Comprehensive Framework for Selecting Cloud Service Providers (CSPs) Using Meta synthesis Approach

IntroductionNowadays, cloud computing has attracted the attention of many organizations. So many of them tend to make their business more agile by using flexible cloud services. Currently, the number of cloud service providers is increasing. In this regard, choosing the most suitable cloud service provider based on the criteria according to the conditions of the service consumer will be considered one of the most important challenges. Relying on previous studies and using a meta-synthesis approach, this research comprehensively searches past researches and provides a comprehensive framework of factors affecting the choice of cloud service providers including 4 main categories and 10 sub-areas. Then, using the opinions of experts who were selected purposefully and using the snowball method, and using the Lawshe validation method, the framework is finalized.Research Question(s)This research aims to complete the results of previous studies and answer the following questions with a systematic review of the subject literature:-What are the components of the comprehensive framework for choosing cloud service providers?-What are the effective criteria to choose a cloud service provider?-What is the selected framework of effective factors? Literature ReviewMany researchers have looked at the problem of choosing the best CSP from different aspects and have tried to provide a solution in this field. In this regard, we can refer to "Tang and Liu" (2015) who proposed a model called "FAGI" which defines the choice of a trusted CSP through four dimensions: security functions, auditability, management capability, and Interactivity helps. "Kong et al." (2013) presented an optimization algorithm based on graph theory to facilitate CSP selection. Some researchers have also provided a framework for CSP selection, such as "Gash" (2015) who provides a framework called "SelCSP" with the combination of trustworthiness and competence to estimate the risk of interaction. "Brendvall and Vidyarthi" (2014) suggest that in order to choose the best cloud service provider, a customer must first identify the indicators related to the level of service quality related to him and then evaluate different providers. Some researchers have focused on using different techniques for selection. For example: "Supraya et al." (2016) use the MCDM method to rank based on infrastructure parameters (agility, financial, efficiency, security, and ease of use). They investigate the mechanisms of cloud service recommender systems and divide them into four main categories and their techniques in four features of scalability, accessibility, accuracy, and trustIn this research, it has been tried to use the models and variables of the subject literature in developing a comprehensive framework. The codes, concepts, and categories related to the choice of cloud service providers are extracted from previous studies, and a comprehensive framework of the factors influencing the choice of cloud service providers is presented using the meta-composite method. MethodologyIn this research, based on the "Sandusky and Barroso" meta-composite qualitative research method, which is more general, a systematic review of the research literature was conducted, and the codes in the research literature were extracted. Then the codes, categories, and finally the proposed model are formed. The seven-step method of "Sandusky and Barroso" consists of: formulation of the research question, systematic review of the subject literature, search and selection of suitable articles, extraction of article information, analysis and synthesis of qualitative findings, quality control, and presentation of findings. Lawshe validation method has been used to validate the research findings. ResultsIn the meta-synthesis method, all the factors extracted from previous studies are considered as codes and concepts are obtained from the collection of these codes. Using the opinion of experts and considering the concept of each of these codes, codes with similar concepts were placed next to each other and new concepts were formed. This procedure was repeated in converting the concepts into categories and the proposed framework was identified. This framework consists of 27 codes, 10 concepts, and 4 categories (Table 1).Table 1: Codes, concepts, and categories extracted from the sourcescategoryConceptCodeNo.TrustSecurityHardware Security1Network Security2Software Security3Confidentiality4Control5Guarantee and AssuranceAccessibility6Stability7Facing ThreatsTechnical Risk8Center for Security Measures9TechnologyEfficiencyService Delivery Efficiency10Interactivity11Hardware and Network InfrastructureConfiguration and Change12Capacity (Memory, CPU, Disk)13Functionality Flexibility14Usability15Accuracy16Service Response Time17Ease of use18ManagerialMaintenanceEducation and Awareness19Customer Communication Channels20StrategicLegal Issues21Data Analysis22Service Level Agreement23CommercialCustomer SatisfactionResponsiveness24Customer Feedback25CostSubscription Fee26Implementation Cost27The lack of a common framework for evaluating cloud service providers is compounded by the fact that no two providers are the same, so that this issue complicates the process of choosing the right provider for each organization. Figure 1 shows the proposed comprehensive framework including 4 categories and 10 concepts covering the issue of choosing cloud service providers. These factors are useful in determining the provider that best matches the personal and organizational needs of the service recipient. The main categories are: trust building, technology, management, and business, which will be explained in the following.Figure 1: Cloud service provider selection framework 5- ConclusionBy comprehensively examining the factors affecting the choice, this research introduces specific areas such as trust building, technology, management, and business as the main areas of cloud service provider selection and add to the previous areas. The category of building trust between the customer, and the cloud service provider is of particular importance. In this research, the concepts related to trust building are: security (including hardware security, network security, software security, confidentiality and control), (availability, stability and stability), and facing threats (technical risk). In 36% of the articles, the concept of trust is mentioned, but in each study, only a limited number of factors affecting this category are discussed. This research takes a comprehensive look at the category of technology, the concepts of productivity (including service delivery efficiency, interactivity), hardware and network infrastructure (including configuration and repair, capacity (memory, processor, disk)), and performance (including flexibility, usability, accuracy of operation, service response time, ease of use). Considering the variety of services on different cloud platforms, service recipients must ensure that the provision of services is managed easily and in the shortest possible time by the cloud provider. The commercial aspect of service delivery deals with the two concepts of customer satisfaction (including responsiveness, customer feedback) and service rates (including: subscription cost and implementation cost), which are of interest to many businesses. The results of this research will help the decision makers of using the cloud space (both organizational managers and cloud customers) in choosing the best cloud service provider to have a comprehensive view of the effective factors before choosing and plan according to their needs

