FASTCloud: A framework of assessment and selection for trustworthy cloud service based on QoS

By virtue of technology and benefit advantages, cloud computing has increasingly attracted a large number of potential cloud consumers (PCC) plan to migrate the traditional business to the cloud service. However, trust has become one of the most challenging issues that prevent the PCC from adopting cloud services, especially in trustworthy cloud service selection. Besides, due to the diversity and dynamic of quality of service (QoS) in the cloud environment, the existing trust assessment methods based on the single constant value of QoS attribute and the subjective weight assignment are not good enough to provide an effective solution for PCCs to identify and select a trustworthy cloud service among a wide range of functionally-equivalent cloud service providers (CSPs). To address the challenge, a novel assessment and selection framework for trustworthy cloud service, FASTCloud, is proposed in this study. This framework facilitates PCCs to select a trustworthy cloud service based on their actual QoS requirements. In order to accurately and efficiently assess the trust level of cloud services, a QoS-based trust assessment model is proposed. This model represents a trust level assessment method based on the interval multiple attributes with an objective weight assignment method based on the deviation maximization to adaptively determine the trust level of different cloud services provisioned by candidate CSPs. The advantage of the proposed trust level assessment method in time complexity is demonstrated by the performance analysis and comparison. The experimental result of a case study with an open-source dataset shows that the trust model is efficient in cloud service trust assessment and the FASTCloud can effectively help PCCs select a trustworthy cloud service

Comprehensive Framework for Selecting Cloud Service Providers (CSPs) Using Meta synthesis Approach

