Keywords

1 Introduction

Information technology has gained a tremendous advantage in doing business through cloud computing. The service delivery model of the cloud has evolved from a simple application delivery model to complex nature where a multinational organization can be easily set up with minimal time and effort. Though cloud is being adopted extensively by many startups and small and medium enterprises, still numerous issues are encompassing it. Specifically, trust, privacy, and security are the major issues that needs to be addressed immediately for effective adoption. Privacy relates to the protection of personal data within the preview of the owner and within a designated boundary. Security is all about protecting the data from unauthorized access and destruction or modification of the data. But trust relates to how good the ecosystem behaves as expected, and how trust can ensure the confidence among users through integrity assurance. Hence privacy and security objective could be achieved only if the environment is trustworthy. The trusted nature of the environment could be achieved through direct and indirect trust [1]. Direct trust relates to the experience of the agent who is assessing the parameters of a particular entity based on regular observations and indirect trust is all about how others can influence the information being passed.

Our proposed model takes into account direct observation of behavior for the formation of cloud federation. Federation of cloud can be achieved through the cooperation of like-minded service providers to get into a mutual agreement for the purpose of cost sharing or to provide the resources. This cost-sharing method is derived though the game-theoretic approach. Game theory is a study of mathematical models of conflict and cooperation between rational decision-makers [2]. It models the strategic scenario between the players and analyses its behavior for future coordination. Generally classified into cooperative and non-cooperative, where the later approach utilizes the competition between individual players and the former i.e., cooperative game theoretic model ensures that every player has the right to form a pre-play communication, to make any mutual agreement [3]. The agreements can be of either to improve their strategies or share the cost-benefit. Hence in an environment like cloud, competitions outcome can destroy the providers for gain. Therefore for a trustworthy cloud service, the cooperative game would be the ideal choice to adopt for mutual gain.

2 Literature Survey

Trustworthy multi-cloud communities can maximize the benefits and minimizes the misbehavior and collusion attack amongst cloud players [4]. Existence of Nash Equilibrium and revenue sharing mechanism through game theory has been considered for edge based cloud computing system [5]. A game theory based trust measurement model is proposed for social networking to solve free-riding problem through punishment mechanism [6]. In another work [7], based on multimedia application delivery model in the cloud, it aims at minimizing the penalties due to violation of service quality by any untrusted providers. The federation dynamically provides VM instances to users with Quality of Services (QoS) guarantee and satisfies fairness and stability property. An extensive survey towards trusted cloud computing focusing on security, reliability, dependability, and many more parameters related to improving the trust is carried out [8]. A trust model for assessing the cloud service providers based on their trust category and then assuring it through attestation is proposed [9, 10]. Thus it can be said that computing in cloud to identify the service providers requires in depth knowledge on game theory and its associated properties. Thereby, trustworthy cloud service providers can easily be combined to form a coalition and bind them into a joint agreement so that they do not move to form another coalition.

3 Cooperative Game Theory Model

By formulating a coalition game and define a proper payoff characteristic function for that coalition, can mitigate the insider attacks namely collusion attacks. Preventing collusion attack by forming a coalition of trusted partners in the cloud will increase the trustworthiness of players. If we can able to cooperate then there are more advantages then being alone.

3.1 Motivation for Game Theoretic Solution

  1. (i)

    The trustworthy nature of cloud environment can be modeled as a coalitional game with transferable payoff (N, ʋ), where, N is a finite set of players, indexed, by i, and ʋ: 2N |—> R. Here ʋ can be said as a trustworthy characteristics function that is associated with every non empty subset S of N a real number ʋ(S). It means that the function ʋ is the quantified trusted level each coalition S can achieve.

  2. (ii)

    The objective of modeling this trusted grand coalition is

    1. a.

      To define the trustworthy characteristics of every possible coalition.

    2. b.

      To prove that this game will give a stable coalition outcome, where no other coalition will obtain a better trusted outcome for its members.

