Research on cloud computing service based on trust access control

Recently, more and more network fraud incidents have damaged the interests of cloud service traders. To enhance mutual trust and win–win cooperation between the users and the cloud service provider, in the article, we construct a trust access control model for cloud services. First, we propose a trust evaluation method based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to express the complexity and uncertainty of trust relationship. Second, we propose trust evaluation and weight algorithm of trust factor by information entropy and maximum dispersion; therefore, our model has a better scientific and higher practical application value. Finally, we design related comparative experiments of three models to verify the efficiency, success rate, accuracy of trust evaluation, and privacy disclosure date, and these results show that our research performance is quite superior.


Introduction
With the rapid development of Internet and information technology, more and more users upload data in cloud computing. 1 Cloud computing provides flexible and scalable services for individuals and organizations, which brings great convenience to users. However, complex architecture and data ownership bring great challenges and impacts on privacy and security in cloud computing. 2 Motivation Traditional access control model relies on certificate authority and complex cryptography algorithm, but its application is severely limited in the distributed network environment of cloud computing. Trust evaluation has become an important method for malicious nodes detection, security assurance, and privacy protection in cloud computing.
The relation between privacy protection and trust is not a new issue, many solutions have been extensively used in data publishing, data searching, data mining, data aggregation, and other areas. In recent years, many relevant articles effectively promote the development of privacy trust research, but there are still some of the following problems.
Many trust methods search feedback nodes through broadcast mode, which result in bandwidth overhead, further affect efficiency. Trust computing is a process of multiattribute decision-making, and many studies calculate the weight-based expert opinions, which is very difficult to dynamically adjudication for the system.
Dynamics is a big challenge of trust evaluation, because the trust is a variable with time, many literature lack the description attenuation of trust, which affect the accuracy of prediction models.

Contributions
To deal with the above issues, the article proposes a model ( Figure 1) for cloud computing service. The main contributions are as follows: We establish a trust evaluation model based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to describe the complexity and uncertainty of trust relationship more comprehensively. We propose weight method of trust decision factor by the information entropy and maximum dispersion, which surpasses the limitations of traditional weight methods for multiple attributes. We design several experiments to describe and analyze the performance evaluation for the trust model, which is examined from efficiency, success rate and satisfaction degree, accuracy and privacy disclosure rate; results certify that our research can effectively complete trust tasks and can protect privacy in the cloud environment.
The structure of this article is as follows. In the second section, we conclude some related work on trust, security, and privacy protection. In the third section, we present the related concept definitions of the model approach based on trust, obligation, privacy, permission, and other elements. In the fourth section, we establish a multiattribute trust weight model based on information entropy. In the fifth section, we design and discuss several experiments. In the sixth section, we summarize research and discuss future work.

