Calculating and Evaluating Trustworthiness of Certification Authority

In  a  public  key  infrastructure  trust  model,  a  trust  is transferred along a set of certificates, issued by certificate authorities (CAs) considered  as  trustfully  third  parties,  providing  a  trust chain among  its  entities.  In  order  to  deserve  this trustworthiness,  a  CA should to apply the rigorous procedures for generating keys, checking the  identities,  and  following  reliable  security  practices.  Any deficiency in  these procedures  may in?uence its trustworthiness.  In this  context,  some  authorities  could  be  weaker  than  others.  Then, relying parties (RPs) and certificate holders (CHs) need a mechanism to evaluate CA trustworthiness. In this paper, we provide them this mechanism to have information about its trustworthiness. In fact, we propose  a  trust  level  calculation  algorithm  that  is  based  on  three parameters  which  are  the  CA  reputation,  the  quality  of  procedures described in the certi?cate policy and its security maturity level

IoT trust and reputation: a survey and taxonomy

IoT is one of the fastest-growing technologies and it is estimated that more than a billion devices would be utilized across the globe by the end of 2030. To maximize the capability of these connected entities, trust and reputation among IoT entities is essential. Several trust management models have been proposed in the IoT environment; however, these schemes have not fully addressed the IoT devices features, such as devices role, device type and its dynamic behavior in a smart environment. As a result, traditional trust and reputation models are insufficient to tackle these characteristics and uncertainty risks while connecting nodes to the network. Whilst continuous study has been carried out and various articles suggest promising solutions in constrained environments, research on trust and reputation is still at its infancy. In this paper, we carry out a comprehensive literature review on state-of-the-art research on the trust and reputation of IoT devices and systems. Specifically, we first propose a new structure, namely a new taxonomy, to organize the trust and reputation models based on the ways trust is managed. The proposed taxonomy comprises of traditional trust management-based systems and artificial intelligence-based systems, and combine both the classes which encourage the existing schemes to adapt these emerging concepts. This collaboration between the conventional mathematical and the advanced ML models result in design schemes that are more robust and efficient. Then we drill down to compare and analyse the methods and applications of these systems based on community-accepted performance metrics, e.g. scalability, delay, cooperativeness and efficiency. Finally, built upon the findings of the analysis, we identify and discuss open research issues and challenges, and further speculate and point out future research directions.Comment: 20 pages, 5 Figures, 3 tables, Journal of cloud computin

IoT trust and reputation: a survey and taxonomy

IoT is one of the fastest-growing technologies and it is estimated that more than a billion devices would be utilized across the globe by the end of 2030. To maximize the capability of these connected entities, trust and reputation among IoT entities is essential. Several trust management models have been proposed in the IoT environment; however, these schemes have not fully addressed the IoT devices features, such as devices role, device type and its dynamic behavior in a smart environment. As a result, traditional trust and reputation models are insufficient to tackle these characteristics and uncertainty risks while connecting nodes to the network. Whilst continuous study has been carried out and various articles suggest promising solutions in constrained environments, research on trust and reputation is still at its infancy. In this paper, we carry out a comprehensive literature review on state-of-the-art research on the trust and reputation of IoT devices and systems. Specifically, we first propose a new structure, namely a new taxonomy, to organize the trust and reputation models based on the ways trust is managed. The proposed taxonomy comprises of traditional trust management-based systems and artificial intelligence-based systems, and combine both the classes which encourage the existing schemes to adapt these emerging concepts. This collaboration between the conventional mathematical and the advanced ML models result in design schemes that are more robust and efficient. Then we drill down to compare and analyse the methods and applications of these systems based on community-accepted performance metrics, e.g. scalability, delay, cooperativeness and efficiency. Finally, built upon the findings of the analysis, we identify and discuss open research issues and challenges, and further speculate and point out future research directions.Comment: 20 pages, 5 Figures, 3 tables, Journal of cloud computin