    3. c.

      Identify malicious service providers, who could not possibly join the coalition is said to be under high suspicion.

    4. d.

      Also, the coalition can be dissolved at any other later time and can regroup to form a new coalition based on the policy and imputation strategy.

3.2 Trustworthy Characteristics

Trust is an uncertain principle, where the states of any cloud service providers (CSP) are not fully identified and the information is mostly imperfect. In this scenario, the information about a provider can be assessed based on how much he has cooperated with another, during his past experience. The objective is to identify any provider’s capability to interact. To avoid detection, a malicious machine does not coordinate with other peers. Trusted machines are one, who interact and coordinate for some process then can jointly agree on certain terms and conditions, which is an important principle for trust. A CSP is said to have more trust if he has more networked peers with him (Fig. 1).

Fig. 1.
figure 1

Networked CSP to form Coalition S

Full size image

According to game theory, every player communicates and shares the information that is observed during the previous interactions. This helps them to make an assured decision, whether or not to cooperate with other members or nodes. The third parameter to assess the trusted nature of the service provider is the maximum quality service completion nature of the provider. It implies that for every service that is being delivered before the coalition, its completion objective is assessed. The completion parameters are Timely Response, Downloaded Size, Successful Service Initialization, Successful Service Completion, Log File Stored, User’s Service Satisfaction Report, Security and Privacy Objective in SLA Agreement. Any coalition game must be modeled with correct payoff value, which in our case is the trustworthy characteristics function ʋ(S). Thus our trustworthy characteristics function has three components.

Case 1: Maximum Networked Members

For N players in a network, all the possible coalition S is 2N, i.e., S ϵ 2N, and the number of nodes in it is |S|. Then the total possible networked members would be |S| − 1, who can at the maximum interact or get networked with a particular service provider. At any time t, the trustworthy characteristics function for the networked members are

$$ {\text{N}}_{\text{t}} \left( {\text{S}} \right)\, = \,\left| {\text{S}} \right|\, - \,1 $$
(1)

Case 2: Maximum Interaction to Share the Information through Cooperation

For identifying the maximum cooperation by a provider with that of his peer group, we need to identify the probability of interaction taken place. This, in turn, is the probability of every other provider giving an admission policy. Suppose for any provider i, it will have a log table which will contain the history of interactions made HI(i). In every interaction that i make will have the details of j and amount of cooperation that it has made, given in-terms of cooperation probability Pi,j. As already discussed, as the size of the coalition is high, then every player would be more tolerant and robust. So, we assume that the size is maximum. Then we can define the trustworthy characteristics function as.

$$ {\text{C}}_{\text{t}} \left( {\text{S}} \right) = max_{j \in S} \left\{ { \left. {\sum i \in I\,.\,p_{ij} } \right|I = \left\{ {i \in S,\,i \ne j,\,p_{ij} \ne 0} \right\}} \right\} $$
(2)

The Eq. 2, defines that i is a player who is currently under the coalition I which in turn is a subset of S. The cooperation is between i and j, whose interaction during the past history is noted and hence the cooperation probability is assumed to be non-zero. However, a case of the initial state, when the players are new for the coalition, the trustworthy characteristic function is not determined.

Case 3: Maximum Services that have been delivered correctly

Identifying the maximum service quality completion by a provider, we need to assess various QoS parameters. Even though there are numerous QoS, many of them require verification at that instance of time. This verification if it is done by a peer provider through a standardized API, then the intention of the coalition would succeed. The purpose of the coalition S is that, to jointly agree on utility share by all the providers. The utility can be maximized only if, every player in the coalition have the authority to assess the performance of every other player. Through this way, the players can improve, coordinate with peers and provide the best service for its customers.

$$ {\text{Q}}_{\text{t}} \left( {\text{S}} \right) = max_{i,j \in S} \left\{ {\begin{array}{*{20}c} {\sum\nolimits_{k = 1}^{n} {\left( {We\,.\,Q_{ij}^{pk} \left( {t - \delta t} \right) + \left( {1 - We} \right)\,.\,Q_{ij}^{dk} \left( t \right)} \right)\;if\;i\;checks\;j} } \\ {Q_{ij}^{k} \left( {t - \delta t} \right)\quad \quad \quad \quad \quad \quad \quad \quad \quad \quad else} \\ \end{array} } \right. $$
(3)

We, is the weight associated with the previous evaluation of the quality metrics.

