17 research outputs found
BALANCING NON-FUNCTIONAL REQUIREMENTS IN CLOUD-BASED SOFTWARE: AN APPROACH BASED ON SECURITY-AWARE DESIGN AND MULTI-OBJECTIVE SOFTWARE DYNAMIC MANAGEMENT
Beyond its functional requirements, architectural design, the quality of a software system
is also defined by the degree to which it meets its non-functional requirements. The
complexity of managing these non-functional requirements is exacerbated by the fact that
they are potentially conflicting with one another. For cloud-based software, i.e., software whose
service is delivered through a cloud infrastructure, other constraints related to the features of the
hosting data center, such as cost, security and performance, have to be considered by system and
software designers. For instance, the evaluation of requests to access sensitive resources results in
performance overhead introduced by policy rules evaluation and message exchange between the
different geographically distributed components of the authorization system. Duplicating policy
rule evaluation engines traditionally solves such performance issues, however such a decision has
an impact on security since it introduces additional potential private data leakage points. Taking
into account all the aforementioned features is a key factor to enhance the perceived quality of
service (QoS) of the cloud as a whole. Maximizing users and software developers satisfaction with
cloud-based software is a challenging task since trade-off decisions have to be dynamically taken
between these conflicting quality attributes to adapt to system requirements evolution.
In this thesis, we tackle the challenges of building a decision support method to optimize
software deployment in a cloud environment. Our proposed holistic method operates both at the
level of 1) Platform as a service (PaaS) by handling software components deployment to achieve
an efficient runtime optimization to satisfy cloud providers and customers objectives 2) Guest
applications by making inroads into the design of applications to enable the design of secure
systems that also meet flexibility, performance and cost requirements. To thoroughly investigate
these challenges, we identify three main objectives that we address as follows:
The first objective is to achieve a runtime optimization of cloud-based software deployment
at the Platform as a service (PaaS) layer, by considering both cloud customers and providers
constraints. To fulfill this objective, we leverage the [email protected] paradigm to build an
abstraction layer to model a cloud infrastructure. In a second step, we model the software placement
problem as a multi-objective optimization problem and we use multi-objective evolutionary
algorithms (MOEAs) to identify a set of possible cloud optimal configurations that exhibit best
trade-offs between conflicting objectives. The approach is validated through a case study that
we defined with EBRC1, a cloud provider in Luxembourg, as a representative of a software
component placement problem in heterogeneous distributed cloud nodes.
The second objective is to ameliorate the convergence speed of MOEAs that we have used to
achieve a run-time optimization of cloud-based software. To cope with elasticity requirements
of cloud-based applications, we improve the way the search strategy operates by proposing a
hyper-heuristic that operates on top of MOEAs. Our hyper-heuristic uses the history of mutation
effect on fitness functions to select the most relevant mutation operators. Our evaluation shows that MOEAs in conjunction with our hyper-heuristic has a significant performance improvement
in terms of resolution time over the original MOEAs.
The third objective aims at optimizing cloud-based software trade-offs by exploring applications
design as a complementary step to the optimization at the level of the cloud infrastructure,
tackled in the first and second objectives. We aimed at achieving security trade-offs at the level of
guest applications by revisiting current practices in software methods. We focus on access control
as a main security concern and we opt for guest applications that manage resources regulated by
access control policies specified in XACML2. This focus is mainly motivated by two key factors:
1) Access control is the pillar of computer security as it allows to protect sensitive resources
in a given system from unauthorized accesses 2) XACML is the de facto standard language to
specify access control policies and proposes an access control architectural model that supports
several advanced access requirements such as interoperability and portability. To attain this
objective, we advocate the design of applications based on XACML architectural model to achieve
a trade-off between security and flexibility and we adopt a three-step approach: First, we identify
a lack in the literature in XACML with obligation handling support. Obligations enable to specify
user actions that have to be performed before/during/after the access to resources. We propose an
extension of the XACML reference model and language to use the history of obligations states at
the decision making time. In this step, we extend XACML access control architecture to support
a wider range of usage control scenarios. Second, in order to avoid degrading performance while
using a secure architecture based on XACML, we propose a refactoring technique applied on
access control policies to enhance request evaluation time. Our approach, evaluated on three Java
policy-based systems, enables to substantially reduce request evaluation time. Finally, to achieve
a trade-off between a safe security policy evolution and regression testing costs, we develop a
regression-test-selection approach for selecting test cases that reveal faults caused by policy
changes.
To sum up, in all aforementioned objectives, we pursue the goal of analysing and improving
the current landscape in the development of cloud-based software. Our focus on security quality
attributes is driven by its crucial role in widening the adoption of cloud computing. Our approach
brings to light a security-aware design of guest applications that is based on XACML architecture.
We provide useful guidelines, methods with underlying algorithms and tools for developers and
cloud solution designers to enhance tomorrow’s cloud-based software design.
