DOCSLIB.ORG

Policy-Driven Governance in Cloud Service Ecosystems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Policy-Driven Governance in Cloud Service Ecosystems Policy-Driven Governance in Cloud Service Ecosystems By: Dimitrios Kourtesis A thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy The University of Sheffield Faculty of Engineering Department of Computer Science 28 September 2016 South East European Research Centre Abstract Cloud application development platforms facilitate new models of software co-development and forge environments best characterised as cloud service ecosystems. The value of those ecosystems increases exponentially with the addition of more users and third-party services. Growth however breeds complexity and puts reliability at risk, requiring all stakeholders to exercise control over changes in the ecosystem that may affect them. This is a challenge of governance. From the viewpoint of the ecosystem coordinator, governance is about preventing negative ripple effects from new software added to the platform. From the viewpoint of third-party developers and end-users, governance is about ensuring that the cloud services they consume or deliver comply with requirements on a continuous basis. To facilitate different forms of governance in a cloud service ecosystem we need governance support systems that achieve separation of concerns between the roles of policy provider, governed resource provider and policy evaluator. This calls for better modularisation of the governance support system architecture, decoupling governance policies from policy evaluation engines and governed resources. It also calls for an improved approach to policy engineering with increased automation and efficient exchange of governance policies and related data between ecosystem partners. The thesis supported by this research is that governance support systems that satisfy such requirements are both feasible and useful to develop through a framework that integrates Semantic Web technologies and Linked Data principles. The PROBE framework presented in this dissertation comprises four components: (1) a governance ontology serving as shared ecosystem vocabulary for policies and resources; (2) a method for the definition of governance policies; (3) a method for sharing descriptions of governed resources between ecosystem partners; (4) a method for evaluating governance policies against descriptions of governed ecosystem resources. The feasibility and usefulness of PROBE are demonstrated with the help of an industrial case study on cloud service ecosystem governance. Acknowledgements My PhD supervisors Iraklis Paraskakis and Anthony J.H. Simons have my gratitude. I am grateful to Iraklis for introducing me to academic research and for giving me the opportunity to work as a research associate at SEERC for six great years. I am grateful to Tony for his wise advice, his intellectually stimulating teaching and his help with keeping me focused on completing this research. I wish to thank both of them for their genuine support at times when full-time work along part-time research study became challenging. I am thankful to my colleagues at SEERC, to the academics of the Computer Science department at the University’s International Faculty in Thessaloniki and to our research partners from companies and academic institutions with whom I had the privilege to work during my PhD research1. I also want to thank Andigoni Malousi, my beloved cousin who has been an inspiration for the academic studies I pursued in Computer Science - thank you for helping me to cross the PhD finish line. The limitless support and loving patience of my wife Aimilia from the beginning of this research to this day is the single thing that kept me going. This work is really her achievement. Aimilia and the two beautiful children we have been blessed with, Yannis and Thanos, have been my motivation. I am thankful to our son Yannis who is now six years old and planning a future career in science, for being an explosive source of inspiration. I am thankful for his active (daily) encouragement for me to study and complete my writing. At present he finds it extremely cool that dad is pursuing a doctorate degree. I hope he will think the same when he gets to read this dissertation! I am also thankful to our beautiful five-month old son Thanos who has been observing with keen interest and a warm smile but without saying much for the present time —or should I say, not much with clear semantics. Yannis and Thanos will now have more playtime with dad, I promise. My parents, if it wasn’t for you... Mother, I am eternally grateful for your unconditional love and support. Father, I keep your words to my heart and eternally miss you. 1 This research work was supported by a University of Sheffield Scholarship, with full PhD tuition fees sponsored by the South-East European Research Centre (SEERC). It also benefited from my participation in two research projects sponsored by European Commission research grants: CAST, funded by Eureka Eurostars (E! 4373) and Broker@Cloud, funded by the Seventh Framework Programme (FP7-ICT 318392). Table of Contents 1 INTRODUCTION ....................................................................................................... 