Beniamino Di Martino Giuseppina Cretella Antonio Esposito
Towards a Legislation-aware
Cloud Computing
Framework
CLOUD FORWARD CONFERENCE 2015
7th October 2015 Pisa, Scuola Normale Superiore, Italy
Motivation
The composition of cloud services to satisfy customer requirements is still a complex and tricky task, requiring care and skill owing to the huge
Through the Jungle of Cloud
Services
As cloud computing is a new and developing field of
commerce, new products and technologies are constantly
made available to cloud users. In this scope, market
dynamics often lead to confusing service descriptions.
While advertising the individual properties of a specific
cloud service may help in positioning it on the competitive
market of cloud computing, they obfuscate the common
underlying concepts.
Cloud Service Cloud Service Cloud Service Cloud Service Cloud Service Cloud Service Cloud Service Cloud Service Cloud Service Cloud ServiceCloud Patterns
The concept of Cloud Pattern emerged as a way to describe the composition and orchestration of Cloud Services in order to satisfy particular application requirements.
Cloud Patterns can be considered as a particular Pattern category, focusing on the description of problems and solutions related to Cloud Computing. They can be useful in understanding the changes to apply to an application, in terms of source code and architecture, in order to successfully migrate it from an in-house environment to the Cloud
Agnostic VS Vendor Dependent
Cloud Patterns
•
Agnostic Patterns
provide generic solutions, which are not
bound to a specific platform and are therefore more flexible
and seamlessly applicable to different targets. They are not
related to a specific Cloud Platform and can virtually be
applied to any target environment.
•
Vendor Dependent Patterns
are tailored for a target
environment and provide optimized solutions for it. They
provide many useful details regarding the actual Cloud
components and services to use to deploy an application on
the target platform, thus actively supporting developers in
their work.
Agnostic VS Vendor Dependent
Cloud Patterns
Agnostic Pattern
A framework for semantic and
pattern based support to Cloud
Portability and Interoperability
Components:
•
A Semantic, Machine Readable and Uniform Representation of
Cloud Resources, Services and Patterns
•
A Semantic and Rule-based System that works over the
semantic representation to Support Multi Cloud Portability
and Interoperability
•
A Semantic and Matchmaking Approach for Discovery,
Mapping and Aligning Cloud Providers’s Services
Based on results of EC project mOSAIC -
Open-Source API
and Platform for Multiple Clouds
http://www.mosaic-cloud.euAn API
Cloud-based language- and platform-independent API
Extends the existing language- or platform-dependent API capabilities with composite features based on patterns
A framework
Semantic engine
Cloud ontology & Semantic retrieval of agnostic Cloud services and resources driven by Design, Functional and Application Patterns
Automatic inferencing of resources configurations and dimensionalit
Cloud agency to perform multiCloud brokering and negotiation
Dynamic Semantic Discovery Service for Services discovery and integration
Application Tools supporting Cloud Apps development
An open-source platform
ready to be tested, exploited or extended by its users; includes instances of the APIs for three programming languages and application tools
mOSAIC Partners
Second University of Naples – It (Prj Coordinator) IeAT – Ro (Sci Coordinator)
European Space Agency - Fr AITIA - Hu Tecnalia - Sp Terradue - It XLAB - Slo
University of Lubljiana - Slo
A uniform, integrated, machine-readable, semantic
Agnostic vs Vendor dependent
concepts
•
Assessing equivalence between Services and
Appliances
Sparql queries
Information retrieval
Do not create new information
SWRL rule
Automatic reasoning KB enrichment
Query simplification
Enrichment of the Semantic Representation
with Automated Reasoning
SELECT ?service ?appliance
WHERE { ?service rdf:type cloudOntology:CloudService.
?appliance rdf:type cloudOntology:VirtualAppliance.
•
Building Vendor specific Patterns from Agnostic ones
Infer equivalence among patterns' components and cloud services
Use equivalence between
patterns' participants and services to create new (vendor specific) patterns.
