Toward exposing and accessing HPC applications in a SaaS cloud

The cost and time of deploying HPC applications on clouds is a problem. Instead of conducting their research discipline specialists are forced to carry out activities for application deployment, publication and ease of access. In response, a new approach for HPC application deployment and access in clouds is proposed. The major innovations are a new approach to deploying and executing HPC applications on IaaS and PaaS clouds, and exposing HPC applications as services. Through three case studies this paper demonstrates the feasibility and effectiveness of the proposed approach that could lead to the building of a SaaS library of discipline-oriented services evocable through user friendly, discipline specific interfaces. The new approach will reduce the time and money needed to deploy and expose discipline HPC applications.

Trust enhanced security in SaaS cloud computing

Trust problem in Software as a Service Cloud Computing is a broad range of a Data Owner’s concerns about the data in the Cloud. The Data Owner’s concerns about the data arise from the way the data is handled in locations and machines that are unknown to the Data Owner.

Exposing HPC and sequential applications as services through the development and deployment of a SaaS cloud

Cloud and service computing has started to change the way research in science, in particular biology and medicine, is being carried out. Researchers that have taken advantage of this technology (making use of public and private cloud compute resources) can process large amounts of data (big data) and speed up discovery. However, this requires researchers to acquire a solid knowledge and skills in the development of sequential and high performance computing (HPC), and cloud development and deployment background. In response a technology exposing HPC applications as services through the development and deployment of a SaaS cloud, and its proof of concept in the form of implementation of a cloud environment, Uncinus, has been developed and implemented to allow researchers easy access to cloud computing resources. The new technology offers and Uncinus supports the development of applications as services and the sharing of compute resources to speed up applications' execution. Users access these cloud resources and services through web interfaces. Using the Uncinus platform, a bio-informatics workflow was executed on a private (HPC) cloud, server and public cloud (Amazon EC2) resources, performance results showing a 3 fold improvement compared to local resources' performance. Biology and medicine specialists with no programming and application deployment on clouds background could run the case study applications with ease.

Adaptable, model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants - i.e. multi-tenancy - increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.

Improving tenants' trust in SaaS applications using dynamic security monitors

It is almost impossible to prove that a given software system achieves an absolute security level. This becomes more complicated when addressing multi-tenant cloud-based SaaS applications. Developing practical security properties and metrics to monitor, verify, and assess the behavior of such software systems is a feasible alternative to such problem. However, existing efforts focus either on verifying security properties or security metrics but not both. Moreover, they are either hard to adopt, in terms of usability, or require design-time preparation to support monitoring of such security metrics and properties which is not feasible for SaaS applications. In this paper, we introduce, to the best of our knowledge, the first unified monitoring platform that enables SaaS application tenants to specify, at run-time, security metrics and properties without design-time preparation and hence increases tenants’ trust of their cloud-assets security. The platform automatically converts security metrics and properties specifications into security probes and integrates them with the target SaaS application at run-time. Probes-generated measurements are fed into an analysis component that verifies the specified properties and calculates security metrics’ values using aggregation functions. This is then reported to SaaS tenants and cloud platform security engineers. We evaluated our platform expressiveness and usability, soundness, and performance overhead.

A layered security approach for cloud computing infrastructure

This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system development life cycle focusing on the plan-built-run scope.

Trust ticket deployment : a notion of a data owner's trust in cloud computing

While cloud computing (CC) is a scalable model of shared infrastructure and on-demand computing, it lacks a transparent trust and security mechanism. A data owner (DO) loses control over the data outsourced to a machine in the cloud controlled and operated by a cloud service provider (CSP). This machine is at a location unknown to a data owner. This loss of control over data is further intensified with the lack of managing users' access to the data from practical cloud computing perspectives. In this paper, we introduce a new mechanism of ensuring trust and security in Software as a Service (SaaS) CC. Trust Ticket, with the supporting protocols, is our mechanism that helps a data owner in establishing a link between a CSP and a registered user. In our mechanism, a user first gets registered with a DO before receiving a Trust Ticket and a secret key from that DO. Each Trust Ticket is unique and encrypted. On completing the registration of each user, the DO apprises the CSP of the Trust Ticket. Trust Ticket and secret key are respectively for the registered user's getting accepted to the CSP and having a view of the data owner's data upon a successful verification by the CSP. We have done our experiment in Java network programming by creating an emulated cloud computing framework under the VMware ESXi 4.1 hyper visor based platform. Using the framework, we have evaluated our algorithmic protocol for Trust Ticket. We have also compared our work with prior work. Overall performance of our work is better. We argue that our proposed algorithmic protocol for Trust Ticket deployment establishes a data owner's trust. This trust is established through a data owner's control over data and a registered user, because a registered user is linked with a CSP by a data owner through Trust Ticket.