IntroductionNowadays, cloud computing has attracted the attention of many organizations. So many of them tend to make their business more agile by using flexible cloud services. Currently, the number of cloud service providers is increasing. In this regard, choosing the most suitable cloud service provider based on the criteria according to the conditions of the service consumer will be considered one of the most important challenges. Relying on previous studies and using a meta-synthesis approach, this research comprehensively searches past researches and provides a comprehensive framework of factors affecting the choice of cloud service providers including 4 main categories and 10 sub-areas. Then, using the opinions of experts who were selected purposefully and using the snowball method, and using the Lawshe validation method, the framework is finalized.Research Question(s)This research aims to complete the results of previous studies and answer the following questions with a systematic review of the subject literature:-What are the components of the comprehensive framework for choosing cloud service providers?-What are the effective criteria to choose a cloud service provider?-What is the selected framework of effective factors? Literature ReviewMany researchers have looked at the problem of choosing the best CSP from different aspects and have tried to provide a solution in this field. In this regard, we can refer to "Tang and Liu" (2015) who proposed a model called "FAGI" which defines the choice of a trusted CSP through four dimensions: security functions, auditability, management capability, and Interactivity helps. "Kong et al." (2013) presented an optimization algorithm based on graph theory to facilitate CSP selection. Some researchers have also provided a framework for CSP selection, such as "Gash" (2015) who provides a framework called "SelCSP" with the combination of trustworthiness and competence to estimate the risk of interaction. "Brendvall and Vidyarthi" (2014) suggest that in order to choose the best cloud service provider, a customer must first identify the indicators related to the level of service quality related to him and then evaluate different providers. Some researchers have focused on using different techniques for selection. For example: "Supraya et al." (2016) use the MCDM method to rank based on infrastructure parameters (agility, financial, efficiency, security, and ease of use). They investigate the mechanisms of cloud service recommender systems and divide them into four main categories and their techniques in four features of scalability, accessibility, accuracy, and trustIn this research, it has been tried to use the models and variables of the subject literature in developing a comprehensive framework. The codes, concepts, and categories related to the choice of cloud service providers are extracted from previous studies, and a comprehensive framework of the factors influencing the choice of cloud service providers is presented using the meta-composite method. MethodologyIn this research, based on the "Sandusky and Barroso" meta-composite qualitative research method, which is more general, a systematic review of the research literature was conducted, and the codes in the research literature were extracted. Then the codes, categories, and finally the proposed model are formed. The seven-step method of "Sandusky and Barroso" consists of: formulation of the research question, systematic review of the subject literature, search and selection of suitable articles, extraction of article information, analysis and synthesis of qualitative findings, quality control, and presentation of findings. Lawshe validation method has been used to validate the research findings. ResultsIn the meta-synthesis method, all the factors extracted from previous studies are considered as codes and concepts are obtained from the collection of these codes. Using the opinion of experts and considering the concept of each of these codes, codes with similar concepts were placed next to each other and new concepts were formed. This procedure was repeated in converting the concepts into categories and the proposed framework was identified. This framework consists of 27 codes, 10 concepts, and 4 categories (Table 1).Table 1: Codes, concepts, and categories extracted from the sourcescategoryConceptCodeNo.TrustSecurityHardware Security1Network Security2Software Security3Confidentiality4Control5Guarantee and AssuranceAccessibility6Stability7Facing ThreatsTechnical Risk8Center for Security Measures9TechnologyEfficiencyService Delivery Efficiency10Interactivity11Hardware and Network InfrastructureConfiguration and Change12Capacity (Memory, CPU, Disk)13Functionality Flexibility14Usability15Accuracy16Service Response Time17Ease of use18ManagerialMaintenanceEducation and Awareness19Customer Communication Channels20StrategicLegal Issues21Data Analysis22Service Level Agreement23CommercialCustomer SatisfactionResponsiveness24Customer Feedback25CostSubscription Fee26Implementation Cost27The lack of a common framework for evaluating cloud service providers is compounded by the fact that no two providers are the same, so that this issue complicates the process of choosing the right provider for each organization. Figure 1 shows the proposed comprehensive framework including 4 categories and 10 concepts covering the issue of choosing cloud service providers. These factors are useful in determining the provider that best matches the personal and organizational needs of the service recipient. The main categories are: trust building, technology, management, and business, which will be explained in the following.Figure 1: Cloud service provider selection framework 5- ConclusionBy comprehensively examining the factors affecting the choice, this research introduces specific areas such as trust building, technology, management, and business as the main areas of cloud service provider selection and add to the previous areas. The category of building trust between the customer, and the cloud service provider is of particular importance. In this research, the concepts related to trust building are: security (including hardware security, network security, software security, confidentiality and control), (availability, stability and stability), and facing threats (technical risk). In 36% of the articles, the concept of trust is mentioned, but in each study, only a limited number of factors affecting this category are discussed. This research takes a comprehensive look at the category of technology, the concepts of productivity (including service delivery efficiency, interactivity), hardware and network infrastructure (including configuration and repair, capacity (memory, processor, disk)), and performance (including flexibility, usability, accuracy of operation, service response time, ease of use). Considering the variety of services on different cloud platforms, service recipients must ensure that the provision of services is managed easily and in the shortest possible time by the cloud provider. The commercial aspect of service delivery deals with the two concepts of customer satisfaction (including responsiveness, customer feedback) and service rates (including: subscription cost and implementation cost), which are of interest to many businesses. The results of this research will help the decision makers of using the cloud space (both organizational managers and cloud customers) in choosing the best cloud service provider to have a comprehensive view of the effective factors before choosing and plan according to their needs

Multi-Criteria Decision Making in Complex Decision Environments

In the future, many decisions will either be fully automated or supported by autonomous system. Consequently, it is of high importance that we understand how to integrate human preferences correctly. This dissertation dives into the research field of multi-criteria decision making and investigates the satellite image acquisition scheduling problem and the unmanned aerial vehicle routing problem to further the research on a priori preference integration frameworks. The work will aid in the transition towards autonomous decision making in complex decision environments. A discussion on the future of pairwise and setwise preference articulation methods is also undertaken. "Simply put, a direct consequence of the improved decision-making methods is,that bad decisions more clearly will stand out as what they are - bad decisions.

A framework for QoS driven user-side cloud service management

This thesis presents a comprehensive framework that assists the cloud service user in making cloud service management decisions, such as service selection and migration. The proposed framework utilizes the QoS history of the available services for QoS forecasting and multi-criteria decision making. It then integrates all the inherent necessary processes, such as QoS monitoring, forecasting, service comparison and ranking to recommend the best and optimal decision to the user

