A Framework for Trusted Services

An existing challenge when selecting services to be used in a service- based system is to be able to distinguish between good and bad services. In this paper we present a trust-based service selection framework. The framework uses a trust model that calculates the level of trust a user may have with a service based on past experience of the user with the service and feedback about the service received from other users. The model takes into account different levels of trust among users, different relationships between users, and different levels of importance that a user may have for certain quality aspects of a service. A prototype tool has been implemented to illustrate and evaluate the work. The trust model has been evaluated in terms of its capacity to adjust itself due to changes in user ratings and its robustness

QoS and trust prediction framework for composed distributed systems

The objective of this dissertation is to propose a comprehensive framework to predict the QoS and trust (i.e, the degree of compliance of a service to its specification) values of composed distributed systems created out of existing quality-aware services. We improve the accuracy of the predictions by building context-aware models and validating them with real-life case studies. The context is the set of environmental factors that affect QoS attributes (such as response time and availability), and trust of a service or a composed system. The proposed framework uses available context-QoS dependency information of individual services and information about the interaction patterns among the services to make predictions for the QoS and trust values of the composed system at the design phase of the development lifecycle. Such predictions made in the early phases of the system development lifecycle will reduce cost, time, and effort. We demonstrate the use of these predictions in selecting the optimum set of services to create composed systems using heuristic optimization algorithms. Additionally, the prediction model is used at runtime with fast heuristic techniques to build adaptable composed systems. The empirical results show the proposed context-dependent framework performs well in providing more accurate predictions than the prevalent approaches

Security risk assessment in cloud computing domains

Cyber security is one of the primary concerns persistent across any computing platform. While addressing the apprehensions about security risks, an infinite amount of resources cannot be invested in mitigation measures since organizations operate under budgetary constraints. Therefore the task of performing security risk assessment is imperative to designing optimal mitigation measures, as it provides insight about the strengths and weaknesses of different assets affiliated to a computing platform. The objective of the research presented in this dissertation is to improve upon existing risk assessment frameworks and guidelines associated to different key assets of Cloud computing domains - infrastructure, applications, and users. The dissertation presents various informal approaches of performing security risk assessment which will help to identify the security risks confronted by the aforementioned assets, and utilize the results to carry out the required cost-benefit tradeoff analyses. This will be beneficial to organizations by aiding them in better comprehending the security risks their assets are exposed to and thereafter secure them by designing cost-optimal mitigation measures --Abstract, page iv

Optimal QoS aware multiple paths web service composition using heuristic algorithms and data mining techniques

The goal of QoS-aware service composition is to generate optimal composite services that satisfy the QoS requirements defined by clients. However, when compositions contain more than one execution path (i.e., multiple path's compositions), it is difficult to generate a composite service that simultaneously optimizes all the execution paths involved in the composite service at the same time while meeting the QoS requirements. This issue brings us to the challenge of solving the QoS-aware service composition problem, so called an optimization problem. A further research challenge is the determination of the QoS characteristics that can be considered as selection criteria. In this thesis, a smart QoS-aware service composition approach is proposed. The aim is to solve the above-mentioned problems via an optimization mechanism based upon the combination between runtime path prediction method and heuristic algorithms. This mechanism is performed in two steps. First, the runtime path prediction method predicts, at runtime, and just before the actual composition, execution, the execution path that will potentially be executed. Second, both the constructive procedure (CP) and the complementary procedure (CCP) heuristic algorithms computed the optimization considering only the execution path that has been predicted by the runtime path prediction method for criteria selection, eight QoS characteristics are suggested after investigating related works on the area of web service and web service composition. Furthermore, prioritizing the selected QoS criteria is suggested in order to assist clients when choosing the right criteria. Experiments via WEKA tool and simulation prototype were conducted to evaluate the methods used. For the runtime path prediction method, the results showed that the path prediction method achieved promising prediction accuracy, and the number of paths involved in the prediction did not affect the accuracy. For the optimization mechanism, the evaluation was conducted by comparing the mechanism with relevant optimization techniques. The simulation results showed that the proposed optimization mechanism outperforms the relevant optimization techniques by (1) generating the highest overall QoS ratio solutions, (2) consuming the smallest computation time, and (3) producing the lowest percentage of constraints violated number

