Skip to main content

A middleware for assured clouds

Abstract

This paper considers mission assurance for critical cloud applications, a set of applications with growing importance to governments and military organizations. Specifically, we consider applications in which assigned tasks or duties are performed in accordance with an intended purpose or plan in order to accomplish an assured mission. Mission-critical cloud computing may possibly involve hybrid (public, private, heterogeneous) clouds and require the realization of “end-to-end” and “cross-layered” security, dependability, and timeliness. We propose the properties and building blocks of a middleware for assured cloud computing that can support critical missions. In this approach, we assume that mission critical cloud computing must be designed with assurance in mind. In particular, the middleware in such systems must include sophisticated monitoring, assessment of policies, and response to manage the configuration and management of dynamic systems-of-systems with both trusted and partially trusted resources (data, sensors, networks, computers, etc.) and services sourced from multiple organizations.

References

  1. 1.

    Agha G, Meseguer JE, Sen K (2006) PMaude: Rewrite-based specification language for probabilistic object systems. In: 3rd wksp quantitative aspects of programming languages (QAPL)

    Google Scholar 

  2. 2.

    Amazon AWS (2008) Amazon S3 availability event: July 20, 2008. http://status.aws.amazon.com/s3-20080720.html

  3. 3.

    Amazon AWS (2011) AWS risk and compliance. Amazon Whitepapers

  4. 4.

    Amazon AWS Summary of the Amazon EC2 and Amazon RDS service disruption in the US East Region. http://aws.amazon.com/message/65648/

  5. 5.

    Assured Cloud Computing University Center of Excellence. http://assured-cloud-computing.illinois.edu/

  6. 6.

    Bellessa J, Kroske E, Farivar R, Montanari M, Larson K, Campbell RH (2011) NetODESSA: resilient policy enforcement for cloud networks. In: RACOS 2011, in conjunction with the 30th IEEE symposium on reliable distributed systems (SRDS)

    Google Scholar 

  7. 7.

    Binning D (2011) Cloud computing may be the saviour of true unified communications. CIO Mag, May

  8. 8.

    Bowers KD, Van Dijk M, Juels A, Oprea A, Rivest RL (2011) How to tell if your cloud files are vulnerable to drive crashes. In: ACM conference on computer and communications security

    Google Scholar 

  9. 9.

    Ceri S, Gottlob G, Tanca L (1989) What you always wanted to know about Datalog (and never dared to ask). IEEE Trans Knowl Data Eng 1(1):146–166

    Article  Google Scholar 

  10. 10.

    Dean J, Ghemawat S (2004) MapReduce: simplified data processing on large clusters. In: OSDI

    Google Scholar 

  11. 11.

    Department of Defense (2010) Directive 3020.40: DoD policy and responsibilities for critical infrastructure. January

  12. 12.

    DMTF, Web-based enterprise management. http://www.dmtf.org/standards/wbem

  13. 13.

    Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Annual network and distributed systems security symposium

    Google Scholar 

  14. 14.

    Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: ACM symposium on theory of computing (STOC)

    Google Scholar 

  15. 15.

    Isard M, Budiu M, Yu Y, Birrell A, Fetterly D (2007) Dryad: distributed data-parallel programs from sequential building blocks. In: Proceedings of the 2nd ACM SIGOPS/EuroSys European conference on computer systems

    Google Scholar 

  16. 16.

    Jabbour K, Muccio S (2011) The science of mission assurance. J Strateg Secur 4(2):61–74

    Article  Google Scholar 

  17. 17.

    Jingwei H, Nicol D (2010) A formal-semantics-based calculus of trust. IEEE Internet Comput

  18. 18.

    Juels A, Kaliski BS Jr (2007) PORs: Proofs of retrievability for large files. In: ACM conference on computer and communications security

    Google Scholar 

  19. 19.

    Leitner P, Michlmayr A, Rosenberg F, Dustdar S (2010) Monitoring, prediction and prevention of sla violations in composite services. In: IEEE international conference on web services

    Google Scholar 

  20. 20.

    Li G, Jacobsen HA (2005) Composite subscriptions in content-based publish/subscribe systems. In: ACM/IFIP/USENIX middleware

    Google Scholar 

  21. 21.

    Lockheed Martin (2011) Lockheed Martin announces blackcloud solution based on trusted infrastructure technologies from cyber security alliance partners. Lockheed Martin Press Release

  22. 22.

    Montanari M, Campbell R (2011) Attack-resilient compliance monitoring for large distributed infrastructure systems. In: 5th international conference on network and system security (NSS)

    Google Scholar 

  23. 23.

    Montanari M, Chan E, Larson K, Yoo W, Campbell R (2011) Distributed security policy conformance. In: Future challenges in security and privacy for academia and industry (SEC)

    Google Scholar 

  24. 24.

    Montanari M, Chaugule A, Campbell R (2011) Robustness of compliance to infrastructure security policies. Computer Science Research and Technical Reports. University of Illinois

  25. 25.

    National Institute for Standard and Technology (2011) Federal information security management act (FISMA) implementation project. http://csrc.nist.gov/groups/SMA/fisma/

  26. 26.

    New York Times, April 2011. http://bits.blogs.nytimes.com/2011/04/21/amazon-cloud-failure-takes-down-web-sites/

  27. 27.

    PCI Security Standard Council (2011) PCI-DSS v2.0. https://www.pcisecuritystandards.org

  28. 28.

    Sommers J, Barford P, Duffield N, Ron A (2007) Accurate and efficient SLA compliance monitoring. In: ACM SIGCOMM

    Google Scholar 

  29. 29.

    Szefer J, Keller E, Lee RB, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: ACM conference on computer and communications security

    Google Scholar 

  30. 30.

    Vaughan-Nichols SJ (2011) OpenFlow: the next generation of the network? IEEE Comput 44(8)

  31. 31.

    Verma A, Cherkasova L, Campbell RH (2011) ARIA: automatic resource inference and allocation for MapReduce environments. In: International conference on autonomic computing (ICAC), June 2011

    Google Scholar 

  32. 32.

    Wang L, Tao J, Kunze M, Castellanos AC, Kramer D, Karl W (2008) Scientific cloud computing: early definition and experience. IEEE HPCC

  33. 33.

    Zhang K, Zhou X, Chen Y, Wang X, Ruan Y (2011) Sedic: Privacy-aware data intensive computing on hybrid cloud. In: ACM conference on computer and communications security

    Google Scholar 

  34. 34.

    Zulkernine F, Martin P, Craddock C, Wilson K (2009) A policy-based middleware for web services sla negotiation. In: IEEE international conference on web services

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Roy H. Campbell.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Campbell, R.H., Montanari, M. & Farivar, R. A middleware for assured clouds. J Internet Serv Appl 3, 87–94 (2012). https://doi.org/10.1007/s13174-011-0044-9

Download citation

Keywords

  • Cloud computing
  • Mission assurance
  • Security
  • Middleware
  • Monitoring