Abstract
Today cloud service providers guarantee the quality of their services by defining a set of Service Level Agreements (SLAs) with their customers. SLAs binds the provider to a set of service level metrics typically related to service reliability, availability, performance, security, and billing. Generally, the SLA formally specifies the minimum expected service metrics that the provider is committed to supply and that the customer agrees to accede. A detailed description on SLA terms, levels, and the various legislations and conditions that accompany their specification is comprehensively presented in [34]. Unfortunately, SLAs typically lack any technical means of enforcement which leaves the customer’s data and software processes under the total control of the cloud service provider. Any failure to meet the SLA terms and obligations will have disastrous effects on the cloud customer and provider. The effects range from losing reputation and client trust to legal compliance, and financial penalties that may lead to putting an end to the entire business. This fact will put pressure and responsibility on the customers when selecting a particular cloud service provider for running their business processes and storing data. The severity of this selection is further aggravated when we estimate the serious losses incurred when dealing with “misbehaving” cloud providers or the technical difficulties, financial losses, and service downtimes accompanying the process of switching between service providers. Terabytes of data migration tasks over expensive communication links, software reconfiguration and adaptation, and data leakage and privacy implications are some factors that render the migration process highly expensive.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bajikar S (2002) Trusted platform module (TPM)-based security on notebook PCs-white paper. Mobile Platforms Group, Intel Corp
Chang E, Dillon T , Hussain FK (2006) Trust and reputation for service-oriented environments. Wiley, London
Coveillo A, Elias H, Gelsinger P, Mcaniff R (2011) Proof, not promises: creating the trusted cloud, RSA white paper. http://www.rsa.com/innovation/docs/11319_TVISION_WP_0211.pdf
Cusumano M (2010) Cloud computing and SaaS as new computing platforms. Commun ACM 53(4):27
Diffie W, van Oorschot PC, Wiener MJ (1992) Authentication and authenticated key exchanges. Des Codes Crypt 2:107–125
Foussa F, Achbanyb Y, Saerens M (June 2010) A probabilistic reputation model based on transaction ratings. Elsevier Inf Sci 180:2095–2123
Freier A, Karlton P, Kocher P (1996) The SSL protocol version 3.0. Internet-Draft
Gutmann P, An open-source cryptographic coprocessor. In: Proceedings of the 9th USENIX security symposium, Denver, Colorado, August 2000, pp 97–112
Haeberlen A (2009) A case for the accountable cloud. In: Proceedings of LADIS
Health Insurance Portability and Accountability Act homepage: http://www.hipaa.org
Hoffman K, Zage D, Nita-Rotaru C (2009) A survey of attack and defense techniques for reputation systems, ACM Comput Surv 42(1)
Hwang K, Kulkareni S, Hu Y (2009) Cloud security with virtualized defense and reputation-based trust mangement. DASC’09, pp 717–722
Itani W, Ghali C, Kayssi A, Chehab A (2011) Accountable reputation ranking schemes for service providers in cloud computing. In: Proceedings of the 1st international conference on cloud computing and services science, CLOSER 2011, Noordwijkerhaut, The Netherlands, 7–9 May 2011
Itani W, Kayssi A, Chehab A, Privacy as a service: privacy-aware data storage and processing in cloud computing architectures. In: proceedings of the eighth IEEE international conference on dependable, autonomic and secure, computing, pp 711–716
Janger E, Schwartz P (2002) The Gramm-Leach-Bliley Act, information privacy, and the limits of default rules. Minn L Rev 86:1219–1261
Jøsang A, Ismail R, Boyd C (2007) A survey of trust and reputation systems for online service provision. Decis Support Syst 43(2):618–644
Li A, Yang X, Kandula S, Zhang M (2010) CloudCmp: shopping for a cloud made easy. In: Proceedings of the 2nd USENIX conference on hot topics in cloud, computing (HotCloud’10)
Lim S, Keung C, Griffiths N (2010) Trust and reputation. In: Agent-based service-oriented computing. Springer, London, pp 189–224
Malik Z, Bouguettaya A (2009) RateWeb: reputation assessment for trust establishment among web services. VLDB J 18(4):885–911
Mármol F, Pérez G (2009) Security threats scenarios in trust and reputation models for distributed systems. Comput Secur 28(7):545–556
Nepal S, Malik Z, Bouguettaya A (2011) Reputation management for composite services in service-oriented systems. Int J Web Service Res 8(2):29–52
Pearson S, Charlesworth A (2009) Accountability as a way forward for privacy protection in the cloud. HP labs technical report, HPL-2009-178. http://www.hpl.hp.com/techreports/2009/HPL-2009-178.pdf
Wainewright P SaaS will dominate your cloud strategy, Zdnet News, retrieved from: http:// http://www.zdnet.com/blog/saas/saas-will-dominate-your-cloud-strategy/1300
RaaS Prototype Implementation, Available online at https://www.dropbox.com/s/84l4skh89n08w49/RaaS_Impl.zip
Schneier B, Kelsey J (1999) Secure audit logs to support computer forensics. ACM Trans Inf Syst Secur 2(2):159–196
The Insecure.org website http://Insecure.org
The Nessus network scanner homepage http://www.nessus.org
The Nmap tool homepage http://www.nmap.org
The Trusted Computing Group homepage http://www.trustedcomputinggroup.org/
The vSphere 4 home page http://www.vmware.com/products/vsphere
Trusted Computing Group (2010) Expanded IF-MAP 2.0 addresses a broader set of applications, white paper
Wang Y, Vassileva J (2007) Toward trust and reputation based web service selection: a survey. Int Trans Syst Sci Appl J Spec Issue New Tendencies Web Serv Multiagent Syst 3(2):118–132
Weingart S (1987) Physical security for the mABYSS system. In: Proceedings of the IEEE computer society conference on security and privacy, pp 52–58
Wieder P, Butler JM, Theilmann W, Yahyapour R (2011) Service level agreements for cloud computing, Springer, Berlin/Heidelberg
Wort S, Bolton C, Langford J, Cape M, Jin JJ, Hinson D, Ji H, Mestemaker PA, Sen A (2008) Professional SQL server 2005 performance tuning, Wrox
Yahyaoui H, Maamar Z, Bentahar J, Sahli N, Elnaffar S, Thiran P (2008) On the reputation of communities of web services. In: International conference on new technologies in distributed systems, pp 1–8
Yao J, Chen S, Wang C, Levy D, Zic J (2010) Accountability as a service for the cloud. In: Proceedings of the IEEE international conference on services computing (SCC), Miami, USA
Yee BS, Tygar JD (1995) Secure coprocessors in electronic commerce applications. In: Proceedings of the 1st USENIX workshop on E-Commerce
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Itani, W., Ghali, C., Kayssi, A., Chehab, A. (2014). Reputation as a Service: A System for Ranking Service Providers in Cloud Systems. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-38586-5_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38585-8
Online ISBN: 978-3-642-38586-5
eBook Packages: EngineeringEngineering (R0)