A Hybrid Model in Cloud Computing

Cloud computing has recently become one of the top ten technologies in the world

978-620-3-30812-9

CHAPTER ONE: 4
Generalities 4
1-1 Introduction 4
1-2 Problem Statement 5
CHAPTER TWO: 7
Theoretical Foundations 7
2-1 Introduction 7
2-2 What is Cloud Computing? 7
2-3 Cloud Computing Security Challenges 8
2-4 Hard Security and Soft Security 10
2-6 Trust Management Issues 17
2-7 Reasons to Use Trust in Cloud Computing 21
CHAPTER THREE: 23
Literature 23
3-1 Introduction 23
3-2 Literature Review 23
3-3 Explaining Somesh’s Method 25
CHAPTER FORE: 29
Basics of the proposed Method 29
4-1 Introduction 29
4-2 Overview 29
4-3 Initialization Process 30
4-4 Interaction Database 31
4-5 Recommendation Database 32
4-6 Certificate Database 32
4-7 Direct and Indirect Trust Calculation Operations 33
4-8 Estimation of the Total Value of Trust 34
4-9 Trust Decisions Based on Conditions 34
CHAPTER FIVE: 36
Evaluation of the Proposed Method 36
5-1 Introduction 36
5-2 Evaluation of Trust Management Systems 36
5-3 Trust Model Evaluation Criteria 37
5-4 Popular Datasets in Trust Management 39
5-5 Simulation of the Proposed Model 39
5-6 Security Analysis 43
5-7 Simulation Results 45
CHAPTER SIX: 47
Conclusion 47
6-1 Summary 47
6-2 Conclusion 47
REFERENCES 49

The need for work, income, expenses, storage, calculation, etc. has always occupied the minds since the beginning of human life. Humans have always sought a suitable solution to meet such needs because they are insatiable creatures that are always looking for diversity. The dynamic world of communications and the information technology industry, the upward growth of knowledge and communications, and most importantly the global Internet, have always led to the creation of new tools and solutions.
Cloud computing is receiving a lot of attention today. Cloud computing has the potential to change the way organizations do computing in the next few years. Cloud computing has advantages such as more memory, more flexibility, and lower costs. All of these benefits are essential to helping successful business growth. These obvious advantages of cloud technology have attracted the attention of many organizations, but one of the factors that many organizations still resist this technology is how to secure data in the cloud and ensure environmental security. Professor John McCarthy introduced the basic concepts of this technology in 1960. Cloud technology was first introduced in 2006 by Amazon. Google and IBM then launched their services based on this technology in 2007 to stay ahead of the competition.
The cloud here is a metaphor for a network or the network of vast networks such as the Internet that the general user does not know exactly what is going on behind the scenes (as inside the cloud). Computer network diagrams also use the cloud shape to represent the Internet. The Internet is likened to the cloud because, like the cloud, it hides its technical details from the eyes of users. For example, what a cloud computing software service provider offers are commercial online applications that are provided to users through a web browser or other software. Applications and information are stored on servers and provided to users upon request. Details are hidden from users and they do not need expertise or control over the cloud infrastructure technology they use.
Despite the many benefits of cloud computing, one of the factors that still causes many organizations to resist the cloud is how secure the data is in the cloud and the users’ trust in cloud servers. In this study, an efficient trust model is proposed to trust users in cloud environments. In this model, the user can use three techniques to trust a cloud server. First, if users interact directly with the cloud server and have an assessment of its level of reliability, they can trust it to the extent of the interaction they had with the server to gain trust. The second technique involves indirect trust so that if users do not interact directly with the server, they can use the recommendations of intermediaries who they trust, and thus trust the server. The third technique is that sometimes neither the users themselves interact directly with the server nor there are intermediaries so that users can use their recommendations. However, intermediaries are sometimes available but not trusted. For this reason, users use a policy-based technique that involves exchanging and reviewing certificates that demonstrate the capabilities of the provider.
1-2 Problem Statement
This study is conducted to investigate the proposed models for user trust and trust management in cloud computing and to improve these techniques. The most important issue in cloud computing is its security. Trust is one of the key challenges in the cloud in the field of security (Noor T., Sheng, Zeadally, & Yu, 2013).
Before users decide to use cloud services, they must gain the necessary trust to use the required services. The user needs to keep the information stored in the cloud safe from attackers, not to be damaged by system crashes, and not to be misused by the cloud service provider. These security risks will have serious consequences.
There are many definitions of the word trust. Gambetta D. (2000) for example, defines trust as follows: Trust (correspondingly, distrust) is a definite level of probability that an agent will be able to trust another agent or agents to perform a particular action.
There are many ways a person or group can trust an unknown entity, such as direct interaction, negotiating trust, the reputation of the entity, and a trust recommendation. Most of these are based on the identity of the unknown entity. Establishing a trust model in any system seems like a difficult task.
The model of trust in the cloud depends on the type of customers, which is classified into the following three types (Khan & Mulluhi, 2010):
1. Cloud users (trustors) who want to be trusted by people they trust, such as the cloud structure and cloud service providers;
۲. Similarly, trustors can be cloud service providers who want to build trust;
3. When trustors are customers of cloud users and the customer wants to build trust (such as cloud user resources hosted in the cloud structure).