Context-aware multifaceted trust framework for evaluating trustworthiness of cloud providers

With the rapidly increasing number of cloud-based services, selecting a service provider is becoming more and more difficult. Among the many factors to be considered, trust in a given service and in a service provider is often critical. Appraisal of trust is a complex process, information about the offered service's quality needs to be collected from a number of sources, while user requirements may place different emphasis on the various quality indicators. Several frameworks have been proposed to facilitate service provider selection, however, only very few of them are built on existing cloud standards, and adaptability to different contexts is still a challenge. This paper proposes a new trust framework, called Context-Aware Multifaceted Trust Framework (CAMFT), to assist in evaluating trust in cloud service providers. CAMTF is flexible and context aware: it considers trust factors, users and services. When making recommendations, CAMFT employs a combination of mathematical methods that depend on the type of trust factors, and it takes both service characteristics and user perspective into account. A case study is also presented to demonstrate CAMFT's applicability to practical cases

Context-aware multifaceted trust framework for evaluating trustworthiness of cloud providers

\u3cp\u3eWith the rapidly increasing number of cloud-based services, selecting a service provider is becoming more and more difficult. Among the many factors to be considered, trust in a given service and in a service provider is often critical. Appraisal of trust is a complex process, information about the offered service's quality needs to be collected from a number of sources, while user requirements may place different emphasis on the various quality indicators. Several frameworks have been proposed to facilitate service provider selection, however, only very few of them are built on existing cloud standards, and adaptability to different contexts is still a challenge. This paper proposes a new trust framework, called Context-Aware Multifaceted Trust Framework (CAMFT), to assist in evaluating trust in cloud service providers. CAMTF is flexible and context aware: it considers trust factors, users and services. When making recommendations, CAMFT employs a combination of mathematical methods that depend on the type of trust factors, and it takes both service characteristics and user perspective into account. A case study is also presented to demonstrate CAMFT's applicability to practical cases.\u3c/p\u3

