Challenges and Opportunities of Cloud Computing : Trade-off Decisions in Cloud Computing Architecture

1 Introduction In recent years, Cloud Computing has become an emerging technology that gains wide influence on IT systems. Cloud Computing is a distributed computing model for enabling service-oriented, on-demand network access to rapidly scalable resources [9]. Such resources include infrastructure as a service (IaaS), development and runtime platforms as a service (PaaS), and software and business applications as a service (SaaS). Clients do not own the resources, yet applications and data are guaranteed to be available and ubiquitously accessible by means of Web services and Web APIs " in the Cloud ". The main value proposition of Cloud Computing is to provide the clients a cost-effective, convenient means to consume the amount of IT resources that is actually needed; for the service provider, better resource utilization of existing infrastructure is achieved through a multi-tenant architecture. From a business perspective, Cloud Computing is about improving organizational efficiency and reducing cost, often coupled with the objective of achieving a faster time-to-market. Centrally hosted services with self-service interfaces can help to reduce lead times between organizational units who use the cloud as a collaborative IT environment. Re-usable components, packaged on virtual machines, provide a way to exchange working IT solutions. Capabilities to allocate and de-allocate shared resources on demand can significantly decrease overall IT spending. Low-cost access to data centres in different geographical regions may further reduce market entry barriers and enable new business models. From a technology and engineering perspective, Cloud Computing can help to realize or improve scalability, availability, and other non-functional properties of application architectures. In this paper, we focus on the technology perspective, and in particular on challenges and opportunities of Cloud Computing research related to quality-driven software service architectures. These include aspects of availability, runtime performance and power management, as well as privacy and distributed data usage. Not all desired architectural properties can be achieved at the same time. Trade-off decisions have to be made between several (sometimes contradictory) goals, such as: • increase availability & reliability • increase performance (latency, throughput) • increase security and ensure privacy 2

[1]  William H. Offenhauser,et al.  Wild Boars as Hosts of Human-Pathogenic Anaplasma phagocytophilum Variants , 2012, Emerging infectious diseases.

[2]  Robert P. Goldberg,et al.  Survey of virtual machine research , 1974, Computer.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[5]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[6]  Ching-Lai Hwang,et al.  Multiple attribute decision making : an introduction , 1995 .

[7]  Galen C. Hunt,et al.  Detours: binary interception of Win32 functions , 1999 .

[8]  Jim Gray,et al.  Scalability Terminology: Farms, Clones, Partitions, Packs, RACS and RAPS , 1999, ArXiv.

[9]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[10]  Eric A. Brewer,et al.  Harvest, yield, and scalable tolerant systems , 1999, Proceedings of the Seventh Workshop on Hot Topics in Operating Systems.

[11]  Antoine Joux,et al.  Why Textbook ElGamal and RSA Encryption Are Insecure , 2000, ASIACRYPT.

[12]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[13]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[14]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[15]  Noah Treuhaft,et al.  Recovery Oriented Computing (ROC): Motivation, Definition, Techniques, and Case Studies , 2002 .

[16]  Nancy A. Lynch,et al.  Brewer's conjecture and the feasibility of consistent, available, partition-tolerant web services , 2002, SIGA.

[17]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[18]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[19]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[20]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[21]  W. Gasarch A Survey on Private Information Retrieval , 2004 .

[22]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[23]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[24]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[25]  Paola Inverardi,et al.  Model-based performance prediction in software development: a survey , 2004, IEEE Transactions on Software Engineering.

[26]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[27]  Wen-Guey Tzeng,et al.  Efficient 1-Out-of-n Oblivious Transfer Schemes with Universally Usable Parameters , 2004, IEEE Trans. Computers.

[28]  Jaehong Park,et al.  A logical specification for usage control , 2004, SACMAT '04.

[29]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[30]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[31]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[32]  Daniel A. Menascé,et al.  Virtualization: Concepts, Applications, and Performance Modeling , 2005, Int. CMG Conference.

[33]  Thomas L. Saaty,et al.  Theory and Applications of the Analytic Network Process: Decision Making With Benefits, Opportunities, Costs, and Risks , 2005 .

[34]  Borja Sotomayor,et al.  Overhead Matters: A Model for Virtual Resource Management , 2006, First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006).

[35]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).

[36]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[37]  Daniel A. Menascé,et al.  Autonomic Virtualized Environments , 2006, International Conference on Autonomic and Autonomous Systems (ICAS'06).

[38]  Jean-Pierre Seifert,et al.  A technical architecture for enforcing usage control requirements in service-oriented architectures , 2007, SWS '07.

