. [Onlne]. Avalable: [20] S. Free, ATLAS.t 7 Uer Gude and Referene: ATLAS.t 7 USER MANUAL. ATLAS.t Sentf Software Development GmbH, Berln, 28-Jan [21] K. Charmaz, Grounded theory, Stratege of qualtatve nqury, vol. 2, p. 249, [22] A. Strau and J. Corbn, Grounded theory methodology, Handbook of qualtatve reearh, pp , [23] A. Mhoob, C. Molna-Jmenez, and S. Shrvatava, A Cae for Conumer-entr Reoure Aountng Model, n 2010 IEEE 3rd Internatonal Conferene on Cloud Computng (CLOUD), 2010, pp [24] S. M. Habb, S. Re, and M. Muhlhauer, Toward a Trut Management Sytem for Cloud Computng, n 2011 IEEE 10th Internatonal Conferene on Trut, Seurty and Prvay n Computng and Communaton (TrutCom), 2011, pp [25] C. Zhong, J. Zhang, Y. Xa, and H. Yu, Contruton of a Truted SaaS Platform, n 2010 Ffth IEEE Internatonal Sympoum on Serve Orented Sytem Engneerng (SOSE), 2010, pp [26] M. Almory, J. Grundy, and A. S. Ibrahm, Collaboraton-Baed Cloud Computng Seurty Management Framework, n 2011 IEEE Internatonal Conferene on Cloud Computng (CLOUD), 2011, pp [27] R. K. L. Ko, M. Krhberg, and B. S. Lee, From ytem-entr to data-entr loggng - Aountablty, trut amp; eurty n loud omputng, n Defene Sene Reearh Conferene and Expo (DSR), 2011, 2011, pp [28] A. Hadoop, Apahe Hadoop [29] S. M. Khan and K. W. Hamlen, Hatman: Intra-loud Trut Management for Hadoop, n 2012 IEEE 5th Internatonal Conferene on Cloud Computng (CLOUD), 2012, pp [30] B. Panzer-Stendel, Data ntegrty, CERN/IT, Draft Draft 1.3, Apr [31] S. Narayan, J. A. Chandy, S. Lang, P. Carn, and R. Ro, Unoverng error: the ot of detetng lent 13

15 data orrupton, n Proeedng of the 4th Annual Workhop on Petaale Data Storage, New York, NY, USA, 2009, pp [32] S. Nepal, S. Chen, J. Yao, and D. Thlakanathan, DIaaS: Data Integrty a a Serve n the Cloud, n 2011 IEEE Internatonal Conferene on Cloud Computng (CLOUD), 2011, pp [33] R. Ranhal, B. Bhargava, L. B. Othmane, L. Llen, A. Km, M. Kang, and M. Lnderman, Proteton of Identty Informaton n Cloud Computng wthout Truted Thrd Party, n th IEEE Sympoum on Relable Dtrbuted Sytem, 2010, pp [34] S. Fahl, M. Harbah, T. Muder, and M. Smth, Confdentalty a a Serve Uable Seurty for the Cloud, n 2012 IEEE 11th Internatonal Conferene on Trut, Seurty and Prvay n Computng and Communaton (TrutCom), 2012, pp [35] M. M. Lua and N. Borov, FlyByNght: mtgatng the prvay rk of oal networkng, n Proeedng of the 7th ACM workhop on Prvay n the eletron oety, New York, NY, USA, 2008, pp [36] R. Baden, A. Bender, N. Sprng, B. Bhattaharjee, and D. Starn, Perona: an onlne oal network wth uerdefned prvay, n Proeedng of the ACM SIGCOMM 2009 onferene on Data ommunaton, New York, NY, USA, 2009, pp [37] A. Whtten and J. D. Tygar, Why Johnny an t enrypt: a uablty evaluaton of PGP 5.0, n Proeedng of the 8th onferene on USENIX Seurty Sympoum - Volume 8, Berkeley, CA, USA, 1999, pp [38] P. Gutmann, Plug-and-play PKI: a PKI your mother an ue, n Proeedng of the 12th onferene on USENIX Seurty Sympoum - Volume 12, Berkeley, CA, USA, 2003, pp [39] D. Balfanz, G. Durfee, D. K. Smetter, and R. E. Grnter, In earh of uable eurty: fve leon from the feld, IEEE Seurty Prvay, vol. 2, no. 5, pp , Ot [40] H. Km, H. Lee, W. Km, and Y. Km, A Trut Evaluaton Model for QoS Guarantee n Cloud Sytem, Internatonal Journal of Grd and Dtrbuted Computng, vol. 3, no. 1, pp. 1 10, Mar [41] íñigo Gor, F. Julí, J. O. Ftó, M. MaíA, and J. Gutart, Supportng CPU-baed guarantee n loud SLA va reoure-level QoS metr, Future