Dynamic infrastructure for federated identity management in open environments

Centralized identity management solutions were created to deal with user and data security where the user and the systems they accessed were within the same network or domain of control. Nevertheless, the decentralization brought about by the integration of the Internet into every aspect of life is leading to an increasing separation of the user from the systems requiring access. Identity management has been continually evolving in order to adapt to the changing systems, and thus posing new challenges. In this sense, the challenges associated with cross-domain issues have given rise to a new approach of identity management, called Federated Identity Management (FIM), because it removes the largest barriers for achieving a common understanding. Due to the importance of the federation paradigm for online identity management, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the FIM paradigm a person’s electronic identity stored across multiple distinct domains can be linked, shared and reused. This concept allows interesting use-cases, such as Single Sign-on (SSO), which allows users to authenticate at a single service and gain access to multiple ones without providing additional information. But also provides means for cross-domain user account provisioning, cross-domain entitlement management and cross-domain user attribute exchange. However, for the federated exchange of user information to be possible in a secure way, a trust relationship must exist between the separated domains. The establishment of these trust relationships, if addressed in the federation specifications, is based on complex agreements and configurations that are usually manually set up by an administrator. For this reason, the “internet-like” scale of identity federations is still limited. Hence, there is a need to move from static configurations towards more flexible and dynamic federations in which members can join and leave more frequently and trust decisions can be dynamically computed on the fly. In this thesis, we address this issue. The main goal is contributing to improve the trust layer in FIM in order to achieve dynamic federation. And for this purpose, we propose an architecture that extends current federation systems. The architecture is based on two main pillars, namely a reputation-based trust computation module, and a risk assessment module. In regard to trust, we formalize a model to compute and represent trust as a number, which provides a basis for easy implementation and automation. It captures the features of current FIM systems and introduces new dimensions to add flexibility and richness. The model includes the definition of a trustworthiness metric, detailing the evidences used, and how they are combined to obtain a quantitative value. Basically, authentication information is merged with behavior data, i.e., reputation or history of interactions. In order to include reputation data in the model we contributed with the definition of a generic protocol to exchange reputation information between FIM entities, and its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to risk, we define an assessment model that allow entities to calculate how much risk is involved in transacting with another entity according to its configuration, policies, operation rules, cryptographic algorithms, etc. The methodology employed to define the risk model consists of three steps. Firstly, we design a taxonomy to capture the different aspects of a relationship in FIM that may contribute to risk. Secondly, based on the taxonomy and aiming at developing a computational model, we propose a set of metrics as a basis to quantify risk. Finally, we describe how to combine the metrics into a meaningful risk figure by using the Multiattribute Utility Theory (MAUT) methodology, which has been applied and adapted to define the risk aggregation model. Furthermore, an also under the MAUT theory, we propose a fuzzy aggregation system to combine trust and risk into a final value that is the basis for dynamic federation decisions. Formal validation of the above mentioned ideas has been carried out. The risk assessment and decision making are analytically validated ensuring their correct behavior, the reputation protocol included in the trust management proposal is tested through simulations, and the architecture is verified through the development of prototypes. In addition, dissemination activities were performed in projects, journals and conferences. Summarizing, the contributions here constitute a step towards the realization of dynamic federation, based on the flexibilization of the underlying trust frameworks. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Históricamente el diseño de soluciones de gestión de identidad centralizada ha estado orientado a proteger la seguridad de usuarios y datos en entornos en los que tanto los usuarios como los sistemas se encuentran en la misma red o dominio. Sin embargo, la creciente descentralización acaecida al integrar Internet en muchos aspectos de la vida cotidiana está dando lugar a una separación cada vez mayor entre los usuarios y los sistemas a los que acceden. La gestión de identidad ha ido evolucionando para adaptarse a estos cambios, dando lugar a nuevos e interesantes retos. En este sentido, los retos relacionados con el acceso a diferentes dominios han dado lugar a una nueva aproximación en la gestión de identidad conocida como Federación de Identidad o Identidad Federada. Debido a la importancia de este paradigma, se ha llevado a cabo un gran trabajo que se refleja en la definición de varios estándares y especificaciones. De acuerdo con estos documentos, bajo el paradigma de identidad federada, la identidad digital de un usuario almacenada en múltiples dominios diferentes puede ser enlazada, compartida y reutilizada. Este concepto hace posibles interesantes casos de uso, tales como el Single Sign-on (SSO), que permite a un usuario autenticarse una sola vez en un servicio y obtener acceso a múltiples servicios sin necesidad de proporcionar información adicional o repetir el proceso. Pero además, también se proporcionan mecanismos para muchos otros casos, como el intercambio de atributos entre dominios o la creación automática de cuentas a partir de la información proporcionada por otro dominio. No obstante, para que el intercambio de información personal del usuario entre dominios federados se pueda realizar de forma segura, debe existir una relación de confianza entre dichos dominios. Pero el establecimiento de estas relaciones de confianza, a veces ni siquiera recogido en las especificaciones, suele estar basado en acuerdos rígidos que requieren gran trabajo de configuración por parte de un administrador. Por esta razón, la escalabilidad de las federaciones de identidad es todavía limitada. Como puede deducirse, existe una necesidad clara de cambiar los acuerdos estáticos que rigen las federaciones actuales por un modelo más flexible que permita federaciones dinámicas en las que los miembros puedan unirse y marcharse más frecuentemente y las decisiones de confianza sean tomadas dinámicamente on-the-fly. Este es el problema que tratamos en la presente tesis. Nuestro objetivo principal es contribuir a mejorar la capa de confianza en federación de identidad de manera que el establecimiento de relaciones pueda llevarse a cabo de forma dinámica. Para alcanzar este objetivo, proponemos una arquitectura basada en dos pilares fundamentales: un módulo de cómputo de confianza basado en reputación, y un módulo de evaluación de riesgo. Por un lado, formalizamos un modelo para calcular y representar la confianza como un número, lo cual supone una base para una fácil implementación y automatización. El modelo captura las características de los sistemas de gestión de identidad federada actuales e introduce nuevas dimensiones para dotarlos de una mayor flexibilidad y riqueza expresiva. Se lleva a cabo pues una definición de la métrica de confianza, detallando las evidencias utilizadas y el método para combinarlas en un valor cuantitativo. Básicamente, se fusiona la información de autenticación disponible con datos de comportamiento, es decir, con reputación o historia de transacciones. Para la inclusión de datos de reputación en el modelo, contribuimos con la definición de un protocolo genérico que permite el intercambio de esta información entre las entidades de un sistema de gestión de identidad federada, que ha sido además integrado en el estándar más conocido y ampliamente desplegado (Security Assertion Markup Language, SAML). Por otro lado, en lo que se refiere al riesgo, proponemos un modelo que permite a las entidades calcular en cuánto riesgo se incurre al realizar una transacción con otra entidad, teniendo en cuenta su configuración, políticas, reglas de operación, algoritmos criptográficos en uso, etc. La metodología utilizada para definir el modelo de riesgo abarca tres pasos. En primer lugar, diseñamos una taxonomía que captura los distintos aspectos de una relación en el contexto de federación de identidad que puedan afectar al riesgo. En segundo lugar, basándonos en la taxonomía, proponemos un conjunto de métricas que serán la base para cuantificar el riesgo. En tercer y último lugar, describimos cómo combinar las métricas en una cifra final representativa utilizando el método Multiattribute Utility Theory (MAUT), que ha sido adaptado para definir el proceso de agregación de riesgo. Además, y también bajo la metodología MAUT, proponemos un sistema de agregación difuso que combina los valores de riesgo y confianza en un valor final que será el utilizado en la toma de decisiones dinámicas sobre si establecer o no una relación de federación. La validación de todas las ideas mencionadas ha sido llevada a cabo a través del análisis formal, simulaciones, desarrollo e implementación de prototipos y actividades de diseminación. En resumen, las contribuciones en esta tesis constituyen un paso hacia el establecimiento dinámico de federaciones de identidad, basado en la flexibilización de los modelos de confianza subyacentes

