SGX-Aware Container Orchestration for Heterogeneous Clusters

Containers are becoming the de facto standard to package and deploy applications and micro-services in the cloud. Several cloud providers (e.g., Amazon, Google, Microsoft) begin to offer native support on their infrastructure by integrating container orchestration tools within their cloud offering. At the same time, the security guarantees that containers offer to applications remain questionable. Customers still need to trust their cloud provider with respect to data and code integrity. The recent introduction by Intel of Software Guard Extensions (SGX) into the mass market offers an alternative to developers, who can now execute their code in a hardware-secured environment without trusting the cloud provider. This paper provides insights regarding the support of SGX inside Kubernetes, an industry-standard container orchestrator. We present our contributions across the whole stack supporting execution of SGX-enabled containers. We provide details regarding the architecture of the scheduler and its monitoring framework, the underlying operating system support and the required kernel driver extensions. We evaluate our complete implementation on a private cluster using the real-world Google Borg traces. Our experiments highlight the performance trade-offs that will be encountered when deploying SGX-enabled micro-services in the cloud.Comment: Presented in the 38th IEEE International Conference on Distributed Computing Systems (ICDCS 2018

Enhancing User Trust in Cloud Computing Applications

Despite the surge in activity and interest in cloud computing, there are significant and persistent concerns about cloud computing, particularly with regard to trusting the cloud platform in terms of confidentiality, integrity and availability of user data stored through these applications. These factors are significant in determining trust in cloud computing and thus provide the foundation for this paper. The significant role that trust plays in use of cloud computing was considered in relation to various trust related models, theories and frameworks. The available trust models, frameworks and cloud computing adoption strategies focus on cost reduction and the various benefits that are associated with migrating to the cloud. This paper focused on the lack of user trust in cloud computing applications, and strategies of enhancing user trust with reference to the Proposed Trust Model by Mayer, Davis, and Schoorman, (1995) and the Confidentiality, Integrity, Availability (CIA) Triad. A questionnaire was used as the means of gathering data on trust related perceptions of the use of cloud computing. An initial cloud computing adoption model was proposed based on key portions of cloud computing literature that was explored, combined and expected to enhance trust in cloud computing. This initial model was an important foundation for the establishment of the Critical Success Factors (CSFs) and thereafter the framework to enhance user trust in cloud computing applications

Awareness Penggunaan dan Pemanfaatan Public Cloud Storage di Indonesia

Semakin besarnya tingkat urgensi dari data serta tingginya mobilitas pengguna internet pada masa sekarang menuntut dukungan dari tempat penyimpanan data atau storage. Teknologi informasi pada perkembangannya menawarkan layanan cloud storage yang bisa dimanfaatkan oleh pengguna internet sebagai tempat penyimpanan data yang fleksibel untuk diakses dari mana saja oleh pengguna, selama akses ke internet tersedia. Penelitian ini bertujuan untuk melihat tingkat awareness dari pengguna internet di Indonesia, didalam menggunakan dan memanfaatkan public cloud storage tidak berbayar (gratis) yang disediakan oleh beberapa penyedia jasa cloud storage

(In)Security above the Clouds

In an ideal world, organizations “share” the cloud, logically separated from each other by the cloud provider, operating independently of each other in a sandbox, pulling resources only when needed, and respecting the separation put in place by the cloud provider. In the real world, applications uploaded to the cloud are trying to break out of their sandbox, attempting to gain access to other applications and hardware and trying to consume resources. The attackers know they have complete control of what the cloud runs; they know cloud security is immature and developing. Cloud computing creates new security problems that must be dealt with in addition to the existing problems. This research line explores these security problems.Eje: Procesamiento distribuido y paraleloRed de Universidades con Carreras en Informática (RedUNCI

Towards securing cloud data in the multi-cloud scenario

Cloud computing has emerged to be the accepted computing model which provides services on-demand. The most used service layer is infrastructure as a Service (IaaS) to outsource data to the cloud. With this service, organizations and individuals can avail of cloud services in pay as you use fashion instead of investing money for such infrastructure. Cloud provides many such benefits to its users. However, as the cloud servers are remote and assumed to be untrusted, users are worried about data security. Initially, a single cloud was used to store data. With the advancements in technologies and for reliability reasons, the concept of multi-cloud has emerged. The security and reliability issues with a single cloud can be overcome with multi-cloud systems. The rationale behind this is that a single cloud might have malicious insiders. When two or more clouds collaborate and provide services to end-users, it is expected to have more reliability and possible reduction in malicious insiders. This paper focuses on studying the potential security of data that is stored in multi-cloud. We built an algorithm and prototype application that demonstrates the concept of securing data in a multi-cloud environment. The empirical results revealed that the proposed system could ensure the data outsourced to cloud computing where a multi-cloud scenario prevails

From Single to Multi-clouds Computing Privacy and Fault Tolerance

AbstractSecurity issues of data hosted in a Cloud Computing provider remain hidden seen excessive marketing that led to a totally unrealistic view of cloud computing security. Although Cloud Computing has not yet reached the level of maturity expected by its customers, and that the problems of confidentiality, integrity, reliability and consistency (CIRC) are still open, the researchers in this field have already considered a future cloud strategy which aims: a better QoS, reliability and high availability, it is the Multi-Clouds, Cloud of Clouds or Interclouds.This paper will present the security limitations in the single Cloud and the usefulness of adopting rather Multi-Clouds strategy to reduce security risks, through the use of DepSky which is a virtual storage system that ensures better availability and high confidentiality of data

Load Balancing By Cloud Computing

With the internet getting so popular data sharing and security of personal data has gain much more importance than before. Cloud provides and efficient way to outsource the data either online or offline but data security becomes one of the major issues in unreliable multi-cloud environment. This paper addresses the issues in multi-cloud environment and also provides a way to provide better security in multi-cloud environment. Further it discusses the different encryption algorithms that can be used to maintain a design framework for cloud environment