Gener. Comput. Syt., vol. 28, no. 8, pp , Ot [42] X. Lu, Y. Yang, D. Yuan, G. Zhang, W. L, and D. Cao, A Gener QoS Framework for Cloud Workflow Sytem, n Proeedng of the 2011 IEEE Nnth Internatonal Conferene on Dependable, Autonom and Seure Computng, Wahngton, DC, USA, 2011, pp [43] R. Nee, D. Hollng, and A. Prethner, Implementng Trut n Cloud Infratruture, n th IEEE/ACM Internatonal Sympoum on Cluter, Cloud and Grd Computng (CCGrd), 2011, pp [44] F. Doeltzher, C. Reh, and A. Sulto, Degnng Cloud Serve Adherng to Government Prvay Law, n 2010 IEEE 10th Internatonal Conferene on Computer and Informaton Tehnology (CIT), 2010, pp [45] Federal Informaton Seurty Management At (FISMA), [Onlne]. Avalable: [Aeed: 27-Feb-2013]. [46] G. Stoneburner, A. Y. Goguen, and A. Fernga, SP Rk Management Gude for Informaton Tehnology Sytem, Natonal Inttute of Standard & Tehnology, Gatherburg, MD, Unted State, [47] M. Ahmed and Y. Xang, Trut Tket Deployment: A Noton of a Data Owner Trut n Cloud Computng, n 2011 IEEE 10th Internatonal Conferene on Trut, Seurty and Prvay n Computng and Communaton (TrutCom), 2011, pp [48] S. Garg, S. Verteeg, and R. Buyya, A framework for rankng of loud omputng erve, Future Generaton Computer Sytem, Jun [49] H. Salah and M. Eltowey, Toward a peronalzed trut management ytem, n 2012 Internatonal Conferene on Innovaton n Informaton Tehnology (IIT), 2012, pp [50] L. Xn and A. Datta, On trut guded ollaboraton among loud erve provder, n th Internatonal Conferene on Collaboratve Computng: Networkng, Applaton and Workharng (CollaborateCom), 2010, pp [51] J. Abawajy, Etablhng Trut n Hybrd Cloud Computng Envronment, n 2011 IEEE 10th Internatonal Conferene on Trut, Seurty and Prvay n Computng and Communaton (TrutCom), 2011, pp [52] M. Frdhou, O. Ghazal, and S. Haan, Trut Management n Cloud Computng: A Crtal Revew, Internatonal Journal on Advane n ICT for Emergng Regon (ICTer), vol. 4, no. 2, pp , [53] R. Chen, X. Zhao, L. Tang, J. Hu, and Z. Chen, CubodTrut: a global reputaton-baed trut model n peer-to-peer network, Autonom and Truted Computng, pp , [54] S. D. Kamvar, M. T. Shloer, and H. Gara-Molna, The egentrut algorthm for reputaton management n p2p network, n Proeedng of the 12th nternatonal onferene on World Wde Web, 2003, pp [55] Y. Wang, V. Cahll, E. Gray, C. Harr, and L. Lao, Bayean network baed trut management, Autonom and Truted Computng, pp , [56] H. Tan, S. Zou, W. Wang, and S. Cheng, A group baed reputaton ytem for P2P network, Autonom and truted omputng, pp , [57] W. Wang, G. Zeng, and L. Yuan, Ant-baed reputaton evdene dtrbuton n P2P network, n Grd and Cooperatve Computng, GCC Ffth Internatonal Conferene, 2006, pp [58] F. Yu, H. Zhang, F. Yan, and S. Gao, An mproved global trut value omputng method n P2P ytem, Autonom and truted omputng, pp , [59] W. Wang, X. Wang, S. Pan, and P. Lang, A new global trut model baed on reommendaton for peerto-peer network, n New Trend n Informaton and 14

