International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

Trust Management Issues in Cloud Computing Ecosystems

Mahreen Saleem Khan, M.R Warsi, Saiful Islam

Aligarh Muslim University, Aligarh 202002, India

ARTICLE INFO ABSTRACT

Article history: Over the past years due the advent of Cloud computing, because of its unprecedented advantages, has
Received 17 January 19 given rise to influential information technologies such as Big data and IoT. In spite of all the social and
Received in revised form 25 January 19 economic benefits of its on demand nature, the web of the connected data ecosystems has yet to combat
Accepted 24 February 19 many underlying challenges. The primary concerns include privacy, security and trust which are the major
barriers to the adoption of cloud by individuals and organizations as a whole. Trust has been the least
Keywords: looked into since it includes both subjective and objective characteristics. In this paper we highlight some
Trust Management
of the significant challenges faced by cloud computing environments towards addressing the problem of
Cloud Computing
trust management. These potential challenges once efficiently addressed will provide a roadmap for
SLA
trustworthy ecosystems.
Trust issues

© 2019SUSCOM. Hosting by Elsevier SSRN. All rights reserved.

Peer review under responsibility of International Conference on Sustainable Computing in Science, Technology and Management.

1. Introduction

In the 1970’s the traditional offices were built on paper files and a decade later in 1980’s MS word, spreadsheets and some other software came into
existence. In 1990s, with the revolutionary creation of the online world, the offices took on a recognizable form on the websites. Today, with the
unprecedented advancements in the information technologies the offices are hosted on the cloud servers. LinkedIn, CloudOn, TripIt, Dropbox, Office HD
are some of the examples of cloud-based applications. Organizations are adopting cloud services to minimize upfront infrastructure investments, receive
efficient services at low costs while ensuring speed, security and reliability. As the cloud technology continues to evolve, cloud storage services satisfy the
explosively growing requirements of data storage with the availability of high capacity data centers. Cloud computing brings convenience to the
consumers by providing computing on the fly in a pay-as-you-use manner. Nevertheless, the underlying security, privacy and reliability concerns for the
cloud as a technology, hinder the individuals and organizations to adopt cloud services or to migrate their sensitive data to the cloud servers (Use of Cloud
Computing Applications and Services | Pew Research Center, 2008.). These major barriers to the cloud adoption along with many other incorrect
assumptions pose serious implications on the cloud market growth. In order to make cloud computing services more reliable the major concerns need to
be addressed (Arora, Raja, Bahl, 2018).

Currently, the biggest concern facing the cloud computing technology is trust. Trust in cloud computing setting has three important referents: trust in
the Cloud provider; trust in the Cloud services that CSP has to offer; and trust in the Cloud as a technology itself (Emeakaroha et al., 2017). Among the
three potential referents the most difficult one seems the trust in the Cloud itself as it involves motivating users to adopt cloud computing as a technology.
In today’s world of computing, universally service users are bound to rely on the fundamental premise of trust. This underlying setting demands an
implicit degree of trust in addition to an explicit degree of auditing. Even though the legal approaches have been laid down for cloud trust assurance, they
continue to be insufficient on their own. Cloud service users still are required to rely on cloud providers' promises to provide the desired services. Instead
of requiring the consumers to rely on providers' genuine behavior, cloud service providers at the earliest need to employ a standard trust management
system so that the users could access and predict accurate trust information. In the literature there is a lack of the comprehensive review describing the
issue of trust management in cloud computing setup. In this paper we discuss some trust management challenges that exist in the cloud ecosystem.

The rest of this paper is structured as follows. Section 2 offers the overview of trust management in Cloud context and presents classification of
cloud trust techniques Section 3 gives insight into challenges in cloud trust management. Finally, section 4 concludes this paper.

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2233

Electronic copy available at: https://ssrn.com/abstract=3358749

 International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

2. Cloud Trust Management

The notion of trust is complex as it involves both subjective and objective parameters. There is no globally accepted definition for trust in cloud
computing world. Generally speaking trust is characterized as "the certainty levels in something or somebody"(Ko et al., 2011). In the world of
computing, trust implies that the trustee object functions in an acceptable manner and in accordance with the underlying protocols (H. Li & Singhal,
2007). Trust management was introduced for the first time by M. Blaze, J. Feigenbaum, and J. Lacy (Blaze, Blaze, Feigenbaum, & Lacy, 1996). Trust
management system describes what aspects of trust are considered, how are the trust values collected, and how the collected trust values are aggregated to
form the final trust values to be shared with the network (Guo, Chen, & Tsai, 2017). Trust management in the system can help in building collaborations
among new unknown nodes that have joined the network. Navimpour et.al. (Chiregi & Navimipour, 2017) characterized trust issues in cloud
environments into four sub-categories, which include:

(a) how to define and access trust related to the dynamic cloud environments
(b) how to handle recommended trust information from the malicious entities
(c) how to provide varying levels of service in accordance to the trust degree, and
(d) how to monitor trust values with change in time and context, and to update the trust information and adapt the system to the dynamic changes as and
when they occur in time.

