presented by Andreea Sistrunk amp Josh Southward Presentation Overview Andreea Josh Problem Definition Related Work Service Discovery Trust Establishment System Model Experimental Results ID: 622477
Download Presentation The PPT/PDF document "Towards Trustworthy Multi-Cloud Services..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Towards Trustworthy Multi-Cloud Services Communities: A Trust-based Hedonic Coalitional Game
-presented by-
Andreea
Sistrunk &
Josh
SouthwardSlide2
Presentation Overview
Andreea: Josh:
Problem Definition
Related Work
Service Discovery
Trust Establishment
System Model
Experimental Results
Trust-based Hedonic Game
Hedonic Coalition
Game Formulation
BootstrappingSlide3
Problem Definition and Contributions
Existing Community Formation over Multi-Cloud Configuration
Issues:
- Architecture - a centralized architecture in which a central entity coordinates the operations of the community
-Trust establishment /management - tend to overlook the malicious services in the formation process whose presence is likely in the multi-cloud environmentSlide4
System Model & Assumptions
Cloud federations improve the resource scaling capabilities among providers.
S = {S1,...,Sn} , R = {R1,...,Rn}, satisfaction above β threshold.
Coalition Structure/ Partition (C) = hedonic coalition formation game | C ⊆ S
Example: Judgement J(S1,S2) = T and J(S2,S1) = M
(trueful / collusive)
Accuracy levels Cr(Si → Sj) = n, Cr(Sj → Si) = m|{m,n}
∈R
Utility of Service:
S
i
S
J
G = (S,E,J)
J(Si ,Sj) != J(Sj ,Si) ∈ {T,M} Slide5
System Model & AssumptionsSlide6
System Model
OBJECTIVE: form trusted multi-cloud services communities between services geographically distributed across multiple cloud data centers using a distributed trust model
Multi-Cloud Community Architecture
Recommendation-based or feedback-based trust
Meaningful judgements by considering the opinions of multiple parties
Colluding services
Missing or in-conclusive recommendationsSlide7
Trust Establishment
Uses a recommendation-based system to collect feedback about services
Problems
Malicious services can collude
If there are no incentives for sharing trust values, few nodes actually do, so data is less meaningful
ProposalsAggregation system to overcome malicious services even if they are the majorityIncentive model to motivate services to participateSlide8
Attack Models and Assumptions
Attacks:
Collusion attack
Several malicious services =>increase/decrease the trust score
Non collusive ways
Passive attack
Passive malicious services cheat about available resources and/Or Qos
(1) during trust establishment
(2) during and after communities formationSlide9
The DEBT Trust Framework
Trust Establishment:
(1) Aggregation model for the collected judgments => overcome the collusion attacks even when attackers are the majority
(2) Incentive model for the services => increase participation in trust establishment process
Aggregation technique based on Dempster-Shafer
(1) unlike the Bayesian approach that demands complete knowledge of both prior and conditional probabilities, Dempster-Shafer can represent uncertainty or lack of complete knowledge (2) it provides a powerful rule for combining observations from multiple (possibly unreliable) parties.Slide10
Service Discovery
Trust - constructed by collecting judgments about services based on their previous interactions
Trust establishment on prior collected judgements.
Algorithm that allows direct trust establishment.
Tagging in social network
Related:
Breadth-First Search (BFS) graph theory/ Recursive AlgorithmSlide11
Trust Establishment
Recommendation-based trust based & overcome its challenges
Incentive model for the services to motivate them to participate in the trust establishment process.
