DIMACS Workshop on Systems and Networking Advances in Cloud Computing

December 8 - 9, 2011
DIMACS Center, CoRE Building, Rutgers University

Organizers:
Aditya Akella, University of Wisconsin-Madison, akella at cs.wisc.edu
Li Erran Li, Bell Labs, Alcatel-Lucent, erranlli at research.bell-labs.com
Ming Zhang, Microsoft Research, mzh at microsoft.com
Presented under the auspices of the DIMACS Special Focus on Algorithmic Foundations of the Internet and the DIMACS Special Focus on Cybersecurity.

Abstracts:


Atul Adya, Google

Title: Thialfi: A Client Notification Service for Internet-Scale Applications

Ensuring the freshness of client data is a fundamental problem for applications that rely on cloud infrastructure to store data and mediate sharing. Thialfi is a notification service developed at Google to simplify this task. Thialfi supports applications written in multiple programming languages and running on multiple platforms, e.g., browsers, phones, and desktops. Applications register their interest in a set of shared objects and receive notifications when those objects change. Thialfi servers run in multiple Google data centers for availability and replicate their state asynchronously. Thialfi's approach to recovery emphasizes simplicity: all server state is soft, and clients drive recovery and assist in replication. A principal goal of our design is to provide a straightforward API and good semantics despite a variety of failures, including server crashes, communication failures, storage unavailability, and data center failures.

Evaluation of live deployments confirms that Thialfi is scalable, efficient, and robust. In production use, Thialfi has scaled to millions of users and delivers notifications with an average delay of less than one second.


Deepak Bansal, AZURE

Title: Managing networks as we do servers in Cloud datacenters

Networks in datacenters are brittle, inflexible and inefficient. With compute and storage virtualization, compute and storage can scale out as needs grow. However, network poses a bottleneck and the most vulnerable point for failures. In this talk, Deepak will talk about how we can think of networks in datacenters differently and thereby address these limitations. Scale out designs for networks remove physical limitations. Eliminating L2 protocols gets rid of the inherent scale and fault limitations of L2 protocols. Automating the configuration of network removes manual errors. These improvements combined with moving complex network functions to servers and treating network devices as dispensable/replaceable units much like servers will enable more reliable scale out networks needed for Cloud datacenters.


Azer Bestavros, Boston University

Title: In Clouds We Trust -- Towards a Trustworthy Marketplace for Cloud Resources

Despite the increased adoption of the cloud computing paradigm, we do not possess (yet) a good handle on how to define and verify "cloud trustworthiness" -- how to design mechanisms that deliver SLA attributes along dimensions of performance, reliability, security, privacy, and economic utility, and how to expose tradeoffs along these dimensions to cloud customers in ways that are both practical and usable. In this talk, I will summarize research pursued under the BU CloudCommons project, focusing on novel approaches seeking to build trust in the economic utility of IaaS marketplaces. I will start by presenting a periodic model for the expressive specification of cloud supply and demand. This model allows SLAs to leverage a granular representation of cloud resources, exposing flexibilities that enable providers to safely transform SLAs from one form to another for efficient workload colocation. Next, I will show that expressive SLAs facilitate the emergence of an efficient, trustworthy marketplace, by presenting two game-theoretic mechanisms for cloud resource management. The first mechanism enables rational, selfish parties to interact in an attempt to minimize the individual costs they incur to secure the shared cloud resources necessary to support their application SLAs. The second mechanism enables dynamic pricing of IaaS clouds in a way that ensures efficient utilization of providers' resources, while guaranteeing rational fairness to all customers. For all these models and mechanisms, and in addition to various analytical and game-theoretic results, I will present experimental evaluations of deployed CloudCommons prototypes and services that confirm their predicted utilities.

