Skip to main content

Über dieses Buch

This book captures the state of the art in cloud technologies, infrastructures, and service delivery and deployment models. The work provides guidance and case studies on the development of cloud-based services and infrastructures from an international selection of expert researchers and practitioners. Features: presents a focus on security and access control mechanisms for cloud environments, analyses standards and brokerage services, and investigates the role of certification for cloud adoption; evaluates cloud ERP, suggests a framework for implementing “big data” science, and proposes an approach for cloud interoperability; reviews existing elasticity management solutions, discusses the relationship between cloud management and governance, and describes the development of a cloud service capability assessment model; examines cloud applications in higher education, including the use of knowledge-as-a-service in the provision of education, and cloud-based e-learning for students with disabilities.



ERRATUM to Chapter 12

Without Abstract
Noel Carroll, Markus Helfert, Theo Lynn

Access Control Mechanisms and Cloud Security


1. Towards a GPU Cloud: Benefits and Security Issues

Graphics processing unit (GPU)-based clouds are gaining momentum, and GPU computing resources are starting to be offered as a cloud service, either as parallel computing power or accessible as a part of a leased virtual machine (VM). For this reason, the GPU cloud is one of the most promising cloud evolutions. However, the present cloud offerings do not effectively exploit GPU computing resources, which could well improve the performance and security of distributed computing systems. In fact, heterogeneous many-core hardware and especially GPUs, offer a potentially massive increase in computing power. They are also very power efficient, enabling significant price/performance improvements over traditional central processing units (CPUs). Unfortunately, and more importantly, GPU clouds do not guarantee an adequate level of security with respect to access control and isolation. There is no effective control on how parallel code (a.k.a. kernels) is actually executed on a GPU. In fact, the present GPU device drivers are entirely based on proprietary code and are optimized for performance rather than security. As a result, GPU architectures and hardware (HW)/software (SW) implementations are not yet considered to be mature enough for a GPU cloud. In particular, the level of security offered by this novel approach has yet to be fully investigated, as there is a limited security-related research that specifically targets GPU architectures. This chapter describes how GPU-as-a-Service can be exposed to misuse and to potential denial of service (DoS) and information leakage. It also shows how GPUs can be used as a security and integrity monitoring tool by the cloud, for instance, to provide timely integrity checking of VM code and data, allowing scalable management of the security of complex cloud computing infrastructures. Some further relevant security concerns are discussed in this chapter, including GPU service availability, access transparency and control.
Flavio Lombardi, Roberto Di Pietro

2. Taxonomy and Classification of Access Control Models for Cloud Environments

Cloud computing is an emerging and highly attractive technology due to its inherent efficiency, cost-effectiveness, flexibility, scalability and pay-per-use characteristics. But alongside these advantages, many new problems have also surfaced and some of these issues have become a cause of grave concern. One of the existing problems that have become critical in the cloud environment is the issue of access control and security. Access control refers to a policy that authenticates a user and permits the authorized user to access data and other resources of cloud-based systems. In access control, there are several restrictions and rules that need to be followed by the users before they can access any kind of data or resource from the cloud-based servers. In this context, there are many access control models suggested by researchers that currently exist. In this chapter, a brief discussion of the various access control models has been presented. Moreover, the taxonomy of access control schemes has also been introduced. Finally, based on the analysis of the mechanisms adapted therein, the access control models are classified into different classes of the proposed taxonomy.
Abhishek Majumder, Suyel Namasudra, Samir Nath

3. Access Control As a Service in Cloud: Challenges, Impact and Strategies

The evolution of service-oriented architecture has given birth to the promising cloud technology, which enables the outsourcing of existing hardware and software information technology (IT) infrastructure via the Internet. Since the cloud offers services to a variety of organizations under the same umbrella, it raises security issues including unauthorized access to resources and misuse of data stored in third-party platform. The fact that the cloud supports multiple tenants is the cause for the biggest concern among organizations: how to prevent malicious users from accessing and manipulating data they have no right to access. In this regard, various access control techniques have been proposed, which concentrate on certain authorization issues like the ease of privilege assignment or the resolution of policy conflicts, while ignoring other important weaknesses such as the lack of interoperability and management issues which arise in the dynamic cloud environment. To cover all these challenges, access control as a service (ACaaS), which stems from its significantly more popular parent, security as a service (SECaaS), is considered a viable solution for mediating cloud service consumers’ access to sensitive data. In this chapter, we assist the cloud community in understanding the various issues associated with providing authorization services in the cloud that may be technical, such as privilege escalation and separation of duties, or managerial, such as the steep requirement of time and money for this purpose. ACaaS is the comprehensive solution to some of the issues highlighted previously. We have also discussed the significance and impact of ACaaS, along with the strategies reported in the literature for providing a secure access to the applications hosted on the cloud. We then holistically cover the authorization requirements of the cloud environment, specifically for software as a service (SaaS) model, evaluating the extant relevant solutions based on certain defined factors from the National Institute of Standards and Technology (NIST)-. The outcome of our research is that an ideal ACaaS should be extensive and holistic, which encompasses all the requisite security and managerial features and provides an efficient and reliable access control mechanism to the cloud consumers that complies with international standards.
Muhammad Awais Shibli, Rahat Masood, Umme Habiba, Ayesha Kanwal, Yumna Ghazi, Rafia Mumtaz