Aggregation model for the collected judgments able to overcome the collusion attacks despite extremes when attackers are the majoritySlide12
Social Active Service incentive
1. Enhance ability of selecting suitable partners based on their previous experience
2.Maintaining networks of contacts, the service may learn about the non-functional properties of its peers to adjust its performance accordingly in such a way that increases its competitiveness in the market
3. Participating in the tagging process increases the number of inquiries that each service can make from other services, hence in turn be included in further communitiesSlide13
Trust Establishment
Needs:
Aggregation technique should take into account the existence of colluding services
In need of more complex combination techniques - (i.e. averaging and majority voting insufficient)
Uncertainty
Despaired KnowledgeSlide14
Trust Establishment - Dempster-Shafer theory
Dempster-Shafer = aggregated independent source with some belief degree
Can represent uncertainty or lack of complete knowledge
fairness in the trust aggregation process accounting for even unintentional malice
Provides a powerful rule for combining observations from multiple parties
prevent colluding services from misleading the final aggregate trust value
Slide15
Advantages of the proposed approach
A credibility model update function
Link the credibility scores of the services with the number of inquiries that they are allowed to make
Encouraging services to participate in the trust establishment process
Provide truthful judgmentsSlide16
Dempster-Shafer Theory of Evidence
Method to combine evidence from multiple sources
Can represent uncertainty(!=Bayesian model)
If Service A rates Service B as trustworthy at probability p, that does not mean A thinks B is malicious at the probability 1-p
Ω = {
T,M,U
} T = judgment of trustworthinessM = judgment of maliciousness
U = uncertaintySlide17
Trust Establishment
Basic Probability Assignment (bpa) of a service S in judging another service S’ =>
Ω ^
bpa = credibility score believed on the service giving the judgementSlide18
Trust Establishment
The belief function of service S in service S’ regarding a certain hypothesis H (where H = T,M, and U respectively) after inquiring two other services Slide19
Problem : computing the beliefs
In Trustworthiness =
In Maliciousness =
S
S’Slide20
Theorem
The proposed aggregation technique overcomes the collusion attacks even when attackers are the majority, if the credibility scores of the truthful raters are higher than those of colluding raters. Iif :
(1) the credibility values are between 0 and 1
(2) the credibility scores of the trustworthy raters are higher than those of colluding ones
Demonstration: Assumptions/ Contradiction/ ConclussionSlide21
Credibility Weighting
Introduce a credibility weight to dampen the effects of colluding or malicious nodes
S thinks S’ is trustworthy:
S thinks S’ is malicious:
In the end, a service will be seen as malicious if: Slide22
Aggregation Technique Review
Paper shows that this technique can overcome a majority of malicious services under certain circumstances:Slide23
Updating the Credibility Score
Important score, so needs to be kept up to date through time
Truthful services should gain higher credibility and malicious services should lose credibility
Dampened function to avoid harsh punishments in any given roundSlide24
Updating the Credibility Score
“Truthful services whose judgments agree with the winner belief receive a reward that is equal to the difference between their current credibility scores and the value of that belief.”
“For the untruthful services whose judgments disagree with the winner belief, they undergo a decrease in their credibility scores that is equal to the value of the loser belief.”Slide25
Incentives to Participate in Trust Framework
Number of inquiries that a service is able to make is tied to its credibility score and its participation in the framework (number of instances tagged)
Over time, malicious services will have no access to more inquiries and thus cannot participate in the coalition formation game
Encourages services to provide honest feedback and discourages collusive feedback simultaneouslySlide26
Trust-based Hedonic Coalitional Game
•Model of trusted multi-cloud community
•Hedonic coalitional game with non-transferable utility
•Proposed preference function
•Analysis of resultsSlide27
Game Formulation
Coalitional games are games in which players interact and form groups.
Output of the game is a partition of players into distinct coalitions
Desire to minimize membership of malicious servicesSlide28
Coalitional Games
Cohesive vs non-cohesive coalitional game
Cohesive – optimal state is a “grand coalition” composed of all players
Non-cohesive – optimal state is disjoint coalitions, since formation of the grand coalition is costly
Non-cohesive games often called coalition formation game
This paper proposes three properties for its game model:
The proposed game is a coalition formation game.
The proposed coalitional game is an NTU game.
