Assured Cloud Computing

Ulteriori informazioni

Explores key challenges and solutions to assured cloud computing today and provides a provocative look at the face of cloud computing tomorrow
 
This book offers readers a comprehensive suite of solutions for resolving many of the key challenges to achieving high levels of assurance in cloud computing. The distillation of critical research findings generated by the Assured Cloud Computing Center of Excellence (ACC-UCoE) of the University of Illinois, Urbana-Champaign, it provides unique insights into the current and future shape of robust, dependable, and secure cloud-based computing and data cyberinfrastructures.
 
A survivable and distributed cloud-computing-based infrastructure can enable the configuration of any dynamic systems-of-systems that contain both trusted and partially trusted resources and services sourced from multiple organizations. To assure mission-critical computations and workflows that rely on such systems-of-systems it is necessary to ensure that a given configuration does not violate any security or reliability requirements. Furthermore, it is necessary to model the trustworthiness of a workflow or computation fulfillment to a high level of assurance. In presenting the substance of the work done by the ACC-UCoE, this book provides a vision for assured cloud computing illustrating how individual research contributions relate to each other and to the big picture of assured cloud computing. In addition, the book:
* Explores dominant themes in cloud-based systems, including design correctness, support for big data and analytics, monitoring and detection, network considerations, and performance
* Synthesizes heavily cited earlier work on topics such as DARE, trust mechanisms, and elastic graphs, as well as newer research findings on topics, including R-Storm, and RAMP transactions
* Addresses assured cloud computing concerns such as game theory, stream processing, storage, algorithms, workflow, scheduling, access control, formal analysis of safety, and streaming
Bringing together the freshest thinking and applications in one of today's most important topics, Assured Cloud Computing is a must-read for researchers and professionals in the fields of computer science and engineering, especially those working within industrial, military, and governmental contexts. It is also a valuable reference for advanced students of computer science.

Sommario

Preface xiii
 
Editors' Biographies xvii
 
List of Contributors xix
 
1 Introduction 1
Roy H. Campbell
 
1.1 Introduction 1
 
1.1.1 Mission-Critical Cloud Solutions for the Military 2
 
1.2 Overview of the Book 3
 
2 Survivability: Design, Formal Modeling, and Validation of Cloud Storage Systems Using Maude 10
Rakesh Bobba, Jon Grov, Indranil Gupta, Si Liu, José Meseguer,Peter Csaba Ölveczky, and Stephen Skeirik
 
2.1 Introduction 10
 
2.1.1 State of the Art 11
 
2.1.2 Vision: Formal Methods for Cloud Storage Systems 12
 
2.1.3 The Rewriting Logic Framework 13
 
2.1.4 Summary: Using Formal Methods on Cloud Storage Systems 15
 
2.2 Apache Cassandra 17
 
2.3 Formalizing, Analyzing, and Extending Google's Megastore 23
 
2.3.1 Specifying Megastore 23
 
2.3.2 Analyzing Megastore 25
 
2.3.2.1 Megastore-CGC 29
 
2.4 RAMP Transaction Systems 30
 
2.5 Group Key Management via ZooKeeper 31
 
2.5.1 ZooKeeper Background 32
 
2.5.2 System Design 33
 
2.5.3 Maude Model 34
 
2.5.4 Analysis and Discussion 35
 
2.6 How Amazon Web Services Uses Formal Methods 37
 
2.6.1 Use of Formal Methods 37
 
2.6.2 Outcomes and Experiences 38
 
2.6.3 Limitations 39
 
2.7 Related Work 40
 
2.8 Concluding Remarks 42
 
2.8.1 The Future 43
 
3 Risks and Benefits: Game-Theoretical Analysis and Algorithm for Virtual Machine Security Management in the Cloud 49
Luke Kwiat, Charles A. Kamhoua, Kevin A. Kwiat, and Jian Tang
 
3.1 Introduction 49
 
3.2 Vision: Using Cloud Technology in Missions 51
 
3.3 State of the Art 54
 
3.4 System Model 57
 
3.5 Game Model 59
 
3.6 Game Analysis 61
 
3.7 Model Extension and Discussion 67
 
3.8 Numerical Results and Analysis 71
 
3.8.1 Changes in User 2's Payoff with Respect to L2 71
 
3.8.2 Changes in User 2's Payoff with Respect to e 72
 
3.8.3 Changes in User 2's Payoff with Respect to pi 73
 
3.8.4 Changes in User 2's Payoff with Respect to qI 74
 
3.8.5 Model Extension to n = 10 Users 75
 
3.9 The Future 78
 
4 Detection and Security: Achieving Resiliency by Dynamic and Passive System Monitoring and Smart Access Control 81
Zbigniew Kalbarczyk
 
