Skip to main content

Advertisement

SpringerLink
Log in

A framework for enabling trust requirements in social cloud applications

  • Req. Engineering for Security,Privacy & Services in Cloud Environments
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Cloud applications entail the provision of a huge amount of heterogeneous, geographically distributed resources managed and shared by many different stakeholders who often do not know each other beforehand. This raises numerous security concerns that, if not addressed carefully, might hinder the adoption of this promising computational model. Appropriately dealing with these threats gains special relevance in the social cloud context, where computational resources are provided by the users themselves. We argue that taking trust and reputation requirements into account can leverage security in these scenarios by incorporating the notions of trust relationships and reputation into them. For this reason, we propose a development framework onto which developers can implement trust-aware social cloud applications. Developers can also adapt the framework in order to accommodate their application-specific needs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Notes

  1. A callable or called framework is composed of passive entities that can be called by other parts of the application, as opposed to a calling framework, where the framework takes over the main loop of the application and calls the pieces of code written by developers.

  2. http://developers.facebook.com.

  3. Note, however, that transitivity is not, in general, considered as a property that holds for trust [9].

  4. We assume that the reputation engine correctly implements the model and that the developer knows the model and, therefore, knows the model range.

  5. In order to keep the architecture cleaner, and also because this class may belong to a more detailed design, we have not mentioned it earlier.

References

  1. Abawajy J (2009) Determining service trustworthiness in intercloud computing environments. In: Proceedings of the 2009 10th international symposium on pervasive systems, algorithms, and networks, ISPAN ’09. Washington, DC, USA, IEEE Computer Society, pp 784–788

  2. Agudo I, Fernandez-Gago C, Lopez J (2008) A model for trust metrics analysis. In: 5th international conference on trust, privacy and security in digital business (TrustBus’08), volume 5185 of LNCS. Springer, Berlin, pp 28–37

  3. Blaze M, Feigenbaum J, Lacy J (1996) Decentralized trust management. In: IEEE symposium on security and privacy, pp 164–173

  4. Buyya R, Yeo CS, Venugopal S, Broberg J, Brandic I (2009) Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility. Future Gener Comput Syst 25(6):599–616

    Article  Google Scholar 

  5. Cadzow S (2008) Making better security standards: a review of the security update to MBS and a new ETSI deliverable. Technical report, ETSI TISPAN

  6. Cahill V, Gray E, Seigneur J-M, Jensen CD, Chen Y, Shand B, Dimmock N, Twigg A, Jean B, Colin E, Waleed W, Sotirios T, Paddy N, Giovannadi MS, Ciaran B, Marco C, Karl K, Mogens N (2003) Using trust for secure collaboration in uncertain environments. IEEE Pervasive Comput 2(3):52–61

    Article  Google Scholar 

  7. Castelfranchi C, Falcone R (2010) Trust theory: a socio-cognitive and computational model. Wiley Series in Agent Technology, London

    Book  Google Scholar 

  8. Chard K, Caton S, Rana O, Bubendorfer K (2010) Social cloud: cloud computing in social networks. In: Proceedings of the 3rd international conference on cloud computing IEEE cloud 2010

  9. Christianson B, Harbison WS (1997) Why isn’t trust transitive? In: Proceedings of the international workshop on security protocols. Springer, London, pp 171–176

  10. Fayad ME, Schmidt DC, Johnson RE (1999) Building application frameworks: object-oriented foundations of framework design. Wiley, London

    Google Scholar 

  11. Farmer R, Glass B (2010) Building web reputation systems, 1st edn. Yahoo! Press, USA

    Google Scholar 

  12. Gambetta D (1988) Can we trust trust? In: Trust: making and breaking cooperative relations. Basil Blackwell, Oxford, pp 213–237

  13. Grandison T, Sloman M (2000) A survey of trust in internet applications. Commun Surv Tutor IEEE 3(4):2–16

    Article  Google Scholar 

  14. Habib SM, Ries S, Muhlhauser M (2010) Cloud computing landscape and research challenges regarding trust and reputation. In: Proceedings of the 2010 symposia and workshops on ubiquitous, autonomic and trusted computing, UIC-ATC ’10, IEEE Computer Society. Washington, DC, USA, pp 410–415

  15. Har YC (2011) Architecture supporting computational trust formation. PhD thesis. University of Western Ontario, London, Ontario

  16. Huynh TD (2008) A personalized framework for trust assessment. ACM symposium on applied computing—trust, reputation, evidence and other collaboration know-how track, vol 2, pp 1302–1307

  17. Jøsang A (2001) A logic for uncertain probabilities. Int J Uncertain Fuzziness Knowl Based Syst 9(3):279–311

    Google Scholar 

  18. Jøsang A, Ismail R, Boyd C (2007) A survey of trust and reputation systems for online service provision. Decis Support Syst 43(2):618–644

    Article  Google Scholar 

  19. Kiefhaber R, Siefert F, Anders G, Ungerer T, Reif W (2011) The trust-enabling middleware: introduction and application. Technical Report 2011–2010, Universittsbibliothek der Universitt Augsburg, Universittsstr. 22, 86159 Augsburg, http://opus.bibliothek.uni-augsburg.de/volltexte/2011/1733/