16 Serve Sene, NISS 09. Internatonal Conferene on, 2009, pp [60] L. Xong and L. Lu, PeerTrut: upportng reputatonbaed trut for peer-to-peer eletron ommunte, IEEE Tranaton on Knowledge and Data Engneerng, vol. 16, no. 7, pp , Jul [61] F. Gómez Mármol, G. Martínez Pérez, and A. F. Gómez Skarmeta, TACS, a trut model for P2P network, Wrele peronal ommunaton, vol. 51, no. 1, pp , [62] X. Zhang, H. Lu, B. L, X. Wang, H. Chen, and S. Wu, Applaton-Orented Remote Verfaton Trut Model n Cloud Computng, n 2010 IEEE Seond Internatonal Conferene on Cloud Computng Tehnology and Sene (CloudCom), 2010, pp [63] M. Kuehnhauen, V. S. Frot, and G. J. Mnden, Framework for aeng the trutworthne of loud reoure, n 2012 IEEE Internatonal Mult- Dplnary Conferene on Cogntve Method n Stuaton Awarene and Deon Support (CogSIMA), 2012, pp [64] W. Vryatavat and A. Martn, Formal Trut Spefaton n Serve Workflow, n 2010 IEEE/IFIP 8th Internatonal Conferene on Embedded and Ubqutou Computng (EUC), 2010, pp [65] D. Olmedlla, O. F. Rana, B. Matthew, and W. Nejdl, Seurty and trut ue n emant grd, In Proeedng of the Dagtuhl Semnar, Semant Grd: the onvengene of tehnologe, Volume [PD05] [PPI04] Pantel, pp , [66] C. Dellaroa, The Degn of Relable Trut Management Sytem for Eletron Tradng Communte, n SLOAN SCHOOL OF MANAGEMENT, MIT, 2000, [67] C. Shen, H. Zhang, H. Wang, J. Wang, B. Zhao, F. Yan, F. Yu, L. Zhang, and M. Xu, Reearh on truted omputng and t development, S. Chna Inf. S., vol. 53, no. 3, pp , Mar [68] S. M. Habb, S. Re, and M. Muhlhauer, Cloud Computng Landape and Reearh Challenge Regardng Trut and Reputaton, n th Internatonal Conferene on Ubqutou Intellgene Computng and 7th Internatonal Conferene on Autonom Truted Computng (UIC/ATC), 2010, pp [69] G. Zhao, C. Rong, M. G. Jaatun, and F. E. Sandne, Referene deployment model for elmnatng uer onern on loud eurty, J Superomput, vol. 61, no. 2, pp , Aug [70] Communaton qualty of erve: A framework and defnton, Internatonal Teleommunaton Unon, Reommendaton ITU-T Reommendaton G.1000, Nov [71] ETSI, Uer Group; Qualty of teleom erve; Part 1: Methodology for dentfaton of parameter relevant to the Uer, European Teleommunaton Standard Inttute, Sopha Antpol Cedex - FRANCE, Gude ETSI EG V1.2.1 ( ), Nov [72] CLOUD; SLA for Cloud erve, European Teleommunaton Standard Inttute, 650 Route de Luole F Sopha Antpol Cedex - FRANCE, Tehnal Report ETSI TR V1.1.1 ( ), Nov [73] PROMISE Tehnology In., Cloud Computng andtruted Storage. PROMISE Tehnology In., Q [74] J. Du, N. Shah, and X. Gu, Adaptve data-drven erve ntegrty attetaton for mult-tenant loud ytem, n 2011 IEEE 19th Internatonal Workhop on Qualty of Serve (IWQoS), 2011, pp [75] J. Du, W. We, X. Gu, and T. Yu, RunTet: aurng ntegrty of dataflow proeng n loud omputng nfratruture, n Proeedng of the 5th ACM Sympoum on Informaton, Computer and Communaton Seurty, New York, NY, USA, 2010, pp [76] B. Gedk, H. Andrade, K.-L. Wu, P. S. Yu, and M. Doo, SPADE: the ytem delaratve tream proeng engne, n Proeedng of the 2008 ACM SIGMOD nternatonal onferene on Management of data, New York, NY, USA, 2008, pp [77] X.-Y. L, L.-T. Zhou, Y. Sh, and Y. Guo, A truted omputng envronment model n loud arhteture, n 2010 Internatonal Conferene on Mahne Learnng and Cybernet (ICMLC), 2010, vol. 6, pp [78] T. Garfnkel, B. Pfaff, J. Chow, M. Roenblum, and D. Boneh, Terra: a vrtual mahne-baed platform for truted omputng, 2003, pp [79] N. Santo, K. P. Gummad, and R. Rodrgue, Toward Truted Cloud Computng, n HOTCLOUD, [80] M. Van Djk and A. Juel, On the mpoblty of ryptography alone for prvay-preervng loud omputng, n Proeedng of the 5th USENIX onferene on Hot top n eurty, Berkeley, CA, USA, 2010, pp [81] A. Jøang, C. Keer, and T. Dmtrako, Can we manage trut?, n Proeedng of the Thrd nternatonal onferene on Trut Management, Berln, Hedelberg, 2005, pp [82] E. Kuada, Trut Management Sytem for Opportunt Cloud Serve, n 2013 IEEE 2nd Internatonal Conferene on Cloud Networkng (CloudNet), San Frano, USA, 2013, pp