Clouds are increasingly being used for running data-intensive scientific applications. Data-intensive science applications need performance, scalability and reliability. However, these can be hard to achieve in cloud environments. Intelligent strategies are required to obtain better performance, scalability and reliability on cloud platforms. In this paper, we propose a set of pipelining strategies to effectively utilize provisioned cloud resources. Our experiments on the ExoGENI cloud testbed demonstrates the effectiveness of our approach in increasing performance and reducing failures.
{"title":"Provisioning, Placement and Pipelining Strategies for Data-Intensive Applications in Cloud Environments","authors":"D. Ghoshal, L. Ramakrishnan","doi":"10.1109/IC2E.2014.66","DOIUrl":"https://doi.org/10.1109/IC2E.2014.66","url":null,"abstract":"Clouds are increasingly being used for running data-intensive scientific applications. Data-intensive science applications need performance, scalability and reliability. However, these can be hard to achieve in cloud environments. Intelligent strategies are required to obtain better performance, scalability and reliability on cloud platforms. In this paper, we propose a set of pipelining strategies to effectively utilize provisioned cloud resources. Our experiments on the ExoGENI cloud testbed demonstrates the effectiveness of our approach in increasing performance and reducing failures.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130954868","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bian Yang, Huiguang Chu, Guoqiang Li, Slobodan V. Petrovic, C. Busch
Using one password for all web services is not secure because the leakage of the password compromises all the web services accounts, while using independent passwords for different web services is inconvenient for the identity claimant to memorize. A password manager is used to address this security-convenience dilemma by storing and retrieving multiple existing passwords using one master password. On the other hand, a password manager liberates human brain by enabling people to generate strong passwords without worry about memorizing them. While a password manager provides a convenient and secure way to managing multiple passwords, it centralizes the passwords storage and shifts the risk of passwords leakage from distributed service providers to a software or token authenticated by a single master password. Concerned about this one master password based security, biometrics could be used as a second factor for authentication by verifying the ownership of the master password. However, biometrics based authentication is more privacy concerned than a non-biometric password manager. In this paper we propose a cloud password manager scheme exploiting privacy enhanced biometrics, which achieves both security and convenience in a privacy-enhanced way. The proposed password manager scheme relies on a cloud service to synchronize all local password manager clients in an encrypted form, which is efficient to deploy the updates and secure against untrusted cloud service providers.
{"title":"Cloud Password Manager Using Privacy-Preserved Biometrics","authors":"Bian Yang, Huiguang Chu, Guoqiang Li, Slobodan V. Petrovic, C. Busch","doi":"10.1109/IC2E.2014.91","DOIUrl":"https://doi.org/10.1109/IC2E.2014.91","url":null,"abstract":"Using one password for all web services is not secure because the leakage of the password compromises all the web services accounts, while using independent passwords for different web services is inconvenient for the identity claimant to memorize. A password manager is used to address this security-convenience dilemma by storing and retrieving multiple existing passwords using one master password. On the other hand, a password manager liberates human brain by enabling people to generate strong passwords without worry about memorizing them. While a password manager provides a convenient and secure way to managing multiple passwords, it centralizes the passwords storage and shifts the risk of passwords leakage from distributed service providers to a software or token authenticated by a single master password. Concerned about this one master password based security, biometrics could be used as a second factor for authentication by verifying the ownership of the master password. However, biometrics based authentication is more privacy concerned than a non-biometric password manager. In this paper we propose a cloud password manager scheme exploiting privacy enhanced biometrics, which achieves both security and convenience in a privacy-enhanced way. The proposed password manager scheme relies on a cloud service to synchronize all local password manager clients in an encrypted form, which is efficient to deploy the updates and secure against untrusted cloud service providers.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116340661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Virtual machine introspection (VMI) is a mechanism that allows indirect inspection and manipulation of the state of virtual machines. The indirection of this approach offers attractive isolation properties that has resulted in a variety of VMI-based applications dealing with security, performance, and debugging in virtual machine environments. Because it requires privileged access to the virtual machine monitor, VMI functionality is unfortunately not available to cloud users on public cloud platforms. In this paper, we present our work on the CloudVMI architecture to address this concern. CloudVMI virtualizes the VMI interface and makes it available as-a-service in a cloud environment. Because it allows introspection of users' VMs running on arbitrary physical machines in a cloud environment, our VMI-as-a-service abstraction allows a new class of cloud-centric VMI applications to be developed. We present the design and implementation of CloudVMI in the Xen hypervisor environment. We evaluate our implementation using a number of VMI applications, including a simple application that illustrates the cross-physical machine capabilities of CloudVMI.