2 1.1 MOTIVATION ............................................................................................................... 2 1.2 RESEARCH AIMS AND OBJECTIVES .................................................................................... 6 1.3 RESEARCH RESULTS ....................................................................................................... 7 1.4 DISSERTATION OUTLINE ................................................................................................. 8 2 CLOUD SERVICE ECOSYSTEMS AND GOVERNANCE SUPPORT SYSTEMS .................... 12 2.1 INTRODUCTION .......................................................................................................... 12 2.2 CLOUD SERVICES ......................................................................................................... 12 2.2.1 The paradigm of cloud computing ..................................................................... 12 2.2.2 Cloud computing service models ....................................................................... 13 2.2.3 Cloud application platforms............................................................................... 15 2.3 SOFTWARE ECOSYSTEMS IN THE CLOUD .......................................................................... 17 2.3.1 Software co-development .................................................................................. 17 2.3.2 Software ecosystems ......................................................................................... 19 2.3.3 Cloud service ecosystems ................................................................................... 20 2.4 THE CHALLENGE OF GOVERNANCE ................................................................................. 23 2.4.1 Definitions of governance .................................................................................. 23 2.4.2 Governance in cloud service ecosystems ........................................................... 24 2.4.3 Research on governance of software ecosystems ............................................. 27 2.5 GOVERNANCE SUPPORT SYSTEMS – STATE OF THE ART ...................................................... 30 2.5.1 Examples of governance control mechanisms from app stores ........................ 30 2.5.2 Best practices from SOA governance ................................................................. 32 2.5.3 Definition and enforcement of governance policies .......................................... 34 2.6 SUMMARY ................................................................................................................. 36 3 GOVERNANCE IN CLOUD SERVICE ECOSYSTEMS: KEY REQUIREMENTS ..................... 40 3.1 INTRODUCTION .......................................................................................................... 40 3.2 EXAMPLES OF GOVERNANCE IN A CLOUD SERVICE ECOSYSTEM ............................................ 41 3.2.1 Scenario 1: Quality review in a private PaaS environment ................................ 41 3.2.2 Scenario 2: Regulatory compliance audits of cloud applications ...................... 43 3.2.3 Scenario 3: Lifecycle management and quality control in a cloud service ecosystem ....................................................................................................................... 44 3.2.4 Scenario 4: External auditing of cloud service providers ................................... 46 3.2.5 Scenario 5: Policy-based governance by a cloud service broker ........................ 47 3.3 ROLES AND CONCERNS OF STAKEHOLDERS IN THE GOVERNANCE PROCESS ............................. 50 3.3.1 Roles in the governance process ........................................................................ 50 3.3.2 Distribution of governance roles ........................................................................ 50 3.3.3 Types of concerns ............................................................................................... 51 3.3.4 Policy provider concerns .................................................................................... 51 i 3.3.5 Data provider concerns ...................................................................................... 53 3.3.6 Policy evaluator concerns .................................................................................. 55 3.4 IMPLICATIONS ON THE DESIGN OF GOVERNANCE SUPPORT SYSTEMS
