Cloud computing that provides cheap and pay-as-you-go computing resources is rapidly gaining momentum as an alternative to traditional IT Infrastructure.
We see two aspects of cloud computing as important and utilize our previous research experience along these avenues. On one hand, we take the Service Oriented Architecture (SOA) perspective and focus on interoperability within multiple clouds (if necessary, we will support other distributed computing paradigms such as clusters, grids). On the other hand we also see the privacy and data security issues and try to find better ways to manage these. We outline our research in four areas.
- Cloud interoperability
We think that the ability to manage multiple clouds using a uniform interface is important in the wake of boom of cloud service providers. We take a service oriented perspective and believe SOA based middleware is the best solution in this regard. Roots of this research are in a project by IBM Research named Altocumulus. Knoesis intern Ajith Ranabahu worked with Dr. Micheal Maximilien to complete and internally deploy the first version of Altocumulus. To further this research by using the competencies we have in Knoesis, we anticipate that semantic technologies will play a significant role in enhancing such middleware. Activities pertaining to this research area are primarily managed under the Cirrocumulus project.
- SLA and other cloud service aspects
Given the complex nature of the cloud landscape today, we believe that sophisticated means of managing their interactions is required. Hence we try to apply known techniques to solve Service Level Agreements (SLA) etc in the cloud context. Our most recent research work is in the area of applying Web Service Level Agreement (WSLA) to the cloud context. Research activities relevant to this area are also managed under the Cirrocumulus project.
Although the flexibility and convenience cloud computing offers are unprecedented, the security concerns it poses are also abundant. These need to be addressed by both infrastructure-as-a-Service (IaaS) providers and Software-as-a-Service (SaaS) providers. Considering that applications from many SaaS providers run on a cloud, it is critical for IaaS providers to use secure virtualization software that minimizes the risk of users of one service maliciously affecting a different service on the cloud. For the same reason, SaaS providers should make sure that the applications they deploy do not have any design holes that can be exploited. At Knoesis, we plan to explore new techniques for the design and analysis of secure software for use in cloud computing. While there are security risk assessment techniques and threat models for corporations deploying services on their own servers, these need to be adapted and extended to risk estimation for deployment on clouds. Besides this task, we would also like to conduct research on newer cryptographic primitives that might be more effective, both in terms of security and efficiency, in a cloud setting.
To take advantage of the highly available and low-cost cloud-based services, the user often needs to outsource the data to the service provider. However, due to security and privacy concerns, data containing sensitive information are often prevented from outsourcing, which greatly restricts the use of cloud-based services. We propose the space perturbation approach to address the privacy issues in two representative classes of cloud-based services: query-based services and mining-based services. In query-based services, we propose to study the indexability utility of outsourced data in the context of multidimensional vector space and address it with a set of space perturbation methods. As a result, the service provider is able to index the perturbed data and efficiently process queries. In mining-based services, we propose to study the information utility that is critical to data mining models and develop space perturbation methods to preserve this utility. Servers can work on the transformed data and generate transformation-invariant models for the data owner. The third thrust of this research is to evaluate the resilience of the proposed solutions against attacks and vulnerabilities.
Similar to security research, we believe that any privacy preserving solution should be evaluated against given attack models. Among the potential attacks, we argue that Independent-Component-Analysis based attacks and background-knowledge based attacks are the two most detrimental classes of vulnerabilities for all space perturbation methods. The proposed research will develop statistical-estimation based privacy evaluation methods to validate the developed solutions against these two classes of attacks. In addition, we propose to develop perturbation optimization tools and visual analysis tools to help the data owner understand and control the privacy guarantee for any individual data items and manage the possible tradeoff between data utility and data privacy. A preliminary study has shown that this approach has great potential to achieve both high privacy guarantee and high data utility.
All Clouds service related research activities (Interoperability and Service aspects) are placed under this umbrella.