dr. marko vukolić...user-centric management of security and dependability in clouds of clouds this...
TRANSCRIPT
User-centric management of security and dependability in clouds of clouds
This project has received funding from
the European Union’s Horizon 2020
research and innovation programme
under grant agreement No 643964.
This work was supported (in part) by the
Swiss State Secretariat for Education,
Research and Innovation (SERI) under
contract number 15.0091.
Dr. Marko Vukolić
IBM Research - Zurich
Horizon Maths – Paris, December 14, 2015
Provider-centric cloud
deficiencies
INTEROPERABILITY
Vendor lock-in
Different SLAs
UNIFIED CONTROL
Heterogeneous infrastructure services
Monolithic infrastructure
Technological choices
S
E
C
U
R
I
T
Y
User-centric management of security and dependability in clouds of clouds 2
Reality today: Provider-centric clouds
The Cloud as utility
Promise: high availability & security, energy efficiency, scalability, …
Feature-rich services: intrusion monitoring, elastic load balancing, …
User-centric management of security and dependability in clouds of clouds 3
How about User-Centric Clouds?
Customer Security Expectations for User-Centric Clouds
User-centric management of security and dependability in clouds of clouds 4
• Introduction
• Supercloud Healthcare Use Cases
• Supercloud High-level Architecture
• Quick Zoom into Multi-cloud Resilience
• Conclusion and Next Steps
User-centric management of security and dependability in clouds of clouds 6
Outline of the Talk
User-centric management of security and dependability in clouds of clouds 7
SUPERCLOUD Healthcare Use Cases
• Maxdata’s CLINIdATA® LIS - a healthcare laboratory information system
Management of the entire exam process
Pre-analytical: Prescription, Specimen Collection, Specimen Transport
Analytical: Exam realization, Quality Control, Medical Validation
Post-analytical: Access to exam results by patients & clinicians, Billing
• Philips Healthcare – Medical Imaging Platform
Cloud data storage and disaster recovery use case
Cloud data storage and processing use case
Distributed cloud data storage and processing use case
AnalysersOther Information
SystemsHealthcare
professionals
& Patients
SuperCloud
User-centric management of security and dependability in clouds of clouds 8
Maxdata’s CLINIdATA® LIS use case
• CLINIdATA® LIS is used by many different types of healthcare organizations
Large hospitals 8,000 users | 100 analysers | 25,000 exams per day
Small hospitals 200 users | 20 analysers | 1,500 exams per day
Large laboratories 1,200 users | 70 analysers | 25,000 exams per day
Small laboratories 20 users | 10 analysers | 500 exams per day
stores medical data along with other personal data
• Compliance requirements
Directive 95/46/EC and General Data Protection Regulation (GDPR) (starting 2017)
Location-awareness Users should be aware of the physical locations where data is stored
Location-control Users should be able to define the set of possible physical locations, at
country level, where users' data may be stored
Isolation between tenants (hospitals)
User-centric management of security and dependability in clouds of clouds 9
Maxdata’s CLINIdATA® LIS requirements
• Medical and personal data privacy
• Flexibility for Scalability / Security Clients may choose the security and scalability services they want (e.g., disaster
recovery, redundancy, load balancing, backup)
Storage availability, up to 99.999%
In hospitals, CLINIdATA RLIS is a critical application that needs to be constantly available in order to
ensure non-stop operation of various departments including the ER (emergency room)
Replying in < 1 sec to 1,000 service requests received per second
• Control over Architecture and Data
The user should be able to monitor actively its allocated resources, while enabling
a high level of customizability of the storage architecture and its services.