{"title":"CloudVMI: Virtual Machine Introspection as a Cloud Service","authors":"H. Baek, Abhinav Srivastava, J. Merwe","doi":"10.1109/IC2E.2014.82","DOIUrl":"https://doi.org/10.1109/IC2E.2014.82","url":null,"abstract":"Virtual machine introspection (VMI) is a mechanism that allows indirect inspection and manipulation of the state of virtual machines. The indirection of this approach offers attractive isolation properties that has resulted in a variety of VMI-based applications dealing with security, performance, and debugging in virtual machine environments. Because it requires privileged access to the virtual machine monitor, VMI functionality is unfortunately not available to cloud users on public cloud platforms. In this paper, we present our work on the CloudVMI architecture to address this concern. CloudVMI virtualizes the VMI interface and makes it available as-a-service in a cloud environment. Because it allows introspection of users' VMs running on arbitrary physical machines in a cloud environment, our VMI-as-a-service abstraction allows a new class of cloud-centric VMI applications to be developed. We present the design and implementation of CloudVMI in the Xen hypervisor environment. We evaluate our implementation using a number of VMI applications, including a simple application that illustrates the cross-physical machine capabilities of CloudVMI.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122077479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Scalability for distributed Data Center Networks (DCNs) has long been a goal of the network research and industrial community. To support dynamically increasing demands from multi-tenants, the network providers have to duplicate or share virtual resources for satisfying tenants' requests. However, current Software-Defined Networking (SDN) architectures have major drawbacks including lack of scalability and cross Virtual Tenant Network (VTN) communication. They rely only on the flexibility of control plane and neglect management plane important role. SDN scalability bottleneck affects directly the network/VTN scalability. In front of the fast growing network, it is widely accepted that the network of the future will require more capabilities such as self-awareness, self-control and self-management. At the core of these challenges is providing elastic isolation for multi-tenancy and involving tenant in management and control to reach the scalability objective and reduce the complexity of management operations of large DCNs. To address these challenges, the Open virtual Network Management and Security (Open vNMS) is proposed for supporting transparent multi-tenancy while both network and VTN scalability is solved. Basing on elastic L2 isolation using SDN components' flexibility, we design an autonomic architecture to provide self-control, self-management and self-adaptive capabilities for the network. The experiment results showed that the proposed design offers negligible overhead and guarantees the network performance.
{"title":"A Software-Defined Scalable and Autonomous Architecture for Multi-tenancy","authors":"M. F. Ahmed, C. Talhi, M. Pourzandi, M. Cheriet","doi":"10.1109/IC2E.2014.46","DOIUrl":"https://doi.org/10.1109/IC2E.2014.46","url":null,"abstract":"Scalability for distributed Data Center Networks (DCNs) has long been a goal of the network research and industrial community. To support dynamically increasing demands from multi-tenants, the network providers have to duplicate or share virtual resources for satisfying tenants' requests. However, current Software-Defined Networking (SDN) architectures have major drawbacks including lack of scalability and cross Virtual Tenant Network (VTN) communication. They rely only on the flexibility of control plane and neglect management plane important role. SDN scalability bottleneck affects directly the network/VTN scalability. In front of the fast growing network, it is widely accepted that the network of the future will require more capabilities such as self-awareness, self-control and self-management. At the core of these challenges is providing elastic isolation for multi-tenancy and involving tenant in management and control to reach the scalability objective and reduce the complexity of management operations of large DCNs. To address these challenges, the Open virtual Network Management and Security (Open vNMS) is proposed for supporting transparent multi-tenancy while both network and VTN scalability is solved. Basing on elastic L2 isolation using SDN components' flexibility, we design an autonomic architecture to provide self-control, self-management and self-adaptive capabilities for the network. The experiment results showed that the proposed design offers negligible overhead and guarantees the network performance.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128779439","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
One of the biggest advantages of cloud infrastructures is the elasticity. Cloud services are monitored and based on the resource utilization and performance load, they get scaled up or down, by provision or de-provision of cloud resources. The goal is to guarantee the customers an acceptable performance with a minimum of resources. Such Quality of Service (QoS) characteristics are stated in a contract, called Service Level Agreement (SLA) negotiated between customer and provider. The approach of this paper shows that with additional imprecise information (e.g. expected daytime/week- time performance) modeled with fuzzy logic and used in a behavior, load and performance prediction model, the up and down scaling mechanism of a cloud service can be optimized. Evaluation results confirm, that using this approach, SLA violation can be minimized.
