A Runtime Model Approach for Data Geo-location Checks of Cloud Services

Organizations have to comply with geo-location policies that prescribe geographical locations at which personal data may be stored or processed. When using cloud services, checking data geo-location policies during design-time is no longer possible - data geo-location policies need to be checked during run-time. Cloud elasticity mechanisms dynamically replicate and migrate virtual machines and services among data centers, thereby affecting the geo-location of data. Due to the dynamic nature of such replications and migrations, the actual, concrete changes to the deployment of cloud services and thus to the data geo-locations are not known. We propose a policy checking approach utilizing runtime models that reflect the deployment and interaction structure of cloud services and components. By expressing privacy policy checks as an st-connectivity problem, potential data transfers that violate the geo-location policies can be rapidly determined. We experimentally evaluate our approach with respect to applicability and performance using an SOA-version of the CoCoME case study.

[1]  Mary Shaw,et al.  Software architecture: the next step for object technology (panel) , 1993, OOPSLA '93.

[2]  Daniel Moldovan,et al.  Multi-level Elasticity Control of Cloud Services , 2013, ICSOC.

[3]  Wilhelm Hasselbring,et al.  Performance Simulation of Runtime Reconfigurable Component-Based Software Architectures , 2011, ECSA.

[4]  Samuel Kounev,et al.  Automated extraction of architecture-level performance models of distributed component-based systems , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[5]  Andreas Metzger,et al.  Preventing Performance Violations of Service Compositions Using Assumption-Based Run-Time Verification , 2011, ServiceWave.

[6]  Muhammad Awais Shibli,et al.  Comparative Analysis of Access Control Systems on Cloud , 2012, 2012 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[7]  Wil M. P. van der Aalst,et al.  Time prediction based on process mining , 2011, Inf. Syst..

[8]  Ari Juels,et al.  New approaches to security and availability for cloud data , 2013, CACM.

[9]  Soon Myoung Chung,et al.  Privacy-Preserving Attribute Distribution Mechanism for Access Control in a Grid , 2009, 2009 21st IEEE International Conference on Tools with Artificial Intelligence.

[10]  Srikumar Venugopal,et al.  Modeling Performance of Elasticity Rules for Cloud-Based Applications , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference.

[11]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[12]  Raffaela Mirandola,et al.  The Common Component Modeling Example: Comparing Software Component Models [result from the Dagstuhl research seminar for CoCoME, August 1-3, 2007] , 2007, CoCoME.

[13]  Samuel Kounev,et al.  Modeling dynamic virtualized resource landscapes , 2012, QoSA '12.

[14]  Maria Luisa Villani,et al.  A framework for QoS-aware binding and re-binding of composite web services , 2008, J. Syst. Softw..

[15]  Thomas Engel,et al.  Verification of Data Location in Cloud Networking , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[16]  Petter Svärd,et al.  Self-management Challenges for Multi-cloud Architectures (Invited Paper) , 2011 .

[17]  Rajkumar Buyya,et al.  Dynamically scaling applications in the cloud , 2011, CCRV.

[18]  Dragan Ivanovic,et al.  Constraint-Based Runtime Prediction of SLA Violations in Service Orchestrations , 2011, ICSOC.

[19]  Zachary N. J. Peterson,et al.  Geolocation of data in the cloud , 2013, CODASPY.

[20]  Uwe Zdun,et al.  Systematic literature review of the objectives, techniques, kinds, and architectures of models at runtime , 2016, Software & Systems Modeling.

[21]  Wilhelm Hasselbring,et al.  Engineering and Continuously Operating Self-Adaptive Software Systems: Required Design Decisions , 2009 .

[22]  Shahar Maoz,et al.  Using Model-Based Traces as Runtime Models , 2009, Computer.

[23]  Robert Heinrich,et al.  Model-driven Instrumentation with Kieker and Palladio to Forecast Dynamic Applications , 2013, KPDAYS.

[24]  Klaus Pohl,et al.  Extending WS-Agreement to Support Automated Conformity Check on Transport and Logistics Service Agreements , 2013, ICSOC.

[25]  Yanpei Chen,et al.  Interactive Analytical Processing in Big Data Systems: A Cross-Industry Study of MapReduce Workloads , 2012, Proc. VLDB Endow..

[26]  Carlo Ghezzi,et al.  Model evolution by run-time parameter adaptation , 2009, 2009 IEEE 31st International Conference on Software Engineering.