The key aspect of cloud trust management is to define how the trust values are evaluated for an entity. In the cloud ecosystem an entity can
possess various trust properties that could be considered as a component for trust evaluation for that entity. However, not all the possible trust features
should be collected and stored. A wide variety of SLA-based factors have been discussed in the literature(Alhanahnah, 2017) (Marudhadevi, Dhatchayani,
& Sriram, 2018). There is, however, no consensus on identifying and selecting a proper set of trust factors, as most approaches are not in line with the
standards and guidelines proposed by standardization bodies. In the complex IoT-based cloud environments SLAs are deficient (Namal, Gamaarachchi,
Lee, & Um, 2016). Often times, the ambiguous clauses and fuzzy technical specifications of SLAs could hinder cloud users from identifying trustworthy
cloud services.

The central issue in trust management is to identify the relevant trust properties that could evaluate the trust value effectively. Another major concern
facing trust management is to verify the reliability of gathered trust information. In the on-demand shared cloud environment, another significant concern
in trust management is control. Lesser control over assets diminishes trust in the system.

2.1. Trust management system classification

Noor et al. (NOOR, QUAN Z., ZEADALLY, & JIAN, 2013) presented two perspectives to classify trust management.
Service provider’s perspective (SPP) and
Service requester’s perspective (SRP)
In service provider’s perspective (SPP), it is the responsibility of service provider to access service consumer’s trustworthiness whereas in service
requester’s perspective (SRP) it is the responsibility of service consumer to access the trustworthiness cloud service provider. Many categories of trust
management can be found in the literature. Broadly, trust management techniques can be classified into following five major categories, as depicted in
Fig 1:
1) Service Level Agreement (SLA) based trust management technique:
2) Recommendation based Trust Management Technique
3) Reputation based Trust Management Technique
4) Prediction based Trust Management Technique
5) Policy based Trust Management Technique
In SLA based trust management technique the service consumer evaluates service provider’s conformance to the SLA parameters as an indicator of
determining service provider’s trustworthiness (considering SRP for ease). SLAs can assist in building trusted cloud ecosystems by strictly specifying
functional and technical requirements and by assigning penalties in case of SLA parameter violations (Marudhadevi, Dhatchayani, & Sriram, 2014)(Qu &
Buyya, 2014)(Alhamad, Dillon, & Chang, 2010).
Recommendation based trust management technique is one of the widely used techniques in cloud trust computation. Here the trustor and the trustee
do not have any direct interactions and utilize the trusted third party’s knowledge and experience to determine trustworthy services(M. Li, Wang, & Ross,
2009). Recommendations can be transitive or explicit.

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2234

Electronic copy available at: https://ssrn.com/abstract=3358749

 International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

Reputation based trust management technique employs the collective opinion of the service consumers to measure trustworthiness of cloud
services(Sherchan, Nepal, & Bouguettaya, 2011)(Shmatikov & Talcott, 2005). The trusted feedback system is employed to collect the trust information in
the form of positive feedback or negative feedback that has a direct impact on service’s reputation. Many commercial websites like ebay, amazon,
epinions etc. use reputation based system(Rietjens, 2007)(“Feedback” ).
Prediction based trust management technique is usually useful in evaluating trust information when there is no prior knowledge regarding the
particular services(NOOR et al., 2013). If no past interactions have taken place between the entities or no history of records is available about previous
interactions, trust value is predicted on the basis of similar interactions of likeminded entities(Sherchan et al., 2011)(Anita, Bhagyaveni, & Manickam,
2014).
Policy based trust management technique is one of the common and traditional method used to build trust among the entities in cloud environment. It
uses a set of established policies which assume various roles. The role-based policy controls authorization levels to grant access to service consumers in
accordance to minimum trust threshold levels(NOOR et al., 2013).

Fig. 1 – Classification of Trust Management techniques in Cloud Computing.

