A Thorough Trust and Reputation Based RBAC Model for Secure Data Storage in the Cloud
Abstract: Cloud computing is a widespread technology, which has attracted much attention nowadays. Among the many criteria that must be considered for data storage in the cloud, access control plays a vital role. Role-based access control (RBAC) is a well-known technique for secure data storage in the cloud. Since the traditional RBAC models are improper for open and decentralized environments, recently, some works have integrated the trust concept into the RBAC model. Nevertheless, they have not fully addressed the required security metrics of a trust-based system. Therefore, in this paper, we first introduce the security goals that should be considered in an efficient trust based system. Second, we propose a novel trust and reputation based RBAC model that not only can properly withstand the security threats of trust-based RBAC models, but also is scalable as it has reasonable execution time. Third, we evaluate the proposed model using the famous trust network of advogato dataset. Eventually, we compare the proposed model with recently-published ones in terms of mean absolute error, execution time of indirect trust computation, and provided features. The achieved results are indicative of the priority of the proposed model to be employed in real cloud environments.
Existing system: Among the existing access control policies, role-based access control (RBAC) has taken much attention from scholars. The main simple notion of the RBAC is that in an enterprise, permissions are first associated with functional roles and then, users are assigned to appropriate role or set of roles . Although the hard security mechanisms, such as RBAC, can deliver a fairly acceptable level of security, they are not quite suitable for open and decentralized environments like the cloud. Therefore, in order to enhance security in such environments, we need to also employ soft security mechanisms such as trust management. In other words, by utilization of trust and reputation based systems, a foundation for security, efficiency, and stability will be provided in the cloud environments. Proposed system: Expressing the criteria that need to be addressed in an efficient reputation and trust based system. Presenting an illustrative figure for each security metric/goal for its better comprehension. Proposing a novel holistic trust and reputation based RBAC model for secure data storage in the cloud, which can thoroughly fulfill the desired security requirements, has a proper level of efficiency, and (c) can be employed effectively in open environments like the cloud. Proposing a reliable architecture for trust-based RBAC model in the cloud. Exemplifying a real-world application scenario and discussing the suitability of the proposed model in mitigating the risk of illegal accesses in that application. Advantages: With the aid of cloud computing, everyone can access shared resources from everywhere without being worried about storage space, cost, or resource management. Furthermore, cloud computing provides services that are cost effective, scalable, and elastic. Nonetheless, despite the many advantages that the cloud computing offers, security concerns have prevented its wide adoption. Eventually, we have shown the advantages of our proposed model in comparison to the previous works from the security and trust computation accuracy perspectives. The results of these evaluations prove that our model is quite proper to be employed in real cloud environments.
Disadvantages: The rest of this paper is organized as the following sections. In section II, we review the related works. In section III, the problem statement is presented in a comprehensive manner. Our proposed trust and reputation based RBAC model is delineated in section. In most applications, some parts of TMSs are dependent to the people’s way of thinking. Since people’s opinions and inferences about the trust are different, in such circumstances, TMSs encounter a problem called “subjectivity problem.” That is to say, in most cases, people’s evaluations, judgments, or behaviors are influenced by their personal beliefs, feelings, and emotions that are not precise to be considered as trust criteria. Modules: Subjectivity Problem: In most applications, some parts of TMSs are dependent to the people’s way of thinking. Since people’s opinions and inferences about the trust are different, in such circumstances, TMSs encounter a problem called “subjectivity problem.” That is to say, in most cases, people’s evaluations, judgments, or behaviors are influenced by their personal beliefs, feelings, and emotions that are not precise to be considered as trust criteria. Therefore, it is clear that any system that is dependent to these criteria cannot be precise. The differences of people in terms of metrics, manners, or even emotional conditions cause the disposition of TMSs to trust diversity. In a simple interpretation, the disposition to trust diversity is a measure that represents how much a person is optimistic in dealing with trust issues. This measure is different from person to person and depends on people’s experiences, inclination to trust, and psychological conditions. Therefore, in order to compute an accurate indirect trust about an entity, a recommended should somehow conform recommenders’ trust to his/her own way of thinking. On/Off Attack: Generally, this type of attack happens when a peer acts maliciously in % of time and acts well in the rest of the time in order to deceive the trust system and maintain its own reputation. The most prevalent type of this attack happens when a
malicious peer first acts well in a period of time to gain good reputation and elevate other peers’ trust to itself; then suddenly, starts to exploit this trust. In trust systems, a malicious user can become trusted by acting well in some minor interactions, however, he/she will act maliciously in important interactions at a suitable opportunity. An illustration of this attack is depicted. Indirect Trust (Recommendation Trust) : In some scenarios, where there are not enough evidences or experiences to compute the direct trust about SUs, an SP needs to evaluate indirect trust. The indirect trust or recommendation trust is an SP’s trust to an SU through receiving recommendations of the other SPs that have had an interaction history with that SU. The recommender importance, subjectivity problem, and collusion are prominent issues that should be taken into account in an indirect trust evaluation. In order to cover these matters, some important factors should be applied in the indirect trust evaluation. A weight function based on transaction numbers , which a recommender has had with the trusted SU, is needed. This factor includes the recommender’s importance based on the interactions experience of the recommender about the SU. Another significant factor that needs to be used is forgetting factor, Δ . The forgetting factor is a parameter to apply the effect of passage of time to the computed weight, which is in interval 0, 1 . Fig. 9 illustrates the effect of applying the forgetting factor. Subjectivity Problem Solution: As we described earlier in the problem statement section, trust is a subjective concept. People’s opinions and their way of thinking affect the accuracy of the indirect trust evaluation. Thus, an SP needs to somehow modify other SPs’ functional trust about an intended SU and make it in accordance with its own perspective. Some previous researches presented solutions to eliminate the subjectivity problem from the trust propagation. We have adopted some parts of the presented solution in to remove the subjectivity problem from our proposed indirect trust model. The presented solution does not consider trust feedbacks as an absolute value but a relative quantity for estimating other SPs’ tendency to trust. In other words, we report the relative standing of the recommender SP’s trust in the target SU in terms of the trust value assignments that the recommender SP has
made in the past. A simple implementation of this idea is to report trust as a percentile. A percentile value indicates the recommender SP’s perception of the target SU in relation to the others that the recommender SP has rated in the past.