Bio: Azer Bestavros (PhD'92, Harvard U) is a Professor in the Computer Science Department at Boston University, which he joined in 1991 and chaired from 2000 to 2007. He is the chair of the IEEE Computer Society TC on the Internet, and the Founding Director of the BU Hariri Institute for Computing, which was set up in 2010 to "create and sustain a community of scholars who believe in the transformative potential of computational perspectives in research and education." He is the recipient of the 2010 United Methodist Scholar Teacher Award in recognition of "outstanding dedication and contributions to the learning arts and to the institution" and of the ACM Sigmetrics Inaugural Test of Time Award for research "whose impact is still felt 10-15 years after its initial publication." His research contributions include pioneering the push web content distribution model adopted years later by CDNs, seminal work on Internet and web characterization, and work on formal verification of networks and systems. Funded by over $18M of grants from government agencies and industrial labs, his research yielded 14 PhD theses, 4 issued patents, 2 startup companies, and hundreds of refereed papers that are cited over 5,000 times. His current research projects focus on mechanism design for efficient and secure cloud computing. For more information, check: http://www.cs.bu.edu/~best/.


Sem Borst, Bell Labs

Title: Geographically Distributed Datacenters with Load Reallocation

Cloud providers such as Amazon EC2, Google and Microsoft Azure typically operate large-scale datacenters in a small number of locations. With telcos already owning a large number of central offices that are geographically distributed across the country, there is a case for deploying many small-scale distributed datacenters in existing central offices in a cost-effective way. Telcos also have an advantage of owning the 'last mile' and therefore can offer services closer to end users with reduced latency. Since small-scale datacenters cannot achieve elasticity, we propose an alternative called distributed datacenters with load reallocation where jobs that cannot be suitably processed locally will be reallocated to remote datacenters. We formulate an optimization problem for distributed datacenters with load reallocation and show the benefits in terms of user's response time. We compare three datacenter alternatives with different job types and under different demand patterns. Finally, we present another formulation that can be adapted to distributed computation.

Joint work with Indra Widjaja (Bell Labs), Iraj Saniee (Bell Labs)


Sergey Bykov, Microsoft Research

Title: Orleans: Cloud Computing for Everyone

Cloud computing is a new computing paradigm, combining diverse client devices - PCs, smartphones, sensors, single-function, and embedded - with computation and data storage in the cloud. As with every advance in computing, programming is a fundamental challenge, as the cloud is a concurrent, distributed system running on unreliable hardware and networks.

Orleans is a software framework for building reliable, scalable, and elastic cloud applications. Its programming model encourages the use of simple concurrency patterns that are easy to understand and employ correctly. It is based on distributed actor-like components called grains, which are isolated units of state and computation that communicate through asynchronous messages. Within a grain, promises are the mechanism for managing both asynchronous messages and local task-based concurrency. Isolated state and a constrained execution model allow Orleans to persist, migrate, replicate, and reconcile grain state. In addition, Orleans provides lightweight transactions that support a consistent view of state and provide a foundation for automatic error handling and failure recovery. We implemented several applications in Orleans, varying from a messaging-intensive social networking application to a data- and compute-intensive linear algebra computation. The programming model is a general one, as Orleans allows the communications to evolve dynamically at runtime. Orleans enables a developer to concentrate on application logic, while the Orleans runtime provides scalability, availability, and reliability.


Byung-Gon Chun, Yahoo Research

Title: CloneCloud: Elastic Execution between Mobile Device and Cloud

Mobile applications are becoming increasingly ubiquitous and provide ever richer functionality on mobile devices. At the same time, such devices often enjoy strong connectivity with more powerful machines ranging from laptops and desktops to commercial clouds. This paper presents the design and implementation of CloneCloud, a system that automatically transforms mobile applications to benefit from the cloud. The system is a flexible application partitioner and execution runtime that enables unmodified mobile applications running in an application-level virtual machine to seamlessly off-load part of their execution from mobile devices onto device clones operating in a computational cloud. CloneCloud uses a combination of static analysis and dynamic profiling to partition applications automatically at a fine granularity while optimizing execution time and energy use for a target computation and communication environment. At runtime, the application partitioning is effected by migrating a thread from the mobile device at a chosen point to the clone in the cloud, executing there for the remainder of the partition, and re-integrating the migrated thread back to the mobile device. Our evaluation shows that CloneCloud can adapt application partitioning to different environments, and can help some applications achieve as much as a 20x execution speed-up and a 20-fold decrease of energy spent on the mobile device.


