AdaptMCloud: uma estrat?gia para adapta??o din?mica de aplica??es Multi-Cloud / AdaptMCloud: a strategy for dynamic adaptation of Multi-Cloud applications

Almeida, Andr? Gustavo Duarte de

25 November 2015

Submitted by Automa??o e Estat?stica (sst@bczm.ufrn.br) on 2016-06-09T23:58:46Z No. of bitstreams: 1 AndreGustavoDuarteDeAlmeida_TESE.pdf: 6545303 bytes, checksum: eae3371a3006eea68630d09f7b6322b6 (MD5) / Approved for entry into archive by Arlan Eloi Leite Silva (eloihistoriador@yahoo.com.br) on 2016-06-10T21:50:05Z (GMT) No. of bitstreams: 1 AndreGustavoDuarteDeAlmeida_TESE.pdf: 6545303 bytes, checksum: eae3371a3006eea68630d09f7b6322b6 (MD5) / Made available in DSpace on 2016-06-10T21:50:05Z (GMT). No. of bitstreams: 1 AndreGustavoDuarteDeAlmeida_TESE.pdf: 6545303 bytes, checksum: eae3371a3006eea68630d09f7b6322b6 (MD5) Previous issue date: 2015-11-25 / Coordena??o de Aperfei?oamento de Pessoal de N?vel Superior (CAPES) / Ag?ncia Nacional do Petr?leo - ANP / Aplica??es Multi-Cloud s?o compostas de servi?os oferecidos por m?ltiplas plataformas de nuvem, onde o usu?rio/desenvolvedor tem pleno conhecimento da utiliza??o dessas plataformas. O uso de m?ltiplas plataformas de nuvem evita os seguintes problemas: (i) vendor lock-in, que consiste na depend?ncia da aplica??o de uma determinada plataforma de nuvem, o que ? prejudicial no caso de degrada??o ou falha nos servi?os da plataforma, ou at? mesmo aumento do pre?o do uso do servi?o; (ii) degrada??o ou falha da aplica??o devido a flutua??es da qualidade de servi?o (QoS) provida por alguma plataforma de nuvem, ou mesmo devido a falha em algum servi?o. No cen?rio multi-cloud ? poss?vel se trocar um servi?o em falha ou com problemas de QoS por um equivalente de outra plataforma de nuvem. Para que uma aplica??o consiga adotar a perspectiva multi-cloud ? necess?rio criar mecanismos que sejam capazes de selecionar quais servi?os de nuvem/plataformas devem ser usados, de acordo com os requisitos determinados pelo programador/usu?rio. Nesse contexto, as maiores dificuldades em termos de desenvolvimento de tais aplica??es abrangem quest?es como: (i) a escolha de quais servi?os e de plataformas de computa??o em nuvem subjacentes devem ser usadas com base nos requisitos definidos de funcionalidade e de qualidade pelo usu?rio, (ii) a necessidade de monitorar continuamente as informa??es din?micas (tais como tempo de resposta, disponibilidade, pre?o, disponibilidade), relacionadas com servi?os de nuvem, al?m da variedade ampla de servi?os, e (iii) a necessidade de se adaptar a aplica??o no caso de viola??es de QoS que afetam os seus requisitos. Essa tese de doutorado prop?e uma abordagem para adapta??o din?mica de aplica??es multi-cloud que se aplica quando um servi?o fica indispon?vel ou quando os requisitos definidos pelo usu?rio/desenvolvedor apontam que outra configura??o multicloud dispon?vel atende de forma mais eficiente. Dessa forma, esse trabalho prop?e uma estrat?gia composta por duas fases. A primeira fase consiste na modelagem da aplica??o, que explora a capacidade de representa??o de similaridades e variabilidades propostas no contexto do paradigma de linhas de produto de software (LPS). Nessa fase ? usado um modelo de features estendido para especificar a configura??o de servi?os de nuvens a ser usado pela aplica??o (similaridades) e os diferentes poss?veis provedores para cada servi?o (variabilidades). Al?m disso, os requisitos n?o-funcionais associados aos servi?os de nuvem s?o especificados nesse modelo atrav?s de propriedades que descrevem informa??es din?micas sobre esses servi?os. A segunda fase consiste em um processo auton?mico baseado no loop de controle MAPE-K, que ? respons?vel por selecionar, de forma otimizada, uma configura??o multi-cloud que atenda aos requisitos estabelecidos, e que execute a adapta??o. A estrat?gia de adapta??o proposta ? independente da t?cnica de programa??o usada para realizar a adapta??o. Nesse trabalho implementamos a estrat?gia de adapta??o usando v?rias