Load more

Recommended publications
  • Microsoft Security Intelligence Report
    Microsoft Security Intelligence Report Volume 20 | July through December, 2015 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. Copyright © 2016 Microsoft Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors Charlie Anthe Dana Kaufman Anthony Penta Cloud and Enterprise Security Azure Active Directory Team Safety Platform Nir Ben Zvi Nasos Kladakis Ina Ragragio Enterprise and Cloud Group Azure Active Directory Team Windows and Devices Group Patti Chrzan Daniel Kondratyuk Tim Rains Microsoft Digital Crimes Unit Azure Active Directory Team Commercial Communications Bulent Egilmez Andrea Lelli Paul Rebriy Office 365 - Information Windows Defender Labs Bing Protection Geoff McDonald Stefan Sellmer Elia Florio Windows Defender Labs Windows Defender Labs Windows Defender Labs Michael McLaughlin Mark Simos Chad Foster Identity Services Enterprise Cybersecurity Bing Group Nam Ng Roger Grimes Enterprise Cybersecurity Vikram Thakur Microsoft IT Group Windows Defender Labs Paul Henry Niall O'Sullivan Alex Weinert Wadeware LLC Microsoft Digital Crimes Unit Azure Active Directory Team Beth Jester Daryl Pecelj Terry Zink Windows Defender Microsoft IT Information
    [Show full text]
  • Secure Software Distribution System
    SECURE SOFTWARE DISTRIBUTION SYSTEM Tony Bartoletti ([email protected]), Lauri A. Dobbs ([email protected]), Marcey Kelley ([email protected]) Computer Security Technology Center Lawrence Livermore National Laboratory PO Box 808 L-303 Livermore, CA 94551 June 18, 1997 Abstract Authenticating and upgrading system software plays a critical role in information security, yet practical tools for assessing and installing software are lacking in today’s marketplace. The Secure Software Distribution System (SSDS) will provide automated analysis, notification, distribution, and installation of security patches and related software to network-based computer systems in a vendor-independent fashion. SSDS will assist with the authentication of software by comparing the system’s objects with the patch’s objects. SSDS will monitor vendors’ patch sites to determine when new patches are released and will upgrade system software on target systems automatically. This paper describes the design of SSDS. Motivations behind the project, the advantages of SSDS over existing tools as well as the current status of the project are also discussed. Keywords: security, distributed, software management DISCLAIMER This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California.
    [Show full text]
  • Kace Asset Management Guide
    Kace Asset Management Guide Metaphorical Lucio always evangelising his synarchy if Moishe is capitular or writhe sufferably. Hymenopterous Sibyl always politicks his decimators if Aub is alabastrine or site photogenically. Which Rodolph breezed so fined that Swen inculcated her speculator? With kace customers run quest kace systems management, united states merchant marine academy. Maintenance costs have been annualized over several period on three years to extract their harvest over time. Comparing suites from sap helps clients bring their asset management solutions provider hardinge inc, kace asset management are stored in lifecycle management feature relies on active assets. Learn how asset management leaders are ensuring a reliable and sustainable supply chain, Microsoft and Symantec all require the installation of an agent to perform OS and application discovery tasks, and Symantec problems. You need to unselect a conflict with. Using Custom fields Within software Asset where in Dell KACE, etc. Are you sure you as to delete your attachment? All four evaluated solutions include: antioch university as well as it opens a solution helps track down systems management? An integrated mechanism to report problems and service requests enables prompt response to end users and reduces administrative roadblocks. Product was easy to use. To analyze the opportunities in the market for stakeholders by identifying the high growth segments. Best Practices in Lifecycle Management: Comparing Suites from Dell, and complete security. Although Microsoft does not natively include vulnerability scans, this in proper way detracts from our investment in supporting operating systems regardless of equipment brand. Past performance is just poor indicator of future performance.
