Towards Trustworthy Multi-Cloud Services Communities: A Tr - PowerPoint Presentation

Slide1

Towards Trustworthy Multi-Cloud Services Communities: A Trust-based Hedonic Coalitional Game

-presented by-

Andreea

Sistrunk &

Josh

SouthwardSlide2

Presentation Overview

Andreea: Josh:

Problem Definition

Related Work

Service Discovery

Trust Establishment

System Model

Experimental Results

Trust-based Hedonic Game

Hedonic Coalition

Game Formulation

BootstrappingSlide3

Problem Definition and Contributions

Existing Community Formation over Multi-Cloud Configuration

Issues:

- Architecture - a centralized architecture in which a central entity coordinates the operations of the community

-Trust establishment /management - tend to overlook the malicious services in the formation process whose presence is likely in the multi-cloud environmentSlide4

System Model & Assumptions

Cloud federations improve the resource scaling capabilities among providers.

S = {S1,...,Sn} , R = {R1,...,Rn}, satisfaction above β threshold.

Coalition Structure/ Partition (C) = hedonic coalition formation game | C ⊆ S

Example: Judgement J(S1,S2) = T and J(S2,S1) = M

(trueful / collusive)

Accuracy levels Cr(Si → Sj) = n, Cr(Sj → Si) = m|{m,n}

∈R

Utility of Service:

S

i

S

J

G = (S,E,J)

J(Si ,Sj) != J(Sj ,Si) ∈ {T,M} Slide5

System Model & AssumptionsSlide6

System Model

OBJECTIVE: form trusted multi-cloud services communities between services geographically distributed across multiple cloud data centers using a distributed trust model

Multi-Cloud Community Architecture

Recommendation-based or feedback-based trust

Meaningful judgements by considering the opinions of multiple parties

Colluding services

Missing or in-conclusive recommendationsSlide7

Trust Establishment

Uses a recommendation-based system to collect feedback about services

Problems

Malicious services can collude

If there are no incentives for sharing trust values, few nodes actually do, so data is less meaningful

ProposalsAggregation system to overcome malicious services even if they are the majorityIncentive model to motivate services to participateSlide8

Attack Models and Assumptions

Attacks:

Collusion attack

Several malicious services =>increase/decrease the trust score

Non collusive ways

Passive attack

Passive malicious services cheat about available resources and/Or Qos

(1) during trust establishment

(2) during and after communities formationSlide9

The DEBT Trust Framework

Trust Establishment:

(1) Aggregation model for the collected judgments => overcome the collusion attacks even when attackers are the majority

(2) Incentive model for the services => increase participation in trust establishment process

Aggregation technique based on Dempster-Shafer

(1) unlike the Bayesian approach that demands complete knowledge of both prior and conditional probabilities, Dempster-Shafer can represent uncertainty or lack of complete knowledge (2) it provides a powerful rule for combining observations from multiple (possibly unreliable) parties.Slide10

Service Discovery

Trust - constructed by collecting judgments about services based on their previous interactions

Trust establishment on prior collected judgements.

Algorithm that allows direct trust establishment.

Tagging in social network

Related:

Breadth-First Search (BFS) graph theory/ Recursive AlgorithmSlide11

Trust Establishment

Recommendation-based trust based & overcome its challenges

Incentive model for the services to motivate them to participate in the trust establishment process.

