Trust Assessment Model Based on a Zero Trust Strategy in a Community Cloud Environment

The adoption of Cloud Computing services in everyday business life has grown rapidly in recent years due to the many benefits of this paradigm. The various collaboration tools offered by Cloud Computing have eliminated or reduced the notion of distance between entities of the same company or be-tween different organizations. This has led to an increase in the need to share resources (data and services). Community Cloud environments have thus emerged to facilitate interactions between organizations with identical needs and with specific and high security requirements. However, establishing trust and secure resource sharing relationships is a major challenge in this type of complex and heterogeneous environment. This paper proposes a trust assessment model (SeComTrust) based on the Zero Trust cybersecurity strategy. First, the paper introduces a community cloud architecture subdivided into different security domains. Second, it presents a process for selecting a trusted organization for an exchange based on direct or recommended trust value and reputation. Finally, a system for promoting or relegating organizations in the different security domains is applied. Experimental results show that our model guarantees the scalability of a community cloud with a high success rate of secure and quality resource sharing.

Engineering cant gains in terms of financial revenues linked to the use of Cloud services and to rich and diversified service offerings have favored its adoption by companies [2]. However, organizations with high security requirements and legal considerations are reluctant to use Cloud services. This distrust of CC by these companies is due to the dependency on Cloud service providers and the security of sensitive data [3]. One solution to this problem is the use of the Community Cloud (3C) deployment model. The 3C is defined as an infrastructure shared by several organizations and supported by a specific community for the purpose of exchanging resources [4]. Each organization can offer services or make its excess or unused resources available to the community. As an example, a Community Cloud for the agricultural sector can provide relevant services with specific requirements (seed orders, crop rotation, stakeholder investments, soil management techniques, product exposure, etc.) and a required level of security (authentication, confidentiality, communication security, data protection, denial of service protection, supply chain traceability, etc.) for farmers and companies in the sector. In such an environment, managing trust between different entities is a major challenge to meet security requirements and encourage resource sharing [5]. Trust is a prerequisite for building sustainable relationships [6]. Several works related to trust management in CC have been done. L. Guo et al. presented in [7], a trust management model based on mutual trust with a reward and punishment mechanism. The special feature of this system is that it considers the opinions of the user and the provider by expressing mutual trust between them. InterTrust, a trust management technique based on subjective logic was introduced in [8]. It shows an improvement of the Trust Network Analysis with Subjective Logic (TNA-SL) trust management algorithm [9] in terms of the significant reduction in execution time. In addition, work has been done to ensure trust in federated cloud environments. Performance-based Risk driven Trust (PRTrust) was presented in [10]. This model allows the establishment of performance and risk-based trust for secure service sharing. It is an extension of the EigenTrust model [11] and is an effective tool for recommending services to users. A study in [12] presented TrustyFeer, a trust management system for improving service quality using subjective logic. This technique shows better results in terms of reducing non-SLA compliant services compared to TNA-SL and EigenTrust models. Most of the models mentioned above only address trust from a cloud service provider and or user perspective. Moreover, most of these trust assessment models are based on feedback from previous exchanges that may be biased by malicious entities [13] [14]. Furthermore, these assessments are made without considering the specificities of an environment such as the Community Cloud. It is important to address trust management in 3C by considering the social and community aspects on the one hand and the security threats internal and external to the system on the other. Therefore, this article proposes, a trust management model (SeComTrust) based on Zero Trust strategy principles in a community cloud. Zero Trust is an architectural concept that  [16]. Our strategy is based on the subdivision of our 3C into security zones as in [17]. These security perimeters are groupings of organizations providing resources with levels of sensitivities established based on the common vulnerability assessment system (CVSS) [18]. The contributions of our approach are as follows: A community cloud architecture model segmented into security domains for sharing resources with well-defined levels of vulnerabilities; -A technique for evaluating and selecting a trusted organization; -A mechanism for updating trust values allowing the promotion or relegation of organizations in the security domains.
In the rest of this paper, Section 2 presents the model and its operation. Section 3 describes the experiments and the associated results. Finally, section 4 concludes the article and proposes perspectives for the improvement of our model.

Research Hypothesis
The SeComTrust, is based on a community cloud consisting of organizations interacting with each other for the purpose of sharing resources. Our 3C is subdivided into three security domains: the Low Security Domain (L sd ), the Intermediate Security Domain (M sd ) and the High Security Domain (H sd ). A security domain is a grouping of organizations that demonstrate the ability to provide resources of a given sensitivity level. Exchanges can be made between organizations of the same or different security domains. From these interactions, trust relationships can be deduced. These trust relationships are described by opinions expressing the level of trust between the organizations. An opinion is a subjective belief based on trust and allows one to express the trust value given to an organization [19] [20]. Figure 1 below represents a trust network overlay (TON) to our community resource sharing cloud like the proposal in [21]. The vertices or nodes of this network illustrate organizations and the edges represent interactions between them. A trust relationship between two entities is represented by an arrow whose source is the requester and the tip is the resource provider. The label of an edge expresses the trust opinion of the requester towards the supplier. An organization requesting a resource will be referred to as a partner or applicant.

{ }
•  The set of sharing relations, such as: • Based on this set, the opinion matrix is obtained RO M :  • Based on the sets of security domains and the opinion matrix, the following safety domain matrix s M is obtained: The security domain relationships in this matrix allow for thresholds of re- As an example, a share is allowed between a high security domain O pjH provider and a low security domain O uiL requester, if:

Workflow of SeComTrust
The SeComTrust operating process consists of first identifying and selecting the

Components of SeComTrust
The architecture of our model is shown in Figure 3 below. It consists of the following components: the Resource Manager (ResM), the Transaction Manager (TraM), the Trust Value Calculator (TruC), the Update Manager (UpdM), and the Reputation Value Manager (RepM). The different components are described in the sections below.

The Resource Manager (ResM)
The Resource Manager consists of a registry that contains a list of organizations in the community and the resources they offer. This list is expressed in the form below: with O pj a resource provider organization r pj of sensitivity degree g rpj .

The Transaction Manager (TraM)
The transaction manager is the local repository of an organization's shares. It records and references all the shares made. As such, it is the priority consultation element in the trusted provider selection process. The information in the TraM is presented as follows:   1  1  2  2  1  2   1  1  1  2  2  2 , , ,

The Confidence Value Calculator (TruC)
The TruC executes the various algorithms for calculating and selecting confidence values.

The Update Manager (UpdM)
The role of the update manager is to update the trust information. The updated values are the specific reputation of the supplier, the global reputation of the partner and the supplier. In addition, the security domains are also updated through the promotion and relegation mechanism.

The Reputation Manager (RepM)
The RepM is the register of reputations of organizations in the community. We distinguish between two types of reputation: the reputation of a specific provider of a given resource and the overall reputation of an organization derived from its general behavior in the community. The information in this register is formulated as follows:

Updating the Specific Reputation
The specific reputation of a supplier is updated after each transaction (Figure 4).
To encourage the sharing of secure resources, a weight is assigned to each exchange according to the resource's sensitivity level. The sensitivity level describes the degree of vulnerability of a resource. The g rpj degrees of resource sensitivities are defined from the common computer resource vulnerability system CVSS v2.0 score range [18].  Like the contribution in [10], the specific reputation is expressed as follows:  (16) I lmin (j) the minimum value of assurance level of security domain j, I lmax (j) the maximum value of assurance level j, I lmax the maximum value of the assurance level, γ i is the weight of an exchange.
The assurance level I l is the ability of an organization to provide a resource of a given sensitivity level.

Updating the Global Reputation
Global reputation is based on the overall results of an organization's interactions as a provider within the community. It is formulated as follows:

Experimentation Environment
This article proposes a community cloud experimentation environment estab- Rounds consisting of 500 resource requests are performed in each experimentation set. The experimentation parameters are summarized in Table 1 below.
The main metrics used to measure the performance of our model are:

Selection Threshold and Parameter β Value
The selection confidence value of a vendor from the SeComTrust is calculated through Equation (8 We perform simulations by setting the value of β between 0.3 and 0.7. The experimental results presented in Figure 5 show that the RPOT and STGR values are jointly higher (RPOT = 0.21, STGR = 0.98) when β is equal to 0.6 and the threshold is equal to 0.3. Ultimately, β is set to 0.6 and the selection threshold to 0.3 to provide a model with a high G-supplier transaction success rate and high organization participation.

Results and Discussion
To analyze the performance of our model, we compared our model to the TNA-SL model [9] [24] and to the Intertrust algorithm [8]. The simulations consisted in evaluating the scalability of the model by increasing the number of organizations in the community. The SeComTrust G-supplier success rate is compared to the other two models mentioned above. Scalability is one of the major characteristics of a Cloud environment [4]. In this paper, the resource sharing frame-  group. From these results, the success rate of SeComTrust is significantly higher than the success rate of the Intertrust and TNA-SL algorithms for all experienced user groups.
This is due to the selection confidence value which is obtained by the weighted sum of the direct or recommended confidence and the specific reputation value, unlike Intertrust and TNA-SL only based on SL parameters. Moreover, the proposed reputation value update mechanism and the selection of the provider from several lists (L tram , L repm ) according to a well-defined order justify the success rates of SeComTrust. In conclusion, we can state that our model allows the deployment of scalable 3Cs.

Conclusions
Trust management in cloud environments is a major challenge for adoption.
However, trust management systems in cloud environments are primarily focused on public deployment types and focused on feedback between users and cloud service providers or between cloud service providers. These techniques do not focus on community cloud architectures. In view of this observation, we propose in this paper the SeComTrust, a model for managing, evaluating, and selecting trusted organizations in a Community Cloud environment based on a Zero Trust strategy. SeComTrust evaluates trusted organizations grouped in security domains by considering the direct interactions between them and their reputation within the community. In addition, this model is associated with a promotion and relegation mechanism to ensure that trust is monitored over time.
Through a series of experiments, we compared the results of our model to In-terTrust and TNA-SL algorithms. We have shown that SeComTrust guarantees the scalability of a 3C by presenting success rates (SRTG) largely superior to those of InterTrust and TNA-SL. In future work, we will propose to incorporate