Find My Trustworthy Fogs: A Fuzzy-based Trust Evaluation Framework

The growth of IoT is proven with the massive amount of data generated in 2015, and expected to be even more in the years to come. Relying on the cloud to meet the expanding volume, variety, and velocity of data that the IoT generates may not be feasible. In the last two years, fog computing has become a considerably important research topic in an attempt to reduce the burden on cloud and solve cloud's inability to meet the IoT latency requirement. However, fog environment is different than in cloud since fog environment is far more distributed. Due to the dynamic nature of fog, backups such as redundant power supply would deem unnecessary, and relying on just one Internet Service Provider for their fog device would be sufficient. If obstacles arise in this fog environment, factors such as latency, availability or reliability would in turn be unstable. Fogs become harder to trust, and this issue is more complicated and challenging in comparison to the conventional cloud. This implies that trustworthiness in fog is an imperative issue that needs to be addressed. With the help of a broker, managing trust in a distributive environment can be tackled. Acting as an intermediary, a broker helps in facilitating negotiation between two parties. Although the brokering concept has been around for a long time and is widely used in the cloud, it is a new concept in fog computing. As of late, there are several research studies that incorporates broker in fog where these brokers focus towards pricing management. However to the best of our knowledge there is no literature on broker-based trust evaluation in fog service allocation. This is the first work that proposes broker-based trust evaluation framework that focuses on identifying a trustworthy fog to fulfi ll the user requests. In this paper, fuzzy logic is used as the basis for the evaluation while considering the availability and cost of fog. We propose Request Matching algorithm to identify a user request, and Fuzzy-based Filtering algorithm to match the request with one of the predefi ned sets created and managed by the broker. In this paper, we present a use case that illustrates how fuzzy logic works in determining the trustworthiness of a fog. Our findings suggest that the algorithms can successfully provide users a trustworthy fog that matches their requirement

Modelo de Calidad para Servicios Cloud

[EN] Modelo de Calidad para Servicios Cloud 4 Abstract Context: Cloud computing is a model of provision and consumption of services that offers many advantages to companies (high availability, flexibility, maximum utilization of resources, etc.) that result in quality requirements that must be met by the servi ce. In recent years there have been proposed numerous quality attributes and metrics for cloud services, but there is no study to collect this information and classified it with respect to internal and external characteristics of service (Quality of Servic e - QoS) and characteristics in use of the service (Quality of Experience - QoE). Objective: The objective of this final master ’s work is to define a model specific quality cloud services aligned with the ISO / IEC 25010, which integrate the quality feature s, attributes and metrics proposed in the literature and which allow to assess the quality cloud of artifacts in various stages of the life cycle. Method: We performed a systematic review of the literature in order to identify and analyze the attributes an d quality metrics proposed to assess the quality of cloud services. This method has been widely used in the field of Software Engineering and has proven useful to collect and analyze existing information on a particular research topic. Results: The result is a quality model for cloud services which has been built from 178 attributes and 364 metric obtained as a result of the systematic review. In particular, the results of the review indicate that 48% of proposals are metrics to measure performance efficien cy, reliability metrics following him with 23%. With respect to the phase of the life cycle, 55% of these metrics are used in the operation phase and 32% in the acquisition phase. Regarding the point of view of stakeholders, 39% of the metrics are oriented to the service provider, 33% consumer, 7% to the facilitator (broker) and only 5% service developer. With respect to cloud evaluated artifacts, most metrics (97%) are applied to the cloud service being tested or deployed in the cloud; only 2% of the metri cs are applied to the service architecture and 1% on the service specification. With regard to the validation, the results show that 99% of metric proposals lack any type of validation, although 44% presents a proof of concept illustrating how the metrics can be used. Additionally, we identified 27 attributes for cloud services, the elasticity was the most named, with 14%. Conclusions: The results of this work have provided relevant information on the current status and gaps that exist in the field of quali ty assessment of cloud services. They have also allowed us to define a quality model to meet some identified shortcomings. As future work, we intend to refine the proposed model, propose new metrics and adapt some existing architectures for evaluating clou d and empirical studies to provide evidence about theusefulness of a set of metrics[ES] El trabajo consiste en definir un modelo de calidad que determine las características de los servicios cloud y proporcione los mecanismos necesarios para evaluar su calidad. Se realizará una revisión sistemática de la literatura con el objetivo de identificar un conjunto de atributos de calidad, métricas e indicadores que permitirán medir las características identificadas. Como resultado se obtendrá un modelo de calidad alineado con la ISO/IEC 25010 que integrará las características de calidad, atributos, métricas e indicadores que dan soporte a su evaluación.[CA] Context: La computacio en el nuvol es un model de prestacio i consum de servicis que oferix moltes ventages a les empreses (alta disponibilitat, elasticitat, maxim aprofitament de recursos, etc.) que se traduixen en requisits de calitat que deuen ser complits pel servici. En els ultims anys s'han propost numerosos atributs de calitat i metriques per a servicis cloud, pero no existix un estudi que recoja esta informacio i la classifique en respecte a les caracteristiques internes i externes del servici (Quality of Service – QoS), aixina com caracteristiques en us del servici (Quality of Experience – QoE). Objectiu: L'objectiu d'este treball de fi de máster es definir un model de calitat especifica per a servicis cloud, enringlerat en l'ISO/IEC 25010, que integre les caracteristiques de calitat, atributs i metriques proposts en la lliteratura i que permeten evaluar la calitat dels artefactes cloud en distintes fases del cicle de vida. Metodo: S'ha realisat una revisio sistematica de la lliteratura en l'objectiu d'identificar i analisar els atributs i metriques de calitat propostes per a evaluar la calitat dels servicis cloud. Este metodo ha segut utilisat extensament en l'ambit de l'Ingenieria del Software i ha demostrat ser util per a recopilar i analisar l'informacio existent relativa a un determinat tema d'investigacio. Resultats: El resultat es un model de calitat per a servicis cloud que ha segut construit a partir dels 178 atributs i 364 metriques obtingudes com resultat de la revisio sistematica. En particular, els resultats de la revisio indiquen que el 48% de les metriques propostes son per a mesurar Eficiencia de desempenyorament, seguint-li les metriques de fiabilidad en en un 23%. En respecte a la fase del cicle de vida, un 55% d'estes metriques s'utilisen en la fase d'Operacio i un 32% en la fase d'Adquisicio. En respecte al punt de vista dels stakeholders, el 39% de les metriques estan orientades al proveïdor del servici, el 33% al consumidor, el 7% al facilitador (bróker) i nomes un 5% al desarrollador del servici. En respecte als artefactes cloud valorats, la majoria de les metriques (97%) s'apliquen sobre el servici cloud en fase de proves o desplegat en el cloud; nomes un 2% de les metriques s'apliquen sobre l'arquitectura del servici i un 1% sobre l'especificacio del servici. En respecte a la validacio, els resultats mostren que el 99% de les metriques propostes carixen de qualsevol tipo de validacio, encara que el 44% presenta una prova de concepte que ilustra com se pot utilisar les metriques. Adicionalment identifiquem 27 atributs propis dels servicis cloud, sent l'elasticitat el mes nomenat, en 14%. Conclusions: Els resultats del treball han proporcionat informacio rellevant sobre l'estat actual i les carencies que existixen en l'ambit de l'evaluacio de la calitat dels servicis cloud. Tambe mos han permes definir un model de calitat per a suplir algunes carencies identificades. Com trabajos futurs, pretenem refinar el model propost, propondre noves metriques i adaptar algunes existents per a l'evaluacio d'arquitectures cloud, aixina com realisar estudios empirics per a proporcionar evidencia al voltant de l'utilitat d'un conjunt de metriquesNavas Rosales, RM. (2016). Modelo de Calidad para Servicios Cloud. http://hdl.handle.net/10251/77847TFG

