Challenges in Cloud Guo,Yuanxiong 2010.3.22. Outline Security Issues Scalability Issues.
-
Upload
patricia-ellis -
Category
Documents
-
view
215 -
download
1
Transcript of Challenges in Cloud Guo,Yuanxiong 2010.3.22. Outline Security Issues Scalability Issues.
Security in Cloud
• Security is one of the most often-cited objections to cloud computing
• Cloud computing inherently means outsourcing data
• However, we don’t want to outsourcing control on those data.
• outsourcing data without outsourcing control ???
Search• Can we search on the encrypted data and retrieve
what we need?• Encrypted data should look like random—
otherwise, the encryption method is week. • First practical technique to search on the
Encrypted Data (2000)• By submitting encrypted keyword, the cloud return
the exact encrypted part we want to retrieve
• Secure data storage can be achieved.
Is this enough?
• Besides data storage, we need to run code in the cloud.
• Code need to be its plaintext and get the plaintext input to be executed.
• Besides search, we need to compute any functions specified by the code on the encrypted data.
• Is this possible In cryptography?
Homomorphic Encryption• The ability to perform computations on the ciphertext
without decrypting it first• Suitable for cloud computing• E.g.
• For almost 30 years since the concept appears, only allows homomorphic computation of only one operation(either addition or multiplication) on plaintexts
• Is a fully homomorphic encryption which support both addition and multiplication Possible?
Meaning• Any computation can be expressed as a Boolean circuit:
a series of additions and multiplications.• Using such a scheme, any circuit (consisting of AND and
XOR) could be homomorphically evaluated, effectively allowing the construction of programs which may be run on encryptions of their inputs to produce an encryption of their output.
• Since such a program never decrypts its input, it could be run by an untrusted party without revealing its inputs and internal state.
Practicality• The computational time of this encryption depends
linearly on the number of operations performed.• However, converting a computer program, even a simple
one, into a Boolean circuit requires an enormous number of operations.
• In a perfect simple abstraction example, performing a Google search with encrypted keywords would increase the amount of computing time by about a trillion.
• Moore’s law calculates that it would be 40 years before that homomorphic search would be as efficient as a search today
Other Security Issues• Data Lock-In
– Different Cloud Provider has their different programming model and data format
– How a cloud user avoid lock-in to a particular cloud-computing vendor?
• Auditability– Currently no transparency in the operations of the cloud provider for
auditing purpose– Cloud user activities should be limited to be legal. (A Botnet master has
been tracked to be hosted in Amazon EC2 12/2009)
• Assurance of Computation integrity– Can an enterprise be assured that a cloud provider is faithfully running a
hosted application and giving valid results?
Conclusion
• Can’t solely rely on techniques to solve the security problem in the cloud.
• Policy as well as Standard are equally important.• How to find a security problem specific to cloud
computing which we can handle? • Difficult to do research in data center
management in universities, as we don’t have the infrastructure similar to what Google or Amazon has.
Virtualization
• Fundamental enabling technique to cloud computing
• VDC Advantages:– High Utilization – Performance Isolation– Low Management Cost: easy provision and migration– High Adaptability
• Impact of virtualization
Conclusion
• Unstable throughput and large delay variation
• New problems arise duo to multi-tenant Architectures (Shared Processor between VMs)
• Scalability is not like Amazon has declared.
• Cloud services hosted in the cloud can be affected by the underlying unstable networking performance
Possible Work• VM placement
– Motivation: Plenty of composite web application possibly move to the cloud
– Previous Methods seek to consolidate VMs for CPU, physical memory and power consumption saving without considering consumption of network resources.
– Can we design a placement algorithm to achieve the minimum user perceived latency as well as low inter-VMs communcation?
MapReduce
• A programming model introduced by Google to support distributed computing on large data sets on clusters of computers. (Parallel Computing)
• Google, Yahoo, Amazon, SUN, IBM all use it to implement Internet-scale Application.
• Many academic researchers has adopted it for data processing in different areas such as high end computing, data intensive scientific analysis, large scale semantic annotation and machine learning.
Possible Work• Improve MapReduce in virtualization by
Job assignment customized to networkingGood Networking VM pair host high communication Map-Reduce worker pair
Possible Work
• MapReduce computing Integrity Assurance– MapReduce originally intended to run within a single
data center (single administrator)– In a open cloud system, different service providers
may come from different administration domain. (not always trustworthy)
– How can we insure that the final computed result is valid, consistent ?