\( Q_{ij}^{pk} \) is the previous observation of the quality score for various quality metrics k, which is evaluated at time \( t - \delta t \), by j for i. If player i does not check j then the normal observation \( Q_{ij}^{k} \) of either i or j is considered, which is extremely low or neglected.

\( Q_{ij}^{dk} \) is the direct observation of the quality score for various quality metrics k, evaluated at time t, by j for i, as shown in Fig. 2. The weight associated with this component is (1 − We). Assuming that every verification of j, towards i, leads to a positive result of a negative value. Then to evaluate it, we simply perform a normalization process of the successful positive trust value using.

Fig. 2.
figure 2

CSP j assess the QoS of i for interaction with the consumer

Full size image
$$ Q_{ij}^{dk} \left( t \right) = \frac{No.\; of\;Success}{No.\,of\;Success\; + \;No.\; of\;Failure} $$

For example, for a total of 5 direct observations made at time t, if the success is 3 then 3/3 + 2 = 0.6 is the trust generated by j towards i, for a specific quality metrics say, the number of successful initialization (ks). To evaluate,\( Q_{ij}^{ } \), we may require to monitor the metrics associated with each provider and should be properly weighted. This quality measure \( Q_{ij}^{ } \left( t \right) \) is an evaluation of quality by j towards i, estimated based on the observation made at time t. and represented as a real number in the range [0, 1], where 1 indicates complete trust and 0 indicates distrust. In case the assessment is carried by any other player other than the peer j, then the Weightage factor We need not be considered, just the previous observation be taken. Considerations: The size of the coalition S should be more than 1, because if S = 1 then, it means that there are no peer coalition. Moreover, Eqs. 1 and 2, will become invalid, having the trustworthy characteristics ʋ(S) = 0.

If |S| = 1, then ʋ(S) = 0, Hence, we need a linear combination of the three metrics,

$$ \upupsilon\left( {\text{S}} \right) = \left\{ {\begin{array}{*{20}l} 0 \hfill & {\left| S \right| = 1} \hfill \\ {\upalpha{\text{Nt}}\left( {\text{S}} \right) + \beta {\text{Ct}}\left( {\text{S}} \right) + \delta {\text{Qt}}\left( {\text{S}} \right),} \hfill & {\left| {\text{S}} \right| \ge 2} \hfill \\ \end{array} } \right. $$
(4)

Where, \( \alpha ,\beta ,\gamma \) are weightage factors and \( \alpha + \beta + \gamma = 1 \), the weights are calculated based on relative preference over others using the mathematical algorithm of Analytical Hierarchy Processing (AHP).

4 Proof of Game Theory

Let us prove that our trustworthy characteristics function Ê‹(S), satisfies these solution concepts for making our model a truly game theoretic solution.

Theorem 1: Individual Rationality: A player in the coalition should receive more than what he will gain by not entering into the coalition.

In order to investigate the individual rationality, we need to identify the individual payoff for a particular player i, before joining the coalition. Also, the share of payoff received by i, after joining the coalition.