Instantiate patterns with
heterogeneous services (with slight modifications)
?vendor ?vendor
Enrichment of the Semantic Representation
with Automated Reasoning
A Semantic and Rule-based System to Support Multi
Cloud Portability and Interoperability
i.
identification of the application components starting from an
application (an existing legacy application or the design of a
new one);
ii.
mapping of these components on agnostic cloud patterns and
cloud services;
iii.
discovery of vendor dependent cloud service and patterns to
implement the application components through automated
reasoning;
iv.
composition among cloud services in order to implement cloud
patterns;
v.
replacement of cloud services of a particular cloud vendor with
other cloud services offering the same functionalities
exploiting the composition described in the cloud pattern thus
enabling interoperability.
Porting applications to Interoperable
Multi-Clouds
Application pattern definition:
Application pattern definition:
OWL-S Description
Functional Syntax
…………ClassAssertion(process:ControlConstructList :LeaderElection_ControlConstructList_1)
ObjectPropertyAssertion(list:first :LeaderElection_ControlConstructList_1 :LeaderElection_Perform_1) ObjectPropertyAssertion(list:rest :LeaderElection_ControlConstructList_1
:LeaderElection_ControlConstructList_2)
ClassAssertion(process:ControlConstructList :LeaderElection_ControlConstructList_10)
ObjectPropertyAssertion(list:first :LeaderElection_ControlConstructList_10 :LeaderElection_Perform_10) ObjectPropertyAssertion(list:rest :LeaderElection_ControlConstructList_10
:LeaderElection_ControlConstructList_11)
ClassAssertion(process:ControlConstructList :LeaderElection_ControlConstructList_11)
ObjectPropertyAssertion(list:first :LeaderElection_ControlConstructList_11 :LeaderElection_Perform_11) ObjectPropertyAssertion(list:rest :LeaderElection_ControlConstructList_11 list:nil)
ClassAssertion(process:ControlConstructList :LeaderElection_ControlConstructList_2)
ObjectPropertyAssertion(list:first :LeaderElection_ControlConstructList_2 :LeaderElection_Perform_2) ObjectPropertyAssertion(list:rest :LeaderElection_ControlConstructList_2
:LeaderElection_ControlConstructList_3)
ClassAssertion(process:ControlConstructList :LeaderElection_ControlConstructList_3) ObjectPropertyAssertion(list:first :LeaderElection_ControlConstructList_3
Case Study: a three-tier application
Railway Reservation System Components:
• the reservation front end that provides a web interface to web users;
• the back end system that is in turn composed of the
availability checker system, the reservation system (in charge of make the actual reservations) and the payment system (that validates online purchase transactions).
• the database that holds
information on trains, stations and timetables
Agnostic Three-Tier Cloud
Application Pattern
For each tier a composition of cloud patterns is suggested to improve the single tier performance.
Mapping between application
Agnostic Pattern - The presentation tier
The stateless component pattern is used to handle externally the status of the application component to ease the scaling-out and to make the application more tolerant to component failures .
The user interface component pattern serves as a bridge between the synchronous access of the human user and the asynchronous
Agnostic Pattern - The business logic tier
•
The stateless component pattern
holds the same role of the
same component is the presentation layer .
•
The processing component pattern
enable the execution of
separate function blocks on independent processing
components implemented in a stateless fashion and able to
scaled out independently.
Agnostic Pattern -
The data tier
•
The access to the data layer is enabled through the data
access component pattern that coordinates all data
manipulation. In case a storage offering shall be replaced or
the interface of a storage offering changes, the data access
component is the only component that has to be adjusted.
Vendor Dependent Pattern - Presentation Tier
If we consider the Amazon cloud pattern catalogue, the features
required by the stateless component pattern in the presentation
and logic layer are implemented by the state sharing pattern.
The kind of cloud services to use to
compose the pattern are not left to the
choice of the developer but are stated
by the pattern itself. In particular this
pattern allows to maintain state
information in a scale-out structure.
The state information need to be placed
in a high-durability shared data store
which can be ElastiCache, SimpleDB
(KVS), DynamoDB, Amazon Relational
Database Service (RDS) or Amazon
Simple Storage Service (S3) depending
on the requirements.
