CloudArmor: Supporting Reputation-Based Trust Management for Cloud Services

No Comments

CloudArmor: Supporting Reputation-Based Trust Management for Cloud Services


Trust management is one of the most challenging issues for the adoption and growth of cloud computing. The highly dynamic, distributed, and non-transparent nature of cloud services introduces several challenging issues such as privacy, security, and availability. Preserving consumers’ privacy is not an easy task due to the sensitive information involved in the interactions between consumers and the trust management service. Protecting cloud services against their malicious users (e.g., such users might give misleading feedback to disadvantage a particular cloud service) is a difficult problem. Guaranteeing the availability of the trust management service is another significant challenge because of the dynamic nature of cloud environments. In this article, we describe the design and implementation of CloudArmor, a reputation-based trust management framework that provides a set of functionalities to deliver trust as a service (TaaS), which includes i) a novel protocol to prove the credibility of trust feedbacks and preserve users’ privacy, ii) an adaptive and robust credibility model for measuring the credibility of trust feedbacks to protect cloud services from malicious users and to compare the trustworthiness of cloud services, and iii) an availability model to manage the availability of the decentralized implementation of the trust management service. The feasibility and benefits of our approach have been validated by a prototype and experimental studies using a collection of real-world trust feedbacks on cloud services.



  • According to researchers at Berkeley, trust and security is ranked one of the top 10 obstacles for the adoption of cloud computing. Indeed, Service-Level Agreements (SLAs).
  • Consumers’ feedback is a good source to assess the overall trustworthiness of cloud services. Several researchers have recognized the significance of trust management and proposed solutions to assess and manage trust based on feedbacks collected from participants.


  • Guaranteeing the availability of TMS is a difficult problem due to the unpredictable number of users and the highly dynamic nature of the cloud environment.
  • A Self-promoting attack might have been performed on cloud service sy, which means sx should have been selected instead.
  • Disadvantage a cloud service by giving multiple misleading trust feedbacks (i.e., collusion attacks)
  • Trick users into trusting cloud services that are not trustworthy by creating several accounts and giving misleading trust feedbacks (i.e., Sybil attacks).


  • Cloud service users’ feedback is a good source to assess the overall trustworthiness of cloud services. In this paper, we have presented novel techniques that help in detecting reputation based attacks and allowing users to effectively identify trustworthy cloud services.
  • We introduce a credibility model that not only identifies misleading trust feedbacks from collusion attacks but also detects Sybil attacks no matter these attacks take place in a long or short period of time (i.e., strategic or occasional attacks respectively).
  • We also develop an availability model that maintains the trust management service at a desired level. We also develop an availability model that maintains the trust management service at a desired level.


  • TrustCloud framework for accountability and trust in cloud computing. In particular, TrustCloud consists of five layers including workflow,
  • Propose a multi-faceted Trust Management (TM) system architecture for cloud computing to help the cloud service users to identify trustworthy cloud service providers.



  • Cloud Service Provider Layer
  • Trust Management Service Layer
  • Cloud Service Consumer Layer
  • Sybil Attacks Detection



Cloud Service Provider Layer

In first module, we develop Cloud Service Provider Layer. This layer consists of different cloud service providers who offer one or several cloud services, i.e., IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service), publicly on the Web. These cloud services are accessible through Web portals and indexed on Web search engines such as Google, Yahoo, and Baidu. Interactions for this layer are considered as cloud service interaction with users and TMS, and cloud services advertisements where providers are able to advertise their services on the Web.

Trust Management Service Layer

This layer consists of several distributed TMS nodes which are hosted in multiple cloud environments in different geographical areas. These TMS nodes expose interfaces so that users can give their feedback or inquire the trust results in a decentralized way. Interactions for this layer include: i) cloud service interaction with cloud service providers, ii) service advertisement to advertise the trust as a service to users through the Internet, iii) cloud service discovery through the Internet to allow users to assess the trust of new cloud services, and iv) Zero-Knowledge Credibility Proof Protocol (ZKC2P) interactions enabling TMS to prove the credibility of a particular consumer’s feedback.

Cloud Service Consumer Layer

Finally, this layer consists of different users who use cloud services. For example, a new startup that has limited funding can consume cloud services (e.g., hosting their services in Amazon S3). Interactions for this layer include: i) service discovery where users are able to discover new cloud services and other services through the Internet, ii) trust and service interactions where users are able to give their feedback or retrieve the trust results of a particular cloud service, and iii) registration where users establish their identity through registering their credentials in IdM before using TMS.


Sybil Attacks Detection

Since users have to register their credentials at the Trust Identity Registry, we believe that Multi-Identity Recognition is applicable by comparing the values of users’ credential attributes from the identity records I. The main goal of this factor is to protect cloud services from malicious users who use multiple identities (i.e., Sybil attacks) to manipulate the trust results. In a typical Trust Identity Registry, the entire identity records I are represented as a list of m users’ primary identities.





  • System                           :         Pentium Dual Core.
  • Hard Disk                      :         120 GB.
  • Monitor                         :         15’’ LED
  • Input Devices                 :         Keyboard, Mouse
  • Ram                               :         1GB.


  • Operating system                    :         Windows 7.
  • Coding Language           :         JAVA/J2EE
  • Tool                               :         Netbeans 7.2.1
  • Database                        :         MYSQL


Talal H. Noor, Quan Z. Sheng, Member, IEEE, Lina Yao, Member, IEEE, Schahram Dustdar, Senior Member, IEEE, and Anne H.H. Ngu, “CloudArmor: Supporting Reputation-Based Trust Management for Cloud Services”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 27, NO. 2, FEBRUARY 2016.


Fields marked with an * are required



Please, let us know the best time to contact you by phone (if provided).

I would like to get new blog posts by email