Security of the Cloud

The chapter presents current security concerns in the Cloud Computing Environment. The cloud concept and operation raise many concerns for cloud users since they have no control of the arrangements made to protect the services and resources offered. Additionally, it is obvious that many of the cloud service providers will be subject to significant security attacks. Some traditional security attacks such as the Denial of Service attacks (DoS) and distributed DDoS attacks are well known, and there are several proposed solutions to mitigate their impact. However, in the cloud environment, DDoS becomes more severe and can be coupled with Economical Denial of Sustainability (EDoS) attacks. The chapter presents a general overview of cloud security, the types of vulnerabilities, and potential attacks. The chapter further presents a more detailed analysis of DDoS attacks' launch mechanisms and well-known DDoS defence mechanisms. Finally, the chapter presents a DDoS-Mitigation system and potential future research directions.

Cloud-Based Healthcare Systems

Healthcare is one of the most important sectors in all countries and significantly affects the economy. As such, the sector consumes an average of 9.5% of the gross domestic product across the most developed countries; they should invoke smart healthcare systems to efficiently utilize available resources, vastly handle spontaneous emergencies, and professionally manage the population health records. With the rise of the Cloud and Mobile Computing, a vast variety of added values have been introduced to software and IT infrastructure. This chapter provides a comprehensive review on the new Cloud-based and mobile-based applications that have been developed in the healthcare field. Cloud's availability, scalability, and storage capabilities, in addition to the Mobile's portability, wide coverage, and accessibility features, contributed to the fulfillment of healthcare requirements. The chapter shows how Cloud and Mobile opened a new environment for innovative services in the healthcare field and discusses the open research issues.

Self-Management of Operational Issues for Grid Computing

Science gateways, such as the Virtual Imaging Platform (VIP), enable transparent access to distributed computing and storage resources for scientific computations. However, their large scale and the number of middleware systems involved in these gateways lead to many errors and faults. This chapter addresses the autonomic management of workflow executions on science gateways in an online and non-clairvoyant environment, where the platform workload, task costs, and resource characteristics are unknown and not stationary. The chapter describes a general self-management process based on the MAPE-K loop (Monitoring, Analysis, Planning, Execution, and Knowledge) to cope with operational incidents of workflow executions. Then, this process is applied to handle late task executions, task granularities, and unfairness among workflow executions. Experimental results show how the approach achieves a fair quality of service by using control loops that constantly perform online monitoring, analysis, and execution of a set of curative actions.

On Controlling Elasticity of Cloud Applications in CELAR

Today's complex cloud applications are composed of multiple components executed in multi-cloud environments. For such applications, the possibility to manage and control their cost, quality, and resource elasticity is of paramount importance. However, given that the cost of different services offered by cloud providers can vary a lot with their quality/performance, elasticity controllers must consider not only complex, multi-dimensional preferences and provisioning capabilities from stakeholders but also various runtime information regarding cloud applications and their execution environments. In this chapter, the authors present the elasticity control approach of the EU CELAR Project, which deals with multi-dimensional elasticity requirements and ensures multi-level elasticity control for fulfilling user requirements. They show the elasticity control mechanisms of the CELAR project, from application description to multi-level elasticity control. The authors highlight the usefulness of CELAR's mechanisms for users, who can use an intuitive, user-friendly interface to describe and then to follow their application elasticity behavior controlled by CELAR.

Application-Level Monitoring and SLA Violation Detection for Multi-Tenant Cloud Services

Keeping the quality of service defined by Service Level Agreements (SLAs) is a key factor to facilitate business operations of Cloud providers. SLA enforcement relies on resource and application monitoring—a topic that has been investigated by various Cloud-related projects. Application-level monitoring still represents an open research issue, especially for billing and accounting purposes. Such a monitoring is becoming fundamental, as Cloud services are multi-tenant, thus having users sharing the same resources. This chapter describes key challenges on application provisioning and SLA enforcement in Clouds, introduces a Cloud Application and SLA monitoring architecture, and proposes two methods for determining the frequency that applications needs to be monitored. The authors evaluate their architecture on a real Cloud testbed using applications that exhibit heterogeneous behaviors. The achieved results show that the architecture is low intrusive, able to monitor resources and applications, detect SLA violations, and automatically suggest effective measurement intervals for various workloads.