The proposed coalitional game is hedonic. Slide29
Coalition Formation Game Property
Grand coalition encompasses all members, including malicious services
Disjoint coalitions needed in order to minimize membership of malicious servicesSlide30
Non-transferable Utility (NTU) Property
Transferable utility is utility that can be distributed or transferred (money)
Non-transferable utility is not distributable (happiness)
In this paper’s model, trust is the utility, so it is a non-transferable unit of accountSlide31
Hedonic Game Property
Special case of NTU game
Conditions:
The utility of any player in a given coalition depends only on the members of that coalition.
The players have preferences over the set of possible coalitions and coalitions form based on these preference relationships.
Players “enjoy” being together – requires a preference function to satisfy the second condition aboveSlide32
Preference Function
For every service
Si
∈ N, there is a preference relation (≥
Si
) Si ∈S⊆N.
This relation is a complete, reflexive, and transitive binary relation over the set of all possible coalitions that Si is considering.
Cl ≥Si Cl′ (prefers Cl more than or at least equal to Cl′)
Cl >Si Cl′ (strict preference for Cl)Defined as an evaluation of the preference function PSi
:Slide33
Preference Function
Assigns minimal value to coalitions that contain malicious nodes
Assigns zero value to previously visited coalitions (avoids rejoining any previously visited coalition as long as its members do not change)
Otherwise, the utility of the coalitionSlide34
Hedonic Coalition Formation Algorithm
Input: initial partition of services at a certain time
t
Output: final coalition structure obtained after applying the trust-based hedonic coalition formation algorithm
Iterates through until coalitions converge to a Nash-stable coalition
Process is repeated periodically to account for service changes, additions, and removalsSlide35
Complexity of the Algorithm
•The complexity of the algorithm is
O
(Π), where Π is the coalition partition
•Worst case: Partition of coalitions into singleton coalitions where each service forms its own coalitionSlide36
Analysis of the Trust-based Hedonic Game
Definitions
Nash stability - no player in Π has incentive to leave its current coalition and move to any other coalition (possibly empty) in such a way that makes the coalition structure to change
Individual Stability - no player in Π can benefit by moving from its current coalition to another coalition without making the members of the latter coalition worse offSlide37
Theorems
Algorithm converges to a final coalition structure Π*(tf ) consisting of a number of disjoint coalitions.
Services will not revisit coalitions that have already been visited
Algorithm converges to a Nash-stable coalition structure Π*(tf )
No service prefers to leave its current coalition for a different coalition (possibly emtpy)
Algorithm converges to an individually stable coalition structure Π*(tf )
No player can move to a different coalition without making the destination coalition worse off
Coalition partitions will converge since there are finite number of possible coalitions and already visited coalitions are not checked againSlide38
Experimental Results and Analysis
Setup
Used MATLAB to simulate the cloud services for the experiment
Percentage of malicious services varied from 0% to 50%
Results compared with three benchmarks:
Availability-based coalition formation (just availability)QoS-based coalition formation (availability, throughput, response time)Hedonic Cloud Federations (considers price/cost of services)
Data From the CloudHarmony datasetSlide39
Percentage of malicious services: Our trust-based model minimizes the number of malicious servicesSlide40
Our model improves the availability, response time, and throughput compared to the Availability-based and QoS-based modelsSlide41
Our model improves the availability, response time, and throughput compared to the Hedonic Cloud Federations modelSlide42
Average Coalition Size: Our trust-based model achieves coalitions of less sizeSlide43
Bootstrapping AccuracySlide44
Bootstrapping Results
Sensitivity - rate of true positive identification (positives that are correctly identified)
Specificity - rate of true negative detection (negatives that are correcrtly identified)
Best point would be (0,1) with all area under the curveSlide45
Conclusion
This paper defines a community formation model that works across multiple clouds
Does not rely on centralized architecture
Can establish trust relationships in the presence of malicious/collusive services, even if those services are a majority
Bootstrapping mechanism to seed initial trust for new services based on endorsement (accuracy up to 97.2%)
Reduces malicious services in final partitions by 30% compared to existing community formation models.Improves performance in terms of availability, response time, and throughput.