Andy Curtis, University of Waterloo

Title: Leveraging Heterogeneity to Reduce the Cost of Data Center Network Upgrades

The high-level goal of our research is to develop an automated, theoretically well-founded approach to cost-effective data center upgrades and expansions. To be cost effective updated equipment must coexist with legacy equipment, which makes the network heterogeneous. However, heterogeneous high-performance network designs are not well understood. Our first step, therefore, is to develop the theory of heterogeneous Clos topologies. Using this, we propose an algorithm LEGUP which designs a heterogeneous Clos network for a legacy data center. Although effective, LEGUP imposes a certain amount of structure on the data center network. To deal with situations when this is infeasible, we propose a framework to design unstructured networks for existing data centers. Our results indicate that unstructured topologies have 100-500% more bisection bandwidth than regular topologies like a fat-tree for the same dollar cost. Taken together, these contributions provide the theoretical foundations and practical guidelines for data center network upgrades.

Bio:

Andy Curtis final year PhD student at the University of Waterloo, where he is co-advised by Alex Lopez-Ortiz and S. Keshav. His research centers on reducing the cost of operating a data center network. During summer 2010, he interned at HP Labs in Palo Alto, where he worked on scaling OpenFlow for use in the data center.


Michael J. Freedman, Princeton University

Title: Service-Centric Networking with the Serval Network Stack

Internet services run on multiple servers in different locations, serving clients that are often mobile and multi-homed. This does not match well with today's network stack, designed for communication between fixed hosts with topology-dependent addresses. As a result, online service providers resort to clumsy work-arounds---forfeiting the scalability of hierarchical addressing to support virtual server migration, directing all client traffic through dedicated load balancers, restarting connections when hosts move, and so on.

In this talk, we revisit the design of the network stack to meet the needs of online services, including those deployed in cloud-computing infrastructures. The centerpiece of our Serval architecture is a new service access layer (SAL) that sits on an unmodified network layer, and maps service names in packets to service-table rules in hosts. The SAL enables in-stack service-level policy, control, and routing to establish connections via diverse service-discovery techniques, while hiding the addresses and locations of services from applications. By using service names on active sockets, applications trigger updates to local service tables upon invoking socket calls, keeping service state up-to-date and providing hooks for service control. End-points can seamlessly change network addresses, migrate flows across interfaces, or establish additional flows for performance. Experiments with our high-performance in-kernel prototype, and several example cloud applications, demonstrate the value of a unified networking solution for online services.

Joint work with Erik Nordstrom, David Shue, Rob Kiefer, Matvey Arye, Prem Gopalan, and Jen Rexford.


P. Brighten Godfrey, UIUC

Title: Jellyfish: Networking Data Centers Randomly

Traditional high-capacity data center networks have rigid, carefully-structured topologies. This talk explores a somewhat radical alternative: a random network. Our design, Jellyfish, yields two benefits. First, its random topology naturally allows flexible incremental expansion and modification. Second, somewhat surprisingly, Jellyfish is more cost-efficient than past fat-tree designs: it supports 25% more servers at full capacity with the same equipment at the scale of a few thousand nodes, a benefit that improves further with scale. However, Jellyfish's unstructured design brings brings new challenges in routing, physical layout, and wiring. We describe and evaluate approaches that resolve these challenges effectively, indicating that Jellyfish could be deployed in today's data centers. Joint work with Ankit Singla, Chi-Yao Hong, and Lucian Popa.


Emin Gun Sirer, Cornell University

Title: Building Next Generation Secure Systems and Networks with Logical Attestation

Computer hardware has been undergoing a silent revolution over the last decade. Secure coprocessors, such as the Trusted Platform Module (TPM), have become ubiquitous on mobile devices, while modern processors increasingly provide new secure execution capabilities. This hardware has the potential to transform computer systems, as it enables one to discover, in a trustworthy way, the state of a computation on a remote machine.