t?cnicas de programa??o como programa??o orientada a aspectos, programa??o orientada a contexto e programa??o orientada a componentes e servi?os. Com base nas etapas propostas, procuramos avaliar os seguintes itens: (i) se o processo de modelagem e especifica??o de requisitos n?o-funcionais ? capaz de garantir o efetivo acompanhamento da satisfa??o do usu?rio; (ii) se o processo otimizado de sele??o apresenta ganhos significativos quando comparado com abordagem sequencial; e (iii) quais t?cnicas apresentam a melhor rela??o custo-benef?cio, quando comparado os esfor?os para desenvolvimento/modularidade e desempenho. / Multi-Cloud Applications are composed of services offered by multiple cloud platforms where the user/developer has full knowledge of the use of such platforms. The use of multiple cloud platforms avoids the following problems: (i) vendor lock-in, which is dependency on the application of a certain cloud platform, which is prejudicial in the case of degradation or failure of platform services, or even price increasing on service usage; (ii) degradation or failure of the application due to fluctuations in quality of service (QoS) provided by some cloud platform, or even due to a failure of any service. In multi-cloud scenario is possible to change a service in failure or with QoS problems for an equivalent of another cloud platform. So that an application can adopt the perspective multi-cloud is necessary to create mechanisms that are able to select which cloud services/platforms should be used in accordance with the requirements determined by the programmer/user. In this context, the major challenges in terms of development of such applications include questions such as: (i) the choice of which underlying services and cloud computing platforms should be used based on the defined user requirements in terms of functionality and quality (ii) the need to continually monitor the dynamic information (such as response time, availability, price, availability), related to cloud services, in addition to the wide variety of services, and (iii) the need to adapt the application if QoS violations affect user defined requirements. This PhD thesis proposes an approach for dynamic adaptation of multi-cloud applications to be applied when a service is unavailable or when the requirements set by the user/developer point out that other available multi-cloud configuration meets more efficiently. Thus, this work proposes a strategy composed of two phases. The first phase consists of the application modeling, exploring the similarities representation capacity and variability proposals in the context of the paradigm of Software Product Lines (SPL). In this phase it is used an extended feature model to specify the cloud service configuration to be used by the application (similarities) and the different possible providers for each service (variability). Furthermore, the non-functional requirements associated with cloud services are specified by properties in this model by describing dynamic information about these services. The second phase consists of an autonomic process based on MAPE-K control loop, which is responsible for selecting, optimally, a multicloud configuration that meets the established requirements, and perform the adaptation. The adaptation strategy proposed is independent of the used programming technique for performing the adaptation. In this work we implement the adaptation strategy using various programming techniques such as aspect-oriented programming, context-oriented programming and components and services oriented programming. Based on the proposed steps, we tried to assess the following: (i) the process of modeling and the specification of non-functional requirements can ensure effective monitoring of user satisfaction; (ii) if the optimal selection process presents significant gains compared to sequential approach; and (iii) which techniques have the best trade-off when compared efforts to development/modularity and performance.