    [Show full text]
  • Intel Capital Success Stories
    Intel Capital Success Stories NEXT << Investing in Global Innovation: Stories of Intel Capital’s Impact on Portfolio Companies For questions or to submit a story, contact [email protected] (U.S.) This book is a resource to help you to convey the impact Intel Capital [email protected] (Asia) can have on a start-up. Inside is a series of stories on how individual [email protected] (EMEA) portfolio companies have benefitted from an Intel Capital investment. For each story there is a PowerPoint slide for download, background information, supporting facts, and summaries. All assets on each page are approved for external use. Use these resources in speaking engagements, pipeline meetings, presentations, and other channels. 2 << PREVIOUS NEXT << Table of Contents COMPANY INVESTOR CONSISTENT MARKET EMERGING NETWORK GLOBAL IPO ITD SUCCESS M&A EXPERTISE TECHNOLOGY ADD VALUE REGION Anobit ● ● ● ● Israel Aternity ● ● ● U.S.A./Israel Borqs ● ● ● ● ● China Crisp Media ● ● U.S.A. Fulcrum Microsystems ● ● U.S.A. Gudeng ● ● ● ● Taiwan Happiest Minds ● ● ● India IPTEGO ● ● ● Germany Mall.CZ ● ● ● ● ● Czech Republic Miartech ● ● ● ● China NetPosa ● ● ● China Solera ● ● ● ● ● U.S.A. SweetLabs ● ● ● ● U.S.A. V-Cube ● ● ● Japan Virtustream ● ● ● U.S.A. WS02 ● ● ● ● Sri Lanka 3 << << TABLE OF CONTENTS PREVIOUS NEXT << Anobit SUMMARY: POWERPOINT/TALKING POINTS: Recognizing the huge potential of Anobit’s flash memory technology, Intel Capital invested significantly in the company in 2010 and helped pave the way for the company’s acquisition by Apple in 2012. FULL STORY/BACKGROUND: In recent years, a number of high-tech companies have moved away from hard drives in favor of solid state storage, using flash memory chips to make truly mobile computing devices that are small, compact, and energy efficient.
    [Show full text]
  • Installing and Removing Software
    CHAPTER 28 Installing and Removing Software One of the fun things about running any operating system is the ability to expand it—to add in new software over time to improve your workflow or just enhance entertainment value. Linux is blessed in this regard, because tens of thousands of software titles are avail- able to meet almost every need. However, even if you’ve tracked down the ideal software title, there’s just one barrier to overcome: installing it on your system. Installing software under Ubuntu isn’t the same as with Windows, and indeed you can’t simply install any application you come across on the Internet, because these are most likely to be Windows versions. See Chapter 11 for more information on Linux ver- sions of common Windows applications. Users are afforded a lot more power over what happens to their systems, but this comes at the expense of needing to take a little time to understand the terminology and techniques. That is what you’ll learn in this chapter. Software Installation Basics Installing programs on Windows is relatively easy. If you wish to use the WinZip archive tool, for example, you can browse to the web site, download the installer *ata file, and install the software. Although you might not realize it, a lot of work goes into making this apparently simple task possible. After the original software has been created by the pro- grammers, it must be made into a form that you, the end user, can deal with. The first thing to happen is that the software is compiled.
    [Show full text]
  • Deploying Ipad to Patients Setup Guide
    Deploying iPad to Patients Setup Guide Contents Overview Overview Healthcare institutions are increasingly focused on engaging patients and delivering Getting Prepared a great experience throughout their stay in the hospital. Deploying iPad with Evaluate your infrastructure patient-centered apps enables hospitals to enhance each step of the patient journey, Create a configuration from check-in through discharge. With third-party iOS apps, hospitals can empower Automate device setup patients to access their daily schedule, connect with their care team, track their progress, Distribute apps get educated on their treatment plan, and personalize their entertainment—putting In-Room Storage patients in the center of care. Initial setup Reset your device This Setup Guide offers guidance to the hospital IT staff who are configuring and Centralized Storage deploying iPad for patients to use. iPad can be preconfigured with minimal setup so Set up Apple Configurator patients have access to iOS apps, and IT can use mobile device management (MDM) Automate device refresh to protect patient data while also preserving a great user experience. Once a patient Install Apple Remote Desktop has been discharged, the iPad can be securely wiped so all patient-generated data is Summary removed, and reset to factory settings so it’s ready for the next patient to use. A key decision when deploying iPad to patients is to choose between in-room versus centralized storage of the device (described in the In-Room Storage and Centralized Storage sections). Regardless of which deployment scenario you choose, the preparation steps described in this paper are important for any successful deployment.