Related work
Trust is a significant role in the cloud service that can verify the trust relationship between system entities and improve the security of the system. However, the collection and processing of trust evidence may lead to privacy disclosure, thus some related entities may be unwilling to provide related personal information for trust metrics.
Aluvalu and Muddana 3 proposed an access control system based on obligation trust. Permission is determined by the role, and the trust degree of each user can be improved by the obligation. The popularity of composite services leads to important privacy and security issues. Rohit and Bharat 4 designed an efficient solution to implement security policy in composite web services framework, which protected data privacy in the service life cycle. The solution enabled data owners to control data and reduced the risk of unauthorized access. Bhatia and Singh 5 proposed a privacy-aware access control model, which included several privacy parameters, retention period, environmental conditions, and granularity level. Khaled and Zhu 6 introduced a trust access control model (TB-AC) based on three factors (attribute, observation, and recommendation), the experimental results showed that TB-AC can evaluate access requests within acceptable processing time.
Both trust and risk become important research directions of privacy protection in cloud services. Junqi   reduce the privacy leakage. Further, Nogoorani and Jalili 8 constructed a trust access control framework, the request of user can be permitted or denied by the access policies. In the framework, the site administrator can specify the user's responsibility in the form of obligation. Matin and Nima 9 proposed a method of opinion leader and control entity recognition based on reputation, input degree, and output degree, which eliminated the influence of troll entities in the cloud.
It is very difficult for service consumers to distinguish what is credible service or malicious service. Yan et al. 10 proposed a formal policy specification language called P-SPEC, which can be used to describe the privacy policies of services and consumers' privacy preferences. Furthermore, they proposed a privacy-aware service selection method, which consisted of a set of P-SPEC policies and introduced privacy metrics and privacy-sensitive specific policy matching algorithms, and implemented a prototype of concept to carry out relevant experimental research. Based on the customer feedback, global consultation feedback, and third-party feedback, Varalakshmi and Judgi 11 proposed to evaluate trust service providers based on contextual feedback from different sources. In addition, unfair feedback is filtered to improve accuracy. Based on a set of evaluation indicators, Halabi and Bellaiche 12 proposed a method to quantify and evaluate cloud security services, developed a paradigm using goal question measurement, and used a case to demonstrate the effectiveness and practicability.
Simeon and Iraklis 13 proposed several context semantic representations of access control policies. More specifically, the approach accurately infused specific security and business requirements of these policies with respect to relevant knowledge and cultural relics and can make semantic inferences about policy compliance through prescribed structures. Service of encryption data becomes a challenging problem. Yan et al. 14 proposed two schemes to protect the privacy of providers based on additive homomorphic encryption to support the traditional trust evaluation. The first scheme achieved better computational efficiency, and the second one provided greater security at the consumption of computational cost. Specifically, these algorithms can overcome the attacks of internal malicious evidence providers to a certain extent, even if trust evaluation is partially implemented in the form of encryption.
Both role-based access control (RBAC) and attributebased access control are developed to protect privacy in the cloud. Lan and Vijay 15 proposed a trust model to analyze and improve the security of data in the cloud storage systems by cryptographic RBAC schemes. The trust model provided a method to determine user's credibility, which considered the role inheritance and hierarchy in the trust evaluation, and explained how to use trust assessment to reduce risks and improve the quality of decision-making. Xue and Xue 16 explored a special attribute-based access control scenario in which the data owner allowed multiple users with different attribute sets to gain access rights. Further, by specifying translation nodes in access structure, a controlled cooperative access control scheme based on attributes is proposed. Smari and Clemente 17 proposed an extended access control model based on topic-related attributes, which combined trust and privacy issues to make access control decisions sensitive to cross-organizational collaborative contexts.

Access control based on multiple attributes
According to Figure 1, we express specific details and definitions in this section, and some important parameters are presented in Table 1.

Model architecture
In the section, we propose to construct an access control model, which includes trust, obligation, and risk mechanism. The following paragraphs will introduce some related concepts, and details are shown in Figure 2.
The model contains several basic elements: subject (user), object (resource), attribute, operation, obligation, trust, and policy. To effectively service, the access control system grants authorization to requester and then gives certain operation privileges.
Attribute: it represents the characteristics of the node.
Attr expresses an attribute, Attr ¼ f attr 1 ; attr 2 ; Á Á Á ; attr n g denotes an attribute set. Obligation: it plays a constrained role in access control systems, which means that some operations need to Table 1. Meaning of some parameters.

Parameter Meanings
Trust function ω i Weight of trust function TGðD i ; D j ; S; tÞ Trust between D i and D j The level of a trust tree ρðF k Þ Feedback weight factor Distance factor e t Evaluation error at time t E di Privacy disclosure of i'th access rq Interaction access be performed after accessing objects. The obligation mechanism records the user operation process and allows the monitor to adjust the corresponding user rights in the policy, which can be expressed as Obligation ¼ subject; trigger; f actiong. Under such an obligation mechanism, if a user finds a suspicious or malicious request in the record and notification table, the privacy settings can be updated in a timely manner to enhance privacy security. 12 Permission: it can operate on object, such as allowed, or rejected, Perm ¼ f perm 1 ; perm 2 ; Á Á Á ; perm n g. Operation: it is the action that can be performed on the object, such as reading, writing, copying, editing, deleting, and so on, and the set of operation is described as follows:

Trust decision
Let D 1 ; D 2 ; Á Á Á ; D Z 2 DðSÞ express Z nodes in the system, according to the different roles, there are two categories: cloud service provider (CSP) and users. Suppose that the trust evaluation has many several factors Y 1 ðD i ; D j Þ; TGðD i ; D j ; S; tÞ expresses the trust value between D i and D j , as given in formula (2): where S is provided by D j , TGðD i ; D j ; S; tÞ determines the quality of service, the higher the value of TGðD i ; D j ; S; tÞ, the better the quality of service, and t is the time interval. In a trust system, authorization is determined by the value of trust evaluation. Assume that KÞ. R is an ordered space, assume that CSP can provide S ¼ fs 1 ; s 2 ; Á Á Á ; s P g, the relation function cðTGðD i ; D j ÞÞ between S ¼ fs 1 ; s 2 ; Á Á Á ; s P g and TGðD i ; D j Þ is defined as in formula (3): where R ¼ ðR 1 ; R 2 ; Á Á Á ; R i ; Á Á Á ; R K Þ is determined by the cloud service requirement, when D i requests service from D j , authorization is dependent on the trust value. For example, a cloud service system provides three ranks of service, S ¼ ðs 1 ; s 2 ; s 3 Þ, s 1 represents denial of service, s 2 represents the reading services, and s 3 represents both reading and writing services. The decision level space is R ¼ fR 1 ; R 2 ; R 3 g ¼ f 0; 0:3; 0:5 g, the trust operation authorization is expressed as in formula (4): If trust degree of D j is TGðD i ; D j Þ ¼ 0:2, then the result is ΨðTGðD i ; D j ÞÞ ¼ Ψð0:2Þ ¼ s 1 ¼ deny.

Trust computing
To express the complexity and dynamics of trust, several factors, such as direct trust, trust risk, feedback trust, obligation trust, reward penalty, are introduced to describe the concept of trust. 18

Direct trust
Direct trust usually consists of multiple factors, and related elements are chosen from the CSP record table based on interaction history. 19 Weight calculation. To quantify the different roles of multiple indicators, these weights of multiple attributes are determined based on maximum entropy. There are m users and n attributes, evaluation score matrix EðDÞ is expressed in formula (5), e ij is the evaluation value of j'th attribute of the i'th user: EðDÞ ¼ e 11 ; e 12; ::: e 1n e 21 e 22 ::: e 2n ::: ::: . . .
::: e m1 e m2 ::: e mn Weight method of entropy: Weight of the j'th attribute: ð1 À e j Þ; ð1 j nÞ; 0 l j 1; Decay time factor. Trust has timeliness, so the decay time factor is introduced to reflect trust more accurately. t i is the time slot of the i'th successful transaction and the origin of the time, t 1 i expresses the start time of the i'th service, and t 2 i represents the end time of the i'th service. t 0 is the time slot of the origin time, n is the amount of successful service, and the decay time factor T ðiÞ is given in formula (8): Compute direct trust. The comprehensive of formulas (6) to (8) can be used to evaluate the direct T 1 ðD i ; D j Þ from D i to D j , n is the amount of interaction times, as given in formula (9): Feedback trust Feedback trust is the expected quantification of the transmission content of the node, such as D i trusts D j , D j trusts D k , so, D i trusts D k . There are many possibilities in the trust network, how to select, aggregate, and calculate trust paths is a problem. Assume that D i is the parent node, all the nodes are children of D i , neighbors also have neighbor nodes, so we construct a multilayer weighted digraph (MWD, a sample in Figure 3). DðSÞ is a set of nodes, C represents the trust value from grand node to the subnode, and Y 1 is the trust value. In the MWD, if the layer of root node is level ¼ 0, the layer of the direct neighbor is level ¼ 1, the level of neighbor's neighbor is level ¼ 2, and so on fF 1 ; F 2 ; Á Á Á F l g is set of feedback node, F k is a feedback node, and the feedback trust (such as in Figure 3) function is expressed as formula (10): where l is the number of feedback nodes, ρðF k Þ is a trust feedback factor, and according to the "six degrees of separation" 20 and each level of feedback node, it is expressed as formula (11): where Y 1 ðD m ; D n Þ expresses the direct trust value between D m and D n , and level represents the layer of the feedback trust node. In Figure 3, level ¼ 1, According to formula (11), with the increment of level, the ρðF k Þ will gradually decrease. To improve the efficiency of trust computation in the cloud environment, this section introduces distance factor and quality factor to adjust feedback trust.
The quality factor Z 2 ½0; 1 is a normal number, when the trust value of feedback node is Y 1 ðD i ; D j Þ ! Z, the feedback information is credible; otherwise, Y 1 ðD i ; D j Þ < Z, the feedback node is incredible. The quality factor can enhance the convergence of the system by controlling the aggregation scale of feedback trust.
We define the distance factor w ! 1 as a normal number to limit the propagation range of feedback trust. When levelðD i ; D j Þ w, the node will transfer the data to the adjacent node; otherwise, it will stop transmission. According to formulas (10) and (11), we can aggregate and select the trust of k feedback entities, propose Algorithm 1 by combining feedback trust and distance factor, and levelðD i ; D j Þ represents the distance between D i and D j in the MWD.