Multi-Cloud

Adapta??o din?mica

Modelos de features

Otimiza??o

Programa??o orientada a aspectos

Programa??o orientada a contexto

Reconfiguración Dinámica e Incremental de Arquitecturas de Servicios Cloud Dirigida por Modelos

Zuñiga Prieto, Miguel Ángel

04 September 2017

Cloud computing represents a fundamental change in the way organizations acquire technological resources (e.g., hardware, development and execution environments, applications); where, instead of buying them, they acquire remote access to them in the form of cloud services supplied through the Internet. Among the main characteristics of cloud computing is the allocation of resources in an agile and elastic way, reserved or released depending on the demand of the users or applications, enabling the payment model based on consumption metrics. The development of cloud applications mostly follows an incremental approach, where the incremental delivery of functionalities to the client changes - or reconfigures - successively the current architecture of the application. Cloud providers have their own standards for both implementation technologies and service management mechanisms, requiring solutions that facilitate: building, integrating and deploying portable services; interoperability between services deployed across different cloud providers; and continuity In the execution of the application while its architecture is reconfigured product of the integration of the successive increments. The principles of the model-driven development approach, the architectural style service-oriented architectures, and the dynamic reconfiguration play an important role in this context. The hypothesis of this doctoral thesis is that model-driven development methods provide cloud service developers with abstraction and automation mechanisms for the systematic application of the principles of model engineering during the design, implementation, and incremental deployment of cloud services, facilitating the dynamic reconfiguration of the service-oriented architecture of cloud applications. The main objective of this doctoral thesis is therefore to define and validate empirically DIARy, a method of dynamic and incremental reconfiguration of service-oriented architectures for cloud applications. This method will allow specifying the architectural integration of the increment with the current cloud application, and with this information to automate the derivation of implementation artifacts that facilitate the integration and dynamic reconfiguration of the service architecture of the cloud application. This dynamic reconfiguration is achieved by running reconfiguration artifacts that not only deploy / un-deploy increment's services and orchestration services between services of the increment with the services of the current cloud application; but also, they change the links between services at runtime. A software infrastructure that supports the activities of the proposed method has also been designed and implemented. The software infrastructure includes the following components: i) a set of DSLs, with their respective graphical editors, that allow to describe aspects related to the architectural integration, implementation and provisioning of increments in cloud environments; ii) transformations that generate platform-specific implementation and provisioning models; (iii) transformations that generate artifacts that implement integration logic and orchestration of services, and scripts of provisioning, deployment, and dynamic reconfiguration for different cloud vendors. This doctoral thesis contributes to the field of service-oriented architectures and in particular to the dynamic reconfiguration of cloud services architectures in an iterative and incremental development context. The main contribution is a well-defined method, based on the principles of model-driven development, which makes it easy to raise the level of abstraction and automate, through transformations, the generation of artifacts that perform the dynamic reconfiguration of cloud applications. / La computación cloud representa un cambio fundamental en la manera en la que las organizaciones adquieren recursos tecnológicos (p. ej., hardware, entornos de desarrollo y ejecución, aplicaciones); en donde, en lugar de comprarlos adquieren acceso remoto a ellos en forma de servicios cloud suministrados a través de Internet. Entre las principales características de la computación cloud está la asignación de recursos de manera ágil y elástica, reservados o liberados dependiendo de la demanda de los usuarios o aplicaciones, posibilitando el modelo de pago basado en métricas de consumo. El desarrollo de aplicaciones cloud sigue mayoritariamente un enfoque incremental, en donde la entrega incremental de funcionalidades al cliente cambia - o reconfigura - sucesivamente la arquitectura actual de la aplicación. Los proveedores cloud tienen sus propios estándares tanto para las tecnologías de implementación como para los mecanismos de gestión de servicios, requiriéndose soluciones que faciliten: la construcción, integración y despliegue de servicios portables; la interoperabilidad entre servicios desplegados en diferentes proveedores cloud; y la continuidad en la ejecución de la aplicación mientras su arquitectura es reconfigurada producto de la integración de los sucesivos incrementos. Los principios del enfoque de desarrollo dirigido por modelos, del estilo arquitectónico de arquitecturas orientadas a servicios y de la reconfiguración dinámica cumplen un papel importante en este contexto. La hipótesis de esta tesis doctoral es que los métodos de desarrollo dirigido por modelos brindan a los desarrolladores de servicios cloud mecanismos de abstracción y automatización para la aplicación sistemática de los principios de la ingeniería de modelos durante el diseño, implementación y despliegue incremental de servicios cloud, facilitando la reconfiguración dinámica de la arquitectura orientada a servicios de las aplicaciones cloud. El objetivo