    [Show full text]
  • Bigfix Lifecycle SWD User Guide
    BigFix Software Distribution User's Guide Special notice Before using this information and the product it supports, read the information in Notices (on page 144). Edition notice This edition applies to version 9.5 of BigFix and to all subsequent releases and modifications until otherwise indicated in new editions. Contents Chapter 1. Overview.......................................................................................................... 1 What's new in Software Distribution....................................................................................2 System requirements.......................................................................................................... 10 Supported package types...................................................................................................11 Chapter 2. Best practices................................................................................................13 Policy-based distributions...................................................................................................13 Authorization........................................................................................................................13 Prerequisites........................................................................................................................ 13 Site organization..................................................................................................................14 Chapter 3. Dashboards overview....................................................................................
    [Show full text]
  • Deploying Ipad to Patients Setup Guide
    Deploying iPad to Patients Setup Guide Contents Overview Overview Healthcare institutions are increasingly focused on engaging patients to Getting Prepared become actively engaged in their health and delivering a great experience Evaluate your infrastructure throughout their stay in the hospital. Deploying iPad with patient-centered apps Create a configuration enables hospitals to enhance each step of the patient journey, from check-in Automate device setup through discharge. With third-party iPadOS apps, hospitals can empower In-Room Storage patients to access their daily schedule, connect with their care team, track Perform initial setup their progress, get educated on their treatment plan, and personalize their Reset your device entertainment—putting patients in the center of care. Centralized Storage This Setup Guide offers guidance to the hospital IT staff who are configuring Set up Apple Configurator and deploying iPad for patients to use. iPad can be preconfigured with minimal Automate device refresh setup so patients have access to iPadOS apps, and IT can use mobile device Install Apple Remote Desktop management (MDM) to protect patient data while also preserving a great user experience. Once a patient has been discharged, the iPad can be securely Summary wiped so all patient-generated data is removed, and reset to factory settings so it’s ready for the next patient to use. A key decision when deploying iPad to patients is to choose between in-room versus centralized storage of the device (described in the In-Room Storage and Centralized Storage sections). In-room storage is enabled by over-the-air (OTA) wiping and resetting of iPad, which allows devices to stay in the patient room at all times.
    [Show full text]
  • NEURAL COMPUTING 17 Sailee Chitre – T.Y.B.Sc
    Our Vision is to establish a leading centre of imparting Quality Education in the field of Science, Commerce and Management with emphasis on: ensuring that students learn the fundamental concepts in various disciplines. motivating students to apply the Scientific & Technological knowledge to develop problem solving capabilities. making students aware of the societal and environmental needs with specific appreciation of the emerging global context. Our mission is to provide : an educational environment where students can reach their full potential in their chosen discipline and become responsible citizens without compromising in ethics a scholarly environment where the talents of both, the faculty members and students are nurtured and used to create knowledge and technology for the benefit of the society. 1 INDEX Sr. No. Topic Page No. 1. 3D PASSWORD FOR MORE SECURE AUTHENTICATION 3 Manisha Patel – T.Y.B.Sc IT 2. ARTIFICIAL INTELLIGENCE IN PROGRAMMING 5 Jay Bhosale – T.Y.B.Sc. IT 3. COMPUTER THAT YOU CAN WEAR 9 Shailendra Mane – T.Y.B.Sc. IT 4. ETHICAL HACKING 12 Manali Darandale – T.Y.B.Sc. IT 5. FOOT PRINTING 14 Bhavesh Naik – S.Y.B.Sc IT 6. NEURAL COMPUTING 17 Sailee Chitre – T.Y.B.Sc. IT 7. ORGANIC LIGHT EMITTING DIODE DISPLAY 20 Angad Anand – T.Y.B.Sc. IT 8. VERIZON 4G LTE NETWORK 23 Dhaval Jain – T.Y.B.Sc. IT 9. MEEGO 25 Nivedita Tikadar – T.Y.B.Sc IT 10. A CHANGE FROM IPv4 TO IPv6 33 Vivek Kapadia – S.Y.B.Sc.I.T 11. BLACKBERRY MESSENGER 36 Rahul Nayak – S.Y.B.Sc.I.T 12.
