Cloud Computing Research at Kno.e.sis
Ability to mix private/enterprise computing with public clouds can provide an exciting new approach to high performance computing that can grow on demand and limit costs.
A strategic direction we consider worth pursuing is to combine use of high-end enterprise computing (cluster of computers, grid or a private cloud) with public ("elastic") cloud on demand. For example, Mindmodeling.org which supports computational cognitive process modeling and simulation is currently hosted on a set of servers, but to further scale, it may consider mixing use of public clouds.
Three core capabilities needed in this context are: interoperability/SLA, Security and Privacy. Researchers at Kno.e.sis are doing original work in these areas and also collaborate with others (especially IBM).
We see two aspects of cloud computing as important and utilize our previous research experience along these avenues. On one hand, we take the Service Oriented Architecture (SOA) perspective and focus on interoperability within multiple clouds (if necessary, we will support other distributed computing paradigms such as clusters, grids). On the other hand we also see the privacy and data security issues and try to find better ways to manage these.
We outline our research in four areas.
We think that the ability to manage multiple clouds using a uniform interface is important in the wake of boom of cloud service providers. We take a service oriented perspective and believe SOA based middleware is the best solution in this regard. This work started as a research project in IBM where Knoesis intern Ajith Ranabahu worked with IBM researcher Micheal Maximilien to complete and internally deploy the first version of the middleware known as Altocumulus. IBM has a joint study agreement with us and continue to work with us on this cloud middleware platform. To further this research by using the competencies we have in Knoesis, we anticipate that semantic technologies will play a significant role in enhancing such middleware. We see efforts such as UCI as possible extensions to Altocumulus.
SLA and other cloud service aspects
Given the complex nature of the cloud landscape today, we believe that sophisticated means of managing their interactions is required. Hence we try to apply known techniques to solve Service Level Agreements (SLA) etc in the cloud context. Our most recent research work is in the area of applying Web Service Level Agreement (WSLA) to the cloud context.
Although the flexibility and convenience cloud computing offers are unprecedented, the security concerns it poses are also abundant. These need to be addressed by both infrastructure-as-a-Service (IaaS) providers and Software-as-a-Service (SaaS) providers. Considering that applications from many SaaS providers run on a cloud, it is critical for IaaS providers to use secure virtualization software that minimizes the risk of users of one service maliciously affecting a different service on the cloud. For the same reason, SaaS providers should make sure that the applications they deploy do not have any design holes that can be exploited.
At Knoesis, we plan to explore new techniques for the design and analysis of secure software for use in cloud computing. While there are security risk assessment techniques and threat models for corporations deploying services on their own servers, these need to be adapted and extended to risk estimation for deployment on clouds. Besides this task, we would also like to conduct research on newer cryptographic primitives that might be more effective, both in terms of security and efficiency, in a cloud setting.
To take advantage of the highly available and low-cost cloud-based services, the user often needs to outsource the data to the service provider. However, due to security and privacy concerns, data containing sensitive information are often prevented from outsourcing, which greatly restricts the use of cloud-based services. We propose the space perturbation approach to address the privacy issues in two representative classes of cloud-based services: query-based services and mining-based services.
In query-based services, we propose to study the indexability utility of outsourced data in the context of multidimensional vector space and address it with a set of space perturbation methods. As a result, the service provider is able to index the perturbed data and efficiently process queries. In mining-based services, we propose to study the information utility that is critical to data mining models and develop space perturbation methods to preserve this utility. Servers can work on the transformed data and generate transformation-invariant models for the data owner. The third thrust of this research is to evaluate the resilience of the proposed solutions against attacks and vulnerabilities.
Similar to security research, we believe that any privacy preserving solution should be evaluated against given attack models. Among the potential attacks, we argue that Independent-Component-Analysis based attacks and background-knowledge based attacks are the two most detrimental classes of vulnerabilities for all space perturbation methods. The proposed research will develop statistical-estimation based privacy evaluation methods to validate the developed solutions against these two classes of attacks. In addition, we propose to develop perturbation optimization tools and visual analysis tools to help the data owner understand and control the privacy guarantee for any individual data items and manage the possible tradeoff between data utility and data privacy. A preliminary study has shown that this approach has great potential to achieve both high privacy guarantee and high data utility.