Aggregation model for the collected judgments able to overcome the collusion attacks despite extremes when attackers are the majoritySlide12

Social Active Service incentive

1. Enhance ability of selecting suitable partners based on their previous experience

2.Maintaining networks of contacts, the service may learn about the non-functional properties of its peers to adjust its performance accordingly in such a way that increases its competitiveness in the market

3. Participating in the tagging process increases the number of inquiries that each service can make from other services, hence in turn be included in further communitiesSlide13

Trust Establishment

Needs:

Aggregation technique should take into account the existence of colluding services

In need of more complex combination techniques - (i.e. averaging and majority voting insufficient)

Uncertainty

Despaired KnowledgeSlide14

Trust Establishment - Dempster-Shafer theory

Dempster-Shafer = aggregated independent source with some belief degree

Can represent uncertainty or lack of complete knowledge

fairness in the trust aggregation process accounting for even unintentional malice

Provides a powerful rule for combining observations from multiple parties

prevent colluding services from misleading the final aggregate trust value

Slide15

Advantages of the proposed approach

A credibility model update function

Link the credibility scores of the services with the number of inquiries that they are allowed to make

Encouraging services to participate in the trust establishment process

Provide truthful judgmentsSlide16

Dempster-Shafer Theory of Evidence

Method to combine evidence from multiple sources

Can represent uncertainty(!=Bayesian model)

If Service A rates Service B as trustworthy at probability p, that does not mean A thinks B is malicious at the probability 1-p

Ω = {

T,M,U

} T = judgment of trustworthinessM = judgment of maliciousness

U = uncertaintySlide17

Trust Establishment

Basic Probability Assignment (bpa) of a service S in judging another service S’ =>

Ω ^

bpa = credibility score believed on the service giving the judgementSlide18

Trust Establishment

The belief function of service S in service S’ regarding a certain hypothesis H (where H = T,M, and U respectively) after inquiring two other services Slide19

Problem : computing the beliefs

In Trustworthiness =

In Maliciousness =

S

S’Slide20

Theorem

The proposed aggregation technique overcomes the collusion attacks even when attackers are the majority, if the credibility scores of the truthful raters are higher than those of colluding raters. Iif :

(1) the credibility values are between 0 and 1

(2) the credibility scores of the trustworthy raters are higher than those of colluding ones

Demonstration: Assumptions/ Contradiction/ ConclussionSlide21

Credibility Weighting

Introduce a credibility weight to dampen the effects of colluding or malicious nodes

S thinks S’ is trustworthy:

S thinks S’ is malicious:

In the end, a service will be seen as malicious if: Slide22

Aggregation Technique Review

Paper shows that this technique can overcome a majority of malicious services under certain circumstances:Slide23

Updating the Credibility Score

Important score, so needs to be kept up to date through time

Truthful services should gain higher credibility and malicious services should lose credibility

Dampened function to avoid harsh punishments in any given roundSlide24

Updating the Credibility Score

“Truthful services whose judgments agree with the winner belief receive a reward that is equal to the difference between their current credibility scores and the value of that belief.”

“For the untruthful services whose judgments disagree with the winner belief, they undergo a decrease in their credibility scores that is equal to the value of the loser belief.”Slide25

Incentives to Participate in Trust Framework

Number of inquiries that a service is able to make is tied to its credibility score and its participation in the framework (number of instances tagged)

Over time, malicious services will have no access to more inquiries and thus cannot participate in the coalition formation game

Encourages services to provide honest feedback and discourages collusive feedback simultaneouslySlide26

Trust-based Hedonic Coalitional Game

•Model of trusted multi-cloud community

•Hedonic coalitional game with non-transferable utility

•Proposed preference function

•Analysis of resultsSlide27

Game Formulation

Coalitional games are games in which players interact and form groups.

Output of the game is a partition of players into distinct coalitions

Desire to minimize membership of malicious servicesSlide28

Coalitional Games

Cohesive vs non-cohesive coalitional game

Cohesive – optimal state is a “grand coalition” composed of all players

Non-cohesive – optimal state is disjoint coalitions, since formation of the grand coalition is costly

Non-cohesive games often called coalition formation game

This paper proposes three properties for its game model:

The proposed game is a coalition formation game.

The proposed coalitional game is an NTU game.