Cloudlet-Based Cyber-Foraging in Resource-Limited Environments

First responders and others operating in crisis environments increasingly make use of handheld devices to help with tasks such as face recognition, language translation, decision making, and mission planning. These resource-limited environments are characterized by dynamic context, limited computing resources, high levels of stress, and intermittent network connectivity. Cyber-foraging is the leverage of external resource-rich surrogates to augment the capabilities of resource-limited devices. In cloudlet-based cyber-foraging, resource-intensive computation is offloaded to cloudlets: discoverable, generic servers located in single-hop proximity of mobile devices. This chapter presents several mechanisms for cloudlet-based cyber-foraging that consider a tradeoff space beyond energy, performance, and fidelity of results. It demonstrates that cyber-foraging in resource-limited environments can greatly benefit from moving cloud computing concepts and technologies closer to the edge so that surrogates, even if disconnected from the enterprise, can provide offload capabilities that enhance the computing power of mobile devices.

Distributed Interoperability in Heterogeneous Cloud Systems

Cloud platforms constitute distributed and heterogeneous systems. Interacting applications, possibly in different clouds, face relevant interoperability challenges. This chapter details the interoperability problem and presents an interoperability framework, which provides a systematization of aspects such as coupling, compatibility, and the various levels at which interoperability must occur. After discussing the main limitations of current interoperability technologies, such as Web Services and RESTful applications, the chapter proposes an alternative technology. This entails a new distributed programming language, capable of describing both data and code in a platform-agnostic fashion. The underlying model is based on structured resources, each offering its own service. Service-oriented interfaces can be combined with the structured resources and hypermedia that characterize RESTful applications, instead of having to choose one style or the other. Coupling is reduced by checking interoperability structurally, based on the concepts of compliance and conformance. There is native support for binary data and full-duplex protocols.

Access Control in Cloud Computing

Data sharing as one of the most popular service applications in cloud computing has received wide attention, which makes the consumers achieve the shared contents whenever and wherever possible. However, the new paradigm of data sharing will also introduce some security issues while it provides much convenience. The data confidentiality, the privacy security, the user key accountability, and the efficiency are hindering its rapid expansion. An effective and secure access control mechanism is becoming one way to deal with this dilemma. In this chapter, the authors focus on presenting a detailed review on the existing access control mechanisms. Then, they explore some potential research issues for the further development of more comprehensive and secure access control schemes. Finally, the authors expect that the topic of access control in cloud computing will attract much more attention from academia and industry.

Energy-Saving QoS Resource Management of Virtualized Networked Data Centers for Big Data Stream Computing

In this chapter, the authors develop the scheduler which optimizes the energy-vs.-performance trade-off in Software-as-a-Service (SaaS) Virtualized Networked Data Centers (VNetDCs) that support real-time Big Data Stream Computing (BDSC) services. The objective is to minimize the communication-plus-computing energy which is wasted by processing streams of Big Data under hard real-time constrains on the per-job computing-plus-communication delays. In order to deal with the inherently nonconvex nature of the resulting resource management optimization problem, the authors develop a solving approach that leads to the lossless decomposition of the afforded problem into the cascade of two simpler sub-problems. The resulting optimal scheduler is amenable of scalable and distributed adaptive implementation. The performance of a Xen-based prototype of the scheduler is tested under several Big Data workload traces and compared with the corresponding ones of some state-of-the-art static and sequential schedulers.

Network-Aware Virtual Machine Placement and Migration in Cloud Data Centers

With the pragmatic realization of computing as a utility, Cloud Computing has recently emerged as a highly successful alternative IT paradigm. Cloud providers are deploying large-scale data centers across the globe to meet the Cloud customers' compute, storage, and network resource demands. Efficiency and scalability of these data centers, as well as the performance of the hosted applications' highly depend on the allocations of the data center resources. Very recently, network-aware Virtual Machine (VM) placement and migration is developing as a very promising technique for the optimization of compute-network resource utilization, energy consumption, and network traffic minimization. This chapter presents the relevant background information and a detailed taxonomy that characterizes and classifies the various components of VM placement and migration techniques, as well as an elaborate survey and comparative analysis of the state of the art techniques. Besides highlighting the various aspects and insights of the network-aware VM placement and migration strategies and algorithms proposed by the research community, the survey further identifies the benefits and limitations of the existing techniques and discusses on the future research directions.