3. Challenges of Trust Management in Cloud Computing

Cloud Computing faces many challenges in addition to internal and external threats, software bugs, hardware failures, server misconfigurations, etc.
(Abomhara & Køien, 2015)(Depends, 2009)(Noor, Sheng, Maamar, & Zeadally, 2016). The Cloud Security Alliance (CSA) in their report ‘Top Threats
to Cloud Computing V1.0’ (V, 2010) listed some top threats in cloud computing. These are:
 Abuse and Nefarious Use of Cloud Computing
 Insecure Application Programming Interfaces
 Malicious Insiders
 Shared Technology Vulnerabilities
 Data Loss/Leakage
 Account, Service & Traffic Hijacking
 Unknown Risk Profile
These top threats have a significant imapct on customer morale and trust. Trust management of cloud services is a challenging issue due to the
dynamic and scalable nature of cloud services; hence an autonomic trust management system is difficult to be realized practically (Mell & Grance, 2011).
Ryan Ko et.al. (Ko et al., 2011) addressed the key challenges in achieving a trusted cloud by suggesting adoption of preventive and detective controls.
Some of the identified Trust management issues in cloud computing setting (refer to Fig 2) are mentioned below:
1) Trust Feedback legitimacy: It is difficult to access the reliability of the user trust feedbacks. Malicious users may purposely spread the wrongful trust
information to harm the reputation or to falsely increase some node’s reputation. Also allotting credibility to expert users and tracking bad-mouthing (
malicious feedbacks) is challenging (“Cloud Armor Project")1. Presence of an independent quality assurance body for providing trust knowledge to the
consumers would solve the issue of assessing trust feedback credibility.
2) Lack of transparency: The data on the cloud data centers is stored at multiple geograpical locations and across various levels of virtualization. The
current leading CSPs (e.g. Amazon EC2/S3, Microsoft Azure) do not grant complete transparency of the physical and virtual sever usage (Fujitsu, 2010).

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2235

Electronic copy available at: https://ssrn.com/abstract=3358749

 International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

At present, clients only have transparency to access performance metrics of the virtual hardware and monitor service event logs. Improved transparency
would improve client trust over cloud.
3) Loss of control and visibility: In cloud computing environment millions of nodes and chain of services are being shared extensively involving
multiple remotely located computing resources. These resources are regulated by the laws of multiple countries, some of which are beyond the jurisdiction
of the CSP. Thus, the data owner or service user loses control over its data once it leaves its perimeter. In cloud computing, this loss of control over the
assets diminishes trust in the service itself and induces risk of data loss.
4) Complexities in accountability: Cloud accountability demands complex real-time accountability and emphasizes on data protection. Due to the unique
architecture of cloud framework some of the complexities arise in the area of accountability(Ko et al., 2011); viz:
 Challenges incorporated due to virtualization
 OS Logging versus File-Centric Logging
 Scale, Size and Scope of Logging
 Live and Dynamic Systems.
Accountability should not be limited to the virtual servers but should include events on physical servers as well. But there is a lack of linkage between
the physical servers and the virtual server which complicates the accountability of physical servers. Current tools provide OS centric logging, but with file
centric logging users could track data from the time of creation till the time of its destruction. Managing the scale of logging for efficient logging is
important in the expanding cloud scenario where detailed logging could wipe the cloud storage holding logs.
5) Weak trust chains: Due to the cloud infrastructures’ globalized nature the trust chain between cloud and user may be weak at some points along the
chain. Many new providers, third parties and services could be added to the chain of on-demand model without adequate checks for trustworthiness
(Pearson & Benameur, 2010). There is a need of the standardized monitoring and logging of the chain of relationships so that users would no longer be
skeptical regarding the trustworthiness of the trust relationships.
6) Lack of standardization and interoperability: Cloud computing being relatively young is lacking in standardization and interoperability. Missing
security standards to tackle data privacy and trust issues cause inconsistencies and hurt cloud adoption (Pearson & Benameur, 2010). Currently there are
missing standard models for trust assessment, auditing object life cycle for data provenance, data tracking. Currently there is no standardized cloud trust
management model that could evaluate and monitor policies across multiple cloud offerings.
Table 1, describes some of the cloud Trust Management challenges.

Fig. 2 – Issues in Cloud Trust Management.

Table 1 – Summary of Cloud Trust Management challenges.