The proposed coalitional game is hedonic. Slide29

Coalition Formation Game Property

Grand coalition encompasses all members, including malicious services

Disjoint coalitions needed in order to minimize membership of malicious servicesSlide30

Non-transferable Utility (NTU) Property

Transferable utility is utility that can be distributed or transferred (money)

Non-transferable utility is not distributable (happiness)

In this paper’s model, trust is the utility, so it is a non-transferable unit of accountSlide31

Hedonic Game Property

Special case of NTU game

Conditions:

The utility of any player in a given coalition depends only on the members of that coalition.

The players have preferences over the set of possible coalitions and coalitions form based on these preference relationships.

Players “enjoy” being together – requires a preference function to satisfy the second condition aboveSlide32

Preference Function

For every service

Si

∈ N, there is a preference relation (≥

Si

) Si ∈S⊆N.

This relation is a complete, reflexive, and transitive binary relation over the set of all possible coalitions that Si is considering.

Cl ≥Si Cl′ (prefers Cl more than or at least equal to Cl′)

Cl >Si Cl′ (strict preference for Cl)Defined as an evaluation of the preference function PSi

:Slide33

Preference Function

Assigns minimal value to coalitions that contain malicious nodes

Assigns zero value to previously visited coalitions (avoids rejoining any previously visited coalition as long as its members do not change)

Otherwise, the utility of the coalitionSlide34

Hedonic Coalition Formation Algorithm

Input: initial partition of services at a certain time

t

Output: final coalition structure obtained after applying the trust-based hedonic coalition formation algorithm

Iterates through until coalitions converge to a Nash-stable coalition

Process is repeated periodically to account for service changes, additions, and removalsSlide35

Complexity of the Algorithm

•The complexity of the algorithm is

O

(Π), where Π is the coalition partition

•Worst case: Partition of coalitions into singleton coalitions where each service forms its own coalitionSlide36

Analysis of the Trust-based Hedonic Game

Definitions

Nash stability - no player in Π has incentive to leave its current coalition and move to any other coalition (possibly empty) in such a way that makes the coalition structure to change

Individual Stability - no player in Π can benefit by moving from its current coalition to another coalition without making the members of the latter coalition worse offSlide37

Theorems

Algorithm converges to a final coalition structure Π*(tf ) consisting of a number of disjoint coalitions.

Services will not revisit coalitions that have already been visited

Algorithm converges to a Nash-stable coalition structure Π*(tf )

No service prefers to leave its current coalition for a different coalition (possibly emtpy)

Algorithm converges to an individually stable coalition structure Π*(tf )

No player can move to a different coalition without making the destination coalition worse off

Coalition partitions will converge since there are finite number of possible coalitions and already visited coalitions are not checked againSlide38

Experimental Results and Analysis

Setup

Used MATLAB to simulate the cloud services for the experiment

Percentage of malicious services varied from 0% to 50%

Results compared with three benchmarks:

Availability-based coalition formation (just availability)QoS-based coalition formation (availability, throughput, response time)Hedonic Cloud Federations (considers price/cost of services)

Data From the CloudHarmony datasetSlide39

Percentage of malicious services: Our trust-based model minimizes the number of malicious servicesSlide40

Our model improves the availability, response time, and throughput compared to the Availability-based and QoS-based modelsSlide41

Our model improves the availability, response time, and throughput compared to the Hedonic Cloud Federations modelSlide42

Average Coalition Size: Our trust-based model achieves coalitions of less sizeSlide43

Bootstrapping AccuracySlide44

Bootstrapping Results

Sensitivity - rate of true positive identification (positives that are correctly identified)

Specificity - rate of true negative detection (negatives that are correcrtly identified)

Best point would be (0,1) with all area under the curveSlide45

Conclusion

This paper defines a community formation model that works across multiple clouds

Does not rely on centralized architecture

Can establish trust relationships in the presence of malicious/collusive services, even if those services are a majority

Bootstrapping mechanism to seed initial trust for new services based on endorsement (accuracy up to 97.2%)

Reduces malicious services in final partitions by 30% compared to existing community formation models.Improves performance in terms of availability, response time, and throughput.