Standards, Brokerage Services and Certification


4. Realization of Open Cloud Computing Standards, Forums and Platforms

With the increased popularity of cloud computing, there is an increase in demand for resources among the heterogeneous workload types in the cloud environment. However, major concerns in this domain refer to the issues like scalability, security, trust, interoperability, loss of control and the problem of vendor lock-in. The hype of this emerging technology has resulted in a huge number of standards and frameworks in this domain. In this context, open standards present the solution to manage the cloud environment by integrating openness in the standards so that everyone benefits by reducing the time to switch among the service providers. In this regard, there is a great need for an open cloud in the present information technology (IT) domain that needs to manage thousands of resources with applications, which are distributed in nature to handle the issues in the cloud. Open cloud guarantees the users to select the best technologies now and in the future. There is a great need among users and developers for standardizing the cloud frameworks, which lead to the evolution of different open cloud forums. These forums have the responsibility to define and design standards for various services in the cloud so that openness and interoperability can be achieved. Open cloud forums do not aim towards achieving a single homogeneous cloud environment, but as the cloud matures several key principles of cloud must be followed to ensure openness. Open cloud forums are community driven and ensure universal acceptance of open standard formats and interfaces. This chapter presents the understanding of open clouds and their underlying principle, provides an introduction to open cloud standards and their benefits, and discusses the understanding of open cloud forums, their goals and contributions. The chapter also presents a discussion of some well-known open-source cloud platforms, in particular OpenStack, Nimbus, Open Nebula and Eucalyptus.
G M Siddesh, K G Srinivasa

5. Role of Broker in InterCloud Environment

Cloud computing represents a great promise of quickly delivering the more efficient information technology (IT) systems to companies and enterprises, encouraging small- and medium-sized companies to make use of more intensive and widespread technology and, therefore, stimulating a strong recovery on a new basis of the information and communications technology (ICT) market. Two major challenges in cloud computing are scalability and consistent achievement of quality of service (QoS) standards set by the consumers. Various cloud resources can be acquired from the cloud service providers (CSPs) at different abstraction levels based on the services provided by the CSPs and requirements of the users. A uniform solution of delivering the promised services with proper performance metrics is to implement a federated environment with the help of an agent or a broker. This chapter presents the vision, the challenges, and the architectural elements of brokerage services of a federated cloud computing environment. It provides a basic overview and expectations and sets the background for the rest of the chapters in this book.
Saswati Mukherjee, Shyamala Loganathan

6. Patterns of Trust: Role of Certification for SME Cloud Adoption

Growth of cloud computing as a concept continues to pose challenges on how to deliver agile, yet secure, information technology (IT) services to enterprises. While the hype surrounding cloud computing may have peaked, the concept of “cloudwashing” (adding the term “cloud” to an existing service for marketing reasons) continues to cause confusion and inflated expectations with enterprise buyers. This fear, uncertainty, and doubt (FUD) just slows down the growth of a potentially larger market. This is especially true for small and medium sized enterprises (SMEs) who turn to IT providers to handle the underlying systems for their businesses. To assist cloud service buyers, a recent communication from the European Commission advocated voluntary certification for cloud service providers (CSPs). This has sparked a debate as to the relevance and authority of certification bodies in verifying the ability and capability of CSPs. In this research, we are developing an exploratory model looking at signaling quality, the independence of certifying authorities, and the impact of regulatory backing for trust of certification bodies, based on the existing academic literature on standards of adoption and trust. We are examining what role the third-party certifiers can play in adoption of cloud by SMEs, exploring the roles of certifiers in Europe already involved in market adoption to test our framework, together with four established cases of service providers seeking certification.
Alea M. Fairchild