Stream management within the CloudMiner

Nowadays cloud computing has become a major trend that enterprises and research organizations are pursuing with increasing zest. A potentially important application area for clouds is data analytics. In our previous publication, we introduced a novel cloud infrastructure, the CloudMiner, which facilitates data mining on massive scientific data. By providing a cloud platform which hosts data mining cloud services following the Software as a Service (SaaS) paradigm, CloudMiner offers the capability for realizing cloud-based data mining tasks upon traditional distributed databases and other dataset types. However, little attention has been paid to the issue of data stream management on the cloud so far. We have noticed the fact that some features of the cloud meet very well the requirements of data stream management. Consequently, we developed an innovative software framework, called the StreamMiner, which is introduced in this paper. It serves as an extension to the CloudMiner for facilitating, in particular, real-world data stream management and analysis using cloud services. In addition, we also introduce our tentative implementation of the framework. Finally, we present and discuss the first experimental performance results achieved with the first StreamMiner prototype.

Detecting and mitigating HX-DoS attacks against cloud web services

Cyber-Physical Systems allow for the interaction of the cyber world and physical worlds using as a central service called Cloud Web Services. Cloud Web Services can sit well within three models of Cyber- Physical Systems, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a- Service (IaaS). With any Cyber-Physical system use Cloud Web Services it inherits a security problem, the HX-DoS attack. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. The relevance of this research is that TCP/IP flood attacks are a common problem and a lot of research to mitigate them has previously been discussed. But HTTP denial of service and XML denial of service problem has only been addressed in a few papers. In this paper, we get closer to closing this gap on this problem with our new defence system called Pre- Decision, Advance Decision, Learning System (ENDER). In our previous experiments using our Cloud Protector, we were successful at detecting and mitigate 91% with a 9% false positive of HX-DoS attack traffic. In this paper, ENDER was able to improve upon this result by being trained and tested on the same data, but with a greater result of 99% detection and 1% false positive.

A survey of approaches and frameworks to carry out genomic data analysis on the cloud

High Performance Computing (HPC) clouds have started to change the way how research in science, in particular medicine and genomics (bioinformatics) is being carried out. Researchers who have taken advantage of this technology can process larger amounts of data and speed up scientific discovery. However, most HPC clouds are provided at an Infrastructure as a Service (IaaS) level, users are presented with a set of virtual servers which need to be put together to form HPC environments via time consuming resource management and software configuration tasks, which make them practically unusable by discipline, non-computing specialists. In response, there is a new trend to expose cloud applications as services to simplify access and execution on clouds. This paper firstly examines commonly used cloud-based genomic analysis services (Tuxedo Suite, Galaxy and Cloud Bio Linux). As a follow up, we propose two new solutions (HPCaaS and Uncinus), which aim to automate aspects of the service development and deployment process. By comparing and contrasting these five solutions, we identify key mechanisms of service creation, execution and access that are required to support genomic research on the SaaS cloud, in particular by discipline specialists. © 2014 IEEE.

A survey of cloud-based service computing solutions for mammalian genomics

Cloud-based service computing has started to change the way how research in science, in particular biology, medicine, and engineering, is being carried out. Researchers in the area of mammalian genomics have taken advantage of cloud computing technology to cost-effectively process large amounts of data and speed up discovery. Mammalian genomics is limited by the cost and complexity of analysis, which require large amounts of computational resources to analyse huge amount of data and biology specialists to interpret results. On the other hand the application of this technology requires computing knowledge, in particular programming and operations management skills to develop high performance computing (HPC) applications and deploy them on HPC clouds. We carried out a survey of cloud-based service computing solutions, as the most recent and promising instantiations of distributed computing systems, in the context their use in research of mammalian genomic analysis. We describe our most recent research and development effort which focuses on building Software as a Service (SaaS) clouds to simplify the use of HPC clouds for carrying out mammalian genomic analysis.

Improving data forwarding in mobile social networks with infrastructure support: a space-crossing community approach

In this paper, we study two tightly coupled issues: space-crossing community detection and its influence on data forwarding in Mobile Social Networks (MSNs) by taking the hybrid underlying networks with infrastructure support into consideration. The hybrid underlying network is composed of large numbers of mobile users and a small portion of Access Points (APs). Because APs can facilitate the communication among long-distance nodes, the concept of physical proximity community can be extended to be one across the geographical space. In this work, we first investigate a space-crossing community detection method for MSNs. Based on the detection results, we design a novel data forwarding algorithm SAAS (Social Attraction and AP Spreading), and show how to exploit the space-crossing communities to improve the data forwarding efficiency. We evaluate our SAAS algorithm on real-life data from MIT Reality Mining and University of Illinois Movement (UIM). Results show that space-crossing community plays a positive role in data forwarding in MSNs in terms of delivery ratio and delay. Based on this new type of community, SAAS achieves a better performance than existing social community-based data forwarding algorithms in practice, including Bubble Rap and Nguyen's Routing algorithms. © 2014 IEEE.