Advertisement

Policy4TOSCA: A Policy-Aware Cloud Service Provisioning Approach to Enable Secure Cloud Computing

  • Tim Waizenegger
  • Matthias Wieland
  • Tobias Binz
  • Uwe Breitenbücher
  • Florian Haupt
  • Oliver Kopp
  • Frank Leymann
  • Bernhard Mitschang
  • Alexander Nowak
  • Sebastian Wagner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8185)

Abstract

With the growing adoption of Cloud Computing, automated deployment and provisioning systems for Cloud applications are becoming more prevalent. They help to reduce the onboarding costs for new customers as well as the financial impact of managing Cloud Services by automating these previously manual tasks. With the widespread use of such systems, the adoption of a common standard for describing Cloud applications will provide a crucial advantage by enabling reusable and portable applications. TOSCA, a newly published standard by OASIS with broad industry participation provides this opportunity. Besides the technical requirements of running and managing applications in the cloud, non-functional requirements, like cost, security, and environmental issues, are of special importance when moving towards the automated provisioning and management of Cloud applications. In this paper we demonstrate how non-functional requirements are defined in TOSCA using policies. We propose a mechanism for automatic processing of these formal policy definitions in a TOSCA runtime environment that we have developed based on the proposed architecture of the TOSCA primer. In order to evaluate our approach, we present prototypical implementations of security policies for encrypting databases and for limiting the geographical location of the Cloud servers. We demonstrate how our runtime environment is ensuring these policies and show how they affect the deployment of the application.

Keywords

Cloud Computing TOSCA Cloud Service Cloud Management Policy-Framework Security Green-IT Sustainable Cloud Service 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Beisiegel, M., Booz, D., Colyer, A., Hildebrand, H., Marino, J., Tam, K.: SCA – service component architecture (March 2007)Google Scholar
  2. 2.
    Binz, T., Breiter, G., Leymann, F., Spatzier, T.: Portable Cloud Services Using TOSCA. IEEE Internet Computing 16(03), 80–85 (2012)CrossRefGoogle Scholar
  3. 3.
    Breitenbücher, U., Binz, T., Kopp, O., Leymann, F., Schumm, D.: Vino4TOSCA: A visual notation for application topologies based on TOSCA. In: Meersman, R., et al. (eds.) OTM 2012, Part I. LNCS, vol. 7565, pp. 416–424. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Breitenbücher, U., Binz, T., Kopp, O., Leymann, F., Wieland, M.: Policy-aware provisioning of cloud applications. In: Conference on Emerging Security Information, Systems and Technologies. IARIA (2013)Google Scholar
  5. 5.
    Garbani, J., Mendel, T., Radcliffe, E.: The writing on IT’s complexity wall (2010), Forrester ResearchGoogle Scholar
  6. 6.
    Garlan, D., Monroe, R., Wile, D.: Acme: an architecture description interchange language. In: Conference of the Centre for Advanced Studies on Collaborative Research. IBM Press (1997)Google Scholar
  7. 7.
    Leymann, F.: Cloud computing. IT – Information Technology 53(4) (2011)Google Scholar
  8. 8.
    Leymann, F., Fehling, C., Mietzner, R., Nowak, A., Dustdar, S.: Moving applications to the cloud: an approach based on application model enrichment. Int. J. Cooperative Inf. Syst. 20(3), 307–356 (2011)CrossRefGoogle Scholar
  9. 9.
    Machiraju, V., Dekhil, M., Wurster, K., Garg, P.K., Griss, M.L., Holland, J.: Towards generic application auto-discovery. In: Hong, J.W.K., Weihmayer, R. (eds.) Network Operations and Management Symposium. IEEE (2000)Google Scholar
  10. 10.
    Mell, P., Grance, T.: The NIST definition of cloud computing. Recommendations of the National Institute of Standards and Technology Special Publication 800-145, 7 (2011)Google Scholar
  11. 11.
    Mietzner, R.: A method and implementation to define and provision variable composite applications, and its usage in cloud computing. Ph.D. thesis, Universität Stuttgart (2010)Google Scholar
  12. 12.
    Niehues, P., Kunz, T., Posiadlo, L.: Das CloudCycle-Ökosystem. Tech. rep., CloudCycle (2013)Google Scholar
  13. 13.
    Nowak, A., Binz, T., Fehling, C., Kopp, O., Leymann, F., Wagner, S.: Pattern-driven green adaptation of process-based applications and their runtime infrastructure. Computing, 463–487 (February 2012)Google Scholar
  14. 14.
    OASIS: OASIS Topology and Orchestration Specification for Cloud Applications (TOSCA) Version 1.0 Committee Specification 02 (2013), http://docs.oasis-open.org/tosca/TOSCA/v1.0/cs02/TOSCA-v1.0-cs02.html
  15. 15.
    OASIS: Topology and Orchestration Specification for Cloud Applications (TOSCA) Primer Version 1.0 (January 2013), http://docs.oasis-open.org/tosca/tosca-primer/v1.0/tosca-primer-v1.0.html
  16. 16.
    Object Management Group: Unified modeling language 2.1.2 super-structure specification. Specification Version 2.1.2, Object Management Group (November 2007)Google Scholar
  17. 17.
    Oppenheimer, D., Ganapathi, A., Patterson, D.A.: Why do internet services fail, and what can be done about it? In: USENIX Symposium on Internet Technologies and Systems (2003)Google Scholar
  18. 18.
    Schleicher, D., Leymann, F., Schneider, P., Schumm, D., Wolf, T.: An Approach to Combine Data-Related and Control-Flow-Related Compliance Rules. In: Conference on Service Oriented Computing & Applications. IEEE (December 2011)Google Scholar
  19. 19.
    Sunyaev, A., Schneider, S.: Cloud services certification. Commun. ACM 56(2), 33–36 (2013)CrossRefGoogle Scholar
  20. 20.
    Takabi, H., Joshi, J., Ahn, G.J.: Securecloud: Towards a comprehensive security framework for cloud computing environments. In: Computer Software and Applications Conference Workshops (2010)Google Scholar
  21. 21.
    Unger, T., Mietzner, R., Leymann, F.: Customer-defined service level agreements for composite applications. Enterp. Inf. Syst. 3(3), 369–391 (2009)CrossRefGoogle Scholar
  22. 22.
    Waizenegger, T., Wieland, M., Breitenbücher, U.: Towards a policy-framework for provisioning and management of cloud services. In: Conference on Emerging Security Information, Systems and Technologies. IARIA (2013)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Tim Waizenegger
    • 1
  • Matthias Wieland
    • 1
  • Tobias Binz
    • 2
  • Uwe Breitenbücher
    • 2
  • Florian Haupt
    • 2
  • Oliver Kopp
    • 1
  • Frank Leymann
    • 2
  • Bernhard Mitschang
    • 1
  • Alexander Nowak
    • 2
  • Sebastian Wagner
    • 2
  1. 1.Institute of Parallel and Distributed SystemsUniversity of StuttgartStuttgartGermany
  2. 2.Institute of Architecture of Application SystemsUniversity of StuttgartStuttgartGermany

Personalised recommendations