Frameworks for ERP, Big Data and Interoperability


7. A Framework for Evaluating Cloud Enterprise Resource Planning (ERP) Systems

Cloud computing is a new paradigm, transforming the information technology (IT) industry, and the commercial sector, that is involved in reshaping the way enterprise services are designed, implemented, and deployed. Rather than using complex software systems, customers are beginning to spotlight on their core business processes while obtaining all required IT functions as cloud services. Enterprise resource planning (ERP) systems attempt to integrate data and processes in organizations. These systems are among the most adopted IT solutions in organizations. This chapter explores the literature available on cloud ERP systems, suggests the factors accounting for cloud ERP, and proposes a framework for evaluating cloud ERP systems. This framework is grounded on software engineering parameters involved in the development of cloud ERP. The validity of the framework is illustrated with the help of a case study.
T. Chandrakumar, S. Parthasarathy

8. DIPAR: A Framework for Implementing Big Data Science in Organizations

Cloud computing (CC) is a technology aimed at processing and storing very large amounts of data, which are also referred to as big data (BD). Although this is not the only aim of the cloud paradigm, one of the most important challenges in CC is how to process and deal with the BD. By the end of 2012, the amount of data generated was approximately 2.8 zettabytes (ZB), i.e., 2.8 trillion GB. One of the areas that contribute to the analysis of BD is referred to as data science. This new study area, also called big data science (BDS), has recently become an important topic in organizations because of the value it can generate, both for themselves and for their customers. One of the challenges in implementing BDS is the current lack of information to help in understanding this new study area. In this context, this chapter presents the define-ingest-preprocess-analyze-report (DIPAR) framework, which proposes a means to implement BDS in organizations and defines its requirements and elements. The framework consists of five stages define, ingest, preprocess, analyze, and report. It is based on the ISO 15939 Systems and Software Engineering—Measurement process standard, the purpose of which is to collect, analyze, and report data relating to the products to be developed.
Luis Eduardo Bautista Villalpando, Alain April, Alain Abran

9. A Framework for Cloud Interoperability Based on Compliance and Conformance

The current cloud computing panorama includes many cloud providers, each with their own model, set of services and Application Programming Interfaces (APIs), leaving users with an interoperability problem when trying to avoid a potential dependency on a specific provider. Current approaches tend to tackle this problem (user to cloud or cloud to cloud) by abstracting it, either by providing a common set of APIs, which have to map onto each cloud’s APIs, or by introducing brokers that adapt the views of the user and of the cloud. This chapter proposes another approach that tries to solve the problem at its source, by defining a common service and resource model, a small set of common services (core API), an interoperability mechanism based on compliance and conformance and an extensibility mechanism that allows providers to build different clouds, based on this core and with support for interoperability. The chapter also presents an interoperability framework with three dimensions—lifecycle of services, levels of abstraction in interoperability and concerns, entailing aspects, such as security, quality of service, Service Level Agreement (SLA) and financial aspects. The main goal is not to provide an interoperability solution to existing systems but rather to establish a foundation layer for cloud computing that shows how clouds should be organized to cater for provider differentiation while supporting interoperability from scratch.
José Carlos Martins Delgado

Management, Governance and Capability Assessment


10. Survey of Elasticity Management Solutions in Cloud Computing

Application Service Providers (ASPs) are increasingly adopting the cloud computing paradigm to provision remotely available resources for their applications. In this context, the ability of cloud computing to provision resources on-demand in an elastic manner is of the utmost practical interest for them. As a consequence, the field of cloud computing has witnessed the development of a large amount of elasticity management solutions deeply rooted in works from distributed systems and grid computing research communities. This chapter presents some solutions that differ in their goals, in the actions they are able to perform and in their architectures. In this chapter, we provide an overview of the concept of cloud elasticity and propose a classification of the mechanisms and techniques employed to manage elasticity. We also use this classification as a common ground to study and compare elasticity management solutions.
Amro Najjar, Xavier Serpaggi, Christophe Gravier, Olivier Boissier

11. From Cloud Management to Cloud Governance

For some time now, with the full support of cloud computing technologies, it has become possible for enterprises of all sizes to access new business opportunities, thus repositioning themselves in the global IT market. Advancements in cloud interoperability, with important developments of platform as a service (PaaS) and cloud management solutions, have enabled an increasing number of cloud services which, in turn, have led to additional requirements for integration at a superior level: the cloud governance. Moreover, current cloud migration patterns suggest that additional mechanisms in cloud services automation and management are required, in close relation with a fully automated support for the lifecycle of cloud services. This chapter discusses existing trends in cloud migration focusing on solutions which facilitate it, with an emphasis on cloud management and cloud governance, and the relationship between them.
Teodor-Florin Fortis, Victor Ion Munteanu

