Integrating a High-Reliability Multicriteria Trust Evaluation Model with Task Role-Based Access Control for Cloud Services
Abstract
:1. Introduction
1.1. Cloud Access Control Systems
1.2. System Motivations
- It provides the highest degree of flexibility, which is the basis for interactions in the cloud environment, by enhancing cloud users’ interaction in the roles and tasks associated with the owners’ data.
- It develops trust regarding the tasks carried out by individual users.
- Many existing access control models have trust-based systems, but these trust models do not offer precise trust value computations because they may be exposed to some security threats. Thus, an accurate trust-based T-RBAC model is proposed to resolve this vulnerability.
- T-RBAC supports dynamic real-time security management and applies the concept of access control over tasks, which are the minimum units for cloud computing activities.
1.3. Problem Statement
1.4. Contribution
- Protects cloud data from various attacks such as on/off attacks, collusion attacks, and sybil attacks.
- Upholds the utmost privacy of the cloud consumers’ data, as their use of the cloud services may involve highly sensitive data.
- Offers comprehensive solutions to make consumers’ trust values very precise by applying the interaction importance criterion.
- Assures trust management service availability owing to cloud services’ dynamic nature.
- Applies several criteria to ensure accurate assessment and data protection.
1.5. Organization
2. Related Works
3. Design and Methodology
3.1. Interaction Trust
3.1.1. Interaction Importance
3.1.2. On/off Attack
3.1.3. Trust Decline
3.1.4. Task Trust
3.1.5. Inheritance Interaction Trust
3.1.6. Nonsymmetry
Algorithm 1: Interaction Trust Algorithm | |
1: | |
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | |
17: | |
18: | |
19: | |
20: | |
21: | |
22: | |
23: | |
24: | |
25: | |
26: | |
27: | |
28: | |
29: | |
30: | |
31: | |
32: | |
33: | |
34: |
3.2. Recommendation Trust
3.2.1. Collusion Attack
Algorithm 2: Collusion Attack Algorithm | |
1: | |
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | |
17: | |
18: | |
24: |
3.2.2. Sybil Attack
Algorithm 3: Sybil Attacks Algorithm | |
1: | |
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: |
3.2.3. Recommender Importance
3.2.4. Subjectivity
Algorithm 4: Subjectivity and Recommender Importance Algorithm | |
1: | |
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | |
17: | |
18: | |
19: | |
20: | |
21: |
3.3. The Proposed Joint Trust Model
4. The Approach
4.1. Objectives
- To offer a comprehensive study on cloud computing, investigate its characteristics, and specify the design requirements for an access control solution that will be tailor-made for those characteristics.
- To design an effective and reliable architecture based on a T-RBAC access control that will improve the security of stored data in cloud storage systems.
- Introduce task-role-based access control (T-RBAC) as a new access control model integrated with a comprehensive trust model by applying a range of criteria to provide high security for cloud storage systems, while taking flexibility into consideration.
- Reduce the number of untrusted consumers with T-RBAC, and thus achieve a safer nonstop work environment.
- Build a flexible architecture based on T-RBAC wherein the owners of the resources in the system can give permission for roles or tasks, and if there is a data leak, the system will stop the task or role.
- Our trust model design involves hierarchy and inheritance in the evaluation of the trustworthiness of roles and tasks.
- The trust model provides solutions for different attacks, such as on/off attacks, collusion attacks, and sybil attacks.
- To provide high security by accounting for a wide range of criteria such as interaction importance, trust decline, task trust, conditional transfer, and subjectivity.
4.2. Proposed Framework Architecture
4.3. Proposed Method
- The administrator starts the system and specifies the hierarchy of roles and tasks in the system. Channel 1 facilitates the uploading of the system’s generated parameters for the roles and tasks to the cloud.
- When a consumer needs access to data in the cloud, they first send an access request via Channel 2, according to their roles and tasks.
- If the request is accepted, the Roles entity relies on Channel 5 to relay the accepted request to the Tasks entity. Then, the cloud will respond by providing a user with a normal cryptographic T-RBAC plan.
- The owner can only give an encryption and uploading go-ahead via Channel 3 if they believe that the role or task can be trusted. In this process, the owner also makes the feedback collector aware of the identity of the consumers.
- In case an owner identifies leakage of their resources due to an untrusted consumer, they provide feedback about this role or task to the feedback collector via channel 14.
- If the feedback is provided by an authorized owner, the collector will forward this feedback to the central repository via Channel 11 to store each trust record and interaction history generated when the roles and tasks interacted.
