DOCSLIB.ORG

Security in Cloud Computing a Security Assessment of Cloud Computing Providers for an Online Receipt Storage

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Security in Cloud Computing A Security Assessment of Cloud Computing Providers for an Online Receipt Storage Mats Andreassen Kåre Marius Blakstad Master of Science in Computer Science Submission date: June 2010 Supervisor: Lillian Røstad, IDI Norwegian University of Science and Technology Department of Computer and Information Science Problem Description We will survey some current cloud computing vendors and compare them to find patterns in how their feature sets are evolving. The start-up firm dSafe intends to exploit the promises of cloud computing in order to launch their business idea with only marginal hardware and licensing costs. We must define the criteria for how dSafe's application can be sufficiently secure in the cloud as well as how dSafe can get there. Assignment given: 14. January 2010 Supervisor: Lillian Røstad, IDI Abstract Considerations with regards to security issues and demands must be addressed before migrating an application into a cloud computing environment. Different vendors, Microsoft Azure, Amazon Web Services and Google AppEngine, provide different capabilities and solutions to the individual areas of concern presented by each application. Through a case study of an online receipt storage application from the company dSafe, a basis is formed for the evaluation. The three cloud computing vendors are assessed with regards to a security assessment framework provided by the Cloud Security Alliance and the application of this on the case study. Finally, the study is concluded with a set of general recommendations and the recommendation of a cloud vendor. This is based on a number of security as- pects related to the case study’s existence in the cloud. With dSafe’s high demands of data locality, integrity and security, Google AppEngine is discarded as an option due to the lack of focus on business related applications, whilst Microsoft Azure is the recommended cloud vendor – closely followed by Amazon Web Services – due to its suitable technical solutions with regards to existing implementation, risk mitigation capabilities and audit results. Preface This report is the result of our Master Thesis work during the spring of 2010. Throughout the work we have gained much insight into both the positive and negative aspects of cloud computing as well as knowledge of the capabilities of three of the major cloud computing vendors. We foresee that we will benefit greatly from this experience during the course of our careers. We would like to thank our supervisor, Lillian Røstad, for her guidance and Daro Navaratnam, as well as his team, for allowing us to use dSafe in our case study and their assistance during said study. K˚areBlakstad and Mats Andreassen Trondheim, June 2010. ii Contents Abstracti Preface ii Contents iii List of Figuresv List of Tables vii 1 Introduction1 1.1 Research Questions............................2 1.2 Approach.................................2 1.2.1 Comparative Study........................3 1.2.2 Understanding The Case.....................3 1.2.3 Case Study............................3 1.3 Report Outline..............................5 2 Cloud Computing7 2.1 Service Models..............................9 2.1.1 Software-as-a-Service....................... 10 2.1.2 Platform-as-a-Service...................... 11 2.1.3 Infrastructure-as-a-Service.................... 11 2.2 Deployment Models........................... 11 2.2.1 Public cloud........................... 11 2.2.2 Private cloud........................... 12 2.2.3 Community cloud........................ 12 2.2.4 Hybrid cloud........................... 12 2.3 The Cloud Vendors............................ 13 2.3.1 Windows Azure.......................... 13 2.3.2 Amazon Web Services...................... 14 2.3.3 Google AppEngine........................ 14 2.4 Cloud Security Aspects......................... 15 2.4.1 Service Level Agreements and Compliance Features..... 17 iii CONTENTS CONTENTS 2.4.2 Authentication Services..................... 20 2.4.3 Audit and Certifications..................... 21 2.4.4 Cloud Tech Support....................... 24 2.4.5 Incident Response and Logging................. 25 2.4.6 On-demand Self-service..................... 26 2.4.7 Broad Network Access...................... 27 2.4.8 Resource Pooling......................... 28 2.4.9 Internal Access Control..................... 30 2.4.10 Virtualisation........................... 32 2.5 Summary................................. 37 3 Case Overview 39 3.1 The Company............................... 39 3.1.1 Business Plan........................... 40 3.1.2 Market.............................. 41 3.1.3 Business Model.......................... 41 3.2 Information Flow and Storage...................... 