Keywords: XACML-policy based systems, Cloud Computing, Trade-offs, Multi-Objective
Optimizatio
Cloud Providers Viability: How to Address it from an IT and Legal Perspective?
A major part of the commercial Internet is moving toward the cloud paradigm. This phenomenon has a drastic impact onthe organizational structures of enterprizes and introduces new challenges that must be properly addressed to avoid majorsetbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud ServiceProvider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thusleaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even withouttheir applications or data. This article attempts to address the issue of cloud provider viability, defining a possible way ofmodeling viability as a non-functional requirement and proposing some approaches that can be used to mitigate the problem,both from a technical and from a legal perspective. By introducing a structured perspective into the topic of cloud viability,describing the risks, factors and possible mitigators, the contribution of this work is twofold: it gives the customer a betterunderstanding to determine when it can rely on the cloud infrastructure on the long term and what precautions it should takein any case, and provides the CSP with means to address some of the viability issues and thus increase its customers’ trust
Optimizing Multi-Objective Evolutionary Algorithms to Enable Quality-Aware Software Provisioning
International audience—Elasticity [19] is a key feature for cloud infrastruc-tures to continuously align allocated computational resources to evolving hosted software needs. This is often achieved by relaxing quality criteria, for instance security or privacy [8] because quality criteria are often conflicting with performance. As an example, software replication could improve scalability and uptime while decreasing privacy by creating more potential leakage points. The conciliation of these conflicting objectives has to be achieved by exhibiting trade-offs. Multi-Objective Evolutionary Algorithms (MOEAs) have shown to be suitable candidates to find these trade-offs and have been even applied for cloud architecture optimizations [21]. Still though, their runtime efficiency limits the widespread adoption of such algorithms in cloud engines, and thus the consideration of quality criteria in clouds. Indeed MOEAs produce many dead-born solutions because of the Darwinian inspired natural selection, which results in a resources wastage. To tackle MOEAs efficiency issues, we apply a process similar to modern biology. We choose specific artificial mutations by anticipating the optimization effect on the solutions instead of relying on the randomness of natural selection. This paper introduces the Sputnik algorithm, which leverages the past history of actions to enhance optimization processes such as cloud elasticity engines. We integrate Sputnik in a cloud elasticity engine, dealing with performance and quality criteria, and demonstrate significant performance improvement, meeting the runtime requirements of cloud optimization
Artificial Mutation inspired Hyper-heuristic for Runtime Usage of Multi-objective Algorithms
In the last years, multi-objective evolutionary algorithms (MOEA) have been applied to different software engineering problems where many conflicting objectives have to be optimized simultaneously. In theory, evolutionary algorithms feature a nice property for runtime optimization as they can provide a solution in any execution time. In practice, based on a Darwinian inspired natural selection, these evolutionary algorithms produce many deadborn solutions whose computation results in a computational resources wastage: natural selection is naturally slow. In this paper, we reconsider this founding analogy to accelerate convergence of MOEA, by looking at modern biology studies: artificial selection has been used to achieve an anticipated specific purpose instead of only relying on crossover and natural selection (i.e., Muller et al [18] research on artificial mutation of fruits with X-Ray). Putting aside the analogy with natural selection , the present paper proposes an hyper-heuristic for MOEA algorithms named Sputnik 1 that uses artificial selective mutation to improve the convergence speed of MOEA. Sputnik leverages the past history of mutation efficiency to select the most relevant mutations to perform. We evaluate Sputnik on a cloud-reasoning engine, which drives on-demand provisioning while considering conflicting performance and cost objectives. We have conducted experiments to highlight the significant performance improvement of Sputnik in terms of resolution time
Access Control Enforcement Testing
A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy
A Toolchain for Model-Based Design and Testing of Access Control Systems
In access control systems, aimed at regulating the accesses to protected data and resources, a critical component
is the Policy Decision Point (PDP), which grants or denies the access according to the defined policies.
Due to the complexity of the standard language, it is recommended to rely on model-driven approaches which
allow to overcome difficulties in the XACML policy definition. We provide in this paper a toolchain that
involves a model-driven approach to specify and generate XACML policies and also enables automated testing
of the PDP component. We use XACML-based testing strategies for generating appropriate test cases
which are able to validate the functional aspects, constraints, permissions and prohibitions of the PDP. An
experimental assessment of the toolchain and its use on a realistic case study are also presented
Selection of Regression System Tests for Security Policy Evolution
ABSTRACT As security requirements of software often change, developers may modify security policies such as access control policies (policies in short) according to evolving requirements. To increase confidence that the modification of policies is correct, developers conduct regression testing. However, rerunning all of existing system test cases could be costly and time-consuming. To address this issue, we develop a regression-test-selection approach, which selects every system test case that may reveal regression faults caused by policy changes. Our evaluation results show that our test-selection approach reduces a substantial number of system test cases efficiently