Software framework for the development of context-aware reconfigurable systems

In this project we propose a new software framework for the development of context-aware and secure controlling software of distributed reconfigurable systems. Context-awareness is a key feature allowing the adaptation of systems behaviour according to the changing environment. We introduce a new definition of the term “context” for reconfigurable systems then we define a new context modelling and reasoning approach. Afterwards, we define a meta-model of context-aware reconfigurable applications that paves the way to the proposed framework. The proposed framework has a three-layer architecture: reconfiguration, context control, and services layer, where each layer has its well-defined role. We define also a new secure conversation protocol between distributed trustless parts based on the blockchain technology as well as the elliptic curve cryptography. To get better correctness and deployment guarantees of applications models in early development stages, we propose a new UML profile called GR-UML to add new semantics allowing the modelling of probabilistic scenarios running under memory and energy constraints, then we propose a methodology using transformations between the GR-UML, the GR-TNCES Petri nets formalism, and the IEC 61499 function blocks. A software tool implementing the methodology concepts is developed. To show the suitability of the mentioned contributions two case studies (baggage handling system and microgrids) are considered.In diesem Projekt schlagen wir ein Framework für die Entwicklung von kontextbewussten, sicheren Anwendungen von verteilten rekonfigurierbaren Systemen vor. Kontextbewusstheit ist eine Schlüsseleigenschaft, die die Anpassung des Systemverhaltens an die sich ändernde Umgebung ermöglicht. Wir führen eine Definition des Begriffs ``Kontext" für rekonfigurierbare Systeme ein und definieren dann einen Kontextmodellierungs- und Reasoning-Ansatz. Danach definieren wir ein Metamodell für kontextbewusste rekonfigurierbare Anwendungen, das den Weg zum vorgeschlagenen Framework ebnet. Das Framework hat eine dreischichtige Architektur: Rekonfigurations-, Kontextkontroll- und Dienste-Schicht, wobei jede Schicht ihre wohldefinierte Rolle hat. Wir definieren auch ein sicheres Konversationsprotokoll zwischen verteilten Teilen, das auf der Blockchain-Technologie sowie der elliptischen Kurven-Kryptographie basiert. Um bessere Korrektheits- und Einsatzgarantien für Anwendungsmodelle zu erhalten, schlagen wir ein UML-Profil namens GR-UML vor, um Semantik umzufassen, die die Modellierung probabilistischer Szenarien unter Speicher- und Energiebeschränkungen ermöglicht. Dann schlagen wir eine Methodik vor, die Transformationen zwischen GR-UML, dem GR-TNCES-Petrinetz-Formalismus und den IEC 61499-Funktionsblöcken verwendet. Es wird ein Software entwickelt, das die Konzepte der Methodik implementiert. Um die Eignung der genannten Beiträge zu zeigen, werden zwei Fallstudien betrachtet

Continuous Identity Verification in Cloud Computing Services

Cloud computing has become a hugely popular new paradigm for hosting and delivering services over the internet for individuals and organisations with low cost. However, security is a sensitive issue in cloud computing, as it its services remain accessible to anyone after initial authenticated login and for significant periods. This has led to an increase in the number of attacks on sensitive cus-tomer information. This research identified biometric approaches as a possible solution for security to be maintained beyond the point of entry. Specifically, behaviour profiling has been proposed and applied across various other applications in the area of Transparent Authentication Systems (TAS’s) and Intrusion Detection Systems (IDS’s) to detect account misuse. However, little research has sought to imple-ment this technique within cloud computing services to detect misuse. This research proposes a novel continuous identity verification system as a supporting factor to protect cloud users by operating transparently to detect ab-normal access. The research examines the feasibility of applying a behavioural profiling technique on cloud users with respect to Software as a Service (SaaS) and Infrastructure as a Service (IaaS). Two real-life datasets were collected from 30 and 60 users for SaaS and IaaS studies, respectively. A thorough design and investigation of the biometric techniques was undertaken, including description statistics analysis and pattern classification optimisation. A number of factors were analysed to evaluate the impact on system performance, such as volume of data and type of sample selection. On average, using random sampling, the best experimental result achieved an EER (Equal Error Rate) of as low as 5.8%; six users experienced EERs equal to or less than 0.3%. Moreover, the IaaS study achieved a higher performance than the SaaS study with an overall EER of 0.32%. Based on the intensive analysis of the experimental performance of SaaS and IaaS studies, it has been identified that changes in user behaviour over time can negatively affect the performance of the suggested technique. Therefore, a dy-namic template renewal procedure has been proposed as a novel solution to keep recent user behaviour updated in the current users’ templates. The practi-cal experimental result using the more realistic time-series sampling methodolo-gy has shown the validity of the proposed solution with higher accuracy of 5.77 % EER