41 3.2.1 The data flow........................... 41 3.2.2 Persisted storage......................... 43 3.3 Technical Challenges........................... 45 3.3.1 Confidentiality.......................... 45 3.3.2 Identification and Authentication................ 45 3.3.3 Non-repudiation......................... 46 4 Case Study 47 4.1 Analysing the Risk............................ 47 4.1.1 Identifying the Asset for Cloud Deployment.......... 48 4.1.2 Evaluating the Asset....................... 51 4.2 Deployment Model Acceptance..................... 63 4.3 The Twelve Domains of Critical Focus................. 64 4.3.1 Governance domains....................... 65 4.3.2 Operational Domain....................... 72 4.4 Risk Mitigation.............................. 83 5 Conclusions 89 5.1 Final Recommendations......................... 89 5.2 Conclusions................................ 90 5.3 Further Work............................... 91 5.3.1 Comprehensible Risk Analysis................. 91 5.3.2 Federated Identity........................ 92 5.3.3 Maturity of Cloud Technology................. 92 References 93 A Feedback from The Data Inspectorate (Norwegian) 99 iv CONTENTS CONTENTS B Email Correspondence with the Data Inspectorate (Norwegian) 103 v CONTENTS CONTENTS vi List of Figures 1.1 Study approach overview........................4 2.1 Overview of the cloud computing layers................9 2.2 Cloud service model categorisation................... 10 2.3 Overview of the cloud computing deployment models......... 12 2.4 Amazon’s Availability Zones....................... 29 2.5 The virtualisation security areas of focus................ 33 2.6 Azure and Web Services virtualisation approach............ 34 2.7 Amazon Web Services architecture with security measures...... 35 3.1 Gantt-diagram over dSafe activities................... 42 3.2 Top level Data Flow Diagram...................... 43 3.3 ER diagram of dSafe’s databases.................... 44 4.1 Risk multiplication matrix........................ 51 4.2 The twelve domains of critical focus.................. 64 4.3 An overview of the five governance domains............... 65 4.4 An overview of the seven operational domains............. 72 vii LIST OF FIGURES LIST OF FIGURES viii List of Tables 4.1 Data assets overview........................... 49 4.2 Process assets overview......................... 50 4.3 Data asset risk assessment summary.................. 59 4.3 Data asset risk assessment summary.................. 60 4.4 Process asset risk assessment summary................. 61 4.4 Process asset risk assessment summary................. 62 4.5 Summary of acceptable deployment models.............. 63 4.6 Microsoft Azure mitigations within the critical domains....... 85 4.7 Amazon Web Services mitigations within the critical domains.... 86 4.8 Google AppEngine mitigations within the critical domains...... 87 ix LIST OF TABLES LIST OF TABLES x Chapter 1 Introduction Cloud Computing has long been a buzzword within the field of computer science. As with most buzzwords there are numerous definitions, but most agree that Cloud Computing entails putting applications and data in the hands of others. Unless you run your applications and keep your data on your own hardware on-premises, you leave the security of said assets in the hands of others. In a world where applications are riddled with weaknesses and vulnerabilities, can you really trust another company to keep your assets? When a computer is within your network, you can protect it with other security systems such as firewalls and IDSs. You can build a resilient system that works even if those vendors you have to trust may not be as trustworthy as you like. With any outsourcing model, whether it be cloud computing or something else, you can’t. You have to trust your outsourcer completely. You not only have to trust the outsourcer’s security, but its reliability, its availability, and its business continuity. – Bruce Schneier[1] There are several providers1 available and their platforms differ substantially in their flexibility. How much of the infrastructure the customer is able to access can directly affect the security of their own services as well as that of others. This difference can have critical consequences: Research has been described in which meticulous analysis of a cloud’s hardware in idealised circumstances allow attackers to log the keystrokes of users on separate virtual machines [2]. Some of the cloud platforms are therefore polished surfaces with little access to the underlying infrastructure and others allow customers to delve deeper. This report will detail these differences and their consequences for security. By comparing the platforms we intend to, from a security standpoint, comment on the maturity of a selected set of current cloud computing vendors.
Recommended publications
  • Open Cloud Computing with the Simple Cloud API and Apache Libcloud Doug Tidwell Cloud Computing Evangelist, IBM Dtidwell@Us.Ibm.Com