Yet the same hardware has the potential to lead to security mechanisms that restrict user choice of software, known as "platform lockdown". The trusted computing initiative has, rightfully, been reviled widely because of the risks associated with platform lockdown.

In this talk, I will talk about new security mechanisms we developed while building a new operating system called the Nexus to take advantage of the new functionality provided by TPMs while avoiding platform lockdown. I will also describe how these mechanisms can be applied to networks to allow a new, trustworthy network "knowledge plane" though which applications can determine if networks provide desired characteristics. These mechanisms enable remote veri?cation of advertised claims and contractual stipulations, which in turn enables new applications because network guarantees can span administrative boundaries. I'll report on some experience from an implementation of these ideas in the context of cloud computing applications that provide privacy guarantees to their users, as well as networks that provide enhanced features.


Zachary A. Kissel, University of Massachusetts Lowell

Title: Access Control in Untrusted Cloud Storage using Unidirectional Re-encryption

In this talk we present a secure UNIX-like access control system for untrusted cloud storage using a secure, light-weight unidirectional re-encryption mechanism.

The operation of this system is best illustrated by a scenario. Consider for the moment a self-storage facility (e.g., a UHaul self-storage facility). Users would normally want to keep people they distrust out of their storage bays. They would like to place as little trust as possible in the owners and staff of the facility. Users further want significant control over who has access to their storage bays. They want to be able to change padlocks at any time. They may also want to delegate access to their storage bays to certain people. This talk focuses on how to delegate this access without compromising the above security concerns.

Bio:

Zach Kissel is a PhD candidate in the Computer Science department at the University of Massachusettes Lowell. Zach's research focus is in access controls for untrusted cloud storage. He holds a Masters degree in Computer Science from Northeastern University and a Bachelors degree in Computer Science from Merrimack College.


Ramana Kompella, Purdue University

Title: The TCP Outcast Problem: Exposing Unfairness in Data Center Networks

This talk is about a surprising observation we call the TCP Outcast problem in commodity data center networks. Specifically, we observe that bandwidth sharing via TCP in commodity data center networks organized in multi-rooted tree topologies can lead to severe unfairness under common traffic patterns. When many flows and a few flows arrive at two ports of a switch destined to one common output port, the small set of flows lose out on their throughput share significantly (almost by an order of magnitude sometimes). The Outcast problem occurs mainly in droptail queues that commodity switches use. Using careful analysis, we discover that droptail queues exhibit a phenomenon known as port blackout, where a series of packets from one port are dropped. Port blackout affects the fewer flows more significantly, as they lose more consecutive packets leading to TCP timeouts. We show the existence of this TCP Outcast problem using a data center network testbed using real hardware under different scenarios. We then evaluate different solutions such as RED, SFQ, TCP pacing, and a new solution called equal-length routing to mitigate the Outcast problem.


John Linn, RSA Office of the CTO, EMC

Title: Architectural Considerations for Secure Multi-tenancy

Most commonly accepted definitions of cloud computing include the concept of efficient resource sharing. Ideally, this resource sharing is made possible through native support for multi-tenancy throughout the cloud service provider infrastructure. In reality, this is rarely the case. Thus, when building a cloud computing environment, multi-tenancy is an essential architectural issue, whether at the level of the provider and consumer, or with respect to the interactions among components in the IT environment.

In this talk, we will examine requirements, constraints, and approaches for multi-tenancy, from providers' and consumers' complementary perspectives. Providers are clearly affected by multi-tenancy and its implications because their value proposition depends on the ability to serve multiple tenants; to provide services in a cost-effective fashion, resources must be sharable. This requires an architecture capable of enforcing isolation with sufficient assurance. Typically, only a subset of the architecture's components need be natively capable of strong multi-tenant separation. However, these components must be appropriately positioned and layered. Consumers are also affected: not only because of the compromises they may have to make when obtaining services from a multi-tenant provider, but also because they may obtain and therefore need to integrate services from multiple providers, both external and those within the consumer's own environment. For multi-tenant architectures to be successful, both of these views must be recognized and aligned.