- The central repository then stores those interaction histories, which are later utilized by the Trust Decision Engine to evaluate the trust value of the roles and tasks through Channel 10.
- The roles entity can accept trust evaluations about the roles from the trust management system at any time, after which the trust management system responds with the information from the trust decision engine via Channel 13.
- After receiving the information from the trust decision engine, the roles entity updates the role variables that determine a consumer’s role membership in the cloud. The memberships of any malicious consumers are revoked.
- In the event of an owner providing negative feedback about a role because of resource leakage, the roles entity sends the information about the leakage to the role behavior analyzer via Channel 4.
- The tasks entity takes the trust evaluation about the tasks from the trust management system at any time, after which the trust management system responds with the information from the trust decision engine via Channel 12.
- After receving the information from the trust decision engine, the tasks section updates the task parameters that determine the consumer’s task membership. The membership of any malicious consumers are revoked.
- In the event of negative feedback by an owner about a task due to resource leakage, the tasks entity sends information about the leakage to the task behavior analyzer via Channel 7.
- The analyzers then update the trust records of the roles and tasks in the central repository via Channels 6 and 8.
- When an owner needs their data to be uploaded and encrypted in the cloud, they request a trust evaluation, which is the role of the trust management system. When the query is posted to the trust management system, the system responds to the owners via Channel 9.
- The trust decision engine gives the owners the trust evaluation results for the roles and tasks. Depending on those results, the data owners can decide to whether to give consumers permission to access their resources.
4.4. Application Scenario
5. Simulation Results
6. Comparison of Security and Accuracy
7. Future Work
8. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
References
- Noor, T.H.; Sheng, Q.Z.; Bouguettaya, A. Trust Management in Cloud Services; Springer: Cham, Switzerland, 2014. [Google Scholar]
- Brooks, T.T. (Ed.) Cyber-Assurance for the Internet of Things; John Wiley & Sons: Hoboken, NJ, USA, 2017. [Google Scholar]
- Bhatt, S.; Patwa, F.; Sandhu, R. An access control framework for cloud-enabled wearable internet of things. In Proceedings of the 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), San Jose, CA, USA, 15–17 October 2017; pp. 328–338. [Google Scholar]
- Firdhous, M.; Ghazali, O.; Hassan, S. Trust management in cloud computing: A critical review. arXiv 2012, arXiv:1211.3979. [Google Scholar] [CrossRef]
- Zhou, L.; Varadharajan, V.; Hitchens, M. Trust enhanced cryptographic role-based access control for secure cloud data storage. IEEE Trans. Inf. Forensics Secur. 2015, 10, 2381–2395. [Google Scholar] [CrossRef]
- Bhattasali, T.; Chaki, R.; Chaki, N.; Saeed, K. An adaptation of context and trust aware workflow oriented access control for remote healthcare. Int. J. Softw. Eng. Knowl. Eng. 2018, 28, 781–810. [Google Scholar] [CrossRef]
- Marudhadevi, D.; Dhatchayani, V.N.; Sriram, V.S. A trust evaluation model for cloud computing using service level agreement. Comput. J. 2015, 58, 2225–2232. [Google Scholar] [CrossRef]
- Tsai, W.T.; Zhong, P.; Bai, X.; Elston, J. Role-based trust model for community of interest. In Proceedings of the 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA), Taipei, Taiwan, 14–15 January 2009; pp. 1–8. [Google Scholar]
- Varsha, M.; Pramod, P. A Survey on Authentication and Access Control for Cloud Computing using RBDAC Mechanism. Int. J. Innov. Res. Comput. Commun. Eng. 2015, 3, 12125–12129. [Google Scholar]
- Zhang, P.; Kong, Y.; Zhou, M. A domain partition-based trust model for unreliable clouds. IEEE Trans. Inf. Forensics Secur. 2018, 13, 2167–2178. [Google Scholar] [CrossRef]