    Open Cloud Computing with the Simple Cloud API and Apache Libcloud Doug Tidwell Cloud Computing Evangelist, IBM [email protected]

    Open Cloud Computing with the Simple Cloud API and Apache libcloud Doug Tidwell Cloud Computing Evangelist, IBM [email protected] Session 7665 Agenda • Portability and interoperability • A few words about APIs • The Simple Cloud API • Storage • Queues • Documents • Controlling VMs with Apache libcloud • Resources / Next steps The problem Vendor lock-in • If there’s a new technology, any talented programmer will want to use it. • Maybe the shiny new thing is appropriate for what we’re doing. • Maybe not. • We’re probably going to use it anyway. • The challenge is to walk the line between using the newest, coolest thing and avoiding vendor lock-in. Portability and Interoperability • In writing flexible code for the cloud, there are two key concepts: • Portability is the ability to run components or systems written for one cloud provider in another cloud provider’s environment. • Interoperability is the ability to write one piece of code that works with multiple cloud providers, regardless of the differences between them. How standards work • For a standards effort to work, three things have to happen: • The standard has to solve a common problem in an elegant way. • The standard has to be implemented consistently by vendors. • Users have to insist that the products they use implement the standard. How standards work • All three things have to happen. • If the standard doesn't solve a common problem, or if it solves it in an awkward way, the standard fails. • If the standard isn't implemented by anyone, the standard fails. • If customers buy and use products even though they don't implement the standard, the standard fails.
  • Software As a Service

    Software As a Service

    Software as a Service Haojie Hang Ogheneovo Dibie Executive Summary • In this presentation, we go through the Software as a Service Methodology, examine its benefits and drawbacks and talk about two state-of-art SaaS systems– Amazon Web Service and Google App Engine • We also look into Service Oriented Architecture powering SaaS applications and its impact on modern web 2.0 applications • Finally, we examine hybrids of traditional and SaaS applications Overview • What is Software as a Service (SaaS) • Background o Brief history o Concept o Big picture o Related terms • Computing Today o SasS is everywhere o The SaaS Market • Benefits of SaaS • Drawbacks of SaaS o Robustness o Privacy o Security o Reliability • Service Oriented Architectures (SOA) o Guiding principles of SOA • Case studies o Amazon Web Services (AWS) o Google App Engine • Influence of SOA on Web 2.0 development o Zend Framework • Hybrids of Traditional and SaaS applications o Dropbox o Microsoft Office • Summary • References What is SaaS? • Definition: Software as a Service (SaaS), a.k.a. on- demand software, is a software delivery model in which software and its associated data are hosted centrally and accessed using a thin-client, usually a web browser over the internet. – Wikipedia • Simply put, SaaS is a method for delivering software that provides remote access to software as a web- based service. The software service can be purchased with a monthly fee and pay as you go. What is SaaS? • Where does the term SaaS come from? o The SAAS acronym allegedly first appeared
  • Cloud Computing Bible Is a Wide-Ranging and Complete Reference

    Cloud Computing Bible Is a Wide-Ranging and Complete Reference

    A thorough, down-to-earth look Barrie Sosinsky Cloud Computing Barrie Sosinsky is a veteran computer book writer at cloud computing specializing in network systems, databases, design, development, The chance to lower IT costs makes cloud computing a and testing. Among his 35 technical books have been Wiley’s Networking hot topic, and it’s getting hotter all the time. If you want Bible and many others on operating a terra firma take on everything you should know about systems, Web topics, storage, and the cloud, this book is it. Starting with a clear definition of application software. He has written nearly 500 articles for computer what cloud computing is, why it is, and its pros and cons, magazines and Web sites. Cloud Cloud Computing Bible is a wide-ranging and complete reference. You’ll get thoroughly up to speed on cloud platforms, infrastructure, services and applications, security, and much more. Computing • Learn what cloud computing is and what it is not • Assess the value of cloud computing, including licensing models, ROI, and more • Understand abstraction, partitioning, virtualization, capacity planning, and various programming solutions • See how to use Google®, Amazon®, and Microsoft® Web services effectively ® ™ • Explore cloud communication methods — IM, Twitter , Google Buzz , Explore the cloud with Facebook®, and others • Discover how cloud services are changing mobile phones — and vice versa this complete guide Understand all platforms and technologies www.wiley.com/compbooks Shelving Category: Use Google, Amazon, or
  • AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions

    AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions

    AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions 1) A company is migrating a legacy application to Amazon EC2. The application uses a user name and password stored in the source code to connect to a MySQL database. The database will be migrated to an Amazon RDS for MySQL DB instance. As part of the migration, the company wants to implement a secure way to store and automatically rotate the database credentials. Which approach meets these requirements? A) Store the database credentials in environment variables in an Amazon Machine Image (AMI). Rotate the credentials by replacing the AMI. B) Store the database credentials in AWS Systems Manager Parameter Store. Configure Parameter Store to automatically rotate the credentials. C) Store the database credentials in environment variables on the EC2 instances. Rotate the credentials by relaunching the EC2 instances. D) Store the database credentials in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials. 2) A Developer is designing a web application that allows the users to post comments and receive near- real-time feedback. Which architectures meet these requirements? (Select TWO.) A) Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store. B) Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store. C) Create an AWS Elastic Beanstalk application backed by an Amazon RDS database. Configure the application to allow long-lived TCP/IP sockets. D) Create a GraphQL endpoint in Amazon API Gateway. Use an Amazon DynamoDB table as the data store.
  • Introduction to Amazon Web Services

    Introduction to Amazon Web Services

    Introduction to Amazon Web Services Jeff Barr Senior AWS Evangelist @jeffbarr / [email protected] What Does It Take to be a Global Online Retailer? The Obvious Part… And the Not-So Obvious Part How Did Amazon Get in to Cloud Computing? • We’d been working on it for over a decade • Development of a platform to enable sellers on the Amazon global infrastructure • Internal need for centralized, scalable deployment environment for applications • Early forays into web services proved developers were hungry for more This Led to a Broader Mission • Enable businesses and developers to use web services (what people now call “the cloud”) to build scalable, sophisticated applications. “It's not the customers' job to invent for themselves. It's your job to invent on their behalf. You need to listen to customers. You need to invent on their behalf. Kindle, EC2 would not have been developed if we did not have an inventive culture.” - Jeff Bezos, Founder & CEO, Amazon.com Attributes of Cloud Computing No Up-Front Capital Low Cost Pay Only for What Expense You Use Self-Service Easily Scale Up and Improve Agility & Time- Infrastructure Down to-Market Deploy Last-Generation IT Services Cloud-Generation IT Services Cloud-Generation IT Services What’s the Difference? Last-Generation Cloud-Generation • IT department • Empowered users • Manual Setup • Automated Setup • Hours/Days/Weeks • Seconds/Minutes • Error-prone • Scripted & repeatable • Small scale • Any scale AWS PLATFORM Cloud-Powered Applications Management & Administration Administration Identity &
  • Implementación De Los Algoritmos De Factorización 201

    Implementación De Los Algoritmos De Factorización 201

    Universidad Complutense de Madrid Facultad de Informática Sistemas Informáticos 2010/2011 RSA@Cloud Criptoanálisis eficiente en la Nube Autores: Directores de proyecto: Alberto Megía Negrillo José Luis Vázquez-Poletti Antonio Molinera Lamas Ignacio Martin Llorente José Antonio Rueda Sánchez Dpto. Arquitectura de Computadores Página 0 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Se autoriza a la Universidad Complutense a difundir y utilizar con fines académicos, no comerciales y mencionando expresamente a sus autores, tanto la propia memoria, como el código, la documentación y/o el prototipo desarrollado. Alberto Megía Negrillo Antonio Molinera Lamas José Antonio Rueda Sánchez Página 1 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 2 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Agradecimientos Un trabajo como este no habría sido posible sin la cooperación de mucha gente. En primer lugar queremos agradecérselo a nuestras familias que tanto han confiado y nos han dado. A nuestros directores José Luis Vázquez-Poletti e Ignacio Martín Llorente, por conseguir llevar adelante este proyecto. Por último, a todas y cada una de las personas que forman parte de la Facultad de Informática de la Universidad Complutense de Madrid, nuestro hogar durante estos años. Página 3 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 4 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Resumen En el presente documento se describe un sistema que aprovecha las virtudes de la computación Cloud y el paralelismo para la factorización de números grandes, base de la seguridad del criptosistema RSA, mediante el empleo de diferentes algoritmos matemáticos como la división por tentativa y criba cuadrática.
  • Open Source and Third Party Documentation

