Collaboration in Multicloud Computing Environments: Framework and Security Issues
Total Page:16
File Type:pdf, Size:1020Kb
RESEARCH RESEAFEATURCHRE FEATURE IEEE TRANSACTIONS ON CLOUD COMPUTING VOL:46 NO:2 YEAR 2013 Collaboration in Multicloud Computing Environments: Framework and Security Issues Mukesh Singhal and Santosh Chandrasekhar, University of California, Merced Tingjian Ge, University of Massachusetts Lowell Ravi Sandhu and Ram Krishnan, University of Texas at San Antonio Gail-Joon Ahn, Arizona State University Elisa Bertino, Purdue University A proposed proxy-based multicloud computing framework allows dynamic, on- the-fly collaborations and resource sharing among cloud-based services, addressing trust, policy, and privacy issues without preestablished collabora- tion agreements or standardized interfaces. he recent surge in cloud computing arises from As more organizations adopt cloud computing, cloud its ability to provide software, infrastructure, service providers (CSPs) are developing new technologies and platform services without requiring large to enhance the cloud’s capabilities. Cloud mashups are a T investments or expenses to manage and oper- recent trend; mashups combine services from multiple ate them. Clouds typically involve service providers, clouds into a single service or application, possibly with infrastructure/resource providers, and service users (or on-premises (client-side) data and services. This service clients). They include applications delivered as services, composition lets CSPs offer new functionalities to clients as well as the hardware and software systems providing at lower development costs. Examples of cloud mashups these services. and technologies to support them include the following: Cloud computing characteristics include a ubiquitous (network-based) access channel; resource pooling; multi- • IBM’s Mashup Center, a platform for rapid creation, tenancy; automatic and elastic provisioning and release sharing, and discovery of reusable application build- of computing capabilities; and metering of resource ing blocks (like widgets and feeds) with tools to easily usage (typically on a pay-per-use basis).1 Virtualization of assemble them into new Web applications. resources such as processors, network, memory, and stor- • Appirio Cloud Storage, a cloud-based storage service age ensures scalability and high availability of computing that lets Salesforce.com cloud customers store infor- capabilities. Clouds can dynamically provision these virtual mation about accounts, opportunities, and so on in the resources to hosted applications or to clients that use them Amazon S3 cloud. to develop their own applications or to store data. Rapid • Force.com for the Google App Engine, a set of libraries provisioning and dynamic reconfiguration of resources help that enable development of Web and business applica- cope with variable demand and ensure optimum resource tions using resources in the Salesforce.com and Google utilization. clouds. Collaboration among multiple cloud-based services, will continue to improve as more cloud services become like cloud mashups, opens up opportunities for CSPs to interoperable in the future. offer more-sophisticated services that will benefit the next Cloud-based computing also introduces new security generation of clients. concerns that affect collaboration across multicloud ap- For example, cloud-based electronic medical record plications, including the following:8 (EMR) management systems like Practice Fusion, Ve- rizon Health Information Exchange, Medscribbler, and • increase in the attack surface due to system GE Healthcare Centricity Advance are emerging. In addi- complexity, tion, government agencies are working toward building • loss of client’s control over resources and data due to interoperable healthcare information systems that promote asset migration, electronic exchange of data across multiple organizations. • threats that target exposed interfaces due to data stor- These developments will influence healthcare providers age in public domains, and to interact with multiple cloud-based EMR systems in the • data privacy concerns due to multitenancy. future. Today, cloud mashups require preestablished agreements The research community is begin- among providers as well as the use of custom-built, propri- ning to develop architectures, etary tools that combine services through low-level, tightly controlled and constraining integration techniques. This technologies, and standards to approach to building new collaborative services does not support collaboration among support agility, flexibility, and openness. Realizing multi- multiple cloud systems. cloud collaboration’s full potential will require implicit, transparent, universal, and on-the-fly interaction involving different services spread across multiple clouds that lack pre- Some specific security issues associated with collabora- established agreements and proprietary collaboration tools. tion among heterogeneous clouds include The research community is beginning to develop ar- chitectures, technologies, and standards to support • establishing trust among different cloud providers to collaboration among multiple cloud systems.2-5 However, encourage collaboration; these research proposals still remain constraining due to • addressing policy heterogeneity among multiple their provider-centric approach or limited scope. clouds so that composite services will include effective As the name suggests, provider-centric approaches monitoring of policy anomalies to minimize security require CSPs to adopt and implement the changes that breaches; and facilitate collaboration—changes such as standardized • maintaining privacy of data and identity during interfaces, protocols, formats, and other specifications, collaboration. as well as new architectural and infrastructure com- ponents. Without these provider-centric changes, Mechanisms for collaboration across multiple clouds current proposals do not provide facilities for client-centric, must undergo a rigorous, in-depth security analysis to iden- on-the-fly, and opportunistic combinations of heteroge- tify new threats and concerns resulting from collaboration. neous cloud-based services. They must have the support of innovative, systematic, and While cloud standardization will promote collaboration, usable mechanisms that provide effective security for data there are several hurdles to its adoption.6,7 From a market and applications. Such security mechanisms are essential perspective, it is unlikely that multiple CSPs will agree on for gaining the trust of the general public and organizations an easy and standardized way to access services, as this in adopting this new paradigm. would give clients total freedom in changing providers, leading to increased open and direct competition with other COLLABORATION FRAMEWORK providers. CSPs often offer differentiated services with spe- FOR MULTICLOUD SYSTEMS cialized proprietary products and services. Standardization Our proposed framework for generic cloud col- also reduces the efficacy of CSPs that use such differenti- laboration allows clients and cloud applications to ated service offerings to attract and maintain more clients. simultaneously use services from and route data among For cloud collaboration to be viable in the current en- multiple clouds. This framework supports universal and vironment, researchers need to develop mechanisms that dynamic collaboration in a multicloud system. It lets allow opportunistic collaboration among services without clients simultaneously use services from multiple clouds requiring standards and extensive changes to the cloud without prior business agreements among cloud pro- service delivery model. This approach will allow incremen- viders, and without adopting common standards and tal provisioning of collaborative services to clients, which specifications. RESEARCH FEATURE Use of proxies for collaboration or a set of physical nodes connected via an underlying net- In the current environment, a client that wishes to si- work infrastructure. multaneously use services from multiple clouds must The basic idea is to enable proxies that act on behalf individually interact with each cloud service, gather inter- of a subscribing client or a cloud to provide a diverse set mediate results, process the collective data, and generate of functionalities: cloud service interaction on behalf of a final results. The following restrictions in the current cloud client, data processing using a rich set of operations, cach- computing model prevent direct collaboration among ap- ing of intermediate results, and routing, among others. plications hosted by different clouds: With these additional functionalities, proxies can act as mediators for collaboration among services on differ- • Heterogeneity and tight coupling. Clouds implement ent clouds. Proxy deployment can be strategic—in close proprietary interfaces for service access, configura- geographical proximity to the clouds, for example—to tion, and management as well as for interaction with improve performance and facilitate execution of long- other cloud components. Each service layer of a cloud lived applications without additional user intervention. tightly integrates with lower service layers or is highly As an example of proxy-facilitated collaboration be- dependent on the value-added proprietary solutions tween clouds, consider a case in which a client or CSP that the cloud offers. This heterogeneity and tight wishes to simultaneously use a collection of services that coupling prohibit interoperation between services multiple clouds offer. First, the