- Iltaf, N.; Ghafoor, A.; Hussain, M. Modeling interaction using trust and recommendation in ubiquitous computing environment. EURASIP J. Wirel. Commun. Netw. 2012, 119. [Google Scholar] [CrossRef] [Green Version]
- Tan, Z.; Tang, Z.; Li, R.; Sallam, A.; Yang, L. Research on trust-based access control model in cloud computing. In Proceedings of the 2011 6th IEEE Joint International Information Technology and Artificial Intelligence Conference, Chongqing, China, 20–22 August 2011; Volume 2, pp. 339–344. [Google Scholar]
- Barsoum, A.; Hasan, A. Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE Trans. Parallel Distrib. Syst. 2012, 24, 2375–2385. [Google Scholar] [CrossRef]
- Smari, W.W.; Clemente, P.; Lalande, J.F. An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system. Future Gener. Comput. Syst. 2014, 31, 147–168. [Google Scholar] [CrossRef]
- Whitman, M.; Mattord, H.J. Principles of Information Security; CENGAGE Learning: Boston, MA, USA, 2011; pp. 433–469. [Google Scholar]
- Li, X.; Du, J. Adaptive and attribute-based trust model for service-level agreement guarantee in cloud computing. IET Inf. Secur. 2013, 7, 39–50. [Google Scholar] [CrossRef]
- Yu, H.; Shen, Z.; Miao, C.; Leung, C.; Niyato, D. A survey of trust and reputation management systems in wireless communications. Proc. IEEE 2010, 98, 1755–1772. [Google Scholar] [CrossRef]
- Chang, W.; Xu, F.; Dou, J. A Trust and Unauthorized Operation Based RBAC (TUORBAC) Model. In Proceedings of the 2012 International Conference on Control Engineering and Communication Technology, Shenyang, China, 7–9 December 2012; pp. 811–814. [Google Scholar]
- Liu, K.; Zhou, Z.; Chen, Q.; Yang, X. Towards an attribute-based authorization model with task-role-based access control for WfMS. In Proceedings of the 2015 IEEE 16th International Conference on Communication Technology (ICCT), Hangzhou, China, 18–20 October 2015; pp. 361–371. [Google Scholar]
- Wang, P.; Jiang, L. Task-role-based access control model in smart health-care system. In Proceedings of the MATEC Web of Conferences International Conference on Engineering Technology and Application (ICETA 2015), Xiamen, China, 29–30 May 2015; Volume 22, p. 01011. [Google Scholar]
- Fan, Y.-Q.; Zhang, Y.-S. Trusted Access Control Model Based on Role and Task in Cloud Computing. In Proceedings of the 2015 7th International Conference on Information Technology in Medicine and Education (ITME), Huangshan, China, 13–15 November 2015; pp. 710–713. [Google Scholar]
- Huang, L.; Xiong, Z.; Wang, G. A trust-role access control model facing cloud computing. In Proceedings of the 2016 35th Chinese Control Conference (CCC), Chengdu, China, 27–29 July 2016; pp. 5239–5242. [Google Scholar]
- Chakraborty, S.; Ray, I. TrustBAC: Integrating trust relationships into the RBAC model for access control in open systems. In Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, Lake Tahoe, CA, USA, 7–9 June 2006; pp. 49–58. [Google Scholar]
- Deng, W.; Zhou, Z. A flexible rbac model based on trust in open system. In Proceedings of the 2012 Third Global Congress on Intelligent Systems, Wuhan, China, 6–8 November 2012; pp. 400–404. [Google Scholar]
- Oh, S.; Park, S. Task–role-based access control model. Inf. Syst. 2003, 28, 533–562. [Google Scholar] [CrossRef]
- Zhao, L.; Liu, S.; Li, J.; Xu, H. A dynamic access control model based on trust. In Proceedings of the 2010 the 2nd Conference on Environmental Science and Information Application Technology, Wuhan, China, 17–18 July 2010; Volume 1, pp. 548–551. [Google Scholar]
- Zhou, L.; Varadharajan, V.; Hitchens, M. Integrating trust with cryptographic role-based access control for secure cloud data storage. In Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, Australia, 16–18 July 2013; pp. 560–569. [Google Scholar]
- Lin, G.; Wang, D.; Bie, Y.; Lei, M. MTBAC: A mutual trust based access control model in cloud computing. China Commun. 2014, 11, 154–162. [Google Scholar]
- Zhu, C.; Nicanfar, H.; Leung, V.C.; Yang, L.T. An authenticated trust and reputation calculation and management system for cloud and sensor networks integration. IEEE Trans. Inf. Forensics Secur. 2014, 10, 118–131. [Google Scholar]
- Li, X.; Ma, H.; Zhou, F.; Gui, X. Service operator-aware trust scheme for resource matchmaking across multiple clouds. IEEE Trans. Parallel Distrib. Syst. 2014, 26, 1419–1429. [Google Scholar] [CrossRef]