Vendor Dependent Pattern -
Logic Tier
Vendor Dependent Pattern -
Logic Tier
In the case of adoption of vendor dependent cloud patterns, the pattern indicates the relationships between the various components and their configuration. As instance for the scale out pattern it's possible to use a combination of three services: the load balancing service (Elastic Load
Balancing (ELB)), the monitoring tool (CloudWatch), and the automatic scale-out service (Auto Scaling). The configuration procedure is described in step as reported below:
• Set up multiple EC2 instances in parallel (as web/AP servers) under the control of ELB.
• Create an Amazon Machine Image (AMI) to be used when starting up a new EC2 instance.
• Define the conditions (metrics) to trigger an increase or decrease in the number of EC2 instances. The average CPU use rate of an EC2 instance, the amount of network traffic, the number of sessions, the Elastic Block Store (EBS) latency are often used.
• Use CloudWatch to monitor these metrics, and set up to issue an alarm if specific conditions are satisfied.
• Set up so that Auto Scaling will increase or decrease the number of EC2 instances when an alarm is received.
Implementation of the
Presentation tier with AWS
patterns
Law-awareness in Cloud Computing
•
Most of the application frequently processes, stores, or
transmits data that are subject to regulatory and compliance
requirements.
•
When data falls under regulatory or compliance restrictions,
the choice of cloud deployment hinges on an understanding
that the provider is fully compliant.
•
Using the Cloud may raise legal risks, but these need not be an
impediment to the adoption of cloud. The important thing is
to be fully aware of the risks and the regulations that acts on
the data and the security features offered by the providers
before deciding to put data into the Cloud.
Cloud Computing legal issues
• Data privacy security and confidentiality: the confidentiality, availability and integrity of data must be ensured by means of
appropriate organizational and technical measures. These also include the protection of systems and data from the risks of unauthorized or arbitrary destruction, arbitrary loss, technical faults, forgery, theft and unlawful use, as well as from unauthorized modification, copying, access or other unauthorized processing.
• Location of data: Some vendors form contracts expressly reserve the right to store customer data in any country in which they do business. While dispersed geographical storage is beneficial from a data
protection and backup perspective, it can raise law issues for some kind of data.
• Suspension and termination of the service: the vendor will return or destroy any copies of data once the cloud service is no more used by the customer, but this cannot be assumed.
• Ownership of data: the contract should expressly make clear that all data belongs to the customer and that the vendor acquires no rights or licenses to use the data for its own purposes.
Standards for law representation and
tagging:
• Metalex: Open XML interchange format for legal and legislative resources. The MetaLex standard has been developed within the EPOWER project, with the objective to introduce ICT technologies to support citizens and Governments in accessing and managing the growing volume of legal information produced by national, international, European and local authorities. The standard is based on an XML-based formalism for the mark-up of legal documents, and it provides a generic and easily extensible base for the complete representation of legal documents and constraints. Several European initiatives are currently collaborating to improve the MetaLex standard in order to retain compliance among the different formats used throughout Europe. Among these, the most relevant ones are represented by LexDania, CHLexML, NormeInRete and Formex.
• Akoma-Ntoso: The project Akoma Ntoso started indeed from an internationalization and a complete re-engineering of the XML of Normeinrete, which represent its backbone. The Akoma-Ntoso standard can be applied to the entire legislative chain, from law proposal to the final approval of the legislative decree, also including the reports of commissions, chambers, magistrates and so on.
The standard is based on the following elements:
• A common model for the representation of documents, based on XML for the definition of their structure and syntax.
• A shared model for the exchange of documents, based on the similarities which characterize the different legislative processes.
• A shared scheme for data representation.
• A shared scheme for the representation of references ontologies and meta data. Metadata provide auxiliary information which enrich the documents, such as the publication date, or the name the last modifier.
• A common scheme for quotations and cross-references. The adoption of a common convention for the names and references, among a common reference mechanism, as proposed by Akoma Ntoso, improves documents accessibility and navigability.
Standards for law
representation and tagging:
Most of the approaches have a few elements in common:
•
The use of XML for the definition of schemas to support some
or all the activities connected to the production, storage and
transmission of legal documents.