Tenants must trust and rely on providers to some extent, but that extent need not be unbounded. We will consider layered techniques for achieving secure multi-tenancy within distributed architectures where different components are owned and managed by different authorities, and where associated trust may be achieved at different levels of assurance through different methods. Examples include multi-tier database and storage systems, workload segregation among tenants and providers, and dataflow isolation across communications channels. In different cases, assurance elements may be attested by providers, audited procedurally by tenants and/or independent third parties, and/or validated through technical means. Considering an important tradeoff, a tenant may seek visibility and control into providers' infrastructure, but providers may prefer to provide services with relative opacity in their own interests and in those of other tenants.

Our overall objective is to explore these architectural considerations, establishing a conceptual framework for integration of diverse elements to satisfy multi-tenancy requirements securely and effectively. Our discussion will emphasize cloud multi-tenancy at the infrastructure-as-a-service (IaaS) layer, but will introduce principles that are also applicable to platform-as-a-service (PaaS) and software- as-a-service (SaaS) clouds and to multi-tenancy outside cloud environments. Through this presentation, we hope to share experience as practitioners in multi-tenant architecture, and to characterize key problems as inputs for research consideration.


T. S. Eugene Ng, Rice University

Title: Hybrid Networking and JIT Migration for Cloud Resource Management

Cloud computing applications can be highly data and compute intensive. To support these applications, cloud service providers require cost-effective infrastructure designs and dependable resource management solutions. In this talk, I will describe two of our recent projects that address some of these challenges. First, I will describe a hybrid packet and circuit switched (HyPaC) data center network architecture for providing extreme bandwidth on-demand without the complexity of high-bisection bandwidth packet switched networks. Second, I will describe a "just-in-time (JIT)" live virtual machine migration model for predictable migration of virtual machine states and minimal application performance impact.


Jason Nieh, Columbia University

Title: A Virtual Smartphone Architecture

Smartphones are increasingly ubiquitous, and many users carry multiple phones to accommodate work, personal, and geographic mobility needs. We created Cells, a virtualization architecture for enabling multiple virtual smartphones to run simultaneously on the same physical cellphone in an isolated, secure manner. Cells introduces a usage model of having one foreground virtual phone and multiple background virtual phones. This model enables a new device namespace mechanism and novel device proxies that integrate with lightweight operating system virtualization to multiplex phone hardware across multiple virtual phones while providing native hardware device performance. Cells virtual phone features include fully accelerated 3D graphics, complete power management features, and full telephony functionality with separately assignable telephone numbers and caller ID support. We have implemented a prototype of Cells that supports multiple Android virtual phones on the same phone. Our performance results demonstrate that Cells imposes only modest runtime and memory overhead, works seamlessly across multiple hardware devices including Google Nexus 1 and Nexus S phones, and transparently runs Android applications at native speed without any modifications.


K. K. Ramakrishnan, AT&T Labs Research

Title: Enabling Seamless Enterprise Cloud Computing and Storage

Cloud computing has been changing how enterprises run and manage their IT systems. Cloud computing platforms provide customers with flexible, on demand resources at low cost. It also offers the opportunity to lower costs for enterprises in deploying disaster recovery solutions.

Our CloudNet architecture provides comprehensive control over network resources and security for users by utilizing Virtual Private Networks. CloudNet securely, seamlessly and dynamically links cloud and enterprise sites. Cloud hosting promises economies of scale and on-demand provisioning that are a perfect fit for the infrequent yet urgent needs of disaster recovery. We build on CloudNet to solve the difficult problem of disaster recovery to Cloud sites that are geographically separated from the enterprise's primary site. The WAN latency between a cloud site and an enterprise can become a major performance bottleneck when synchronously replicating an application's data into the cloud. I will describe our proposal called 'Pipelined synchrony' to address this problem.


Jennifer Rexford, Princeton University

Title: Frenetic: A Programming Language for Software Defined Networks

While Software-Defined Networking (SDN) enables exciting new network services in the cloud, programming these networks is challenging and error-prone. The Frenetic language and run-time system raise the level of abstraction for programming the network. Frenetic's modular design supports seamless composition of multiple tasks, such as routing, access control, and traffic monitoring. A simple "see every packet" abstraction shields programmers from reasoning about asynchronous events and complex timing issues in the underlying network. The run-time system automatically installs packet-processing rules that keep traffic in the "fast path" through the switches.