• QoS vs Cost Transparency Clients know what’s the cost and QoS of their options
User-centric management of security and dependability in clouds of clouds 10
Philips Healthcare – Medical Imaging Platform
• Cloud data storage and disaster recovery
Medical data privacy
Large volumes: 100+ tera-bytes, and kept at least for 10+ years
Data may not get tampered and must be complete and correct
Medical data may not cross certain legal country boundaries
Guaranteed cloud storage within certain countries
Distributed storage, across multiple cloud and countries, in a privacy
compliant manner
• Storage with processing use cases
Storage requirements
+ Image analysis capabilities
+ RBAC
+ Low latency of processing and access to data
+ Isolation per hospital group
User-centric management of security and dependability in clouds of clouds 11
Philips Healthcare – Medical Imaging Platform
• Distributed cloud data storage and processing
Patient data flows around hospitals for analytics, statistics, research, …
Storage and processing requirements
+ Identity management across clouds of healthcare professionals
+ Auditing across clouds of accessed patient data
+ Interoperability across user-clouds
+ Petabytes of data
• Introduction
• Supercloud Healthcare Use Cases
• Supercloud High-level Architecture
• Quick Zoom into Multi-cloud Resilience
• Conclusion and Next Steps
User-centric management of security and dependability in clouds of clouds 12
Outline of the Talk
User-centric management of security and dependability in clouds of clouds 13
• Compute infrastructure: flexible&automated protection of resources
Vulnerabilities in complex infrastructure, mitigation of cross-layer attacks
Lack of flexibility and control in security management
Automation of security management
• Data management: unified experience for protecting data assets
Management of access rights, continuum between provider vs. user control
Traceability of information for accountability and privacy
High availability, fault and disaster tolerance, low latency
Privacy and secure data sharing
• Networking: resilient, secure, transparent virtual network connectivity
Resilient resource provisioning across heterogeneous cloud platforms
End-to-end inter-cloud network security with different security SLAs
Security Challenges
User-centric management of security and dependability in clouds of clouds 14
The 3 Supercloud Planes
User-centric management of security and dependability in clouds of clouds 15
Enabling User Clouds
User-centric management of security and dependability in clouds of clouds 16
Data Management Plane (logical architecture)
User-centric management of security and dependability in clouds of clouds 17
Data Management Plane (deployment mapping)
User-centric management of security and dependability in clouds of clouds 18
Maxdata Use Case - Architecture
User-centric management of security and dependability in clouds of clouds 19
Philips Use Case - Architecture
• Introduction
• Supercloud Healthcare Use Cases
• Supercloud High-level Architecture
• Quick Zoom into Multi-cloud Resilience
• Conclusion and Next Steps
User-centric management of security and dependability in clouds of clouds 20
Outline of the Talk
• Flexibility
User-clouds will be able to choose the level of resilience
Modeling provider clouds as crash or Byzantine faulty
Supercloud resilience will offer both CFT and BFT
• BFT is (traditionally) very expensive
3t+1 data replicas to tolerate t faults
• In prior work we showed that separating control and data
plane helps reduce cost of BFT
3t+1 replicas only in the control plane
2t+1 replicas in the data plane (and only t+1 in the « common case »)
[Dobre et al. SoCC‘14, Cachin et al. SSS’14, Androulaki et al. OPODIS’14]
User-centric management of security and dependability in clouds of clouds 21
Multi-cloud resilience
User-centric management of security and dependability in clouds of clouds 22
SMR model CFT XFT BFT
Number of Nodes 2t+1 2t+1 3t+1
Tolerating Byzantine Nodes no yes yes
Performance Good (production) Practically as good as CFT Poor (compared to CFT)
Control plane fault-tolerance
• Control plane resilience relies on State Machine Replication (SMR)
Or Total-order broadcast
• Supercloud resilience (XFT control plane + BFT data plane)
Tolerating Byzantine clouds with only
t+1 control servers in the « critical path » (2t+1 control servers in tootal)
t+1 data replicas (+ additional t in the « worst case »)
• Introduction
• Supercloud Healthcare Use Cases
• Supercloud High-level Architecture
• Quick Zoom into Multi-cloud Resilience
• Conclusion and Next Steps
User-centric management of security and dependability in clouds of clouds 23
Outline of the Talk
User-centric management of security and dependability in clouds of clouds 24
The SUPERCLOUD Project: Goals and Expected Results
Goal: a security management infrastructure for secure supercloud computing
Expected Results:
A security management infrastructure:
360°autonomic security supervision, horizontally and vertically for superclouds
A user-centric to provider-centric continuum of security services
End-to-end trust management
A data management framework:
Advanced cryptographic tools (e.g., access control, secure computation)
A resilience framework for multi-cloud storage infrastructures
A multi-cloud network management infrastructure:
Resilient virtual network provisioning across multiple clouds
Sanitized network environment with tunable security guarantees
Key take-aways
User-centric distributed clouds overcome provider-centric limitations
Secure Supercloud Computing enables to build such clouds
Security will be self-service, self-managed, end-to-end, and resilient
The SUPERCLOUD project is building this new security technology
Expected: increased trustworthy cloud services + customer experience
Next steps
SUPERCLOUD start: early February 2015
First use cases definition, 5 architecture deliverables finalized
Next: use case refinement, prototypes of SUPERCLOUD technology
Push into open source and standardization
https://supercloud-project.eu/
User-centric management of security and dependability in clouds of clouds 25
Conclusion and Next Steps
User-centric management of security and dependability in clouds of clouds
This project has received funding from
the European Union’s Horizon 2020
research and innovation programme
under grant agreement No 643964.
This work was supported (in part) by the
Swiss State Secretariat for Education,
Research and Innovation (SERI) under
contract number 15.0091.