Definition:

For a coalition with no nodes to join the coalition, the value of |S| = 1, and hence the characteristics function for networking becomes Nt(S) = 0. Therefore, for an individual player, to get the maximum benefit should network with all other members of that coalition. Thus the networking function for an individual payer is

$$ N_{t}^{S} \left( i \right) = { \hbox{max} }\left( {\left| {\text{S}} \right|} \right) - 1 $$
(5)

We have, the cooperation parameter, where any node admitted into the coalition gets the maximum probability of cooperation, therefore

$$ C_{t}^{S} \left( i \right) = max_{j \in S} \cdot p_{ij} $$
(6)

Similarly, for any successful transaction requires the delivery of quality of services

$$ Q_{t}^{S} \left( i \right) = max_{i,j \in S} \,Q_{ij}^{ } $$
(7)

The imputation x is then the linear combination of all the individual players payoff, thus its trustworthy share is defined as

$$ x_{t}^{S} \left( {\text{i}} \right) = \frac{1}{\left| S \right|}\left( {\alpha N_{t}^{S} \left( i \right) + \beta C_{t}^{S} \left( {\text{i}} \right) + \gamma Q_{t}^{S} \left( {\text{i}} \right)} \right) $$
(8)

The above equation proves that, the overall imputation, if divided by the total number of players in the coalition will certainly be greater than zero. Hence the payoff share for any player who is in the coalition is more than that of not being in the coalition.

Theorem 2: Core: A Set of feasible allocation or a stable state, which cannot be improved upon by another coalition.

Even though a player gets benefited through joining a coalition, rather than staying alone, the player would jump from one coalition to another.

Definition:

For any transferable utility cooperative game (N, ʋ), where N denotes the set of players and ʋ is the characteristics function (in our case it is the trust function). An imputation y is dominant over the existing imputation or payoff x, where y is the payoff for the coalition C, where, C ∈ 2N, such that each player in C prefers y, because xi \( \le \) yi for all i ∈ C. This implies that any player i who is getting benefited in the C, will stand to threaten C to leave the coalition. This is the player who is the most untrusted, or distrustful member. To overcome such an opportunity, there should exist equilibrium, called the core which is non-empty, where a set of imputations are not being dominated by any other better coalition.

Proof:

The sum of the payoff of all the members in the coalition must be larger than the value of that coalition, then this equilibrium point is the core of the game.

$$ \sum {x_t^S({\rm{i}}) \ge {\upsilon_{\rm{t}}}({\rm{S}}),\;{\rm{for}}\;{\rm{all}}\;{\rm{S}}\, \upepsilon \,{2^{\rm{N}}}} $$
(9)

Through this equation, we can state that the trustworthy characteristics of the cloud providers have a core and, the possibility of any provider leaving the coalition will fail, and also his chances of getting into another coalition are also very difficult.

5 Implementation and Results

A simple Image Processing Service is built to provide such a kind of cooperation by making it mandatory to select at least 3 services out of 8. Since the implementation is setup on a real-time cloud environment developed using OpenStack, the number of services being initialized is depended on the number of VM on the test system, in our case it is a Quad core CPU with 8 GB RAM. The result for the trust policy where it evaluates the three attributes to identify the cooperative nature is presented in Table 1.

Table 1. Evaluation of cooperation trust value for TIPS
Full size table

Thus, all CSPs gain equally by coordinating with peer members, also the cooperation trust value dynamically changes for every interaction made. The experimental results prove that all have a balanced score with imputation policy.

6 Conclusion

Cloud has advanced to such an extent that there are numerous service providers for a single application; hence clients need to select a provider who can deliver the service as promised. Only a trusted service provider is capable and certain that his service would deliver what has been promised. To ensure the trustworthy nature of CSP, it is necessary to assess and coordinate the providers to form a coalition so that they are bound to certain conditions. Thus our work has proposed and modeled a theoretical approach for cloud federation through cooperative game theory. The payoff share and properties of core in the game, evidently describes that the players are well off if they are within the coalition agreeing to the imputation policy of the coalition. Else, they are sidelined to work it out alone, which can lead to malicious intent to subvert the coalition. In future, the model can be simulated for an application service delivery by CSP and compared for their share. Further, in a real-time open stack implementation, the model can be placed as an initial criterion for behavior assessment, where every provider must form a coalition to be rated with a trust value.