Modelo Comparativo de Plataformas Cloud y Evaluación de Microsoft Azure, Google App Engine y AmazonEC2

[ES] Existe una gran cantidad de proveedores de servicios en la nube siendo los más importantes Microsoft, Google y Amazon. Otros proveedores también son Rackspace, IBM, Oracle, Salesforce, etc. Un aspecto relevante para los desarrolladores y clientes es conocer las características de estos proveedores para tener información objetiva de cómo elegir entre una plataforma u otra dependiendo de sus objetivos y necesidades. En este proyecto se ha realizado un estudio para determinar las características de calidad relevantes de las plataformas cloud y se ha propuesto un modelo de calidad basado en la ISO/IEC 25010 para guiar a los usuarios en la comparación y selección de dichas plataformas. El modelo está soportado por un sistema de recomendación que permite a los usuarios especificar sus objetivos y comparar plataformas cloud mediante un conjunto de atributos y métricas de calidad. Este modelo se ha aplicado a un estudio para comparar las plataformas Microsoft Azure, Google App Engine y Amazon Elastic Compute Cloud (EC2) permitiendo la evaluación de sus características de calidad más relevantes.[EN] There is a large number of cloud service providers being the most important Microsoft, Google and Amazon. Other providers are also Rackspace, IBM, Oracle, Salesforce, etc. A relevant aspect for developers and customers is to determine the characteristics of these providers to have objective information on how to choose between one platform or another depending on their objectives and needs. In this project, we have carried out a study to determine the relevant quality characteristics of cloud platforms and a quality model based on ISO/IEC 25010 has been proposed to guide users in the comparison and selection of these platforms. The model is supported by a recommendation system that allows users to specify their objectives and compare cloud platforms through a set of quality attributes and metrics. This model has been applied to a case study which compares the Microsoft Azure, Google App Engine and Amazon Elastic Compute Cloud (EC2) platforms allowing the evaluation of its most relevant quality characteristics.Álvarez Vañó, JM. (2018). Modelo Comparativo de Plataformas Cloud y Evaluación de Microsoft Azure, Google App Engine y AmazonEC2. http://hdl.handle.net/10251/101221TFG