[39]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[40]  Bruno Crispo,et al.  Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[41]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[42]  Alexandra Boldyreva,et al.  Provably-Secure Schemes for Basic Query Support in Outsourced Databases , 2007, DBSec.

[43]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[44]  Satoshi Matsuoka,et al.  Model-based Resource Selection for Efficient Virtual Cluster Deployment , 2007, Proceedings of the 2nd International Workshop on Virtualization Technology in Distributed Computing (VTDC '07).

[45]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[46]  Dan Pritchett,et al.  BASE: An Acid Alternative , 2008, ACM Queue.

[47]  Yinong Chen,et al.  Virtualization-based autonomic resource management for multi-tier Web applications in shared data center , 2008, J. Syst. Softw..

[48]  Jing Xu,et al.  Autonomic resource management in virtualized data centers using fuzzy logic-based approaches , 2008, Cluster Computing.

[49]  Markus Klems,et al.  Do Clouds Compute? A Framework for Estimating the Value of Cloud Computing , 2008, WEB.

[50]  Xiaoyun Zhu,et al.  1000 islands: an integrated approach to resource management for virtualized data centers , 2009, Cluster Computing.

[51]  Christian Schaefer,et al.  Usage Control Enforcement: Present and Future , 2008, IEEE Security & Privacy.

[52]  Álvaro Enrique Arenas,et al.  Controlling Usage in Business Process Workflows through Fine-Grained Security Policies , 2008, TrustBus.

[53]  Christian Schaefer,et al.  Mechanisms for usage control , 2008, ASIACCS '08.

[54]  Frank Piessens,et al.  Security Monitor Inlining for Multithreaded Java , 2009, ECOOP.

[55]  Werner Vogels,et al.  Building reliable distributed systems at a worldwide scale demands trade-offs between consistency and availability. , 2022 .

[56]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[57]  Jörn Müller-Quade,et al.  Secure Computability of Functions in the IT Setting with Dishonest Majority and Applications to Long-Term Security , 2009, TCC.

[58]  Christian Schaefer,et al.  Usage Control Enforcement with Data Flow Tracking for X11 , 2009, STM 2009.

[59]  Robbert van Renesse,et al.  Toward a cloud computing research agenda , 2009, SIGA.

[60]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[61]  Ralf H. Reussner,et al.  Modelling Layered Component Execution Environments for Performance Prediction , 2009, CBSE.

[62]  Anderson C. A. Nascimento,et al.  A CCA2 Secure Public Key Encryption Scheme Based on the McEliece Assumptions in the Standard Model , 2009, CT-RSA.

[63]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[64]  Alexander Pretschner,et al.  State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition , 2009, 2009 Third International Conference on Network and System Security.

[65]  Kang G. Shin,et al.  Automated control of multiple virtualized resources , 2009, EuroSys '09.

[66]  Steffen Becker,et al.  The Palladio component model for model-driven performance prediction , 2009, J. Syst. Softw..

[67]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[68]  Trent Jaeger,et al.  Justifying Integrity Using a Virtual Machine Verifier , 2009, 2009 Annual Computer Security Applications Conference.

[69]  Marco Lovera,et al.  LPV Model Identification in Virtualized Service Center Environments , 2009 .

[70]  Thomas Sandholm,et al.  What's inside the Cloud? An architectural map of the Cloud landscape , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[71]  Li Zhao,et al.  VM3: Measuring, modeling and managing VM shared resources , 2009, Comput. Networks.

[72]  Wouter Joosen,et al.  The S3MS.NET Run Time Monitor: Tool Demonstration , 2009, Electron. Notes Theor. Comput. Sci..

[73]  Jörn Müller-Quade,et al.  Universally Composable Incoercibility , 2009, IACR Cryptol. ePrint Arch..

[74]  Stefan Tai,et al.  Cloud Computing: Web-basierte dynamische IT-Services , 2009 .

[75]  Larisa Shwartz,et al.  Automating the delivery of IT Service Continuity Management through cloud service orchestration , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[76]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[77]  Heiko Koziolek,et al.  Performance evaluation of component-based software systems: A survey , 2010, Perform. Evaluation.

[78]  Ralf Reussner,et al.  Technical Report : Secure Cloud Computing through a Separation of Duties , 2010 .

[79]  Bruno Crispo,et al.  xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement , 2010, IFIPTM.

[80]  Jens Happe,et al.  Automatic Derivation of Performance Prediction Models for Load-balancing Properties Based on Goal-oriented Measurements , 2010, 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[81]  Valtteri Niemi,et al.  Distributed Usage Control , 2011, ANT/MobiWIS.

[82]  Marten Schönherr,et al.  (MC2)2: A Generic Decision-Making Framework and its Application to Cloud Computing , 2010, ArXiv.