Obligation trust
According to obligation description, it is generally necessary to introduce the obligation concept in the access control system. Because a manager must perform obligation when a request can execute, the obligation trust function of node D i can be expressed as formula (12): Obligation has an important impact on users' trust and help to protect privacy in the cyberspace. In formula (12), γ represents the obligation weight; b represents the number of obligations that return the system; OB represents the number of obligations that D i has not been completed during the certain time; GB represents the number of obligations of D i in the certain time; and B is the number of obligations of D i in the cloud system.

Trust risk
Although the literature 8 also introduced the risk mechanism, the system did not consider the relationship between risk and quality of service. According to the principle of economics and perspective of service, risk function is expressed by formula (13): where s j represents the service quality of D j , according to experience, the trust value is higher, the risk is smaller. TGðD i ; D j ; S; tÞ shows the trust evaluation of the latest time, it is a positive proportional relationship between RðD i ; D j Þ and 1 À TGðD i ; D j ; S; tÞ. Trust risk function is mainly used to measure the potential unsafe between CSP and users, as expressed in formula (14): According to formulas (13) and (14), the risk is related to the importance of service, the better service means greater risk, which is an inverse proportion between Y 4 ðD i ; D j Þ and RðD i ; D j Þ.

Reward penalty
In the trust evaluation, we should reward honest behavior and penalize malicious behaviors. So, the reward penalty function can be expressed by formula (15): where P H FðD i ; D j Þ is the number of failure times and H is the number of service times. Because malicious nodes often intentionally destroy or provide false services, the service failure rate is very high, and the reward penalty function can penalize malicious behaviors.

Weight of trust attribute
In the process of trust quantification, the effects of different attributes are different, so we propose a weight method.
From formulas (16) to (18) and the maximum dispersion degree, we get formulas (19) to (22): Based on specific practical requirements, participant can compute ω 1 ; ω i ; ω m by reasonable values of α and formulas (20) to (22). Further, an algorithm is proposed to compute the trust attribute weight. 22 In Algorithm 2, the weight of the trust attribute is determined by m and a. In a specific application, m is a definite value, the key is how to reasonably determine the value of a. In Table 2, when α ¼ 1, then ω 1 ¼ 1 and Weight of the trust attribute.

Total trust computing
In cloud computing, malicious node can submit dishonest feedback to raise another malicious agents' reputation. It is an effective way to avoid malicious feedback by quality factor Z. For example, Z ¼ 0:60 expresses that the system does not use nodes whose trust value is less than 0.60, Algorithm 3 is given below. D i request service from the provider D j , if the D j has no interaction record of D i in the database, according to Algorithms 1 to 3, so we can obtain Algorithm 4.
According to Algorithms 1 to 4, the system can decide to accept or reject request, whether s j is consistent with the trust function TGðD i ; D j ; S; tÞ. If ΨðTGðD i ; D j ; S; tÞÞ ! s j , the system can provide s j to D i , else refuse request.

