Security-as-a-Service in Multi-cloud and Federated Cloud Environments

The economic benefits of cloud computing are encouraging customers to bring complex applications and data into the cloud. However security remains the biggest barrier in the adoption of cloud, and with the advent of multi-cloud and federated clouds in practice security concerns are for applications and data in the cloud. This paper proposes security as a value added service, provisioned dynamically during deployment and operation management of an application in multi-cloud and federated clouds. This paper specifically considers a data protection and a host & application protection solution that are offered as a SaaS application, to validate the security services in a multi-cloud and federated cloud environment. This paper shares our experiences of validating these security services over a geographically distributed, large scale, multi-cloud and federated cloud infrastructure

A Survey of Resource Management Challenges in Multi-cloud Environment: Taxonomy and Empirical Analysis

Cloud computing has seen a great deal of interest by researchers and industrial firms since its first coined. Different perspectives and research problems, such as energy efficiency, security and threats, to name but a few, have been dealt with and addressed from cloud computing perspective. However, cloud computing environment still encounters a major challenge of how to allocate and manage computational resources efficiently. Furthermore, due to the different architectures and cloud computing networks and models used (i.e., federated clouds, VM migrations, cloud brokerage), the complexity of resource management in the cloud has been increased dramatically. Cloud providers and service consumers have the cloud brokers working as the intermediaries between them, and the confusion among the cloud computing parties (consumers, brokers, data centres and service providers) on who is responsible for managing the request of cloud resources is a key issue. In a traditional scenario, upon renting the various cloud resources from the providers, the cloud brokers engage in subletting and managing these resources to the service consumers. However, providers’ usually deal with many brokers, and vice versa, and any dispute of any kind between the providers and the brokers will lead to service unavailability, in which the consumer is the only victim. Therefore, managing cloud resources and services still needs a lot of attention and effort. This paper expresses the survey on the systems of the cloud brokerage resource management issues in multi-cloud environments

Optimal Selection Techniques for Cloud Service Providers

Nowadays Cloud computing permeates almost every domain in Information and Communications Technology (ICT) and, increasingly, most of the action is shifting from large, dominant players toward independent, heterogeneous, private/hybrid deployments, in line with an ever wider range of business models and stakeholders. The rapid growth in the numbers and diversity of small and medium Cloud providers is bringing new challenges in the as-a-Services space. Indeed, significant hurdles for smaller Cloud service providers in being competitive with the incumbent market leaders induce some innovative players to "federate" deployments in order to pool a larger, virtually limitless, set of resources across the federation, and stand to gain in terms of economies of scale and resource usage efficiency. Several are the challenges that need to be addressed in building and managing a federated environment, that may go under the "Security", "Interoperability", "Versatility", "Automatic Selection" and "Scalability" labels. The aim of this paper is to present a survey about the approaches and challenges belonging to the "Automatic Selection" category. This work provides a literature review of different approaches adopted in the "Automatic and Optimal Cloud Service Provider Selection", also covering "Federated and Multi-Cloud" environments

CYCLONE Unified Deployment and Management of Federated, Multi-Cloud Applications

Various Cloud layers have to work in concert in order to manage and deploy complex multi-cloud applications, executing sophisticated workflows for Cloud resource deployment, activation, adjustment, interaction, and monitoring. While there are ample solutions for managing individual Cloud aspects (e.g. network controllers, deployment tools, and application security software), there are no well-integrated suites for managing an entire multi cloud environment with multiple providers and deployment models. This paper presents the CYCLONE architecture that integrates a number of existing solutions to create an open, unified, holistic Cloud management platform for multi-cloud applications, tailored to the needs of research organizations and SMEs. It discusses major challenges in providing a network and security infrastructure for the Intercloud and concludes with the demonstration how the architecture is implemented in a real life bioinformatics use case

A threshold secure data sharing scheme for federated clouds

Cloud computing allows users to view computing in a new direction, as it uses the existing technologies to provide better IT services at low-cost. To offer high QOS to customers according SLA, cloud services broker or cloud service provider uses individual cloud providers that work collaboratively to form a federation of clouds. It is required in applications like Real-time online interactive applications, weather research and forecasting etc., in which the data and applications are complex and distributed. In these applications secret data should be shared, so secure data sharing mechanism is required in Federated clouds to reduce the risk of data intrusion, the loss of service availability and to ensure data integrity. So In this paper we have proposed zero knowledge data sharing scheme where Trusted Cloud Authority (TCA) will control federated clouds for data sharing where the secret to be exchanged for computation is encrypted and retrieved by individual cloud at the end. Our scheme is based on the difficulty of solving the Discrete Logarithm problem (DLOG) in a finite abelian group of large prime order which is NP-Hard. So our proposed scheme provides data integrity in transit, data availability when one of host providers are not available during the computation.Comment: 8 pages, 3 Figures, International Journal of Research in Computer Science 2012. arXiv admin note: text overlap with arXiv:1003.3920 by other author

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

InterCloud: Utility-Oriented Federation of Cloud Computing Environments for Scaling of Application Services

Cloud computing providers have setup several data centers at different geographical locations over the Internet in order to optimally serve needs of their customers around the world. However, existing systems do not support mechanisms and policies for dynamically coordinating load distribution among different Cloud-based data centers in order to determine optimal location for hosting application services to achieve reasonable QoS levels. Further, the Cloud computing providers are unable to predict geographic distribution of users consuming their services, hence the load coordination must happen automatically, and distribution of services must change in response to changes in the load. To counter this problem, we advocate creation of federated Cloud computing environment (InterCloud) that facilitates just-in-time, opportunistic, and scalable provisioning of application services, consistently achieving QoS targets under variable workload, resource and network conditions. The overall goal is to create a computing environment that supports dynamic expansion or contraction of capabilities (VMs, services, storage, and database) for handling sudden variations in service demands. This paper presents vision, challenges, and architectural elements of InterCloud for utility-oriented federation of Cloud computing environments. The proposed InterCloud environment supports scaling of applications across multiple vendor clouds. We have validated our approach by conducting a set of rigorous performance evaluation study using the CloudSim toolkit. The results demonstrate that federated Cloud computing model has immense potential as it offers significant performance gains as regards to response time and cost saving under dynamic workload scenarios.Comment: 20 pages, 4 figures, 3 tables, conference pape

Addressing the Challenges in Federating Edge Resources

This book chapter considers how Edge deployments can be brought to bear in a global context by federating them across multiple geographic regions to create a global Edge-based fabric that decentralizes data center computation. This is currently impractical, not only because of technical challenges, but is also shrouded by social, legal and geopolitical issues. In this chapter, we discuss two key challenges - networking and management in federating Edge deployments. Additionally, we consider resource and modeling challenges that will need to be addressed for a federated Edge.Comment: Book Chapter accepted to the Fog and Edge Computing: Principles and Paradigms; Editors Buyya, Sriram