{"title":"Cloud QoS Scaling by Fuzzy Logic","authors":"Stefan Frey, Claudia Lüthje, C. Reich, N. Clarke","doi":"10.1109/IC2E.2014.30","DOIUrl":"https://doi.org/10.1109/IC2E.2014.30","url":null,"abstract":"One of the biggest advantages of cloud infrastructures is the elasticity. Cloud services are monitored and based on the resource utilization and performance load, they get scaled up or down, by provision or de-provision of cloud resources. The goal is to guarantee the customers an acceptable performance with a minimum of resources. Such Quality of Service (QoS) characteristics are stated in a contract, called Service Level Agreement (SLA) negotiated between customer and provider. The approach of this paper shows that with additional imprecise information (e.g. expected daytime/week- time performance) modeled with fuzzy logic and used in a behavior, load and performance prediction model, the up and down scaling mechanism of a cloud service can be optimized. Evaluation results confirm, that using this approach, SLA violation can be minimized.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126429113","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The cost an convenience of cloud computing has motivated many organizations to migrate their data and application services to cloud platforms, yet information security concerns persist. Data loss incidents experienced by organizations over the past decade offer many valuable lessons, which are highly relevant to the present trend of storing sensitive data in clouds. This paper presents our analysis of the DataLoss db, an Open Source Foundation project to collect information on data loss incidents throughout the world. The historical probability of recovering data after it is lost is low, suggesting that the design and implementation of an enterprise wide data protection plan may be the most effective method to mitigate the risk of data loss. Our analysis includes an examination of the cases where data was recovered, drawing insights where better data protection policies and procedures could avoid similar losses in the future.
{"title":"Data Loss: An Empirical Analysis in Search of Best Practices for Prevention","authors":"L. Fiondella, R. El-Kharboutly, S. Gokhale","doi":"10.1109/IC2E.2014.11","DOIUrl":"https://doi.org/10.1109/IC2E.2014.11","url":null,"abstract":"The cost an convenience of cloud computing has motivated many organizations to migrate their data and application services to cloud platforms, yet information security concerns persist. Data loss incidents experienced by organizations over the past decade offer many valuable lessons, which are highly relevant to the present trend of storing sensitive data in clouds. This paper presents our analysis of the DataLoss db, an Open Source Foundation project to collect information on data loss incidents throughout the world. The historical probability of recovering data after it is lost is low, suggesting that the design and implementation of an enterprise wide data protection plan may be the most effective method to mitigate the risk of data loss. Our analysis includes an examination of the cases where data was recovered, drawing insights where better data protection policies and procedures could avoid similar losses in the future.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132689186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents on-going research to define the basic models and architecture patterns for federated access control in heterogeneous (multi-provider) multi-cloud and inter-cloud environment. The proposed research contributes to the further definition of Intercloud Federation Framework (ICFF) which is a part of the general Intercloud Architecture Framework (ICAF) proposed by authors in earlier works. ICFF attempts to address the interoperability and integration issues in provisioning on-demand multi-provider multi-domain heterogeneous cloud infrastructure services. The paper describes the major inter-cloud federation scenarios that in general involve two types of federations: customer-side federation that includes federation between cloud based services and customer campus or enterprise infrastructure, and provider-side federation that is created by a group of cloud providers to outsource or broker their resources when provisioning services to customers. The proposed federated access control model uses Federated Identity Management (FIDM) model that can be also supported by the trusted third party entities such as Cloud Service Broker (CSB) and/or trust broker to establish dynamic trust relations between entities without previously existing trust. The research analyses different federated identity management scenarios, defines the basic architecture patterns and the main components of the distributed federated multi-domain Authentication and Authorisation infrastructure.