Frenetic is a joint project with Nate Foster (Cornell), Rob Harrison (US Military Academy), Michael Freedman (Princeton), Christopher Monsanto (Princeton), Mark Reitblatt (Cornell), Alec Story (Cornell), and David Walker (Princeton). See http://www.frenetic-lang.org for details.


Siddhartha Sen, Princeton University

Title: LocalFlow: Simple, Local Multi-Commodity Flow Routing in Data Centers

Data center networks should ideally support high network utilization. Yet today's routing is typically load agnostic, so large flows can starve other flows if routed through overutilized links. While the theoretical computer science community has extensively studied this problem as part of the multi-commodity flow problem, operational use of their algorithms has been limited to a few, offline settings. This is likely because existing theoretical models are ill-suited for highly dynamic traffic patterns. On the other hand, solutions proposed by the networking community inherit some of the limitations of these models and give suboptimal guarantees, for example, because they do not split flows.

In this work, we develop a simple, switch-local algorithm that routes multi-commodity flows optimally in data center fat-tree networks. The algorithm is combinatorial: it proactively splits and rate-limits the aggregate flow to each target, producing an exact (approximate) solution if splitting is exact (approximate), in an asymptotically optimal number of rounds. Yet the algorithm is also practical: we describe novel mechanisms for implementing it efficiently on emerging standards for programmable, commodity network switches. One crucial aspect is a flexible splitting technique that installs carefully crafted forwarding rules into switches to allow multi-resolution splitting at line rate. Specifically, rules can represent groups of flows, single flows, or subflows; subflow rules group contiguous packets into "flowlets" to minimize packet reordering at the target. Our simulations demonstrate the practicality of our algorithm, using traces from real data center switches.

Bio: Siddhartha Sen is a Ph.D. candidate in Princeton University's Department of Computer Science, advised by Michael Freedman and Robert Tarjan. His research interests lie at the boundary of systems and theory, with the goal of designing distributed systems that are provably scalable and reliable. Before Princeton, he received his S.B. and M.Eng degrees from MIT and spent three years in the Network Load Balancing group of Windows Server at Microsoft Corp.. Siddhartha is the 2009 Google Fellow in Fault-Tolerant Computing.


Anees Shaikh, IBM TJ Watson Research Center

Title: Networking Services for Enterprise Clouds

As more enterprises look to leverage the cost and flexibility advantages of cloud computing, the lack of rich networking support remains a challenge. In this talk, we will discuss the requirements of enterprise line-of-business applications for additional network functions in the cloud, and argue that a service-level abstraction for the network is needed. After reviewing some of the trends in cloud network architecture, we describe our research efforts to develop networking services for multi-tenant enterprise clouds. In particular we will describe our application of software-defined networking techniques to implement cloud networking-as-a-service and other enterprise networking services.


Ion Stoica, Berkeley

Title: Mesos: Multprograming for Datacenters

Today's datacenters need to support a variety of applications, and an even higher variety of dynamically changing workloads. In this talk, I will present Mesos, a platform for sharing commodity clusters between diverse computing frameworks, such as Hadoop, Dryad and MPI. Sharing improves cluster utilization and avoids per-framework data replication. To support the diverse requirements of these frameworks, Mesos employs a two-level scheduling mechanism, called resource offers. Mesos decides how many resources to offer each framework, while frameworks decide which resources to accept and which computations to schedule on these resources. To allocate resources across frameworks, Mesos uses Dominant Resource Fairness (DRF). DRF generalizes fair sharing to multiple-resources, provides sharing incentives, and is strategy proof. Our experimental results show that Mesos can achieve near-optimal locality when sharing the cluster among diverse frameworks, can scale up to 50,000 nodes, and is resilient to node failures.