Experiment design
In this article, we construct a trust model for cloud service (TACM), contain comparison and analysis of the two methods, multifaceted trust management framework (MTMF) based on a trust level agreement in a collaborative cloud 11 and NMTR (a new method for trust and reputation evaluation in the cloud environments using the recommendations of opinion leaders' entities and removing the effect of troll entities 9 ). Experiment parameters are presented in Table 3.

Efficiency evaluation
In the section, we define t c as the time cost of trust aggregation under various network entities.m c represents the average storage space of all kinds of data structures, m total is the total storage space, N is the number of nodes, and m c is defined as formula (23): Time cost. In Figure 4, with the enlargement of network node size, the aggregation time t c of three models increases rapidly, TACM needs less computation time than NMTR and MTMF. This shows that the TACM has better convergence performance, because feedback weight factor can Algorithm 3. Feedback trust Y 2 ðD i ; D j Þ.
Storage cost. Average storage cost is also an important index to measure cloud services. As can be seen from Figure 5, with the increase of network size, the m c of the three models increases quickly, and the average storage of TACM is much less than NMTR and MTMF. In the TACM model, quality factor, trust risk, distance factor, and feedback weight factor can effectively reduce the search length of the trust chain, filter out many malicious nodes; but NMTR and MTMF do not have these factors, further analysis, although NMTR has many factors of trust evaluation, lacks relevant constraint conditions of trust process; therefore, the storage space is the most in the three models.

Success rate and satisfaction degree
In the section, we use two indicators: interaction success rate and satisfaction degree to compare the three models.
Success rate of normal service. As can be seen in Figure 6, the success rate of interaction is different in three methods. Because NMTR lacks risk defense mechanism and the reward penalty factor, when malicious nodes appear, which cannot guarantee the actual service capacity. MTMF introduces trust to meet personal requirement, but it lacks the time decay factor and reward penalty function. TACM does not have these shortcomings, multiple factors can guarantee a higher success rate, such as reward penalty can increase the probability of interaction and service willingness. Therefore, the rank of success rates is TACM > NMTR > MTMF.
Success rate of malicious services. In Figure 7, when the proportion of malicious services increases, the interaction success rate of NMTR and MTMF declines rapidly. However, in the TACM, the trust risk function can filter out some malicious nodes, and the quality factor can filter out some feedback nodes with lower trust value, so the success rate is higher than the other two models. The NMTR and MTMF lack reward penalty function and antirisk capability, so they perform poorly against malicious service.
Satisfaction with different service. As can be seen in Figure 8, NMTR has a lower satisfaction that does not guarantee the actual service in the cloud environment. In the TACM, time decay function solves the trust dynamic change of over time, reward penalty can increase the probability of successful interaction, quality factor enhances the quality of service, trust risk function can filter out the malicious nodes, so the user's service satisfaction degree is high. The trust weight of MTMF model is subjective, the experiment result is not very good. In a word, the service satisfaction rate of TACM is best in the three models.