4.1 Introduction 82
 
4.2 Vision: Using Cloud Technology in Missions 83
 
4.3 State of the Art 84
 
4.4 Dynamic VM Monitoring Using Hypervisor Probes 85
 
4.4.1 Design 86
 
4.4.2 Prototype Implementation 88
 
4.4.3 Example Detectors 90
 
4.4.3.1 Emergency Exploit Detector 90
 
4.4.3.2 Application Heartbeat Detector 91
 
4.4.4 Performance 93
 
4.4.4.1 Microbenchmarks 93
 
4.4.4.2 Detector Performance 94
 
4.4.5 Summary 95
 
4.5 Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring 96
 
4.5.1 Hypervisor Introspection 97
 
4.5.1.1 VMI Monitor 97
 
4.5.1.2 VM Suspend Side-Channel 97
 
4.5.1.3 Limitations of Hypervisor Introspection 98
 
4.5.2 Evading VMI with Hypervisor Introspection 98
 
4.5.2.1 Insider Attack Model and Assumptions 98
 
4.5.2.2 Large File Transfer 99
 
4.5.3 Defenses against Hypervisor Introspection 101
 
4.5.3.1 Introducing Noise to VM Clocks 101
 
4.5.3.2 Scheduler-Based Defenses 101
 
4.5.3.3 Randomized Monitoring Interval 102
 
4.5.4 Summary 103
 
4.6 Identifying Compromised Users in Shared Computing Infrastructures 103
 
4.6.1

Info autore

ROY H. CAMPBELL, PHD, is Associate Dean for Information Technology in the College of Engineering, and Sohaib and Sara Abbasi Professor of Computer Science, at the University of Illinois at Urbana-Champaign. He was formerly Director of the Assured Cloud Computing- University Center of Excellence at the University of Illinois. CHARLES A. KAMHOUA, PHD, is a researcher at the U.S. Army Research Laboratory's Network Security Branch. He managed the U.S. Air Force's Assured Cloud Computing-University Center of Excellence at the University of Illinois at Urbana-Champaign. KEVIN A. KWIAT, PHD, following over 34 years as Principal Computer Engineer with the U.S. Air Force Research Laboratory, is now leading Haloed Sun TEK, LLC, in Sarasota, Florida and has joined forces with the Commercial Applications for Early Stage Advanced Research (CAESAR) Group.

Riassunto

Explores key challenges and solutions to assured cloud computing today and provides a provocative look at the face of cloud computing tomorrow

This book offers readers a comprehensive suite of solutions for resolving many of the key challenges to achieving high levels of assurance in cloud computing. The distillation of critical research findings generated by the Assured Cloud Computing Center of Excellence (ACC-UCoE) of the University of Illinois, Urbana-Champaign, it provides unique insights into the current and future shape of robust, dependable, and secure cloud-based computing and data cyberinfrastructures.

A survivable and distributed cloud-computing-based infrastructure can enable the configuration of any dynamic systems-of-systems that contain both trusted and partially trusted resources and services sourced from multiple organizations. To assure mission-critical computations and workflows that rely on such systems-of-systems it is necessary to ensure that a given configuration does not violate any security or reliability requirements. Furthermore, it is necessary to model the trustworthiness of a workflow or computation fulfillment to a high level of assurance. In presenting the substance of the work done by the ACC-UCoE, this book provides a vision for assured cloud computing illustrating how individual research contributions relate to each other and to the big picture of assured cloud computing. In addition, the book:
* Explores dominant themes in cloud-based systems, including design correctness, support for big data and analytics, monitoring and detection, network considerations, and performance
* Synthesizes heavily cited earlier work on topics such as DARE, trust mechanisms, and elastic graphs, as well as newer research findings on topics, including R-Storm, and RAMP transactions
* Addresses assured cloud computing concerns such as game theory, stream processing, storage, algorithms, workflow, scheduling, access control, formal analysis of safety, and streaming
Bringing together the freshest thinking and applications in one of today's most important topics, Assured Cloud Computing is a must-read for researchers and professionals in the fields of computer science and engineering, especially those working within industrial, military, and governmental contexts. It is also a valuable reference for advanced students of computer science.