Resource Optimization and Security for Cloud Services E-Book

Table of Contents

Preface

Chapter 1. Introduction

1.1. Motivation

1.2. The problems

1.3. Summary of contributions

1.4. The organization of this book

Chapter 2. Current Approaches for Resource Optimization and Security

2.1. Service availability

2.2. Trustworthiness

2.3. Performance

2.4. The resource optimization problem subject to an SLA

2.5. Public-key cryptography-based authentication

Chapter 3. Single Class Customers

3.1. The percentile of response time

3.2. A resource optimization problem for service models with single-class customers

3.3. Approaches for the resource optimization

3.4. Numerical validations

3.5. The balanced condition

3.6. Services Performance Modeling and Analysis in a Simple Scenario of Cloud Computing

3.7. Concluding remarks

Chapter 4. Multiple-Class Customers

4.1. The SLA performance metric in the case of multiple class customers

4.2. The resource optimization problem for multiple customer services

4.3. Approaches for resource optimization

4.4. Numerical validations

4.5. Concluding remarks

Chapter 5. A Trustworthy Service Model

5.1. The trust-based resource optimization problem

5.2. A framework for solving the trust-based resource provisioning problem

5.3. The calculation of SLA metrics

5.4. An approach for solving the trust-based resource provisioning problem

5.5. Numerical examples

5.6. Concluding remarks

Chapter 6. Performance Analysis of Public-Key Cryptography-Based Group Authentication

6.1. Public-key cryptography-based authentication

6.2. PKCROSS and PKTAPP

6.3. A new group authentication technique using public-key cryptography

6.4. Performance evaluation of the new proposed technique

6.5. Concluding remarks

Chapter 7. Summary and Future Work

7.1. Research summary of the book

7.2. Future research directions

Bibliography

Index

Preface

With the number of e-business applications dramatically increasing, service-level agreements (SLAs) will play an important part in distributed and cloud service computing. An SLA is a combination of several qualities of service (QoS) metrics, such as security, performance and availability, agreed between a customer and a service provider. Due to the complexity of these metrics, most existing research typically addresses only one of these QoS metrics. In the case of the response time as a performance metric, the average time to process and complete a job is typically used in the literature. However, this may not be of real interest to a customer. A statistically bounded metric, that is, a percentile response time, is more realistic than the average response time. Moreover, in cloud computing, customer requests are typically distinguished by different request characteristics and service requirements.

This book is a research monograph. It covers the state of the art in the resource optimization and security of cloud services. The book includes a study of trustworthiness, percentile response time, service availability and authentication among cloud service stations or sites that may be owned by different service providers. Cloud services are primarily supported through data centers and this book mainly deals with the end-to-end performance and security of cloud services. Thus, this book focuses on the study of end-to-end performance and security between cloud users and data centers, instead of the discussion of cloud virtualization technologies. First, it contains an analysis of percentile response time, which is one of the most important SLA metrics. Effective and accurate numerical solutions for the calculation of percentile response time in single-class and multi-class queuing networks are obtained. Then, the numerical solution is incorporated into a resource allocation problem. Specifically, we present an approach for the resource optimization that minimizes the total cost of computer resources required while preserving a given percentile of the response time.

Second, we extend the approach to consider trustworthiness, service availability and the percentile of response time in Web services. We clearly define these QoS metrics and provide their quantitative analysis. Then, we take into account these QoS metrics in a trust-based resource allocation problem in which a set of computer resources is used by a service provider to host a typical Web services application for single-class and multiple-class customer services, respectively. We formulate the trust-based resource allocation problem as an optimization problem under SLA constraints in which we calculate the number of servers in each service site that minimize a cost function that reflects operational costs for single-class and multiple-class customer services, respectively. We solve this problem using an efficient numerical procedure. Experimental results show the applicability of the procedure and validate its accuracy.