Cloud Technology Selection: A structured framework for decision making

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThis study aims to get organizations to improve their decision making during the selection of cloud technology process. As the technology evolves alongside an ever-increasing abundance in market offer, it may be challenging to choose the desirable service that encompasses several business approaches. For the purpose of this study to be attained, the reader must first comprehend the definition of Cloud Technology: it is the delivery of IT resources over the Internet, being applications, software, storage, among other services. Furthermore, understanding the current main technologies/architectures and their capabilities/limitations will play an important role in designing and developing the prospected solution. A thoroughly research will be produced to better define the criteria used in the process. Despite the fact that technology is able to be tailored up to a certain level for the organization needs, a higher level of participation will encourage vendors and architecture designers to develop a better knowledge on the companies’ desires, thus delivering more appropriate features to their unique needs

Framework de Tomada de Decisão para Last-Mile Sustentável

The e-commerce growth, propelled by factors like globalization, urbanization, or the COVID-19 pandemic, has been raising the demand for logistic activities. This affects the entire supply chain, especially the last-mile, as it is considered the most ineffective part of the supply chain and a source of negative externalities. Although various solutions promise to alleviate these problems, understanding them and selecting the best has proven to be difficult due to conflicting criteria, multiple perspectives, and trade-offs. The vicissitudes of complex and sensitive urban contexts like historic centers also contribute to this difficulty. This work contributes an integrated framework that may assist the involved stakeholders in decision-making. To this end, this work is based on a three-part methodology. The extensive systematic literature review developed provided an integrated overview of this fragmented research area. This review confirmed the multidisciplinary nature of the topic, as there is an increasing number of studies conducted under very different perspectives. Furthermore, it was found that the economic dimension is the most considered; the most polluting countries contributed little to the research; and the solutions involve trade-offs. The literature review supported the definition of the hierarchical model that structures last-mile operations in historic centers. This model was evaluated by interviewing a group of experts. After integrating the experts’ feedback, the model was quantified by the same experts according to an AHP-TOPSIS approach. This quantification had as a case study the historic center of Porto, Portugal. The experts considered the three sustainability dimensions identically important. Air pollution was the most valued sub-criterion whereas Visual pollution was the least. All last-mile solutions considered in the model achieved similar results, therefore suggesting a combined distribution strategy. Nevertheless, the use of parcel lockers is the most favorable solution and seems adequate in Porto’s historic center.O crescimento do e-commerce, impulsionado por fatores como a globalização, a urbanização ou a pandemia de COVID-19, tem aumentado a procura por atividades logísticas. Isto afeta toda a cadeia de abastecimento, principalmente a última-milha, por ser considerada a parte mais ineficaz da cadeia de abastecimento e uma fonte de externalidades negativas. Embora existam várias soluções que prometem aliviar estes problemas, entendêlas e selecionar a melhor tem se provado difícil devido a critérios conflituosos, múltiplas perspetivas e trade-offs. As vicissitudes de contextos urbanos complexos e sensíveis como os centros históricos também contribuem para essa dificuldade. Este trabalho contribui um framework integrado que pode auxiliar os stakeholders envolvidos na tomada de decisão. Para este fim, este trabalho é baseado numa metodologia composta por três partes. A extensa revisão sistemática da literatura desenvolvida forneceu uma visão integrada desta área de investigação fragmentada. Esta revisão confirmou o caráter multidisciplinar do tema, pois há um número crescente de estudos conduzidos sob perspetivas muito diferentes. Além disso, verificou-se que a dimensão económica é a mais considerada; os países mais poluentes contribuíram pouco para a pesquisa; e as soluções envolvem trade-offs. A revisão da literatura suportou a definição do modelo hierárquico que estrutura as operações de última-milha em centros históricos. Este modelo foi avaliado entrevistando um grupo de experts. Após a integração do feedback dos experts, o modelo foi quantificado pelos mesmos de acordo com uma abordagem AHP-TOPSIS. Esta quantificação teve como caso de estudo o centro histórico do Porto, Portugal. Os experts consideraram as três dimensões da sustentabilidade identicamente importantes. O subcritério relativo à poluição atmosférica foi o mais valorizado, enquanto o menos foi o relativo à poluição visual. Todas as soluções de últimamilha consideradas no modelo alcançaram resultados semelhantes, sugerindo uma estratégia de distribuição combinada. No entanto, o uso de parcel lockers é a solução mais favorável e é aparentemente adequada para o centro histórico do Porto

Current Application Fields of ELECTRE and PROMETHEE: A Literature Review

Multi-criteria decision making techniques are widely used today. In this study, it was examined the current usage areas of ELECTRE and PROMETHEE, which are in the class of outranking-based multiple criteria decision techniques, in Turkey and the world. In this regard, the studies carried out in 2016 and the first four months of 2017 were scanned with the help of Google Scholar. Thus, it is aimed to put forward the latest state of development of ELECTRE and PROMETHEE, and to give an idea about their future application forms and fields. As a result, it was seen that application problems of ELECTRE and PROMETHEE in various fields was tried to remove, and designed appropriate methods for special cases in studies. Furthermore, evaluation according to scenario variations, solving complex decision problems with metaheuristics, common usage of hesitant fuzzy implementations, proliferation of group decision preference, increasing the number of applications of hybrid techniques, used softwares, sensitivity analyses, two linguistic approaches taking an important place in fuzzification have been identified as remarkable results