We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKarlie Dimock
Modified over 2 years ago
LADIS workshop (Oct 11, 2009) A Case for the Accountable Cloud Andreas Haeberlen MPI-SWS
LADIS workshop (Oct 11, 2009) Outline 2 © 2009 Andreas Haeberlen ProblemSolutionCall for action
LADIS workshop (Oct 11, 2009) The benefits of cloud computing The cloud enables Alice to: obtain resources on demand pay only for what she actually uses benefit from economies of scale But... 3 © 2009 Andreas Haeberlen AliceBob Alice's customers
LADIS workshop (Oct 11, 2009) Problem: Split administrative domain Control and information about Alice's service are now split between Alice and Bob Alice cannot control cloud machines or observe their status Alice must have a lot of trust in Bob Bob does not understand the details of Alice's software Difficult to perform many administrative tasks 4 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ??? ????????
LADIS workshop (Oct 11, 2009) Problem: Split administrative domain What if there is a problem with the cloud? Misconfiguration Insufficient allocation of resources Hacker attack Data loss or unavailability Hardware malfunction... 5 © 2009 Andreas Haeberlen Alice Bob Alice's customers
LADIS workshop (Oct 11, 2009) Handling problems: Alice's perspective 6 © 2009 Andreas Haeberlen Alice Alice's customers ? ? ? ? ? ? ? ? Bob If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob?
LADIS workshop (Oct 11, 2009) If something is wrong, how will I know? How can I tell if it's my software or the cloud? If it's the cloud, how can I convince Bob? Handling problems: Bob's perspective 7 © 2009 Andreas Haeberlen Alice Bob Alice's customers ? ? ???????? ??? If something is wrong, how will I know? How can I tell if it's the cloud or Alice's software? If it's Alice's software, how can I convince Alice?
LADIS workshop (Oct 11, 2009) Outline 8 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain
LADIS workshop (Oct 11, 2009) An idealized solution What if we had an oracle that Alice and Bob could ask about cloud problems? Completeness: If the cloud is faulty, the oracle will say so Accuracy: If the cloud is not faulty, the oracle will say so Verifiability: The oracle produces evidence that would convince a disinterested third party 9 © 2009 Andreas Haeberlen Alice Bob Alice's customers Oracle
LADIS workshop (Oct 11, 2009) The accountable cloud Idea: Make cloud accountable to Alice+Bob Cloud records its actions in a tamper-evident log Alice and Bob can audit the log and check for faults Use log to construct evidence that a fault does (not) exist Provides completeness, accuracy, verifiability Provable guarantees even if Alice and/or Bob are malicious! 10 © 2009 Andreas Haeberlen Alice Bob Alice's customers Tamper-evident log
LADIS workshop (Oct 11, 2009) Discussion Isn't this too pessimistic? Bob isn't malicious! Hacker attacks, software bugs, disgruntled employees, operator error,..., can have the same effect Difficult to come up with a more restrictive fault model Alice (or some other customer) could be malicious Shouldn't Bob use fault tolerance instead? Bob certainly should mask faults whenever possible But: Masking is never perfect; Alice still needs to check Why would a provider want to deploy this? Attractive to prospective customers Helps with handling angry support calls 11 © 2009 Andreas Haeberlen
LADIS workshop (Oct 11, 2009) Discussion: Guarantees Are these the right guarantees? Completeness: "No false negatives" Could be relaxed: e.g., probabilistic completeness Accuracy: "No false positives" Cannot be relaxed safely if the detection of a fault can have serious legal/financial consequences for Bob Verifiability: "Produce enough evidence to convince a third party" Could be relaxed: e.g., evidence only needs to convince a specific third party © 2009 Andreas Haeberlen 12
LADIS workshop (Oct 11, 2009) Outline 13 © 2009 Andreas Haeberlen ProblemSolutionCall for action Split administrative domain Make the cloud accountable
LADIS workshop (Oct 11, 2009) Is the technology ready? Cloud accountability should: Deliver provable guarantees Work for most cloud applications Require no changes to application code Cover a wide spectrum of properties Have a low overhead Can existing techniques deliver this? CATS, Repeat&Compare, AIP, PeerReview, NetReview, AudIt,... More research is needed! 14 © 2009 Andreas Haeberlen ? ? ?
