Challenges in Cloud

Guo,Yuanxiong

2010.3.22

Outline

• Security Issues

• Scalability Issues

Security in Cloud

• Security is one of the most often-cited objections to cloud computing

• Cloud computing inherently means outsourcing data

• However, we don’t want to outsourcing control on those data.

• outsourcing data without outsourcing control ???

Confidentiality: Encryption

Search• Can we search on the encrypted data and retrieve

what we need?• Encrypted data should look like random—

otherwise, the encryption method is week. • First practical technique to search on the

Encrypted Data (2000)• By submitting encrypted keyword, the cloud return

the exact encrypted part we want to retrieve

• Secure data storage can be achieved.

Is this enough?

• Besides data storage, we need to run code in the cloud.

• Code need to be its plaintext and get the plaintext input to be executed.

• Besides search, we need to compute any functions specified by the code on the encrypted data.

• Is this possible In cryptography?

Homomorphic Encryption• The ability to perform computations on the ciphertext

without decrypting it first• Suitable for cloud computing• E.g.

• For almost 30 years since the concept appears, only allows homomorphic computation of only one operation(either addition or multiplication) on plaintexts

• Is a fully homomorphic encryption which support both addition and multiplication Possible?

Breakthrough(2009)

Meaning• Any computation can be expressed as a Boolean circuit:

a series of additions and multiplications.• Using such a scheme, any circuit (consisting of AND and

XOR) could be homomorphically evaluated, effectively allowing the construction of programs which may be run on encryptions of their inputs to produce an encryption of their output.

• Since such a program never decrypts its input, it could be run by an untrusted party without revealing its inputs and internal state.

Practicality• The computational time of this encryption depends

linearly on the number of operations performed.• However, converting a computer program, even a simple

one, into a Boolean circuit requires an enormous number of operations.

• In a perfect simple abstraction example, performing a Google search with encrypted keywords would increase the amount of computing time by about a trillion.

• Moore’s law calculates that it would be 40 years before that homomorphic search would be as efficient as a search today

Other Security Issues• Data Lock-In

– Different Cloud Provider has their different programming model and data format

– How a cloud user avoid lock-in to a particular cloud-computing vendor?

• Auditability– Currently no transparency in the operations of the cloud provider for

auditing purpose– Cloud user activities should be limited to be legal. (A Botnet master has

been tracked to be hosted in Amazon EC2 12/2009)

• Assurance of Computation integrity– Can an enterprise be assured that a cloud provider is faithfully running a

hosted application and giving valid results?

Conclusion

• Can’t solely rely on techniques to solve the security problem in the cloud.

• Policy as well as Standard are equally important.• How to find a security problem specific to cloud

computing which we can handle? • Difficult to do research in data center

management in universities, as we don’t have the infrastructure similar to what Google or Amazon has.

Virtualization

• Fundamental enabling technique to cloud computing

• VDC Advantages:– High Utilization – Performance Isolation– Low Management Cost: easy provision and migration– High Adaptability

• Impact of virtualization

Scalability for Amazon EC2

Network Performance Measurement of EC2

INFOCOMM 10

Network Performance Measurement of EC2

INFOCOMM 10

Network Performance Measurement of EC2

INFOCOMM 10

Conclusion

• Unstable throughput and large delay variation

• New problems arise duo to multi-tenant Architectures (Shared Processor between VMs)

• Scalability is not like Amazon has declared.

• Cloud services hosted in the cloud can be affected by the underlying unstable networking performance

Possible Work• VM placement

– Motivation: Plenty of composite web application possibly move to the cloud

– Previous Methods seek to consolidate VMs for CPU, physical memory and power consumption saving without considering consumption of network resources.

– Can we design a placement algorithm to achieve the minimum user perceived latency as well as low inter-VMs communcation?

MapReduce

• A programming model introduced by Google to support distributed computing on large data sets on clusters of computers. (Parallel Computing)

• Google, Yahoo, Amazon, SUN, IBM all use it to implement Internet-scale Application.

• Many academic researchers has adopted it for data processing in different areas such as high end computing, data intensive scientific analysis, large scale semantic annotation and machine learning.

Possible Work• Improve MapReduce in virtualization by

Job assignment customized to networkingGood Networking VM pair host high communication Map-Reduce worker pair

Possible Work

• MapReduce computing Integrity Assurance– MapReduce originally intended to run within a single

data center (single administrator)– In a open cloud system, different service providers

may come from different administration domain. (not always trustworthy)

– How can we insure that the final computed result is valid, consistent ?

Q&A