    Open Source and Third Party Documentation

    Open Source and Third Party Documentation Verint.com Twitter.com/verint Facebook.com/verint Blog.verint.com Content Introduction.....................2 Licenses..........................3 Page 1 Open Source Attribution Certain components of this Software or software contained in this Product (collectively, "Software") may be covered by so-called "free or open source" software licenses ("Open Source Components"), which includes any software licenses approved as open source licenses by the Open Source Initiative or any similar licenses, including without limitation any license that, as a condition of distribution of the Open Source Components licensed, requires that the distributor make the Open Source Components available in source code format. A license in each Open Source Component is provided to you in accordance with the specific license terms specified in their respective license terms. EXCEPT WITH REGARD TO ANY WARRANTIES OR OTHER RIGHTS AND OBLIGATIONS EXPRESSLY PROVIDED DIRECTLY TO YOU FROM VERINT, ALL OPEN SOURCE COMPONENTS ARE PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Any third party technology that may be appropriate or necessary for use with the Verint Product is licensed to you only for use with the Verint Product under the terms of the third party license agreement specified in the Documentation, the Software or as provided online at http://verint.com/thirdpartylicense. You may not take any action that would separate the third party technology from the Verint Product. Unless otherwise permitted under the terms of the third party license agreement, you agree to only use the third party technology in conjunction with the Verint Product.
  • Cisco Workload Automation Amazon EC2 Adapter Guide

    Cisco Workload Automation Amazon EC2 Adapter Guide

    Cisco Workload Automation Amazon EC2 Adapter Guide Version 6.3 First Published: August, 2015 Last Updated: September 6, 2016 Cisco Systems, Inc. www.cisco.com THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • A Generic Development and Deployment Framework for Cloud Computing and Distributed Applications

    A Generic Development and Deployment Framework for Cloud Computing and Distributed Applications

    Computing and Informatics, Vol. 32, 2013, 461{485 A GENERIC DEVELOPMENT AND DEPLOYMENT FRAMEWORK FOR CLOUD COMPUTING AND DISTRIBUTED APPLICATIONS Binh Minh Nguyen, Viet Tran, Ladislav Hluchy´ Institute of Informatics Slovak Academy of Sciences D´ubravsk´acesta 9 845 07 Bratislava, Slovakia e-mail: fminh.ui, viet.ui, [email protected] Communicated by Jacek Kitowski Abstract. Cloud computing has paved the way for advance of IT-based on demand services. This technology helps decrease capital expenditure and operation costs, solve scalability issue and many more user and provider constraints. However, devel- opment and deployment of distributed applications on cloud environment becomes a more and more complex task. Cloud users must spend a lot of time to prepare, in- stall and configure their applications on clouds. In addition, after development and deployment, the applications almost cannot move from one cloud to another due to the lack of interoperability between them. To address these problems, in this paper we present a novel development and deployment framework for cloud distributed applications/services. Our approach is based on abstraction and object-oriented programming technique, allowing users to easily and rapidly develop and deploy their services into cloud environment. The approach also enables service migration and interoperability among the clouds. Keywords: Cloud computing, distributed application, abstraction, object-oriented programming, interoperability Mathematics Subject Classification 2010: 68-M14 462 B. M. Nguyen, V. Tran, L. Hluch´y 1 INTRODUCTION Cloud computing is described as a business model for on-demand delivery of com- putation power, in which consumers pay providers what they used (\pay-as-you- go").
  • OPINION Sysadmin NETWORKING Security Columns