{"title":"Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns","authors":"Y. Demchenko, C. Ngo, C. D. Laat, Craig A. Lee","doi":"10.1109/IC2E.2014.84","DOIUrl":"https://doi.org/10.1109/IC2E.2014.84","url":null,"abstract":"This paper presents on-going research to define the basic models and architecture patterns for federated access control in heterogeneous (multi-provider) multi-cloud and inter-cloud environment. The proposed research contributes to the further definition of Intercloud Federation Framework (ICFF) which is a part of the general Intercloud Architecture Framework (ICAF) proposed by authors in earlier works. ICFF attempts to address the interoperability and integration issues in provisioning on-demand multi-provider multi-domain heterogeneous cloud infrastructure services. The paper describes the major inter-cloud federation scenarios that in general involve two types of federations: customer-side federation that includes federation between cloud based services and customer campus or enterprise infrastructure, and provider-side federation that is created by a group of cloud providers to outsource or broker their resources when provisioning services to customers. The proposed federated access control model uses Federated Identity Management (FIDM) model that can be also supported by the trusted third party entities such as Cloud Service Broker (CSB) and/or trust broker to establish dynamic trust relations between entities without previously existing trust. The research analyses different federated identity management scenarios, defines the basic architecture patterns and the main components of the distributed federated multi-domain Authentication and Authorisation infrastructure.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133176279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohammad Abu-Matar, R. Mizouni, Salwa Mohamed Alzahmi
Cloud computing has emerged as a model for utility computing that promotes on-demand scalability, flexible application deployment and reuse. Software product lines (SPL) promote reusable application development for product families. As any computing system, cloud-based systems evolve to respond to changing clients' requirements. Cloud-based applications can be modeled as Software-as-a-Service (SaaS) families similar to the SPL products. As SPL development techniques rely on feature models to describe the commonality and variability of family member applications, such techniques can be used to model variability in SaaS. In this paper, we describe a unified and systematic framework for modeling cloud services in a vendor-neutral manner. In addition, we demonstrate the applicability of the variability framework for building and customizing SaaS multitenant applications. Our approach is based on a meta-model that formalizes the multiple views of service-oriented SaaS applications. A proof of concept tool that automatically generates multitenant applications (to adapt to changing requirements of tenants) is presented. Our approach facilitates development of cloud SaaS families in a systematic, consistent, and platform independent way.
{"title":"Towards Software Product Lines Based Cloud Architectures","authors":"Mohammad Abu-Matar, R. Mizouni, Salwa Mohamed Alzahmi","doi":"10.1109/IC2E.2014.10","DOIUrl":"https://doi.org/10.1109/IC2E.2014.10","url":null,"abstract":"Cloud computing has emerged as a model for utility computing that promotes on-demand scalability, flexible application deployment and reuse. Software product lines (SPL) promote reusable application development for product families. As any computing system, cloud-based systems evolve to respond to changing clients' requirements. Cloud-based applications can be modeled as Software-as-a-Service (SaaS) families similar to the SPL products. As SPL development techniques rely on feature models to describe the commonality and variability of family member applications, such techniques can be used to model variability in SaaS. In this paper, we describe a unified and systematic framework for modeling cloud services in a vendor-neutral manner. In addition, we demonstrate the applicability of the variability framework for building and customizing SaaS multitenant applications. Our approach is based on a meta-model that formalizes the multiple views of service-oriented SaaS applications. A proof of concept tool that automatically generates multitenant applications (to adapt to changing requirements of tenants) is presented. Our approach facilitates development of cloud SaaS families in a systematic, consistent, and platform independent way.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133285629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Cloud computing, resources such as CPU, RAM, and disk etc. are provided as a service via the Internet. Elasticity is a key feature of Cloud Computing. It aims to enabling a Cloud Service Provider (CSP) to negotiate the possibility to borrow external resources from other CSPs when its own facilities are not able to satisfy a client request. Reciprocally, a CSP may sell some of its unused resources to another CSP in case of under load. Today, Cloud Federation is a key approach considered for Cloud elasticity. In the context of the Easi-Clouds European ITEA 2 research project, we aim to develop Pricing-as-a-Service (PraaS) suited to the Federated Cloud environment. The aim of this paper is twofold. First, we provide a state of the art of the pricing and revenue sharing models in federated environment. We discuss the specifications of Cloud Federation as well as its different drivers and barriers. Three types of pricing strategies (on-demand, spot and reserved) are presented. In the second part, we present the problem of revenue sharing in the federation with some properties we are willing to fulfill. We propose and evaluate our revenue sharing model suited to the Federated environment with numerical analysis via simulation. We compare our approach to the proportional share and the Shapley value method. Finally, we provide and analyze the results of our simulations with our conclusion and perspectives.