Finally, we first present a thorough performance evaluation of two notable public key cryptography-based authentication techniques, public-key cross-realm authentication in Kerberos (PKCROSS) and public key utilizing tickets for application servers (PKTAPP, also known as KX.509/KCA), in terms of computational and communication times. We then demonstrate their performance difference using queuing networks. PKTAPP was proposed to address the scalability issue of PKCROSS. However, our in-depth analysis of these two techniques shows that PKTAPP does not perform better than PKCROSS in a large-scale system. Thus, we propose a new public-key cryptography-based group authentication technique. Our performance analysis demonstrates that the new technique can perform better than PKCROSS and PKTAPP.

As mentioned above, this book is a research monograph. It collects the author’s recent studies in the field. The book may be used as a reference book by those researchers and engineers who work and those students who study in the fields of distributed computing, cloud computing, service computing, networks and telecommunication, and network security.

Chapter 2

Current Approaches for Resource Optimization and Security

In this chapter, we discuss existing approaches for addressing service-level agreement (SLA) metrics including service availability, trustworthiness, performance and public-key cryptography-based group authentication. Then, we provide a review of how a resource optimization problem subject to an SLA is solved in the literature.

The chapter is organized as follows. Section 2.1 gives the definition of service availability and describes its measure methods. The characteristics of trustworthiness and performance metrics are presented in sections 2.2 and 2.3. Section 2.4 gives a literature review of the resource optimization problem subject to various Quality-of-Service (QoS) metrics. The performance of public-key cryptography-based group authentication is discussed in section 2.5.

2.1. Service availability

Availability is a critical metric in today’s computer design [HEN 99]. It is the percentage of time that a service provider can offer services. A computer system can be unavailable due to a variety of causes, such as network failure, hardware failure, software failure or security attacks. Detecting and preventing these failures and attacks is beyond the scope of our study in this book. Cisco has asserted that the operational failure causes 80% of non-availability [CIS 13c]. Hence, increasing network availability is becoming a key priority for enterprise and service provider organization, as discussed in [CIS 13a]. Martin and Nilsson [MAR 02] give an example of how network service availability is defined in Sprint’s SLA and WorldCom’s SLA.

Availability has been extensively studied for a variety of computer systems in the literature. It has been studied to improve dependability for computer and telephone networks in [GRA 01]. The dependability can be defined as the property of a system such that reliance can justifiably be placed on the service it delivers, as defined in [BAR 95]. Systems with high availability tend to have large quorum1 sizes and high load. Improving the availability of a system has been discussed in the literature (e.g. see [AIY 05], [AMR 85], [NAO 98] and [SKE 84]). Aiyer et al. [AIY 05] studied the availability of non-strict quorum systems and proposed K-quorums that can provide higher availability than the strict quorum systems. Naor and Wool [NAO 98] analyzed the load and the availability of traditional quorum systems.

Brown and Patterson [BRO 00] defined a new availability metric to capture the variations of the system QoS over time. It is defined by the number of requests satisfied per second (or the latency of a request service) and the number of server failures that can be tolerated by a system.

In this research, our interest is potential hardware (i.e. servers within each station) failures and their effect on unavailability. To determine this, the service provider that owns these stations needs to understand the mean time to failure (MTTF) of all station components and the mean time to recover (MTTR) for hardware problems for all devices at each station, where MTTF is the average time of a server failure, and MTTR is the average time for recovering a server at each resource station. MTTF information can be obtained from a hardware provider. For example, it is mentioned in [CIS 13c] that MTTF information is available for all Cisco components and is available upon request to a local account manager. MTTR is determined by evaluating how quickly a station owner can repair broken servers. It is a major factor of server availability. To improve service availability, it is necessary to reduce the frequency time of failure, as indicated in Brewer [BRE 01].

Network availability data may be found on the Internet. For example, the University of Houston maintains current and historical network availability data on a Website [UH 12]. Cisco [CIS 13b] presented a formula for the calculation of network availability.