We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKarlie Dimock
Modified about 1 year ago
LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS
LADIS workshop (Oct 11, 2009) Outline 2 © 2009 Andreas Haeberlen ProblemSolutionCall for action
LADIS workshop (Oct 11, 2009) The benefits of cloud computing The cloud enables Alice to: obtain resources on demand pay only for what she actually uses benefit from economies of scale But... 3 © 2009 Andreas Haeberlen AliceBob Alice's customers
LADIS workshop (Oct 11, 2009) Problem: Split administrative domain Control and information about Alice's service are now split between Alice and Bob Alice cannot control cloud machines or observe their status Alice must have a lot of trust in Bob Bob does not understand the details of Alice's software Difficult to perform many administrative tasks 4 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ??? ????????
LADIS workshop (Oct 11, 2009) Problem: Split administrative domain What if there is a problem with the cloud? Misconfiguration Insufficient allocation of resources Hacker attack Data loss or unavailability Hardware malfunction... 5 © 2009 Andreas Haeberlen Alice Bob Alice's customers
LADIS workshop (Oct 11, 2009) Handling problems: Alice's perspective 6 © 2009 Andreas Haeberlen Alice Alice's customers ? ? ? ? ? ? ? ? Bob If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob?
LADIS workshop (Oct 11, 2009) If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob? Handling problems: Bob's perspective 7 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ? ???????? ??? If something is wrong, how will I know? How can I tell if it's the cloud or Alice's software? If it's Alice's software, how can I convince Alice?
LADIS workshop (Oct 11, 2009) Outline 8 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain
LADIS workshop (Oct 11, 2009) An idealized solution What if we had an oracle that Alice and Bob could ask about cloud problems? Completeness: If the cloud is faulty, the oracle will say so Accuracy: If the cloud is not faulty, the oracle will say so Verifiability: The oracle produces evidence that would convince a disinterested third party 9 © 2009 Andreas Haeberlen Alice Bob Alice's customers Oracle
LADIS workshop (Oct 11, 2009) The accountable cloud Idea: Make cloud accountable to Alice+Bob Cloud records its actions in a tamper-evident log Alice and Bob can audit the log and check for faults Use log to construct evidence that a fault does (not) exist Provides completeness, accuracy, verifiability Provable guarantees even if Alice and/or Bob are malicious! 10 © 2009 Andreas Haeberlen Alice Bob Alice's customers Tamper-evident log
LADIS workshop (Oct 11, 2009) Discussion Isn't this too pessimistic? Bob isn't malicious! Hacker attacks, software bugs, disgruntled employees, operator error,..., can have the same effect Difficult to come up with a more restrictive fault model Alice (or some other customer) could be malicious Shouldn't Bob use fault tolerance instead? Bob certainly should mask faults whenever possible But: Masking is never perfect; Alice still needs to check Why would a provider want to deploy this? Attractive to prospective customers Helps with handling angry support calls 11 © 2009 Andreas Haeberlen
LADIS workshop (Oct 11, 2009) Discussion: Guarantees Are these the right guarantees? Completeness: "No false negatives" Could be relaxed: e.g., probabilistic completeness Accuracy: "No false positives" Cannot be relaxed safely if the detection of a fault can have serious legal/financial consequences for Bob Verifiability: "Produce enough evidence to convince a third party" Could be relaxed: e.g., evidence only needs to convince a specific third party © 2009 Andreas Haeberlen 12
LADIS workshop (Oct 11, 2009) Outline 13 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain Make the cloud accountable
LADIS workshop (Oct 11, 2009) Is the technology ready? Cloud accountability should: Deliver provable guarantees Work for most cloud applications Require no changes to application code Cover a wide spectrum of properties Have a low overhead Can existing techniques deliver this? CATS, Repeat&Compare, AIP, PeerReview, NetReview, AudIt,... More research is needed! 14 © 2009 Andreas Haeberlen ? ? ?
LADIS workshop (Oct 11, 2009) Work in progress: AVM Goal: Provide accountability for arbitrary unmodified software Idea: Accountable virtual machine (AVM) Cloud records enough data to enable determinstic replay Alice can replay log with a known-good copy of the software Can audit any part of the original execution 15 © 2009 Andreas Haeberlen AliceBob Virtual machine
LADIS workshop (Oct 11, 2009) Summary Problem: Current cloud designs carry risks for both customers and providers Customer loses control over his computation and data Split administration Difficult to detect+resolve problems Proposed solution: The accountable cloud Can verify correct operation, produce evidence Provable guarantees solid foundation for both sides Discussion: Guarantees, fault model, incentives,... Lots of research opportunities 16 © 2009 Andreas Haeberlen Questions?
Information Systems Management CIS 318
The. of and a to in is you that it he for.
Grant Writing and Scouting for Grants Elvira B. Lapuz University of the Philippines
1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Development IS301.
Automated eContract Negotiation in Web Service Environment: Trust Management and Electronic Contract Management Aspects Doctoral student Marius Šaučiūnas.
Computing Higher - SD Process – Topic 2 St Andrew’s High School Unit 2 Software Development Process.
1 Accountability and Freedom Butler Lampson Microsoft September 26, 2005.
Coaching: Tapping Into Your Employees Potential. 2 Objectives After this workshop you will be able to: Set the groundwork for productive coaching sessions.
PROFESSIONAL DISCUSSION What is Professional Discussion? When would you use it?
Here is how close you are to the knowledge or skills you are trying to develop, and heres what you need to do next.
Help Desk Procedures Topic 1 : What is a Help Desk? (by Greg Webb, Copyright © TAFE NSW) 1. Introduction In this unit you will learn what a help desk.
The University of Durham e-Demand Project Paul Townend 14 th April 2003 Paul Townend 14 th April 2003.
Chapter - 5 Understanding Requirements Unit II. Introduction Definition : “The broad spectrum of tasks and techniques that lead to an understanding of.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
The Top 5 Interview Questions For Employers To Ask Dianne Shaddock.
Something to Think About… “Children need to explore and to discover. This is how you innovate; you fail your way to your answer. Scientists fail all the.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Business Communications Lesson Six FJU/AIEDL Dr. M. Connor Based on Excellence in Business Communication,5/e Thill and Bovée.
1 Note content copyright © 2004 Ian Sommerville. NU-specific content copyright © 2004 M. E. Kabay. All rights reserved. Critical Systems Validation IS301.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
Knowledge in implementing/managing the IS/IT project CASE-The Brose Group Implements Page
UNIT-V DEFECT PREVENTION 1Defect prevention (Arun)
Case-Based Learning Cases challenge participants to analyze, critique, make judgments, speculate and express reasoned opinions. Cases which allow students.
HIPAA Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members about the.
Copyright © 2010 Pearson Education, Inc. Slide
NIGB NATIONAL INFORMATION GOVERNANCE BOARD FOR HEALTH AND SOCIAL CARE Welcome to the Information Sharing Workshop NIGB would like to thank County Durham.
LOGIC AND CRITICAL THINKING Lecture 11 – Scientific Reasoning I.
Of. and a to the in is you that it at be.
The. of and a to in is you that it he was.
© 2016 SlidePlayer.com Inc. All rights reserved.