Trust Management for Context-Aware Composite Services

In the areas of cloud computing, big data and internet of things, composite services are designed to effectively address complex levels of user requirements. A major challenge for composite services management is the dynamic and continuously changing run-time environments that could raise several exceptional situations such as service execution time that may have greatly increased or a service that may become unavailable. Composite services in this environmental context have difficulty securing an acceptable quality of service (QoS). The need for dynamic adaptations to be triggered becomes then urgent for service-based systems. These systems also require trust management to ensure service level agreement (SLA) compliance. To face this dynamism and volatility, context-aware composite services (i.e., run-time self-adaptable services) are designed to continue offering their functionalities without compromising their operational efficiency to boost the added value of the composition. The literature on adaptation management for context-aware composite services mainly focuses on the closed world assumption that the boundary between the service and its run-time environment is known, which is impractical for dynamic services in the open world where environmental contexts are unexpected. Besides, the literature relies on centralized architectures that suffer from management overhead or distributed architectures that suffer from communication overhead to manage service adaptation. Moreover, the problem of encountering malicious constituent services at run-time still needs further investigation toward a more efficient solution. Such services take advantage of the environmental contexts for their benefit by providing unsatisfying QoS values or maliciously collaborate with other services. Furthermore, the literature overlooks the fact that composite services data is relational and relies on propositional data (i.e., flattened data containing the information without the structure). This contradicts with the fact that services are statistically dependent since QoS values of service are correlated with those of other services. This thesis aims to address these gaps by capitalizing on different methods from software engineering, computational intelligence and machine learning. To support context-aware composite services in the open world, dynamic adaptation mechanisms are carried out at design-time to guide the running services. To this end, this thesis proposes an adaptation solution based on a feature model that captures the variability of the composite service and deliberates the inter-dependency relations among QoS constraints. We apply the master-slaves adaptation pattern to enable coordination of the self-adaptation process based on the MAPE loop (Monitor-Analysis-Plan-Execute) at run time. We model the adaptation process as a multi-objective optimization problem and solve it using a meta-heuristic search technique constrained by SLA and feature model constraints. This enables the master to resolve conflicting QoS goals of the service adaptation. In the slave side, we propose an adaptation solution that immediately substitutes failed constituent services with no need for complex and costly global adaptation. To support the decision making at different levels of adaptation, we first propose an online SLA violation prediction model that requires small amounts of end-to-end QoS data. We then extend the model to comprehensively consider service dependency that exists in the real business world at run time by leveraging the relational dependency network, thus enhancing the prediction accuracy. In addition, we propose a trust management model for services based on the dependency network. Particularly, we predict the probability of delivering a satisfactory QoS under changing environmental contexts by leveraging the cyclic dependency relations among QoS metrics and environmental context variables. Moreover, we develop a service reputation evaluation technique based on the power of mass collaboration where we explicitly detect collusion attacks. As another contribution of this thesis, we introduce for the newcomer services a trust bootstrapping mechanism resilient to the white-washing attack using the concept of social adoption. The thesis reports simulation results using real datasets showing the efficiency of the proposed solutions

A MULTI-FUNCTIONAL PROVENANCE ARCHITECTURE: CHALLENGES AND SOLUTIONS

In service-oriented environments, services are put together in the form of a workflow with the aim of distributed problem solving. Capturing the execution details of the services' transformations is a significant advantage of using workflows. These execution details, referred to as provenance information, are usually traced automatically and stored in provenance stores. Provenance data contains the data recorded by a workflow engine during a workflow execution. It identifies what data is passed between services, which services are involved, and how results are eventually generated for particular sets of input values. Provenance information is of great importance and has found its way through areas in computer science such as: Bioinformatics, database, social, sensor networks, etc. Current exploitation and application of provenance data is very limited as provenance systems started being developed for specific applications. Thus, applying learning and knowledge discovery methods to provenance data can provide rich and useful information on workflows and services. Therefore, in this work, the challenges with workflows and services are studied to discover the possibilities and benefits of providing solutions by using provenance data. A multifunctional architecture is presented which addresses the workflow and service issues by exploiting provenance data. These challenges include workflow composition, abstract workflow selection, refinement, evaluation, and graph model extraction. The specific contribution of the proposed architecture is its novelty in providing a basis for taking advantage of the previous execution details of services and workflows along with artificial intelligence and knowledge management techniques to resolve the major challenges regarding workflows. The presented architecture is application-independent and could be deployed in any area. The requirements for such an architecture along with its building components are discussed. Furthermore, the responsibility of the components, related works and the implementation details of the architecture along with each component are presented

Game-Theoretic Foundations for Forming Trusted Coalitions of Multi-Cloud Services in the Presence of Active and Passive Attacks

The prominence of cloud computing as a common paradigm for offering Web-based services has led to an unprecedented proliferation in the number of services that are deployed in cloud data centers. In parallel, services' communities and cloud federations have gained an increasing interest in the recent past years due to their ability to facilitate the discovery, composition, and resource scaling issues in large-scale services' markets. The problem is that the existing community and federation formation solutions deal with services as traditional software systems and overlook the fact that these services are often being offered as part of the cloud computing technology, which poses additional challenges at the architectural, business, and security levels. The motivation of this thesis stems from four main observations/research gaps that we have drawn through our literature reviews and/or experiments, which are: (1) leading cloud services such as Google and Amazon do not have incentives to group themselves into communities/federations using the existing community/federation formation solutions; (2) it is quite difficult to find a central entity that can manage the community/federation formation process in a multi-cloud environment; (3) if we allow services to rationally select their communities/federations without considering their trust relationships, these services might have incentives to structure themselves into communities/federations consisting of a large number of malicious services; and (4) the existing intrusion detection solutions in the domain of cloud computing are still ineffective in capturing advanced multi-type distributed attacks initiated by communities/federations of attackers since they overlook the attacker's strategies in their design and ignore the cloud system's resource constraints. This thesis aims to address these gaps by (1) proposing a business-oriented community formation model that accounts for the business potential of the services in the formation process to motivate the participation of services of all business capabilities, (2) introducing an inter-cloud trust framework that allows services deployed in one or disparate cloud centers to build credible trust relationships toward each other, while overcoming the collusion attacks that occur to mislead trust results even in extreme cases wherein attackers form the majority, (3) designing a trust-based game theoretical model that enables services to distributively form trustworthy multi-cloud communities wherein the number of malicious services is minimal, (4) proposing an intra-cloud trust framework that allows the cloud system to build credible trust relationships toward the guest Virtual Machines (VMs) running cloud-based services using objective and subjective trust sources, (5) designing and solving a trust-based maxmin game theoretical model that allows the cloud system to optimally distribute the detection load among VMs within a limited budget of resources, while considering Distributed Denial of Service (DDoS) attacks as a practical scenario, and (6) putting forward a resource-aware comprehensive detection and prevention system that is able to capture and prevent advanced simultaneous multi-type attacks within a limited amount of resources. We conclude the thesis by uncovering some persisting research gaps that need further study and investigation in the future