LADIS workshop (Oct 11, 2009) Work in progress: AVM Goal: Provide accountability for arbitrary unmodified software Idea: Accountable virtual machine (AVM) Cloud records enough data to enable determinstic replay Alice can replay log with a known-good copy of the software Can audit any part of the original execution 15 © 2009 Andreas Haeberlen AliceBob Virtual machine
LADIS workshop (Oct 11, 2009) Summary Problem: Current cloud designs carry risks for both customers and providers Customer loses control over his computation and data Split administration Difficult to detect+resolve problems Proposed solution: The accountable cloud Can verify correct operation, produce evidence Provable guarantees solid foundation for both sides Discussion: Guarantees, fault model, incentives,... Lots of research opportunities 16 © 2009 Andreas Haeberlen Questions?
Building and Programming the Cloud, Mysore, Jan Accountable distributed systems and the accountable cloud Peter Druschel joint work with Andreas.
SOSP 2007 © 2007 Andreas Haeberlen, MPI-SWS 1 Practical accountability for distributed systems Andreas Haeberlen MPI-SWS / Rice University Petr Kuznetsov.
© 2010 Andreas Haeberlen 1 Accountable Virtual Machines OSDI (October 4, 2010) Andreas Haeberlen University of Pennsylvania Paarijaat Aditya Rodrigo Rodrigues.
A. Haeberlen Fault Tolerance and the Five-Second Rule 1 HotOS XV (May 18, 2015) Ang Chen Hanjun Xiao Andreas Haeberlen Linh Thi Xuan Phan Department of.
© 2006 Andreas Haeberlen, MPI-SWS 1 The Case for Byzantine Fault Detection Andreas Haeberlen MPI-SWS / Rice University Petr Kouznetsov MPI-SWS Peter Druschel.
Accountability Aditya Akella. Outline Accountable Virtual Machines Accountability in and via SDN.
SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.
Test process essentials Riitta Viitamäki,
1 The Case for Byzantine Fault Detection. 2 Challenge: Byzantine faults Distributed systems are subject to a variety of failures and attacks Hacker break-in.
NSDI (April 24, 2009) © 2009 Andreas Haeberlen, MPI-SWS 1 NetReview: Detecting when interdomain routing goes wrong Andreas Haeberlen MPI-SWS / Rice Ioannis.
PeerReview: Practical Accountability for Distributed Systems SOSP 07.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Speaker: Meng-Ting Tsai Date:2010/11/16 Toward Publicly Auditable Secure Cloud Data Storage Services Cong Wang and Kui Ren..etc IEEE Communications Society.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Byzantine Generals. Outline r Byzantine generals problem.
BFTW 3 workshop (Sep 22, 2009)© 2009 Andreas Haeberlen 1 The Fault Detection Problem Andreas Haeberlen MPI-SWS Petr Kuznetsov TU Berlin / Deutsche Telekom.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
G53SEC 1 Reference Monitors Enforcement of Access Control.
CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.
Requirements in the product life cycle Chapter 7.
Software Project Management
Presented By: Vinay Kumar. At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
Slide B-1 Case 1 You have just received surprising information that requires your group to take a new approach right away. You know the group members are.
Effective Methods for Software and Systems Integration
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash? A payment message bearing a digital signature which functions as a medium of.
©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Hong Zhu Dept of Computing and Communication Technologies Oxford Brookes University Oxford, OX33 1HX, UK TOWARDS.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Stamping out worms and other Internet pests Miguel Castro Microsoft Research.
En 1 hanced Performance. Enduring Results.. Insight into what the Elicitation tasks actually do What the BABOK says about Elicitation activities.
The ISA for Physics What you need to revise.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Reliable Client Accounting for P2P-Infrastructure Hybrids Paarijaat Aditya †, Ming-Chen Zhao ‡, Yin Lin *, Andreas Haeberlen ‡, Peter Druschel †, Bruce.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Software Engineering Experimentation Software Engineering Specific Issues (Mostly CS as well) Jeff Offutt
SRG PeerReview: Practical Accountability for Distributed Systems Andreas Heaberlen, Petr Kouznetsov, and Peter Druschel SOSP’07.
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
© 2017 SlidePlayer.com Inc. All rights reserved.