Accuracy evaluation
To further prove research on privacy protection, in the following experiments, we manually generated 50 K data, each data includes 1000 kinds of attributes, and the value of the attribute is in the ½0; 1.
The accuracy is measured by the error to test whether the proposed algorithm can accurately provide confidence calculation. The error is smaller, the accuracy is higher. If A tþ1 is the true value, TG tþ1 is the evaluation value at t þ 1, these following three methods are introduced to measure the accuracy of trust evaluation.
Mean absolute deviation.   Mean absolute deviation (MAD) can be used to metrics the deviation of evaluation results; thus, e t is the error at time t, e t ¼ TG tþ1 ; ÀA tþ1 , and n is the amount of service transaction times.
According to Figure 9, the average MAD of TACM, MTMF, and NMTR is 0.0928, 0.1145, and 0.1009, respectively. When the number of transactions is more than 1000, the curve of TACM changes more smoothly   than do those of NMTR and MTMF, this shows that fewer simulation interactions can also improve the accuracy of our model. TACM can integrate information entropy into trust evaluation algorithm, so the MAD of trust evaluation is lower than NMTR and MTMF.
Root mean square error. Root mean square error (RMSE) is the variance of the arithmetic square root, which is used to measure the deviation between the real value and evaluation value. The RMSE is shown in the following formula (25): According to Figure 10, the RMSE of TACM, MTMF, and NMTR is 0.0958, 0.1145, and 0.1044, respectively. When the number of transactions is more than 1000, the curve of TACM changes more smoothly than those of NMTR and MTMF, this shows that fewer simulation interactions can also show the accuracy of our model. TACM adopts time decay, trust feedback, and obligation, the dynamic performance is relatively good, but MTMF and NMTR lack similar mechanisms, so the RMSE is the lower than NMTR and MTMF.
Mean absolute percentage error. Mean absolute percentage error (MAPE) is an error measurement way, which represents the accuracy of the evaluation. e t is the error at time t, e t ¼ TG tþ1 ; ÀA tþ1 , TG tþ1 is the evaluation value, and n is the amount of experiment times: In Figure11, the average MAPE of TACM, NMTR, and MTMF is 10.61%, 11.91%, and 12.25%, respectively. When the number of transactions exceeds 1000, MAPE of TACM is much lower than the other two models. Based on the comparison among Figures 9 to 11, TACM is better than NMTR and MTMF. Because the trust model of TACM has good dynamic adaptability and each weight factor is objective and accurate, the error rate is low, while NMTR and MTMF do not have the ability.

Privacy disclosure analysis
Based on the above sections, we further divide the 50 K data set into three categories of privacy sensitivity: high (H), medium (M), and low (L). Assuming that the trust level of consumer T r is below the threshold requirement for the i 0 th interaction, this is considered as a privacy disclosure E di . So, we define privacy disclosure rate as follows: where rq expresses all possible request, and n is the amount of transactions. Figures 12 to 14 show the privacy disclosure rates, respectively, when these categories of L, M, and H vary from 0 to 1. In Figure 12, the privacy disclosure rates of NMTR, TACM, and MTMF are from 0.289, 0.352, 0.361 to 0, respectively. In Figure 13, with the improvement of M, the privacy disclosure rates of TACM, NMTR, and MTMF are finally settled in 0.215, 0.272, and 0.285, respectively. In Figure 14, with the increment of H, the privacy disclosure rates of TACM, NMTR, and MTMF are settled in 0.281, 0.350, and 0.361, respectively. These experimental results show that TACM is better than MTMF and NMTR in terms of privacy protection.
In MTMF, trust relationship model is relatively simple, which cannot protect privacy well in cloud computing. In the NMTR, the lack of objective quantitative formula for the weight of trust attributes seriously impacts on privacy protection. TACM can not only use weight algorithm to adjust trust but also filter out the hidden dangers of insecurity through risk and penalty factors. Therefore, it is superior to MTMF and NMTR in privacy protection.

Conclusion
To mutual trust and win-win cooperation between the users and the CSP, in this article, we establish an access control model based on trust evaluation. First, we propose a multiattribute trust model based on direct trust, trust risk, feedback trust, reward penalty, and obligation trust to describe the complexity of trust relationship; second, we propose a weight method of the trust attribute by the information entropy, which transcends the limitations of traditional multiple attribute weighting methods; third, we design several relevant experiments to evaluate adaptability, accuracy, and efficiency in the cloud environment.
Of course, there are still some shortcomings in this article, the dynamic cloud service selection model needed further improvement; the obligation can be optimized to improve the service accuracy. 23 Further, we will study access control in the mobile networks; in addition, cloud service performance, reliability, and other aspects can be researched more depth in the future. 24