    [Show full text]
  • Zenworks Mobile Management Reference
    ZENworks 2020 Update 1 Mobile Management Reference June 2020 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/. © Copyright 2008 - 2020 Micro Focus or one of its affiliates. The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. 2 Contents About This Guide 9 Part I Getting Started 11 1 Supported Devices for Mobile Management 13 2Overview 15 3 ZENworks Mobile Management Workflow Configuration Tasklist 17 4Feature List 19 5 Using the Mobile Management Getting Started Page 23 Support for the iPadOS platform . .24 6 Configuring User Sources 25 6.1 Enabling a User Source for Mobile Device Enrollment. .25 6.1.1 Procedure . .25 6.2 Configuring the Attribute for ActiveSync Server Authentication. .26 7 Configuring an MDM Server 29 7.1 Firewall Configuration . .30 7.1.1 Firewall Ports. .30 7.1.2 Endpoint URLs. .30 7.2 Adding an MDM Server. .35 7.2.1 Procedure . .35 7.3 Testing the Outbound Capability of MDM Servers . .36 7.4 Securing MDM Servers . .36 7.5 MDM Servers and APNs Configuration . .37 7.6 Removing MDM Servers . .37 7.7 Configuring a Default DNS Name .
    [Show full text]
  • Connectwise Automate™ Technical Evaluation Guide
    CONNECTWISE AUTOMATE™ TECHNICAL EVALUATION GUIDE Contents Contents CONTENTS .......................................................................................... 1 USING THIS GUIDE .................................................................................. 4 Navigating This Document .................................................................................. 4 OVERVIEW .......................................................................................... 5 1. Core Architecture ....................................................................................... 6 1.1 Agent ................................................................................................... 6 1.2 Control Center ......................................................................................... 7 1.3 Groups ................................................................................................. 7 2. Cross-Platform Support ................................................................................. 8 3. Discovery ................................................................................................ 8 3.1 Asset Discovery ........................................................................................ 8 3.2 Asset Inventory ........................................................................................ 8 4. Remote Control ......................................................................................... 9 4.1 ConnectWise® Control™ (formerly ScreenConnect) .................................................
    [Show full text]
  • SAS~ Software Distribution Issues· an Academic Perspective
    SAS~ Software Distribution Issues· An Academic Perspective Gerardette M. Furlow, North Carolina State University, Computing Center; Raleigh, North Carolina ABSTRACT The SAS Software Consultant for a univeaity is often faced witb tbe !be distribution of setinits during tbe SAS System expiration period is more tremendous !aSk of distributing !be SAS System to faculty, staff, and easily managed. students of !be university. These faculty. staff, and students genemlIy request !be SAS System for a variety of operating systems. As !be SAS DISTRIBUTION MEmODS • WInCH ONE IS System continues 10 grow, !be SAS Software Consultant must decide which software distribution methods will work !be best in a heterogeneous BEST FOR YOU? environment. This paper will review !be methods used by !be Computing Center (CC) at North Carolina Slate University (NCSU) to distribute !be Because of its multi-vendor architecture (MYA), !be SAS System suppons SAS System to campus users. various hardware plalforms and diverse computing environments. This MY A support, !bus Ieads to a variety of installation media from floppy disks to compact discs (CDs). The type of media chosen by !be SAS INTRODUCTION Software Consultant has a direct influence on !be ease or difficulty in tbe !aSk of distributing !be software [0 !be campos. The purpose of this paper is to give tbe SAS Software Consultant an overview of tbe various software distribution metbods !bat can be used in There are many methods in which !be SAS System and SAS software distributing SAS software at a l:uge university. The paper will focus on products can be distributed. The distribution metbod you choose will networtc, CD-ROM, tape, disk, and other distribution rnetbods !bat are used depend on some of!be following factors: money, ti!fte, available human by tbe North Carolina State University Computing Center to distribute resources, !be type of hardware and software your customer base has, !be SAS software to their users.
    [Show full text]