Accountable Reputation Ranking Schemes for Service Providers in Cloud Computing

We present RaaS (Reputation as a Service), a set of accountable reputation ranking schemes for service providers in cloud computing architectures. RaaS provides a secure reputation reporting system producing results and recommendations that can be published as a service and verified by trusted third parties or by the cloud service providers themselves. The reputation service is based on an assortment of ranking criteria ranging from multilevel performance and quality of service measures to security and pricing assessments. This makes RaaS a valuable IT component in supporting verifiable and accountable compliance with service-level agreements and regulatory policies, encouraging competition among cloud providers for better security and quality of service, and providing new and existing cloud customers with valuable advice for selecting the appropriate cloud service provider(s) that suit their performance, budgeting, and security requirements. The RaaS reputation system does not rely on subjective feedback from cloud customers but rather carry out the reputation calculation based on observable actions extracted from the computing cloud itself. A proof of concept implementation shows that the incorporated RaaS protocols impose minimal overhead on the overall system performance.

[1]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[2]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[3]  Kai Hwang,et al.  Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[4]  Félix Gómez Mármol,et al.  Security threats scenarios in trust and reputation models for distributed systems , 2009, Comput. Secur..

[5]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[6]  Steve H. Weingart Physical Security for the μABYSS System , 1987, 1987 IEEE Symposium on Security and Privacy.

[7]  Xiaowei Yang,et al.  CloudCmp: Shopping for a Cloud Made Easy , 2010, HotCloud.

[8]  Athman Bouguettaya,et al.  RATEWeb: Reputation Assessment for Trust Establishment among Web services , 2009, The VLDB Journal.

[9]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[10]  Peter Gutmann An Open-Source Cryptographic Coprocessor , 2000, USENIX Security Symposium.

[11]  Nathan Griffiths,et al.  Trust and Reputation , 2010, Agent-Based Service-Oriented Computing.

[12]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[13]  Bruce Schneier,et al.  Secure audit logs to support computer forensics , 1999, TSEC.

[14]  F. Hussain Trust and Reputation for Service-oriented Environments , 2006 .