What I Have Learned About Cloud in the Last 6 Years Department of Computer Science May 2, 2013
About Me The College of New Jersey, BSc Columbia University, MSc, PhD (2007) Postdoc at Dartmouth College (NH, 2008) Research Prof at George Mason University (VA, 2008-2010) Assistant Professor, University of Calgary (2010-now) The Trustworthy Systems Group (TSG) is engaged in experimental computer science research that investigates cross-layer methods of creating efficient, trustworthy computer systems. We seek to understand why it seems difficult to build trustworthy systems and how we can get better at it.
Trustworthy Systems Group
Agenda Learning Objectives Takeaway Message: Five Things I Think I Know About Cloud My answer to what is cloud? Share some of my experiences and observations about cloud from the past six years in various projects (COMTOR, ISPIA Private Cloud, Using AWS in the Classroom). Understand some of the potential limitations of cloud, especially with respect to security and assurance If time, a brief overview of Amazon s AWS Console
Five Things I Think I Learned About Cloud (1) Cloud is not a single working environment, but rather the culmination and intersection of years of technology development promise (2) Customers have outrun the vendor hype cycle. (3) Few organizations offer customized cloud incident response. (4) A successful cloud requires people. (5) Cloud offers a low barrier to entry for deploying software.
A Beginning: 2007 USENIX ATC Talk By Verner Vogels The point here is how impressed I was with his anecdote: scalable computing led directly to scalable business.
What is Cloud? The answer depends on who you talk to: cloud vendor (IBM), cloud software vendor (VMWare), cloud provider (Google, Amazon), cloud customer (?).
IBM Definition It s a new MIS consumption and delivery model to drive business value.
NIST Definition (1) Resource Pooling servers, storage, network, applications and devices (2) Rapid Elasticity dynamic infrastructure (3) Ubiquitous Network Access anytime, place (4) Self-Service user enabled services catalog (5) Measured Service pay as you go model
What is Cloud? In terms of maturing technology... This is how I choose to understand cloud: You ve heard these terms before: B2B The Network is the Computer RPC, Java RMI Web services Service Discovery protocols and naming (UDDI) N-tiered web applications Essentially the fulfillment of on-demand computing resources enabled by maturing capabilities in networking, storage, processing, software engineering, and virtualization.
What is the Promise of Cloud? This is really cool... The ultimate promise of cloud as a computing services delivery model is: Business process as a Service (BPaaS): the nimble, agile outsourced contractor, supplier, client, or partner who is cheap, efficient, always there, on demand, reliable, and scalable This promise is not 100% complete: cloud is often thought of as a utility (e.g., water, gas, electricity) but it is not.
The TCNJ COMTOR Project A Success Story http://cloud.comtor.org Educational tool for helping students improve their technical documentation skills. Original LAMP-stack software web app took 3 years with varying amounts and quality of undergraduate labor to build. Move to a cloud version, from scratch initiation to completion:?
The TCNJ COMTOR Project A Success Story http://cloud.comtor.org Educational tool for helping students improve their technical documentation skills. Original LAMP-stack software web app took 3 years with varying amounts and quality of undergraduate labor to build. Move to a cloud version, from scratch initiation to completion: 3 weeks.
ISPIA Private Cloud IBM Cloudburst The Institute for Security, Privacy, and Information Assurance is near the tail end of a 2 year RFP, purchase, and shakedown process for buying a locally-hosted private cloud infrastructure. Multiple meetings with 4 potential vendors. Intended as a research instrument. But nothing is easy... The lesson? Cloud needs people. Those people need expertise.
My Reactions to a Google Talk About Cloud Security
Outsourcing Cloud Security Does Not Work IEEE Security & Privacy Magazine Article
Cloud is one size fits all However, as a result, cloud providers are increasingly saddled with the responsibility to deal with, mask, and recover from faults and failures. This is ultimately an uncomfortable position, particularly because they aren t in the business of specializing an intrusion response to a particular customer or network environment. Rather, their business is predicated on the assumption that providing cloud services to a variety of organizations is essentially a one-size-fits-all framework.
Challenges for Cloud From a security and assurance perspective Although the upfront costs of offloading services to the cloud are stunningly attractive, they ignore the very real costs associated with a cloud computing environment s failure modes, such as: (1) increased time to solve simple problems, for example, why an email is bouncing; (2) wasted time as employees sit around doing nothing while a cloud provider works on an issue; (3) cost of downtime if the organization is in the middle of fundraising or other critical activity; (4) cost of identifying and notifying customers whose information might have been compromised; and (5) cost of not being able to hold an employee accountable because the job is outsourced.
Controlling Cloud Failure Modes Ultimately, we can only trust (that is, rationally consider trustworthy) systems whose failure modes we can understand. With such understanding, we can respond to failures even if we cannot predict their exact form or control them as they happen.
Predictions We predict that a fundamental challenge that cloud computing will face in the next few years after significant migration of industry, government, and academic institutions to the cloud is pushback from clients as they attempt to regain some measure of control over parts of their outsourced infrastructure. Significant pressure exists to let institutions break through the abstractions that make the cloud so alluring.
Other Cloud Security Challenges Going Forward (a) http://cloudlaw.ca/agenda/ (b) Data locality (c) Enforcing SLA provisions (d) Computing on encrypted data (e) Better hypervisors
AWS Console Overview
AWS Bill
Key Takeaway Message This also is related to Data Liberation When you adopt cloud, you are exporting a workflow not data! (well, data too, but that s not the important thing) The important thing is the dependencies your employees or contractors will naturally form on these existing outstourced workflows: their work practicies and expectations will form dependencies on cloud services. There will thus be a transition cost away from a particular provider or cloud in general.
Time for Questions email: locasto@ucalgary.ca Twitter: @mlocasto Blog: mlocasto.blogspot.com Research Group: Trustworthy Systems Group http://tsg.cpsc.ucalgary.ca/
Additional Slides
Reminder: Saltzer and Schroeder These are venerable security design principles Economy of mechanism (complexity kills) Fail-safe defaults (fail closed, not fail open) Complete mediation (identify all control/entry/measurement points) Open Design (no security through obscurity) Separation of privilege (map functionality to a disjoint set of roles) Least privilege (what power do you need for Task T?) Least-common mechanism (minimize size of TCB in terms of common surface/shared surface) Psychological acceptability (usable security, intuitive, people-centric model)