{"title":"Federation and Revenue Sharing in Cloud Computing Environment","authors":"Bassem El Zant, Isabel Amigo, M. Gagnaire","doi":"10.1109/IC2E.2014.78","DOIUrl":"https://doi.org/10.1109/IC2E.2014.78","url":null,"abstract":"In Cloud computing, resources such as CPU, RAM, and disk etc. are provided as a service via the Internet. Elasticity is a key feature of Cloud Computing. It aims to enabling a Cloud Service Provider (CSP) to negotiate the possibility to borrow external resources from other CSPs when its own facilities are not able to satisfy a client request. Reciprocally, a CSP may sell some of its unused resources to another CSP in case of under load. Today, Cloud Federation is a key approach considered for Cloud elasticity. In the context of the Easi-Clouds European ITEA 2 research project, we aim to develop Pricing-as-a-Service (PraaS) suited to the Federated Cloud environment. The aim of this paper is twofold. First, we provide a state of the art of the pricing and revenue sharing models in federated environment. We discuss the specifications of Cloud Federation as well as its different drivers and barriers. Three types of pricing strategies (on-demand, spot and reserved) are presented. In the second part, we present the problem of revenue sharing in the federation with some properties we are willing to fulfill. We propose and evaluate our revenue sharing model suited to the Federated environment with numerical analysis via simulation. We compare our approach to the proportional share and the Shapley value method. Finally, we provide and analyze the results of our simulations with our conclusion and perspectives.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133298989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent work on integration of SDNs with application-layer systems like Hadoop has created a class of system, SDN-Enabled Applications, which implement application-specific functionality on the network layer by exposing network monitoring and control semantics to application developers. This requires domain-specific knowledge to correctly reason about network behavior and properties, as the SDN is now tightly coupled to the larger system. Existing tools for SDN verification and analysis are insufficiently expressive to capture this composition of network and domain models. Unfortunately, it is exactly this kind of automated reasoning and verification that is necessary to develop robust SDN-enabled applications for real-world systems. In this paper, we present ongoing work on Verificare, a verification platform being built to enable formal verification of SDNs as components of a larger domain-specific system. SLA, safety, and security requirements can selected from a variety of formal libraries and automatically verified using a variety of off-the-shelf tools. This approach not only extends the flexibility of existing SDN verification systems, but can actually provide more fine-grained analysis of possible network states due to extra information supplied by the domain model.
{"title":"A Verification Platform for SDN-Enabled Applications","authors":"R. Skowyra, A. Lapets, Azer Bestavros, A. Kfoury","doi":"10.1109/IC2E.2014.72","DOIUrl":"https://doi.org/10.1109/IC2E.2014.72","url":null,"abstract":"Recent work on integration of SDNs with application-layer systems like Hadoop has created a class of system, SDN-Enabled Applications, which implement application-specific functionality on the network layer by exposing network monitoring and control semantics to application developers. This requires domain-specific knowledge to correctly reason about network behavior and properties, as the SDN is now tightly coupled to the larger system. Existing tools for SDN verification and analysis are insufficiently expressive to capture this composition of network and domain models. Unfortunately, it is exactly this kind of automated reasoning and verification that is necessary to develop robust SDN-enabled applications for real-world systems. In this paper, we present ongoing work on Verificare, a verification platform being built to enable formal verification of SDNs as components of a larger domain-specific system. SLA, safety, and security requirements can selected from a variety of formal libraries and automatically verified using a variety of off-the-shelf tools. This approach not only extends the flexibility of existing SDN verification systems, but can actually provide more fine-grained analysis of possible network states due to extra information supplied by the domain model.","PeriodicalId":273902,"journal":{"name":"2014 IEEE International Conference on Cloud Engineering","volume":"156 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114383189","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: