Karim Djemame

Security risks and their management in cloud computing

Cloud computing provides outsourcing of resources bringing economic benefits. The outsourcing however does not allow data owners to outsource the responsibility of confidentiality, integrity and access control, as it still is the responsibility of the data owner. As cloud computing is transparent to both the programmers and the users, it induces challenges that were not present in previous forms of distributed computing. Furthermore, cloud computing enables its users to abstract away from low-level configuration such as configuring IP addresses and routers. It creates an illusion that this entire configuration is automated. This illusion is also true for security services, for instance automating security policies and access control in cloud, so that individuals or end-users using the cloud only perform very high-level (business oriented) configuration. This paper investigates the security challenges posed by the transparency of distribution, abstraction of configuration and automation of services by performing a detailed threat analysis of cloud computing across its different deployment scenarios (private, bursting, federation or multi-clouds). This paper also presents a risk inventory which documents the security threats identified in terms of availability, integrity and confidentiality for cloud infrastructures in detail for future security risks. We also propose a methodology for performing security risk assessment for cloud computing architectures presenting some of the initial results.

Risk driven Smart Home resource management using cloud services

In order to fully exploit the concept of Smart Home, challenges associated with multiple device management in consumer facing applications have to be addressed. Specific to this is the management of resource usage in the home via the improved utilization of devices, this is achieved by integration with the wider environment they operate in. The traditional model of the isolated device no longer applies, the future home will be connected with services provided by third parties ranging from supermarkets to domestic appliance manufacturers. In order to achieve this risk based integrated device management and contextualization is explored in this paper based on the cloud computing model. We produce an architecture and evaluate risk models to assist in this management of devices from a security, privacy and resource management perspective. We later propose an expansion on the risk based approach to wider data sharing between the home and external services using the key indicators of TREC (Trust, Risk, Eco-efficiency and Cost). The paper contributes to Smart Home research by defining how Cloud service management principles of risk and contextualization for virtual machines can produce solutions to emerging challenges facing a new generation of Smart Home devices.

Brokering of risk-aware service level agreements in grids

Service level agreements (SLAs) are facilitators for widening the commercial uptake of Grid technology. They provide explicit statements of expectation and obligation between service consumers and providers. However, without the ability to assess the probability that an SLA might fail, commercial uptake will be restricted, since neither party will be willing to agree. Therefore, risk assessment mechanisms are critical to increase confidence in Grid technology usage within the commercial sector. This paper presents an SLA brokering mechanism with risk assessment support, which evaluates the probability of SLA failure. WS‐Agreement and risk metrics are used to facilitate SLA creation between service consumers and providers within a typical Grid resource usage scenario. An evaluation is conducted to examine risk models, the performance of the brokers implementation as well as a comparison of its capabilities against similar SLA‐based solutions from the literature. Copyright

Grid-Based SLA management

This paper presents an architecture for specifying, monitoring and validating Service Level Agreements (SLA) for use in Grid environments. SLAs are an essential component in building Grid systems where commitments and assurances are specified, implemented and monitored. Targeting compute resources, an SLA manager reserves resources for user applications requiring resources on demand. Methods for automated monitoring and violation capture are discussed showing how Service Level Objectives (SLO) can be validated. A SLA for a compute service is specified and experiments carried out on the White Rose Grid. Results are presented in the form of a SLA document and show the violations that were captured during task execution.

Towards a Service Lifecycle Based Methodology for Risk Assessment in Cloud Computing

The principles of risk management have been introduced in grid computing to help document and anticipate certain risks and manage them to ensure job executions are successful. Clouds are more complex environments with further concerns like risk, trust, eco-efficiency, green, security or cost. In this paper we present ongoing research work to analyze and address the risk factor in clouds with the aim of optimizing cloud services. The main contribution of this work is the presentation of a methodology for performing risk assessment in cloud environments including the target use cases, risk identification, mitigation and monitoring. Together with the corresponding mitigation strategies, the methodology provides technological assurance that will lead to a high confidence of Cloud service consumers on one side, and a cost effective and reliable productivity of cloud Service/Infrastructure Providers on the other side. The design of the risk assessment framework and its software toolkit implementation are part of the research and development work of the OPTIMIS (Optimized Infrastructure Services) project whose objective is to enable an open and dependable Cloud Service Ecosystem that delivers IT services that are adaptable, reliable, auditable and sustainable both ecologically and economically. The paper presents some preliminary results on the risk assessment of a Service/Infrastructure Provider at the cloud service deployment stage.

