A fuzzy inference system (FIS) to evaluate the security readiness of cloud service providers

Abstract Cloud computing is a model for on-demand delivery of IT resources (e.g., servers, storage, databases, etc.) over the Internet with pay-as-you-go pricing. Although it provides numerous benefits to cloud service users (CSUs) such as flexibility, elasticity, scalability, and economies of scale, there is a large trust deficit between CSUs and cloud service providers (CSPs) that prevents the widespread adoption of this computing paradigm. While some businesses have slowly started adopting cloud computing with careful considerations, others are still reluctant to migrate toward it due to several data security and privacy issues. Therefore, the creation of a trust model that can evolve to reflect the true assessment of CSPs in terms of either a positive or a negative reputation as well as quantify trust level is of utmost importance to establish trust between CSUs and CSPs. In this paper, we propose a fuzzy-logic based approach that allows the CSUs to determine the most trustworthy CSPs. Specifically, we develop inference rules that will be applied in the fuzzy inference system (FIS) to provide a quantitative security index to the CSUs. One of the main advantages of the FIS is that it considers the uncertainties and ambiguities associated with measuring trust. Moreover, our proposed fuzzy-logic based trust model is not limited to the CSUs as it can be used by the CSPs to promote their services through self-evaluation. To demonstrate the effectiveness of our proposed fuzzy-based trust model, we present case studies where several CSPs are evaluated and ranked based on the security index.