Trust and Dependability in Cloud Computing
Claus Pahl
IC4 Principal Investigator
building trust and dependability in the cloud
design for
growth
design for
widest
acceptance
design for
best
service
provision
Research Philosophy
Architecture Service Lifecycle Business Cloud and Mobile Security
Dr Claus Pahl (DCU)
Dr Brian Lee (AIT) Prof. John Morrison
(UCC)
Dr Theo Lynn (DCU)
Architecture Research
Interoperability
Interoperability SOA
Data and Service Integration
Managing and Maintaining Interoperable Solutions
Migration
Cloud Migration and Cloud Architecture Modelling SOA
Catalogue of Migration Patterns
Developing a Strategy for Migrating Legacy Software to the
Service Lifecycle
Management Research
Clou d Se rvic e s Br ok e rag e Clou d Mes sagin g Bus Me trics for Qo S an d QoE Be st P ract ic e Clo ud Mes sa ging and Moni tori ng S ys tems Au to -c onf igu ra tion and D e p lo yme n tBusiness Research
Organisation
Development
Effectiveness Toolboxes Capabilities Cloud ReadinessRegulation
EU Review US Briefing NoteCompetitive
Advantage
Cases Strategic Alignment ModelCosting & Pricing
Cloud and Mobile Security Research
Risk Catalogue for Authentication in the Cloud
Risk catalogue for Mobile Deployment
Attack Penetration Test Software Prototype
Managing Mobile Computing Risk
Searchable Encryption
Selected Research Projects
CloudPASS: an Integrated Framework for Assurance and
Accountability in the Cloud
CloudPASS: an Integrated Framework for Assurance and
Accountability in the Cloud
CloudPASS :
• a computing architecture, patterns and programming models
• independent integrated accountability, assurance and trustmark system • to build trust and confidence in cloud computing
Key features:
• enabling cloud service providers to give consumers appropriate control and transparency over the definition and execution of cloud processes and workflows
• providing assurance to consumers and regulators that processes and workflows were executed in accordance with declared service and compliance expectations
• providing independent third-party services for monitoring, auditing, certification, trust modelling to support accountability in the cloud • verifying the authenticity of trustmarks through certification.
CloudPASS: an Integrated Framework for Assurance and
Accountability in the Cloud
CloudPASS: an Integrated Framework for Assurance and
Accountability in the Cloud
• Provenance in the Cloud :
• Provenance is information about entities, activities, and people involved in producing a piece of data or thing
• Provenance can be used to form assessments about its quality, reliability or trustworthiness
• Provenance data integrity and data confidentiality of importance in the cloud – data processed by cloud services
• Provenance logging supported by database/repository • Monitoring Data:
• Provenance applies - cloud service metadata • Providing assurance that SLAs are observed
CloudPASS: an Integrated Framework for Assurance and
Accountability in the Cloud
• CloudPass System Architecture :
• Signup and Identity Management Module • Trustmark Interface
• QA Level Description Module (min-max to inform risk assessment) • Transparency and Third Party Verification Interface
• Pattern Analysis and Preventative Controls • Trustmarks :
• Framework Design – Energy and Food Labels • Metadata Platform in the form of an Ontology • Trustmark Process Design
PaaS Migration Process
On Premise
Consultation with ISV CEO
Business - FROM classical licensing model TO SaaS
Analysis
motivation discovery
Discussion
change implications
PaaS Provider
ISV PaaS Infrastructure Assessment and Requirements
Technical - FROM local TO virtualised (self-hosted, or better 3rd party-hosted) TO public configuration (3rd-party hosted, data centres)
ISV Developer and Software Development
Technical - FROM on-premise environment TO cloud data centres
Re-engineering/ Development stateless architecture Re-engineering/ Development data externalisation ISV Provisioning
Business - FROM Installation TO PaaS access channels (for clients)
Migration PaaS-level infrastructure Migration SaaS-level infrastructure Cloud Solution Infrastructure architecture scoping and definition Business Level costing and operation analysis Architecture statelessness and data externalisation Development pricing, support and marketing
PaaS Migration:
• IC4 Research into Migration Processes to determine commonalities and differences between cloud scenarios.
• Research Activities:
• Expert interviews with several multinationals covering the IaaS, PaaS and SaaS space
• Definition of Migration Processes and Patterns for difference Migration Scenarios
• Collaborators and Contributors: Microsoft, IBM, Salesforce, Cloud Consulting
• PaaS Cloud User – for example ISVs:
• Management: Clarification of migration process by defining common process activities and best-practice approaches • Concerns: Transparency of migration process with
• Technical aspects: architecture, software lifecycle
• Business aspects: change of expenditure model; skills needs • Migration Experts – PaaS platform providers:
• Documentation of reference cases as guidelines for migration project management
• Summary of best-practice for specific settings
PaaS Migration Test Case
1 10 100 100…
10 servers serving 1000 usersPaaS Migration Test Case
1 10 10 10…
10 servers serving 100 usersPaaS Migration Test Case
1 10 10 10…
1 server serving 100 users ?PaaS Migration Test Case
1 10 10 10…
1 server serving 100 users ? Problem !Sticky Session State (Statefulness)
• In a migration process, software architecture and programming need to be embedded into:
• methodological process support, e.g. enhanced questionnaires (infrastructure used, complexity of programs/data)
• analytical and diagnostic tools supporting dependency analysis and preparations for the actual re-engineering and refactoring • Overall, a productivity support system that aims at scalability
(scale-out, scale-down) and performance as a cloud benefit.
• This identifies possible software architecture and engineering techniques – software re-engineering or refactoring
• Software engineering in the PaaS migration process • Migration method and technique development • Experimental research quantifying benefits
• Software Migration and Modernisation Techniques: • Programming Models for Stateless Programming • Databases for State Management
• Data Externalisation for Resiliency
• This results in an identification of some key solution components • the first two address elasticity,
• the third addresses resiliency.
• PaaS Vendor Migration Experts:
• Quantification of experimental results to substantiate benefits of re-engineering and modernisation for the cloud
• Software engineering techniques to adjust to changing cloud landscape
• PaaS Cloud Technology Users:
• Convincing arguments for the need of optimising migration activities
• Tools to make the migration process more effective and reliable.