Challenge Resource Description
Lack of centralized trust control (Lynn et al., 2014) (Noor Due to the lack of centralized trust control, an independent body for quality assurance check should
et al., 2016) be entrusted with the task of providing trust information to consumers for making knowledge based
decisions while choosing cloud services.

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2236

Electronic copy available at: https://ssrn.com/abstract=3358749

 International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

Lack of transparency (Fujitsu, 2010) Lack of transparency in data storage locations and operations performed on user data is a major
challenge facing cloud trust.
(Emeakaroha et al.,
2017)

Heterogeneous policies and policy (Noor et al., 2016) There is a deficiency in supporting heterogeneous policies in different languages. End users are not
languages clear regarding the underlying policies as they find it confusing or hard to understand.

Limited knowledge regarding the (Somerville, 2007) There is a need of prediction models that forecast the expected behavior of the service or technology
predictability and dependability of Cloud (Emeakaroha et al., so as to access dependability of the cloud services.
services 2017)

Complex real-time accountability (Ko et al., 2011) Accountability has been identified as the potential means of building trust and confidence in cloud
(Alhanahnah, 2017) services. However, due to virtualization and scale of logging in dynamic cloud environment, the real-
time accountability becomes challenging.

4. Conclusion

Cloud computing technology witnessed rapid pace of adoption by providing tremendous opportunities to the digital world. But with great opportunities
come great challenges. In this paper we discussed the challenges of trust management in cloud computing ecosystems and highlighted some of the issues
that once addressed would play a central role in cultivating trust in cloud ecosystems. There is an urgent need to focus more on preventing trust violations
than on post service failure accountability in order to diminish the concerns that hinder its progress so that we could fully benefit from the unprecedented
advantages that cloud computing has to offer. An effective standardized trust management system is essentially required for the individuals and
organizations to fully utilize the potential benefits served by cloud computing technology.

REFERENCES

Abomhara, M., & Køien, G. M. (2015). Cyber Security and the Internet of Things : Vulnerabilities , Threats , Intruders, 4, 65–88. http://doi.org/10.13052/jcsm2245-
1439.414
Alhamad, M., Dillon, T., & Chang, E. (2010). SLA-based trust model for cloud computing. Proceedings - 13th International Conference on Network-Based
Information Systems, NBiS 2010, 321–324. http://doi.org/10.1109/NBiS.2010.67
Alhanahnah, M. (n.d.). Trusting Cloud Service Providers : Trust Phases and a Taxonomy of Trust Factors.
Anita, X., Bhagyaveni, M. A., & Manickam, J. M. L. (2014). Fuzzy-Based trust prediction model for routing in WSNs. Scientific World Journal, 2014(iii).
http://doi.org/10.1155/2014/480202
Arora, Amandeep Singh and Raja, Linesh and Bahl, Barkha, Data Centric Security Approach: A Way to Achieve Security & Privacy in Cloud Computing (April 25,
2018). Proceedings of 3rd International Conference on Internet of Things and Connected Technologies (ICIoTCT), 2018 held at Malaviya National Institute of
Technology, Jaipur (India) on March 26-27, 2018. Available at SSRN: https://ssrn.com/abstract=3168615 or http://dx.doi.org/10.2139/ssrn.3168615
Blaze, M., Blaze, M., Feigenbaum, J., & Lacy, J. (1996). Decentralized Trust Management. IN PROCEEDINGS OF THE 1996 IEEE SYMPOSIUM ON
SECURITY AND PRIVACY, 164--173. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.44.6276
Chiregi, M., & Navimipour, N. J. (2017). A Comprehensive Study of the Trust Evaluation Mechanisms in the Cloud Computing, 1–30.
http://doi.org/10.1007/s12927-017-0001-7
Cloud Armor Project Website - About. (n.d.). Retrieved January 9, 2019, from https://cs.adelaide.edu.au/~cloudarmor/research.html
Depends, I. A. (2009). Data Security in the World of Cloud Computing, 61–64.
Emeakaroha, V. C., Fatema, K., Werff, L. Van Der, Healy, P., Lynn, T., Morrison, J. P., & Member, S. (2017). A Trust Label System for Communicating Trust in
Cloud Services, 10(5), 689–700.
Feedback. (n.d.). Retrieved January 9, 2019, from https://pages.ebay.com/services/forum/feedback.html
Fujitsu. (n.d.). Personal data in the cloud : Foreword Cloud computing is a game-changing development for the ICT industry and has major implications for us all .
For some , cloud computing evokes fear of change and of loss of control . For others , it is an opportunity f.
Guo, J., Chen, I.-R., & Tsai, J. J. P. (2017). A survey of trust computation models for service management in internet of things systems. Computer Communications,
97, 1–14. http://doi.org/10.1016/j.comcom.2016.10.012
Ko, R. K. L., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., & Lee, B. S. (2011). TrustCloud : A Framework for Accountability and Trust
in Cloud Computing, 1–5. http://doi.org/10.1109/SERVICES.2011.91