12. Towards the Development of a Cloud Service Capability Assessment Framework

Considering the complexity of today’s service environment, Small-to-Medium sized Enterprises (SMEs) cannot afford to accept the status quo of service operations, and therefore, they must have some clear business analytics objectives to reach. Without clear metric objectives, organisations are almost destined for disaster since the allocation of resources may not have responded to the demand exerted from outside of the organisation. This is particularly true within a complex and rapidly changing cloud computing environment. The cloud dynamic ecosystem is moving toward a collection of services which interoperate across the Internet. This chapter offers a discussion on an approach to assessing cloud capabilities through cloud service capability assessment framework (CSCAF). Service metrics play a critical role in CSCAF that presents managers with a practical framework to carry out cloud capability assessments. The process may be simply described as publishing, retrieving, and managing cloud service descriptions, service publications which are matched with descriptions of consumer’s requirements and service matching.
Noel Carroll, Markus Helfert, Theo Lynn

Applications in Education and Other Scenarios


13. Cloud Computing Within Higher Education: Applying Knowledge as a Service (KaaS)

The advent of cloud computing in recent years has sparked interest from various institutions, organisations and users who wish to take advantage of its features. Cloud computing provides on-demand computer resources as a service, enabling flexible information technology (IT) usage via scalability and a cost efficient (pay-per-use) approach. As well as traditional cloud computing services (software, platform and infrastructure as services), there is an emerging concept which integrates knowledge organisations and knowledge management. The Knowledge as a service (KaaS) is delivered via knowledge markets within a cloud environment. In this article, the authors present and analyse the KaaS concept together with its advantages and disadvantages. Furthermore, after an analysis of eLearning environments in the UK higher education institutions (HEIs), the potential KaaS benefits in the UK HEIs are also presented, demonstrating how KaaS conceptual models from industry could be used in the UK HEIs. The underlying theory behind KaaS is also discussed, with the conclusion highlighting potential opportunities and benefits that KaaS can provide to the UK HEIs.
Alexandros Chrysikos, Rupert Ward

14. Cloud Computing Environment for e-Learning Services for Students with Disabilities

This chapter discusses design of cloud computing environments for e-learning services and applications for students with disabilities. The main idea is to expand the corpus of e-learning services adjusted for students with disabilities. The rationale is that e-educational systems are becoming more complex and educational institutions need a new solution for deploying e-learning services. The cloud computing environment gives a new perspective to educational process in terms of usage of educational applications, software, and system for e-education. Regardless of the rapid development of information and communication technologies, there is a low level of inclusion of students with disabilities into the education process. Therefore, in this chapter the authors present a model of cloud computing environment for providing e-learning services developed with respect to the needs of students with disabilities. The model includes a variety of services, applications and components integrated into the e-learning Web portal. These services provide numerous features: a choice of different types of teaching materials, an integration of interactive voice response system within the learning management system, a mobile messaging service, etc. As a proof of the concept, a number of components of the model were implemented for students with disabilities within the Laboratory for e-business, Faculty of Organizational Sciences, University of Belgrade. Results and our impressions are presented.
Aleksandar Milić, Konstantin Simić, Miloš Milutinović

15. Application Scenarios Suitable for Deployment in Cloud Environments

Cloud computing is currently one of the most talked about emerging technologies which is continually becoming stabler and more reputable. Consumers are now aware of the type of applications that are best suited for the cloud-computing infrastructure. For example, Web-based applications or Web-based services are the best candidates to be moved to the cloud. At a very high level, we can easily make a decision for the application’s fitness to cloud infrastructure, based on its implementation type, that is if it is Web-based then it is suitable; if desktop-based then it may not be. However, it would be useful if it is possible to have a mechanism to determine which specific kind of application scenarios will best leverage the cloud infrastructure to meet its requirements. The aim of this chapter is to put forward ten such specific application scenarios which would be suitable to be moved to cloud environments or which could be further developed to be ultimately deployed in cloud infrastructure. The chapter also provides justification for such migration. The primary focus would be to help the decision maker to quickly come to a conclusion; that is, given a particular application scenario, whether the application should be moved or further developed for cloud-computing infrastructure. By application scenarios, what are depicted here are the different business requirements which may be developed and presented as working modules, for example, online polling system, Web analytics component, data replication system, etc. The chapter does not aim to teach how to code using different cloud infrastructure provided building blocks, but to present ideas to best leverage these cloud-based building blocks, to overcome certain limitations and constraints in different types of applications.
Rahul Bandopadhyaya, Vinay Rangaraju Nagavara


Weitere Informationen

Premium Partner