principal de esta tesis doctoral es por tanto definir y validar empíricamente DIARy, un método de reconfiguración dinámica e incremental de arquitecturas orientadas a servicios. Este método permitirá especificar la integración arquitectónica del incremento con la aplicación cloud actual, y con esta información automatizar la derivación de los artefactos de implementación que faciliten la integración y reconfiguración dinámica de la arquitectura de servicios de la aplicación cloud. Esta reconfiguración dinámica se consigue al ejecutar los artefactos de reconfiguración que no solo despliegan/repliegan los servicios del incremento y servicios de orquestación entre los servicios del incremento con los servicios de la aplicación cloud actual; sino también, cambian en tiempo de ejecución los enlaces entre servicios. También se ha diseñado e implementado una infraestructura software que soporta las actividades del método propuesto e incluye los siguientes componentes: i) un conjunto de DSLs, con sus respectivos editores gráficos, que permiten describir aspectos relacionados a la integración arquitectónica, implementación y aprovisionamiento de incrementos en entornos cloud; ii) transformaciones que generan modelos de implementación y aprovisionamiento; iii) transformaciones que generan artefactos que implementan la lógica de integración y orquestación de servicios, y scripts de aprovisionamiento, despliegue y reconfiguración dinámica específicos para distintos proveedores cloud. Esta tesis doctoral contribuye al campo de las arquitecturas orientadas a servicios y en particular a la reconfiguración dinámica de arquitecturas de servicios cloud en contextos de desarrollo iterativo e incremental. El principal aporte es un método bien definido, basado en los principios del desarrollo dirigido por modelos, que facilita elevar el nivel de abstracción y automatizar por medio de transformaciones la generación de artefactos que real / La computació cloud representa un canvi fonamental en la manera en què les organitzacions adquirixen recursos tecnològics (ej., maquinari, entorns de desplegament i execució, aplicacions) ; on, en compte de comprar-los adquirixen accés remot a ells en forma de servicis cloud subministrats a través d'Internet. Entre les principals característiques de la computació cloud els recursos cloud són assignats de manera àgil i elàstica, reservats o alliberats depenent de la demanda dels usuaris o aplicacions, possibilitant el model de pagament basat en mètriques de consum. El desenrotllament d'aplicacions cloud seguix majoritàriament un enfocament incremental, on l'entrega incremental de funcionalitats al client canvia - o reconfigura - successivament l'arquitectura actual de l'aplicació. Els proveïdors cloud tenen els seus propis estàndards tant per a les tecnologies d'implementació com per als mecanismes de gestió de servicis, requerint-se solucions que faciliten: la construcció, integració i desplegament de servicis portables; la interoperabilitat entre servicis desplegats en diferents proveïdors cloud; i la continuïtat en l'execució de l'aplicació mentres la seua arquitectura és reconfigurada producte de la integració dels successius increments. Els principis de l'enfocament de desenrotllament dirigit per models, de l'estil arquitectònic d'arquitectures orientades a servicis i de la reconfiguració dinàmica complixen un paper important en este context. La hipòtesi d'esta tesi doctoral és que els mètodes de desenrotllament dirigit per models brinden als desenvolupadors de servicis cloud mecanismes d'abstracció i automatització per a l'aplicació sistemàtica dels principis de l'enginyeria de models durant el disseny, implementació i desplegament incremental de servicis cloud, facilitant la reconfiguració dinàmica de l'arquitectura orientada a servicis de les aplicacions cloud. L'objectiu principal d'esta tesi doctoral és per tant de definir i validar empí-ricamente DIARy, un mètode de reconfiguració dinàmica i incremental d'arquitectures orientades a servicis per a aplicacions cloud. Este mètode permetrà especificar la integració arquitectònica de l'increment amb l'aplicació cloud actual, i amb esta informació automatitzar la derivació dels artefactes d'implementació que faciliten la integració i reconfiguració dinàmica de l'arquitectura de servicis de l'aplicació cloud. Esta reconfi-guración dinàmica s'aconseguix a l'executar els artefactes de reconfiguració que no sols despleguen/repleguen els servicis de l'increment i servicis d'orquestració entre els servicis de l'increment amb els servicis de l'aplicació cloud actual; sinó també, canvien en temps d'execució els enllaços entre servicis. També s'ha dissenyat i implementat una infraestructura programari que suporta les activitats del mètode proposat i inclou els següents components: i) un conjunt de DSLs, amb els seus respectius editors gràfics, que permeten descriure aspectes relacionats a la integració arquitectònica, implementació i aprovisionament en entorns cloud dels increments; ii) transformacions que generen models d'implementació i aprovisionament específics de la plataforma a partir dels models d'integració d'alt nivell; iii) transformacions que generen artefactes que implementen la lògica d'integració i orquestració de servicis, i scripts d'aprovisionament, desplegament i reconfiguració dinàmica específics per a distints proveïdors cloud. Esta tesi doctoral contribuïx al camp de les arquitectures orientades a servicis i en particular a la reconfiguració dinàmica d'arquitectures de servicis cloud en contextos de desenrotllament iteratiu i incremental. La principal aportació és un mètode ben definit, basat en els principis del desenrotllament dirigit per models, que facilita elevar el nivell d'abstracció i automatitzar per mitjà de transformacions la generació d'artefactes que r / Zuñiga Prieto, MÁ. (2017). Reconfiguración Dinámica e Incremental de Arquitecturas de Servicios Cloud Dirigida por Modelos [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/86288 / TESIS