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2237

Electronic copy available at: https://ssrn.com/abstract=3358749

 International Conference on Sustainable Computing in Science, Technology & Management (SUSCOM-2019)

Li, H., & Singhal, M. (2007). Trust Management in Distributed Systems. Computer, 40(2), 45–53. http://doi.org/10.1109/MC.2007.76
Li, M., Wang, H., & Ross, D. (2009). Trust-Based Access Control for Privacy Protection in Collaborative Environment. In 2009 IEEE International Conference on
e-Business Engineering (pp. 425–430). IEEE. http://doi.org/10.1109/ICEBE.2009.66
Lynn, T., Healy, P., McClatchey, R., Morrison, J., Pahl, C., & Lee, B. (2014). The Case for Cloud Service Trustmarks and Assurance-as-a-Service. Retrieved from
http://arxiv.org/abs/1402.5770
Marudhadevi, D., Dhatchayani, V. N., & Sriram, V. S. S. (2014). A Trust Evaluation Model for Cloud Computing Using Service Level Agreement. Computer
Journal, 58(10), 2225–2232. http://doi.org/10.1093/comjnl/bxu129
Marudhadevi, D., Dhatchayani, V. N., & Sriram, V. S. S. (2018). A Trust Evaluation Model for Cloud Computing Using Service Level Agreement, 58(10).
http://doi.org/10.1093/comjnl/bxu129
Namal, S., Gamaarachchi, H., Lee, G. M., & Um, T. (2016). Autonomic Trust Management in Cloud-Based and Highly Dynamic IOT Applications, 1(5), 27–32.
http://doi.org/10.18775/jibrm.1849-8558.2015.12.3004
NOOR, T. H., QUAN Z., S., ZEADALLY, S., & JIAN, Y. U. (2013). Trust Management of Services in Cloud Environments: Obstacles and Solutions. ACM
Computing Surveys, 46(1), 12–12:30. http://doi.org/10.1145/2522968.2522980
Noor, T. H., Sheng, Q. Z., Maamar, Z., & Zeadally, S. (2016). Managing Trust in the Cloud: State of the Art and Research Challenges. Computer, 49(2), 34–45.
http://doi.org/10.1109/MC.2016.57
Pearson, S., & Benameur, A. (2010). Privacy, Security and Trust Issues Arising from Cloud Computing. In 2010 IEEE Second International Conference on Cloud
Computing Technology and Science (pp. 693–702). IEEE. http://doi.org/10.1109/CloudCom.2010.66
Qu, C., & Buyya, R. (2014). A Cloud Trust Evaluation System using Hierarchical Fuzzy Inference System for Service Selection, (May).
http://doi.org/10.1109/AINA.2014.104
Rietjens, B. (2007). Information & Communications Technology Law Trust and reputation on eBay: Towards a legal framework for feedback intermediaries
Trust and Reputation on eBay: Towards a Legal Framework for Feedback Intermediaries. http://doi.org/10.1080/13600830600557935
Sherchan, W., Nepal, S., & Bouguettaya, A. (2011). A trust prediction model for service web. Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in
Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011, 258–
265. http://doi.org/10.1109/TrustCom.2011.35
Shmatikov, V., & Talcott, C. (2005). Reputation-based trust management. Journal of Computer Security, 13(1), 167–190. http://doi.org/10.3233/JCS-2005-13107
Somerville, I. (2007). Design for failure: Software challenges of digital ecosystems. In 2007 Inaugural IEEE-IES Digital EcoSystems and Technologies Conference
(pp. 1–1). IEEE. http://doi.org/10.1109/DEST.2007.371934
Use of Cloud Computing Applications and Services | Pew Research Center. (n.d.). Retrieved from http://www.pewinternet.org/2008/09/12/use-of-cloud-computing-
applications-and-services/
V, C. C. (2010). to, (March), 1–14.

February 26 - 28, 2019 | Amity University Rajasthan, Jaipur, India Page 2238

Electronic copy available at: https://ssrn.com/abstract=3358749