In the previous chapter, the problem studied in this book was introduced and its scope and objectives were determined. In this chapter, common concepts and terms in the field of cloud computing will be introduced and explained for more familiarity, because there may be several definitions for terms in the field of cloud computing. Moreover, trust management and related concepts will be described. In the following, some security challenges and trust management in cloud computing will be examined and the main related security risks will be discussed to explain the security environment of cloud computing. In the following chapters, these concepts will be used based on the definitions provided in this chapter.
2-2 What is Cloud Computing?
Before the advent of computers, if a person wanted to find information, he would have to physically refer to certain sources and spend a lot of time and money to find and use them. With the increasing use of computers and the digitalization of information, it has become easier to find and use information, but with the advent of the Internet and web-based services, a very valuable change took place in the field of information technology. With the advancement of information technology, there is a need to perform computational work in all places and at all times. There is also a need for people to be able to do their heavy computing work without having expensive hardware and software. Cloud computing is the latest technological answer to these needs.
The term cloud was introduced in commercial usage to refer to large ATM (asynchronous transfer mode) networks in the early 1990s. The term cloud computing has been around since the 21st century, although its main focus at the time was on software as a service (SaaS).
Cloud computing is a dynamic and evolving concept, and almost every day different fields are introduced in this technology. Therefore, there are different definitions of it. In today’s definitions, features may be added or removed for some reason. In 2008, Oracle Chairman Larry Ellison pointed out that all that is being said about cloud computing is something that has been used before. He added that the computer industry is the only industry that is more fashion-oriented and looking for newer things than the women’s fashion industry. This is what he told Oracle analysts. Cloud computing technology is so important to computer science researchers that it is on the list of the top ten technologies in the world and is expected to change the lives of people in societies, just like the Internet, which introduced a new lifestyle to people. Unfortunately, the complex issues raised in this technology and its emergence have caused even those who are computer science graduates to not have accurate information about it.
The National Institute of Standards and Technology (NIST) defines cloud computing as:
Cloud computing is a model for providing easy access to a set of customizable and configurable computing resources such as networks, servers, storage, applications, and services based on user demand over the network. This access should be provided or released quickly with minimal need for resource management or direct intervention by the service provider, which also supports virtualization and multiple usabilities.
The philosophy of using the word cloud is that users are unaware of the behind-the-scenes operations of service providers, and the Internet, like the cloud, hides its technical details from users. Also, the Internet is always available to users like a cloud. The cloud is a symbol to show the boundary point between the parts that are related to user responsibility and those that are related to supplier responsibility.
2-3 Cloud Computing Security Challenges
Many companies provide cloud computing services. Cloud computing allows users and developers to use these services without having to deal with technical knowledge or control of the technology infrastructure they need. On the other hand, more and more information about individuals and companies is stored in the clouds every day, which poses a data security challenge for users. Some of the organizations shaping the future of cloud computing security include the European Network and Information Security Agency (ENISA), the Cloud Security Alliance (CSA), and the Information Systems Audit and Control Association (ISACA).
The most common application of virtualization technology is the implementation of cloud computing infrastructure, which leads to security problems for customers. Virtualization changes the relationship between the operating system and related hardware. So it adds another layer called virtualization that needs to be properly configured, managed, and secured. There are some concerns about cloud computing that fall into two categories: first, security issues related to the cloud computing service provider (organizations that provide infrastructure, software, and platform through the cloud service), and second, security issues related to customers. The cloud service provider must ensure that its infrastructure is secure and that customer data and applications are protected. Security issues related to cloud services and Web 2.0 are more related to privacy and protection of users’ personal information than cloud security. There are similar problems with services offered by most major Internet service providers. For example, numerous lawsuits have been filed against Google and Microsoft for tracking user information.
Here are some of the most common security concerns about cloud computing.
• Data location: Organizations do not know the exact location of the data when using this technology. They may not even know in which country the data is stored. Therefore, service providers should be held accountable for the location of the data, whether the data is stored and processed in specific locations or under certain legal conditions, and whether they commit to complying with customer privacy requirements.
• Data separation: The service provider must ensure that customers do not have access to each other’s data because the data is stored in the cloud in a shared environment. In this regard, the use of cryptographic mechanisms can be somewhat effective. Service providers should be able to provide evidence of cryptographic patterns designed and evaluated by experienced professionals.
• Privacy: Cloud service providers can control and monitor events and communications between service users and the cloud host legally or illegally. Therefore, ensuring privacy is one of the major security challenges.
• Network Availability: The value of cloud computing can only be determined when your network connections and bandwidth are tailored to your minimum needs. So data and services should be available whenever you need them. Otherwise, the results are similar to the Denial-of-Service (DoS) attack.
• The commitment of cloud computing providers: Since providing computing services is a new business, there are questions about the lives of their providers, and organizations need to be assured of their commitment to the service.