A middleware for assured clouds

Journal of Internet Services and Applications - Tập 3 - Trang 87-94 - 2011
Roy H. Campbell1, Mirko Montanari1, Reza Farivar1
1Thomas M. Siebel Center for Computer Science, University of Illinois, Urbana, USA

Tóm tắt

This paper considers mission assurance for critical cloud applications, a set of applications with growing importance to governments and military organizations. Specifically, we consider applications in which assigned tasks or duties are performed in accordance with an intended purpose or plan in order to accomplish an assured mission. Mission-critical cloud computing may possibly involve hybrid (public, private, heterogeneous) clouds and require the realization of “end-to-end” and “cross-layered” security, dependability, and timeliness. We propose the properties and building blocks of a middleware for assured cloud computing that can support critical missions. In this approach, we assume that mission critical cloud computing must be designed with assurance in mind. In particular, the middleware in such systems must include sophisticated monitoring, assessment of policies, and response to manage the configuration and management of dynamic systems-of-systems with both trusted and partially trusted resources (data, sensors, networks, computers, etc.) and services sourced from multiple organizations.

Từ khóa


Tài liệu tham khảo

Agha G, Meseguer JE, Sen K (2006) PMaude: Rewrite-based specification language for probabilistic object systems. In: 3rd wksp quantitative aspects of programming languages (QAPL)

Amazon AWS (2008) Amazon S3 availability event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html

Amazon AWS (2011) AWS risk and compliance. Amazon Whitepapers

Amazon AWS Summary of the Amazon EC2 and Amazon RDS service disruption in the US East Region. http://aws.amazon.com/message/65648/

Assured Cloud Computing University Center of Excellence. http://assured-cloud-computing.illinois.edu/

Bellessa J, Kroske E, Farivar R, Montanari M, Larson K, Campbell RH (2011) NetODESSA: resilient policy enforcement for cloud networks. In: RACOS 2011, in conjunction with the 30th IEEE symposium on reliable distributed systems (SRDS)

Binning D (2011) Cloud computing may be the saviour of true unified communications. CIO Mag, May

Bowers KD, Van Dijk M, Juels A, Oprea A, Rivest RL (2011) How to tell if your cloud files are vulnerable to drive crashes. In: ACM conference on computer and communications security

Ceri S, Gottlob G, Tanca L (1989) What you always wanted to know about Datalog (and never dared to ask). IEEE Trans Knowl Data Eng 1(1):146–166

Dean J, Ghemawat S (2004) MapReduce: simplified data processing on large clusters. In: OSDI

Department of Defense (2010) Directive 3020.40: DoD policy and responsibilities for critical infrastructure. January

DMTF, Web-based enterprise management. http://www.dmtf.org/standards/wbem

Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Annual network and distributed systems security symposium

Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: ACM symposium on theory of computing (STOC)

Isard M, Budiu M, Yu Y, Birrell A, Fetterly D (2007) Dryad: distributed data-parallel programs from sequential building blocks. In: Proceedings of the 2nd ACM SIGOPS/EuroSys European conference on computer systems

Jabbour K, Muccio S (2011) The science of mission assurance. J Strateg Secur 4(2):61–74

Jingwei H, Nicol D (2010) A formal-semantics-based calculus of trust. IEEE Internet Comput

Juels A, Kaliski BS Jr (2007) PORs: Proofs of retrievability for large files. In: ACM conference on computer and communications security

Leitner P, Michlmayr A, Rosenberg F, Dustdar S (2010) Monitoring, prediction and prevention of sla violations in composite services. In: IEEE international conference on web services

Li G, Jacobsen HA (2005) Composite subscriptions in content-based publish/subscribe systems. In: ACM/IFIP/USENIX middleware

Lockheed Martin (2011) Lockheed Martin announces blackcloud solution based on trusted infrastructure technologies from cyber security alliance partners. Lockheed Martin Press Release

Montanari M, Campbell R (2011) Attack-resilient compliance monitoring for large distributed infrastructure systems. In: 5th international conference on network and system security (NSS)

Montanari M, Chan E, Larson K, Yoo W, Campbell R (2011) Distributed security policy conformance. In: Future challenges in security and privacy for academia and industry (SEC)

Montanari M, Chaugule A, Campbell R (2011) Robustness of compliance to infrastructure security policies. Computer Science Research and Technical Reports. University of Illinois

National Institute for Standard and Technology (2011) Federal information security management act (FISMA) implementation project. http://csrc.nist.gov/groups/SMA/fisma/

New York Times, April 2011. http://bits.blogs.nytimes.com/2011/04/21/amazon-cloud-failure-takes-down-web-sites/

PCI Security Standard Council (2011) PCI-DSS v2.0. https://www.pcisecuritystandards.org

Sommers J, Barford P, Duffield N, Ron A (2007) Accurate and efficient SLA compliance monitoring. In: ACM SIGCOMM

Szefer J, Keller E, Lee RB, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: ACM conference on computer and communications security

Vaughan-Nichols SJ (2011) OpenFlow: the next generation of the network? IEEE Comput 44(8)

Verma A, Cherkasova L, Campbell RH (2011) ARIA: automatic resource inference and allocation for MapReduce environments. In: International conference on autonomic computing (ICAC), June 2011

Wang L, Tao J, Kunze M, Castellanos AC, Kramer D, Karl W (2008) Scientific cloud computing: early definition and experience. IEEE HPCC

Zhang K, Zhou X, Chen Y, Wang X, Ruan Y (2011) Sedic: Privacy-aware data intensive computing on hybrid cloud. In: ACM conference on computer and communications security

Zulkernine F, Martin P, Craddock C, Wilson K (2009) A policy-based middleware for web services sla negotiation. In: IEEE international conference on web services

Thông tin
Thông tin xuất bản

Journal of Internet Services and Applications

Tập 3

87-94

Thông tin tác giả