Service Oriented Architectures

Dynamic Architecture Reconfiguration

Cloud Architectures

Cloud Services

Software as a Service

Incremental Development

Model-Driven Software Development

Architecture Description Languages

Multi-cloud Deployment

Service Orchestration

LENGUAJES Y SISTEMAS INFORMATICOS

A Qualitative Comparative Analysis of Data Breaches at Companies with Air-Gap Cloud Security and Multi-Cloud Environments

T Richard Stroupe Jr. (17420145)

20 November 2023

<p dir="ltr">The purpose of this qualitative case study was to describe how multi-cloud and cloud-based air gapped system security breaches occurred, how organizations responded, the kinds of data that were breached, and what security measures were implemented after the breach to prevent and repel future attacks. Qualitative research methods and secondary survey data were combined to answer the research questions. Due to the limited information available on successful unauthorized breaches to multi-cloud and cloud-based air gapped systems and corresponding data, the study was focused on the discovery of variables from several trustworthily sources of secondary data, including breach reports, press releases, public interviews, and news articles from the last five years and qualitative survey data. The sample included highly trained cloud professionals with air-gapped cloud experience from Amazon Web Services, Microsoft, Google and Oracle. The study utilized unstructured interviews with open-ended questions and observations to record and document data and analyze results.</p><p dir="ltr">By describing instances of multi-cloud and cloud-based air gapped system breaches in the last five years this study could add to the body of literature related to best practices for securing cloud-based data, preventing data breach on such systems, and for recovering from breach once it has occurred. This study would have significance to companies aiming to protect secure data from cyber attackers. It would also be significant to individuals who have provided their confidential data to companies who utilize such systems. In the primary data, 12 themes emerged. The themes were Air Gap Weaknesses Same as Other Systems, Misconfiguration of Cloud Settings, Insider Threat as Attack Vector, Phishing as Attack Vector, Software as Attack Vector, and Physical Media as Attack Vector, Lack of Reaction to Breaches, Better Authentication to Prevent Breaches, Communications, and Training in Response to Breach, Specific Responses to Specific Problems, Greater Separation of Risk from User End, and Greater Separation of Risk from Service End. For secondary data, AWS had four themes, Microsoft Azure had two, and both Google Cloud and Oracle had three.</p>

Cloud computing

air-gapped systems

cloud-based air-gapped systems

cybersecurity

cybersecurity breach

multi-cloud environments

security measures

cybersecurity attack

Amazon Web Services (AWS)

Google Cloud Platform

Microsoft Azure Cloud

oracle cloud infrastructure