•
The exploitation of semantic-web technologies (RDF, OWL) to
enrich the annotated documents and provide useful
A semantic-based approach to support
legislations compliancy of cloud services
A semantic-based approach
The
Cloud
Services
semantic
layer
is
augmented with concepts
regarding
the
service
geographical location and
legislation
sensitive
features
of
the
functionality offered in
terms of security and
privacy. These concepts
include as instance the
service location, service
features such as data
anonymisation, data loss
protection,
transfer
A semantic-based approach
• The Laws and Regulations Knowledge base component includes the formalization in logical predicates of the law prescriptions. This information is obtained by processing the representation of regulations performed by existing standards.
• The Application Requirements KB component includes a processable representation of the application
requirements in terms of kind of data the application handles and kind of treatment that will be performed on the data.
• the Rule based engine verifies the assertions that represent the description of the cloud services to determine if the service is
A Prototype Tool to Verify the Legislative
Compliance of Cloud Services
A user oriented tool able to verify the compliance of services
provided by different providers w.r. to legislations and
regulations. The user interacts with the framework by using an
interface that enables to specify the application requirements,
in particular the user can set:
•
the kind of data
to manage, according to pre-defined
categories (sensitive, health, judicial or not subject to
protection data);
•
the aim and kind of treatment
according to pre-defined
categories (scientific, statistical, historical or generic
treatment);
•
the service provider
and possibly the specific services
•
the location of the service
among the given locations defined
for the selected provider.
A Prototype Tool to Verify the Legislative
Compliance of Cloud Services
Possible use cases:
•
to verify the compliance of a specific provider service, given the
kind of data and the kind of treatment
•
to classify the providers based on their data center location
•
To discover, for a given provider and service, the kind of
treatment allowed.
The tool currently checks compliancy with the Italian legislation
and in particular with the Italian
Legislative Decree 196/2003
The legislation KB
• The legislation database was obtained from the laws of reference on privacy, by formalizing the aspects of the law that are useful and applicable for cloud services in order to generate a knowledge base useful to be processed by the framework. In particular, starting from the text, we have identified four types of information to be
formalized:
• implicit (concepts assumed to be already known and thus not further explained)
• explicit (which defines a particular concept)
• complementary (concepts not explicitly defined in the analyzed decree but necessary to interpret the law)
• prescriptive (the key concept that represent the law disposition) information. The prescriptive sentences has been translated in logical rules.
Tool architecture
By means of the input provided by the user that describes the application
requirements, and the description of the cloud services functionalities, the rules that represent the law will be examined in order to verify the compliance of the services. A prototypical application has been implemented in order to test these rules.
There are two main components: the back end that is composed by the Ontology Cache, the OWL Parser and the SWIPL Facade and the front end. The Owl Parser
extracts information from ontologies coded in OWL and convert them into Prolog facts that are then queried using the rules by the SWIPL Facade component.
The communication between the back end and the front end takes place through AJAX calls and JSON messages.
An example
The user need to use a cloud service to store medical data for a
scientific treatment. The user want to use the Amazon Simple Storage
Service within a data center located in EU.
The figure illustrates how the user can specify the
application
requirement by using the web page of the application that
enable to specify the kind of data, the kind of treatment, the service provider and the specific service, the location of the data center among the ones possible for the specific provider.
The application: an example
The result of this specific request is illustrated in the figure. Due to the specific kind of data and the particular kind of treatment the selected service needs to be
enriched with
features that can be complemented by using one of the complementary services suggested.
Furthermore the system lists the rules that are satisfied by the particular services and some warnings that represent tips to the user in order to advise him of some normative obligations, as instance to verify if the data owner has already signed a consent form.
Conclusion and Future work
• Cloud Pattern have arisen from the need to provide both general and specific solutions to recurring problems in the definition of architectures for Cloud applications. For this reason Cloud Patterns mainly focus on the architecture of the Cloud solution and in most cases this lead to the development of platform dependent patterns, which can be applied only to a specific platform offered by a specific vendor.
• Despite the poor flexibility showed by some vendor specific
Patterns, Cloud Patterns still represent a valuable means to enhance Portability and Interoperability among Cloud platforms.
