49,013 research outputs found
Information flow audit for PaaS clouds
© 2016 IEEE. With the rapid increase in uptake of cloud services, issues of data management are becoming increasingly prominent. There is a clear, outstanding need for the ability for specified policy to control and track data as it flows throughout cloud infrastructure, to ensure that those responsible for data are meeting their obligations. This paper introduces Information Flow Audit, an approach for tracking information flows within cloud infrastructure. This builds upon CamFlow (Cambridge Flow Control Architecture), a prototype implementation of our model for data-centric security in PaaS clouds. CamFlow enforces Information Flow Control policy both intra-machine at the kernel-level, and inter-machine, on message exchange. Here we demonstrate how CamFlow can be extended to provide data-centric audit logs akin to provenance metadata in a format in which analyses can easily be automated through the use of standard graph processing tools. This allows detailed understanding of the overall system. Combining a continuously enforced data-centric security mechanism with meaningful audit empowers tenants and providers to both meet and demonstrate compliance with their data management obligations.This work was supported by UK Engineering and Physical Sciences Research Council grant EP/K011510 CloudSafetyNet: End-to-End Application Security in the Cloud. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre
Data-centric access control for cloud computing
© 2016 ACM. The usual approach to security for cloud-hosted applications is strong separation. However, it is often the case that the same data is used by different applications, particularly given the increase in data-driven (big data' and IoT) applications. We argue that access control for the cloud should no longer be application-specific but should be data-centric, associated with the data that can ow between applications. Indeed, the data may originate outside cloud services from diverse sources such as medical monitoring, environmental sensing etc. Information Flow Control (IFC) potentially offers data-centric, system-wide data access control. It has been shown that IFC can be provided at operating system level as part of a PaaS offering, with an acceptable overhead. In this paper we consider how IFC can be integrated with application-specific access control, transparently from application developers, while building from simple IFC primitives, access control policies that align with the data management obligations of cloud providers and tenants.This work was supported by the UK EPSRC grant EP/ K011510 CloudSafetyNet. We acknowledge the support of Microsoft through the Microsoft Cloud Computing Research Centre
An Information-Centric Platform for Social- and Location-Aware IoT Applications in Smart Cities
Recent advances in Smart City infrastructures and the Internet of Things represent a significant opportunity to improve people's quality of life. Corresponding research often focuses on Cloud-centric network architectures where sensor devices transfer collected data to the Cloud for processing. However, the formidable traffic generated by countless IoT devices and the need for low-latency services raise the need to move away from centralized architectures and bring the computation closer to the data sources. To this end, this paper discusses SPF, a middleware solution that supports IoT application development, deployment, and management. SPF runs IoT services on capable devices located at the network edge and proposes an information-centric programming model that takes advantage of decentralized computation resources located in the proximity of application users and data sources. SPF also adopts Value-of-Information based methods to prioritize the transmission of essential information
Activity-Centric Computing Systems
• Activity-Centric Computing (ACC) addresses deep-rooted information management problems in traditional application centric computing by providing a unifying computational model for human goal-oriented ‘activity,’ cutting across system boundaries. • We provide a historical review of the motivation for and development of ACC systems, and highlight the need for broadening up this research topic to also include low-level system research and development. • ACC concepts and technology relate to many facets of computing; they are relevant for researchers working on new computing models and operating systems, as well as for application designers seeking to incorporate these technologies in domain-specific applications
Application-centric Resource Provisioning for Amazon EC2 Spot Instances
In late 2009, Amazon introduced spot instances to offer their unused
resources at lower cost with reduced reliability. Amazon's spot instances allow
customers to bid on unused Amazon EC2 capacity and run those instances for as
long as their bid exceeds the current spot price. The spot price changes
periodically based on supply and demand, and customers whose bids exceed it
gain access to the available spot instances. Customers may expect their
services at lower cost with spot instances compared to on-demand or reserved.
However the reliability is compromised since the instances(IaaS) providing the
service(SaaS) may become unavailable at any time without any notice to the
customer. Checkpointing and migration schemes are of great use to cope with
such situation. In this paper we study various checkpointing schemes that can
be used with spot instances. Also we device some algorithms for checkpointing
scheme on top of application-centric resource provisioning framework that
increase the reliability while reducing the cost significantly
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
The capability to operate cloud-native applications can generate enormous
business growth and value. But enterprise architects should be aware that
cloud-native applications are vulnerable to vendor lock-in. We investigated
cloud-native application design principles, public cloud service providers, and
industrial cloud standards. All results indicate that most cloud service
categories seem to foster vendor lock-in situations which might be especially
problematic for enterprise architectures. This might sound disillusioning at
first. However, we present a reference model for cloud-native applications that
relies only on a small subset of well standardized IaaS services. The reference
model can be used for codifying cloud technologies. It can guide technology
identification, classification, adoption, research and development processes
for cloud-native application and for vendor lock-in aware enterprise
architecture engineering methodologies
Bid-Centric Cloud Service Provisioning
Bid-centric service descriptions have the potential to offer a new cloud
service provisioning model that promotes portability, diversity of choice and
differentiation between providers. A bid matching model based on requirements
and capabilities is presented that provides the basis for such an approach. In
order to facilitate the bidding process, tenders should be specified as
abstractly as possible so that the solution space is not needlessly restricted.
To this end, we describe how partial TOSCA service descriptions allow for a
range of diverse solutions to be proposed by multiple providers in response to
tenders. Rather than adopting a lowest common denominator approach, true
portability should allow for the relative strengths and differentiating
features of cloud service providers to be applied to bids. With this in mind,
we describe how TOSCA service descriptions could be augmented with additional
information in order to facilitate heterogeneity in proposed solutions, such as
the use of coprocessors and provider-specific services
- …