- Uikey, C.; Bhilare, D.S. TrustRBAC: Trust role based access control model in multi-domain cloud environments. In Proceedings of the 2017 International Conference on Information, Communication, Instrumentation and Control (ICICIC), Indore, India, 17–19 August 2017; pp. 1–7. [Google Scholar]
- Ghafoorian, M.; Abbasinezhad-Mood, D.; Shakeri, H. A thorough trust and reputation based RBAC model for secure data storage in the cloud. IEEE Trans. Parallel Distrib. Syst. 2018, 30, 778–788. [Google Scholar] [CrossRef]
- Ko, R.K.; Jagadpramana, P.; Mowbray, M.; Pearson, S.; Kirchberg, M.; Liang, Q.; Lee, B.S. TrustCloud: A framework for accountability and trust in cloud computing. In Proceedings of the 2011 IEEE World Congress on Services, Washington, DC, USA, 4–9 July 2011; pp. 584–588. [Google Scholar]
- Hasan, O.; Brunie, L.; Pierson, J.M.; Bertino, E. Elimination of subjectivity from trust recommendation. In Proceedings of the IFIP International Conference on Trust Management, West Lafayette, IN, USA, 15–19 June 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 65–80. [Google Scholar]
- Noor, T.H.; Sheng, Q.Z.; Alfazi, A. Reputation attacks detection for effective trust assessment among cloud services. In Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, Australia, 16–18 July 2013; pp. 469–476. [Google Scholar]
- Hassan, H.; El-Desouky, A.I.; Ibrahim, A.; El-Kenawy, E.S.M.; Arnous, R. Enhanced QoS-based model for trust assessment in cloud computing environment. IEEE Access 2020, 8, 43752–43763. [Google Scholar] [CrossRef]
- Han, H.X. Research on Adaptive Relationship between Trust and Privacy in Cloud Service. IEEE Access 2021. [Google Scholar] [CrossRef]
- Josang, A.; Ismail, R. The beta reputation system. In Proceedings of the 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17–19 June 2002; Volume 5, pp. 2502–2511. [Google Scholar]
- Van Gorp, P.; Comuzzi, M. MyPHRMachines: Lifelong personal health records in the cloud. In Proceedings of the 2012 25th IEEE International Symposium on Computer-Based Medical Systems (CBMS), Rome, Italy, 20–22 June 2012; pp. 1–6. [Google Scholar]
- Noor, T.H.; Sheng, Q.Z.; Yao, L.; Dustdar, S.; Ngu, A.H. CloudArmor: Supporting reputation-based trust management for cloud services. IEEE Trans. Parallel Distrib. Syst. 2015, 27, 367–380. [Google Scholar] [CrossRef]
- Oleshchuk, V. Trust-aware rbac. In Proceedings of the International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, St. Petersburg, Russia, 17–19 October 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 97–107. [Google Scholar]
- Zupancic, E.; Juric, M.B. TACO: A novel method for trust rating subjectivity elimination based on Trust Attitudes COmparison. Electron. Commer. Res. 2015, 15, 207–241. [Google Scholar] [CrossRef]
- Noor, T.H.; Sheng, Q.Z.; Alfazi, A. Detecting occasional reputation attacks on cloud services. In Proceedings of the International Conference on Web Engineering, Aalborg, Denmark, 8–12 July 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 416–423. [Google Scholar]
- Fortino, G.; Fotia, L.; Messina, F.; Rosaci, D.; Sarné, G.M. Trust and reputation in the internet of things: State-of-the-art and research challenges. IEEE Access 2020, 8, 60117–60125. [Google Scholar] [CrossRef]
6 | 21 | 32 | 12 | 36 | 1 | 18 | |
126 | 126 | 126 | 126 | 126 | 126 | 126 | |
0.05 | 0.17 | 0.25 | 0.10 | 0.29 | 0.01 | 0.14 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alshammari, S.T.; Albeshri, A.; Alsubhi, K. Integrating a High-Reliability Multicriteria Trust Evaluation Model with Task Role-Based Access Control for Cloud Services. Symmetry 2021, 13, 492. https://doi.org/10.3390/sym13030492
Alshammari ST, Albeshri A, Alsubhi K. Integrating a High-Reliability Multicriteria Trust Evaluation Model with Task Role-Based Access Control for Cloud Services. Symmetry. 2021; 13(3):492. https://doi.org/10.3390/sym13030492
Chicago/Turabian StyleAlshammari, Salah T., Aiiad Albeshri, and Khalid Alsubhi. 2021. "Integrating a High-Reliability Multicriteria Trust Evaluation Model with Task Role-Based Access Control for Cloud Services" Symmetry 13, no. 3: 492. https://doi.org/10.3390/sym13030492