• Patterns can be used to describe and model existing Cloud
applications in a very easily understandable manner, tracing back the different Cloud implementations to a set of well known and stable solutions.
• Using a Cloud Pattern, and in particular an agnostic one, as a canvas on which to develop a new application, it would be possible to
implement each of the Pattern's participant with services and components exposed by different Cloud vendors.
Conclusion and future work
• Maintaining the levels of protection of data and privacy,
confidentiality and security required by current legislation in cloud computing infrastructure is a new challenge, as is meeting the
restrictions on cross-border data transfer (the problem of data location) and holding the ownership of data.
• While most of the Cloud providers can guarantee some measurable non-functional performance metrics e.g., service availability or
throughput, there is lack of adequate mechanisms for guaranteeing that the provider is compliant with the actual legislation in terms of security, trust and privacy. This lack represents an obstacle for
moving most business relevant applications into the Cloud.
• The definition of application requirements is actually more complex and more complex patterns need to be considered.
SPRINGER BRIEFS IN COMPUTER SCIENCE SPRINGER BRIEFS IN COMPUTER SCIENCE
ISBN 978-3-319-13700-1
Beniamino Di Martino
Giuseppina Cretella
Antonio Esposito
Cloud
Portability and
Interoperability
Issues and Current Trends
Cloud P or tabilit y and In te roper abilit y D i Mar tino · Cr et ella · Esposit o
Beniamino Di Martino · Giuseppina Cretella · Antonio Esposito
Cloud Portability and Interoperability
Issues and Current Trends
Computer Science
329425_Print.indd 1
Contact Information Website
Prof. Beniamino Di Martino, Second University of Naples, Italy http://ccpi.unina2.it mOSAIC Project Coordinator
Phone: +39-0815010282
Fax: +39-0815037042
Email: beniamino.dimartino@unina.it
Cloud Computing Projects and Initiatives: CCPI’16
Crans-Montana, Switzerland March 23, 2016 – March 25, 2016 Co-located with:
The 30TH International Conference on Advanced Information Networking and Applications (AINA-2016)
Workshop Chair
Beniamino Di Martino, Second University of Naples, Italy
Introduction
Cloud computing represents one of the most challenging technological fields both for academic and business. Several projects are contributing to its rapid development, witnessing the great interest of the research community on one side, and of the users on the other. The workshop aims to be a forum for exchanging ideas on different Cloud computing related topics
and finding synergies between projects
(expecially EC funded ones, but not only) tackling similar challenges. Getting insight in on-going Cloud-related projects will facilitate the exchanges of information among the researchers and will enhance the communication of research results, avoiding unwanted duplication. Despite different backgrounds and challenging different issues, several topics are relevant for all projects and strengthen their cooperation and joining the forces will hopefully be a valuable outcome of the CCPI Workshop, now at its fourth edition. Important Dates
Paper submission:
November 15th, 2015
Acceptance notification:
December 20th, 2015
Camera ready and registration deadline:
January 20th, 2015 (STRICT)
Main topics:
- Clouds federation - Clouds interoperability - Cloud programming
- Cloud computing standards - HPC Cloud
- Cloud@Home
- Cloud delivery models - Cloud-based applications - Cloud middleware - Cloud security - Cloud semantics - Agents and Clouds
- Porting Software, Applications and Data to Cloud
- Cloud Portability
Other topics related to Cloud are welcome as well.
Publication of papers
Accepted papers will be included in the main Conference proceedings, published by IEEE Conference Publishing Services - CPS. Accepted papers will be given guidelines in
preparing and submitting the final
manuscript(s) together with the notification of acceptance. Presented papers at AINA 2016 will be considered for publication in several Special Issues in refereed International Journals. Papers submitted to special issues
must be updated/expanded prior to
submission elsewhere.
Paper Submission Guidelines
Submit a full paper of at most 8 pages (IEEE Computer Society Proceedings Manuscripts style: two columns, single-spaced), including figures and references, using 10 fonts, and number each page. Papers accepted for publication must also be supplied in source form (Latex or Word). For camera ready, please read the IEEE instructions at the main conference website.