Performance Issues in Clouds

As a technology, cloud computing has become an IT buzzword for the past few years. Cloud computing has often been used with synonymous terms such as software as a service, platform as a service, and infrastructure as a service (IaaS). Cloud computing has the potential to advance research discoveries by making data and computing resources readily available at an unprecedented economy of scale and with tremendous scalability. This paper discusses the importance of QoS and Iaas performance in cloud computing. The results of a quantitative evaluation are presented into the performance overheads of propagating virtual machine (VM) images to physical resources, at the Iaas layer and then accessing the images, via a Hypervisors virtual block I/O device. Two virtual infrastructure managers are evaluated: Nimbus and OpenNebula, alongside two VM managers: XEN and KVM. Nimbus is found to outperform OpenNebula, while XEN outperforms KVM in the majority of cases. Conclusions are drawn from the results on the suitability of these technologies for data-intensive applications and applications requiring highly dynamic resource sets, where making an uninformed decision on what technology to use could prevent an application reaching its full potential, once deployed onto a cloud.

Runtime virtual machine recontextualization for clouds

We introduce and define the concept of recontextualization for cloud applications by extending contextualization, i.e. the dynamic configuration of virtual machines (VM) upon initialization, with autonomous updates during runtime. Recontextualization allows VM images and instances to be dynamically re-configured without restarts or downtime, and the concept is applicable to all aspects of configuring a VM from virtual hardware to multi-tier software stacks. Moreover, we propose a runtime cloud recontextualization mechanism based on virtual device management that enables recontextualization without the need to customize the guest VM. We illustrate our concept and validate our mechanism via a use case demonstration: the reconfiguration of a cross-cloud migratable monitoring service in a dynamic cloud environment. We discuss the details of the interoperable recontextualization mechanism, its architecture and demonstrate a proof of concept implementation. A performance evaluation illustrates the feasibility of the approach and shows that the recontextualization mechanism performs adequately with an overhead of 18% of the total migration time.

Using service level agreements for optimising cloud infrastructure services

Current Cloud environments are offered to their customers in a best effort approach. Instead of guarantees a statistical uptime expectation is communicated to the user with minimal compensations in case of unexpected downtime. In contrast, a service provider intending e.g. to extend his own resources dynamically with Cloud resources in case of peak demands of his customers needs a reliable Service Level Agreement with the Cloud infrastructure provider. This Service Level Agreement must cover aspects like cost, security, legal requirements for data-placement, eco-efficiency and more. The European project OPTIMIS is focussing on optimisation of cloud infrastructure services meeting demands from service providers, e.g. when public and private Clouds are federated in different configurations. This paper describes the approach of OPTIMIS for negotiating and creating Service Level Agreements between infrastructure providers and service providers.

Towards a Contextualization Solution for Cloud Platform Services

We propose a cloud contextualization mechanism which operates in two stages, contextualization of VM images prior to service deployment (PaaS level) and self-contextualization of VM instances created from the image (IaaS level). The contextualization tools are implemented as part of the OPTIMIS Toolkit, a set of software components for simplified management of cloud services and infrastructures. We present the architecture of our contextualization tools and the feasibility of our contextualization mechanism is demonstrated in a three-tier web application scenario. Preliminary performance results suggest acceptable performance and scalability

Reliability and risk in grid resource brokering

If grid computing is to experience widespread commercial adoption, then incorporating risk assessment and management techniques is essential, both during negotiation between service provider and service requester and during run-time. This paper focuses on the role of a resource broker in this context. Specifically, techniques for evaluating the reliability of risk information received from resource providers is discussed. The performance of three algorithms are compared through simulation, showing than an odds betting-based algorithm performs better in identifying providers with highly variable risk assessments.