  20. Lee AJ, Winslett M, Perano KJ (2009) TrustBuilder2: a reconfigurable framework for trust negotiation. In: Ferrari E, Li N, Bertino E, Karabulut Y (eds) IFIPTM, volume 300 of IFIP conference proceedings. Springer, Berlin, pp 176–195

  21. Levien R (2004) Attack resistant trust metrics. PhD thesis, University of California at Berkeley

  22. Limam N, Boutaba R (2010) Assessing software service quality and trustworthiness at selection time. IEEE Trans Softw Eng 36(4):559–574

    Article  Google Scholar 

  23. Marsh S (1994) Formalising trust as a computational concept. PhD thesis, University of Stirling

  24. Moyano F, Fernandez-Gago C, Lopez J (2012) A conceptual framework for trust models. In: Fischer-Hübner S, Katsikas S, Quirchmayr G (eds) Proceedings of 9th international conference on trust, privacy and security in digital business (TrustBus 2012), vol 7449, pp 93–104. Springer Verlag, Vienna

  25. McKnight DH, Chervany NL (1996) The meanings of trust. Technical report, University of Minnesota, Management Information Systems Research Center

  26. Miller KW, Voas J, Laplante P (2010) In trust we trust. Computer 43:85–87

    Article  Google Scholar 

  27. Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285–309

    Article  Google Scholar 

  28. Olmedilla D, Rana OF, Matthews B, Nejdl W (2005) Security and trust issues in semantic grids. In: Proceedings of the dagstuhl seminar, semantic grid: the convergence of technologies 5271

  29. Pavlidis M, Mouratidis H, Islam S (2012) Modelling security using trust based concepts. IJSSE 3(2):36–53

    Google Scholar 

  30. Pavlidis M, Mouratidis H, Islam S, Kearney P (2012) Dealing with trust and control: a meta-model for trustworthy information systems development. In: Sixth international conference on research challenges in information science, pp 1–9

  31. Resnick P, Zeckhauser R (2002) Trust among strangers in internet transactions: empirical analysis of eBay’s reputation system. In: Baye MR (eds) The economics of the internet and E-commerce, volume 11 of advances in applied microeconomics. Elsevier Science, Amsterdam, pp 127–157

  32. Ruohomaa S, Kutvonen L (2005) Trust management survey. In: Proceedings of the third international conference on trust management, iTrust’05. Springer, Berlin, pp 77–92

  33. Suryanarayana G, Diallo M, Taylor RN (2006) A generic framework for modeling decentralized reputation-based trust models. In: The fourteenth ACM SigSoft symposium on foundations of software engineering

  34. Suryanarayana G, Diallo MH, Erenkrantz JR, Taylor RN (2006) Architectural support for trust models in decentralized applications. In: Proceeding of the 28th international conference. ACM Press, New York, pp 52–61

  35. Takabi H, Joshi JBD, Ahn G-J (2010) Security and privacy challenges in cloud computing environments. IEEE Secur Privacy 8(6):24–31

    Article  Google Scholar 

  36. Weiss A (2007) Computing in the clouds. NetWorker 11(4):16–25

    Article  Google Scholar 

  37. Windley PJ, Tew K, Daley D (2006) A framework for building reputation systems. http://www.windley.com/essays/2006/dim2006/framework_for_building_reputation_systems

  38. Winslett M, Yu T, Seamons KE, Hess A, Jacobson J, Jarvis R, Smith B, Yu L (2002) Negotiating trust on the web. IEEE Internet Comput 6(6):30–37

    Article  Google Scholar 

  39. Xiao Y, Lin C, Jiang Y, Chu X, Shen X (2010) Reputation-based QoS provisioning in cloud computing via dirichlet multinomial model. In: IEEE international conference on communications. IEEE, pp 1–5

  40. Yan Z, Holtmanns S (2008) Trust modeling and management: from social trust to digital trust. Computer security, privacy and politics: current issues, challenges and solutions

Download references

Acknowledgments

This work has been partially funded by the European Commission through the FP7/2007-2013 project NESSoS (http://www.nessos-project.eu) under Grant Agreement Number 256980 and by the Junta de Andalucia through the project FISICCO (P11-TIC-07223). The first author is funded by the Spanish Ministry of Education through the National F.P.U. Program.

Author information

Authors and Affiliations

  1. Network Information and Computer Security Lab, University of Malaga, Málaga, Spain

    Francisco Moyano, Carmen Fernandez-Gago & Javier Lopez

Authors
  1. Francisco Moyano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carmen Fernandez-Gago
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Javier Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Javier Lopez.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Moyano, F., Fernandez-Gago, C. & Lopez, J. A framework for enabling trust requirements in social cloud applications. Requirements Eng 18, 321–341 (2013). https://doi.org/10.1007/s00766-013-0171-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-013-0171-x

Keywords

Search

Navigation