A Case for the Accountable Cloud - PowerPoint Presentation

test . @test

416 views
Uploaded On 2017-12-04

A Case for the Accountable Cloud - PPT Presentation

Andreas Haeberlen MPISWS Outline 2 2009 Andreas Haeberlen Problem Solution Call for action The benefits of cloud computing The cloud enables Alice to obtain resources on demand pay only for what she actually uses ID: 612489

cloud alice andreas bob alice cloud bob andreas 2009 haeberlen customers software problem accountable convince guarantees administrative split oracle

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/612489" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Presentation The PPT/PDF document "A Case for the Accountable Cloud" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

A Case for the Accountable Cloud

Andreas HaeberlenMPI-SWSSlide2

Outline

Problem

Solution

Call for actionSlide3

The benefits of cloud computing

The cloud enables Alice to:obtain resources on demandpay only for what she actually usesbenefit from economies of scaleBut...

Alice

Bob

Alice's

customersSlide4

Problem: Split administrative domain

Control and information about Alice's service are now split between Alice and Bob

Alice cannot control cloud machines or observe their status

 Alice must have a lot of trust in Bob

Bob does not understand the details of Alice's software

 Difficult to perform many administrative tasks

Alice

Bob

Alice's

customers

?Slide5

Problem: Split administrative domain

What if there is a problem with the cloud?MisconfigurationInsufficient allocation of resourcesHacker attack

Data loss or unavailability

Hardware malfunction

...

Alice

Bob

Alice's

customersSlide6

Handling problems: Alice's perspective

Alice

Alice's

customers

Bob

If something is wrong, how will I know?

How can I tell if it's my software or the cloud?

If it's the cloud, how can I convince Bob?Slide7

If something is wrong, how will I know?

How can I tell if it's my software or the cloud?

If it's the cloud, how can I convince Bob?

Handling problems: Bob's perspective

Alice

Bob

Alice's

customers

If something is wrong, how will I know?

How can I tell if it's the cloud or Alice's software?

If it's Alice's software, how can I convince Alice?Slide8

Outline

Problem

Solution

Call for action

Split administrative

domainSlide9

An idealized solution

What if we had an oracle that Alice and Bob could ask about cloud problems?Completeness: If the cloud is faulty, the oracle will say soAccuracy:

If the cloud is

not

faulty, the oracle will say so

Verifiability:

The oracle produces evidence that would convince a disinterested third party

Alice

Bob

Alice's

customers

OracleSlide10

The accountable cloud

Idea: Make cloud accountable to Alice+BobCloud records its actions in a tamper-evident logAlice and Bob can

audit

the log and check for faults

Use log to construct

evidence

that a fault does (not) exist

Provides completeness, accuracy, verifiabilityProvable guarantees even if Alice and/or Bob are malicious!

Alice

Bob

Alice's

customers

Tamper-evident

logSlide11

Discussion

Isn't this too pessimistic? Bob isn't malicious!Hacker attacks, software bugs, disgruntled employees, operator error, ..., can have the same effectDifficult to come up with a more restrictive fault modelAlice (or some other customer) could be malicious

Shouldn't Bob use fault tolerance instead?

Bob certainly should mask faults whenever possible

But: Masking is never perfect; Alice still needs to check

Why would a provider want to deploy this?

Attractive to prospective customers

Helps with handling angry support calls

Discussion: Guarantees

Are these the right guarantees?Completeness: "No false negatives"Could be relaxed: e.g., probabilistic completeness

Accuracy: "No false positives"

Cannot be relaxed safely

if the detection of a fault can have serious legal/financial consequences for Bob

Verifiability: "Produce enough evidence to convince a third party"

Could be relaxed:

e.g., evidence only needs to convince a specific third party

12Slide13

Outline

Problem

Solution

Call for action

Split administrative

domain

Make the cloud

accountableSlide14

Is the technology ready?

Cloud accountability should:Deliver provable guaranteesWork for most cloud applicationsRequire no changes to application code

Cover a wide spectrum of properties

Have a low overhead

Can existing techniques deliver this?

CATS, Repeat&Compare, AIP, PeerReview,

NetReview, AudIt, ...

More research is needed!



?Slide15

Work in progress: AVM

Goal: Provide accountability for arbitrary unmodified software

Idea:

Accountable virtual machine (AVM)

Cloud records enough data to enable determinstic replay

Alice can replay log with a known-good copy of the software

Can audit any part of the original execution

Alice

Bob

Virtual machineSlide16

Summary

Problem: Current cloud designs carry risks for both customers and providersCustomer loses control over his computation and dataSplit administration  Difficult to detect+resolve problems

Proposed solution: The accountable cloud

Can verify correct operation, produce evidence

Provable guarantees

 solid foundation for both sides

Discussion: Guarantees, fault model, incentives, ...

Lots of research opportunities

Questions?