    OPINION Sysadmin NETWORKING Security Columns

    October 2010 VOLUME 35 NUMBER 5 OPINION Musings 2 RikR FaR ow SYSADMin Teaching System Administration in the Cloud 6 Jan Schaumann THE USENIX MAGAZINE A System Administration Parable: The Waitress and the Water Glass 12 ThomaS a. LimonceLLi Migrating from Hosted Exchange ­Service to In-House Exchange Solution 18 T Roy mckee NETWORKING IPv6 Transit: What You Need to Know 23 mT aT Ryanczak SU EC RITY Secure Email for Mobile Devices 29 B Rian kiRouac Co LUMNS Practical Perl Tools: Perhaps Size Really Does Matter 36 Davi D n. BLank-eDeLman Pete’s All Things Sun: The “Problem” with NAS 42 Pe TeR BaeR GaLvin iVoyeur: Pockets-o-Packets, Part 3 48 Dave JoSePhSen /dev/random: Airport Security and Other Myths 53 RoT BeR G. FeRReLL B OOK reVIEWS Book Reviews 56 El izaBeTh zwicky, wiTh BRanDon chinG anD Sam SToveR US eniX NOTES USA Wins World High School Programming Championships—Snaps Extended China Winning Streak 60 RoB koLSTaD Con FERENCES 2010 USENIX Federated Conferences Week: 2010 USENIX Annual Technical Conference Reports 62 USENIX Conference on Web Application Development (WebApps ’10) Reports 77 3rd Workshop on Online Social Networks (WOSN 2010) Reports 84 2nd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’10) Reports 91 2nd Workshop on Hot Topics in Storage and File Systems (HotStorage ’10) Reports 100 Configuration Management Summit Reports 104 2nd USENIX Workshop on Hot Topics in Parallelism (HotPar ’10) Reports 106 The Advanced Computing Systems Association oct10covers.indd 1 9.7.10 1:54 PM Upcoming Events 24th Large InstallatIon system admInIstratIon ConferenCe (LISA ’10) Sponsored by USENIX in cooperation with LOPSA and SNIA november 7–12, 2010, San joSe, Ca, USa http://www.usenix.org/lisa10 aCm/IfIP/USENIX 11th InternatIonaL mIddLeware ConferenCe (mIddLeware 2010) nov.
  • Cloud Storage: Adoption, Practice and Deployment

    Cloud Storage: Adoption, Practice and Deployment

    Cloud Storage: Adoption, Practice and Deployment An Outlook Report from Storage Strategies NOW April 4, 2011 By Deni Connor, Patrick H. Corrigan and James E. Bagley Client Relations: Phylis Bockelman Storage Strategies NOW 8815 Mountain Path Circle Austin, Texas 78759 (512) 345-3850 SSG-NOW.COM Note: The information and recommendations made by Storage Strategies NOW, Inc. are based upon public information and sources and may also include personal opinions both of Storage Strategies NOW and others, all of which we believe are accurate and reliable. As market conditions change however and not within our control, the information and recommendations are made without warranty of any kind. All product names used and mentioned herein are the trademarks of their respective owners. Storage Strategies NOW, Inc. assumes no responsibility or liability for any damages whatsoever (including incidental, consequential or otherwise), caused by your use of, or reliance upon, the information and recommendations presented herein, nor for any inadvertent errors which may appear in this document. This report is purchased by Gluster for distribution only to its customers and prospects. Copyright 2011. All rights reserved. Storage Strategies NOW, Inc. 1 Sponsors ......................................................................................................................................................................................... 4 What is cloud storage? ....................................................................................................................................................................5
  • Web Application Programming Interfaces (Apis): General-Purpose Standards, Terms and European Commission Initiatives

    Web Application Programming Interfaces (Apis): General-Purpose Standards, Terms and European Commission Initiatives

    Web Application Programming Interfaces (APIs): general-purpose standards, terms and European Commission initiatives APIs4DGov study — digital government APIs: the road to value-added open API-driven services Santoro, M., Vaccari, L., Mavridis, D., Smith, R. S., Posada, M., Gattwinkel, D. 2019 EUR 29984 EN This publication is a Technical report by the Joint Research Centre (JRC), the European Commission’s science and knowledge service. It aims to provide evidence-based scientific support to the European policymaking process. The scientific output expressed does not imply a policy position of the European Commission. Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use that might be made of this publication. For information on the methodology and quality underlying the data used in this publication for which the source is neither Eurostat nor other Commission services, users should contact the referenced source. The designations employed and the presentation of material on the maps do not imply the expression of any opinion whatsoever on the part of the European Union concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries. Contact information Name: European Commission, Joint Research Centre (JRC), Digital Economy Unit (JRC.B6) Address: Via Enrico Fermi, 2749 — 21027 Ispra (VA), Italy Email: [email protected] Tel.: +39 0332 78 57 58 EU Science Hub https://ec.europa.eu/jrc JRC118082 EUR 29984 EN PDF ISBN 978-92-76-13183-0 ISSN 1831-9424 doi:10.2760/675 Luxembourg: Publications Office of the European Union, 2019 © European Union, 2019 The reuse policy of the European Commission is implemented by the Commission Decision 2011/833/EU of 12 December 2011 on the reuse of Commission documents (OJ L 330, 14.12.2011, p.