Abstract
Cloud sourcing consists of outsourcing data, services and infrastructure to cloud providers. Even when this outsourcing model brings advantages to cloud customers, new threats also arise as sensitive data and critical IT services are beyond customers’ control. When an organization considers moving to the cloud, IT decision makers must select a cloud provider and must decide which parts of the organization will be outsourced and to which extent. This paper proposes a methodology that allows decision makers to evaluate their trust in cloud providers. The methodology provides a systematic way to elicit knowledge about cloud providers, quantify their trust factors and aggregate them into trust values that can assist the decision-making process. The trust model that we propose is based on trust intervals, which allow capturing uncertainty during the evaluation, and we define an operator for aggregating these trust intervals. The methodology is applied to an eHealth scenario.
This research was partially supported by the EU project Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS, ICT-2009.1.4 Trustworthy ICT, Grant No. 256980), and by the Spanish Ministry of Science and Innovation through the research project ARES (CSD2007-00004). The first author is funded by the Ministry of Education through the national F.P.U. program.
Chapter PDF
Similar content being viewed by others
References
Neovise Research Report: Use of Public, Private and Hybrid Cloud Computing (2013)
Martorelli, W., Andrews, C., Mauro, S.P.: Cloud Computing’s Impact on Outsourcing Contracts (January 2012)
Mell, P., Grance, T.: The NIST Definition of Cloud Computing. Working Paper of the National Institute of Standards and Technology (NIST) (2009)
Ponemon Institute Research Report: Security of Cloud Computing Users Study. Technical report, Ponemon Institute, sponsored by CA Technologies (March 2013)
Yan, Z., Holtmanns, S.: Trust Modeling and Management: from Social Trust to Digital Trust. Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions (January 2008)
Griffiths, N.: A Fuzzy Approach to Reasoning with Trust, Distrust and Insufficient Trust. In: Klusch, M., Rovatsos, M., Payne, T.R. (eds.) CIA 2006. LNCS (LNAI), vol. 4149, pp. 360–374. Springer, Heidelberg (2006)
Bubak, M., Kasztelnik, M., Malawski, M., Meizner, J., Nowakowski, P., Varma, S.: Evaluation of Cloud Providers for VPH Applications. In: CCGrid2013 - 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (May 2013)
Gao, J., Pattabhiraman, P., Bai, X., Tsai, W.T.: SaaS performance and scalability evaluation in clouds. In: 2013 IEEE Seventh International Symposium on Service-Oriented System Engineering, pp. 61–71 (2011)
Nuñez, D., Fernandez-Gago, C., Pearson, S., Felici, M.: A metamodel for measuring accountability attributes in the cloud. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), Bristol, UK. IEEE (2013) (in press)
Pauley, W.: Cloud provider transparency: An empirical evaluation. IEEE Security & Privacy 8(6), 32–39 (2010)
Rashidi, A., Movahhedinia, N.: A Model for User Trust in Cloud Computing. International Journal on Cloud Computing: Services and Architecture (IJCCSA)Â 2(2) (2012)
Ko, R., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q., Lee, B.S.: TrustCloud: A Framework for Accountability and Trust in Cloud Computing. In: 2011 IEEE World Congress on Services (SERVICES), pp. 584–588 (July 2011)
Sarwar, A., Khan, M.: A Review of Trust Aspects in Cloud Computing Security. International Journal of Cloud Computing and Services Science (IJ-CLOSER) 2(2), 116–122 (2013)
Ahmad, S., Bashir Ahmad, S.M.S., Khattak, R.M.: Trust Model: Cloud’s Provider and Cloud’s User. International Journal of Advanced Science and Technology 44 (2012)
Chakraborty, S., Roy, K.: An SLA-based Framework for Estimating Trustworthiness of a Cloud. In: International Joint Conference of IEEE TrustCom/IEEE ICESS/FCST, pp. 937–942 (2012)
Manuel, P.: A trust model of cloud computing based on Quality of Service. Annals of Operations Research, 1–12 (2013)
Pavlidis, M., Mouratidis, H., Kalloniatis, C., Islam, S., Gritzalis, S.: Trustworthy selection of cloud providers based on security and privacy requirements: Justifying trust assumptions. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2013. LNCS, vol. 8058, pp. 185–198. Springer, Heidelberg (2013)
M, S., L.j, V., Sangeeta, K., Patra, G.K.: Estimating Trust Value for Cloud Service Providers using Fuzzy Logic. International Journal of Computer Applications 48(19), 28–34 (2012)
Garg, S.K., Versteeg, S., Buyya, R.: SMICloud: A Framework for Comparing and Ranking Cloud Services. In: Proceedings of the, Fourth IEEE International Conference on Utility and Cloud Computing, UCC 2011, pp. 210–218. IEEE Computer Society, Washington, DC (2011)
Qu, L., Wang, Y., Orgun, M.A.: Cloud Service Selection Based on the Aggregation of User Feedback and Quantitative Performance Assessment. In: Proceedings of the IEEE International Conference on Services Computing, SCC 2013, pp. 152–159. IEEE Computer Society, Washington, DC (2013)
Beckers, K., FaĂźbender, S., Heisel, M.: A meta-model approach to the fundamentals for a pattern language for context elicitation. In: Proceedings of the 18th European Conference on Pattern Languages of Programs (Europlop). ACM (2013) (accepted for publication)
Beckers, K., Küster, J.-C., Faßbender, S., Schmidt, H.: Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES), pp. 327–333. IEEE Computer Society (2011)
Beckers, K., Côté, I., Faßbender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system. Requirements Engineering, 1–53 (2013)
Greenspan, S.J., Mylopoulos, J., Borgida, A.: Capturing more world knowledge in the requirements specification. In: Proceedings of the 6th International Conference on Software Engineering, ICSE 1982, pp. 225–234. IEEE Computer Society Press, Los Alamitos (1982)
Shakeri, H., Bafghi, G., A, S, Yazdi, H.: Computing Trust Resultant using Intervals. In: IEEE (ed.): 8th International ISC Conference on Information Security and Cryptology (ISCISC) 15–20 (2011)
Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007)
Ontario: Standards of Sound Business and Financial Practices. Enterprise Risk Management: Application Guide. Technical report, Deposit Insurance Corporation of Ontario (2011)
Pavlidis, M.: Designing for trust. In: Proceedings of the CAiSE Doctoral Consortium 2011. CEUR-WS, vol. 731 (June 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Moyano, F., Beckers, K., Fernandez-Gago, C. (2014). Trust-Aware Decision-Making Methodology for Cloud Sourcing. In: Jarke, M., et al. Advanced Information Systems Engineering. CAiSE 2014. Lecture Notes in Computer Science, vol 8484. Springer, Cham. https://doi.org/10.1007/978-3-319-07881-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-07881-6_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07880-9
Online ISBN: 978-3-319-07881-6
eBook Packages: Computer ScienceComputer Science (R0)