Bio: Ion Stoica is a Professor in the EECS Department at University of California at Berkeley. He received his PhD from Carnegie Mellon University in 2000. He does research on cloud computing and networked computer systems. Past work includes the Dynamic Packet State (DPS), Chord DHT, Internet Indirection Infrastructure (i3), declarative networks, replay-debugging, and multi-layer tracing in distributed systems. His current research focuses on resource management and scheduling for data centers, cluster computing frameworks, and network architectures. He is the recipient of a SIGCOMM Test of Time Award (2011), the 2007 CoNEXT Rising Star Award, a Sloan Foundation Fellowship (2003), a PECASE Award (2002), and the 2001 ACM doctoral dissertation award. In 2006, he co-founded Conviva, a startup to commercialize technologies for large scale video distribution.


Kobus Van Der Merwe, AT&T Labs Research

Title: Transactional Resource Orchestration Platform In the Cloud

Realizing an Infrastructure-as-a-Service (IaaS) cloud requires a control platform to orchestrate cloud resource provisioning, configuration, and decommissioning across a distributed set of diverse physical resources. This orchestration is challenging due to the rapid growth of data centers, high failure rate of commodity hardware and the increasing sophistication of cloud services. In this talk I will present our work on the design and implementation of TROPIC, a highly available, transactional resource orchestration platform for building IaaS cloud infrastructures. TROPIC's orchestration procedures that manipulate physical resources are transactional, automatically guaranteeing atomicity, consistency, isolation and durability of cloud operations. Through extensive evaluation of our prototype implementation, we demonstrate that TROPIC can meet production-scale cloud orchestration demands, while maintaining our design goals of safety, robustness, high availability and concurrency.


Richard Yang, Yale

Title: PACE: Policy-Aware Application Cloud Embedding

The emergence of new capabilities such as virtualization and elastic (private or public) cloud computing infrastructures has made it possible to deploy multiple applications, on demand, on the same cloud infrastructure. A major challenge to achieve this possibility, however, is that modern applications are typically distributed, structured systems that include not only computational and storage entities, but also policy entities (e.g., load balancers, firewalls, intrusion prevention boxes). Deploying applications on a cloud infrastructure without the policy entities may introduce substantial policy violations and/or security holes. In this paper, we present {\em PACE}, the first systematic framework for Policy-Aware Application Cloud Embedding. We precisely define the policy-aware, cloud application embedding problem, study its complexity and introduce simple, efficient, online primal-dual algorithms to embed applications in cloud data centers. We conduct evaluations using data from a real, large campus network and a realistic data center topology to evaluate the feasibility and performance of PACE.


Hang Zhao, Columbia University

Title: Privacy Enhanced Access Control for Outsourced Data Sharing

The emerging trend of outsourcing of data storage at third parties -- "cloud storage" -- has recently attracted tremendous amount of attention from both the research and industry communities. Security remains the critical issue that concerns potential clients. Traditional access control models often assume that the entity enforcing access control policies is also the owner of data and resources. This assumption no longer holds when data is outsourced to a third-party storage provider. Existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. However, in this setting, access control policies as well as users' access patterns also become privacy sensitive information that should be protected from the cloud.

In this work we propose an access control solution that addresses these privacy requirements and provides a mechanism to achieve a flexible level of privacy guarantee for the users. We describe a two-level access control scheme that combines coarse-grained access control enforced at the cloud, which allows to get acceptable communication overhead and at the same time limits the information that the cloud learns from its partial view of the access rules and the access patterns, and fine-grained cryptographic access control enforced at the user's site, which provides the desired expressiveness of the access control policies. Our solution handles both read and write access control.

Short Bio: Hang Zhao is a final year PhD candidate in the Department of Computer Science at Columbia University. She works in the area of network security, especially security policy enforcement in large-scale distributed systems, under the supervision of Prof. Steven Bellovin. She received her MS from Columbia University in 2008, and her BS from National University of Singapore in 2005. This is a joint work with Mariana Raykova from Columbia and their advisor Steven Bellovin, and will appear at Financial Cryptography and Data Security 2012.


Previous: Program
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on December 9, 2011.