Provisioning Security and Performance Optimization for Dynamic ...

2014 IEEE International Conference on Cloud Computing

Provisioning Security and Performance Optimization for Dynamic Cloud Environments Viswanath Nandina, Jos´e Marcio Luna, Christopher C. Lamb, Gregory L. Heileman, Chaouki T. Abdallah School of Electrical and Computer Engineering, University of New Mexico Email: [email protected], [email protected], [email protected], [email protected], [email protected] Abstract—Security and resource optimization are two of the most critical concerns in cloud computing. A cloud provider must ensure customers with appropriate security, while optimizing the use of cloud resources. In this paper, we present a framework which optimizes both the use of cloud resources and security provided to the customers in an infrastructure as a service (IaaS) cloud. Our framework offers secure usage control of sensitive data within secure virtual machines (VMs), which are dynamically instantiated while optimizing both security and resources allocated to the VMs. These resources are then allocated to the VMs using an optimization model based upon randomized algorithms. We demonstrate that both security and resources can be efficiently optimized within a cloud setting using our formal mathematical model and usage management framework.

I.

data and the associated policy from the database server; and downloads the context within which usage is carried out from an authentication server. The type of resources and security allocated to a VM is calculated based on our RA for optimization. In this model, like other resources, security is considered as a resource allocated to the VM. Security is measured in terms of the strength of the encryption algorithm applied to the sensitive data to be used within that VM. We consider security as a finite, quantifiable resource, and optimize its allocation to the VMs within the cloud. We observe that security incurs a cost to the cloud provider like any other resource. Each security measure associated to a VM translates into increased use of other finite resources such as CPU usage, memory usage, storage, and network bandwidth usage.

I NTRODUCTION

The potential and scope of cloud computing is limited by the challenge of assuring security and privacy to organizations and users while maintaining efficient and reliable systems. Balancing and optimizing resources and security within a cloud system is one of the key challenges faced today by cloud providers. Resource allocation optimization ensures maximum returns on the cloud infrastructure to the cloud provider. Security services provided by the cloud are a critical parameter which determines whether or not the customer has any confidence in moving data to the cloud. However, both of these goals are often at odds with each other. Previous work which focusses on various security and privacy challenges in the cloud domain has helped us understand the problem better [1], [2].

The main contributions of this paper are: 1) an integrated framework for enabling secure usage management for sensitive data within secure VMs, 2) a policy model for expressing security policies for sensitive data, and 3) an RA, which calculates the optimal distribution of resources among users of IaaS cloud while guaranteeing security. To the best of the authors’ knowledge, this is the first formal mathematical approach to simultaneously optimize performance and security in the cloud. II.

In an IaaS cloud, users are limited to security measures that can be incorporated into the VM image [3]. The goal of this research effort is to apply usage management (UM) in a novel way to provision and control cloud-based resources and ensure that all security and performance requirements are met [4], [5]. UM provides dynamic security by continuously monitoring the policies associated with a resource [6], [7]. In this paper we present a framework which enables optimization of both security and resource allocation in IaaS cloud systems. Our framework is based on two novel features: 1) a mechanism which instantiates secure VMs, within which policy-protected data is delivered to the user, and 2) an optimization model, based on randomized algorithms (RA), which optimizes the allocation of resources and security to VMs in the cloud.

A. Setup The architecture contains a central UM framework which manages data in Amazon S3 (cloud database repository) and cloud resources (VMs). The framework can provision cloud VMs based on policies, and also ensures that resources can only be moved to VMs that meet security requirements. The framework can retract resources when the cloud resources no longer meet the security requirements (e.g., due to a change in the users operating environment).

Secure VMs are instantiated by including a policy enforcement module, which ensures that the usage of sensitive data is in accordance with the policy associated with the data. The enforcement mechanism dynamically downloads the encrypted 978-1-4799-5063-8/14 $31.00 © 2014 IEEE DOI 10.1109/CLOUD.2014.150

ARCHITECTURE

In this section we describe how UM is implemented within the cloud domain, and show a technique to enforce UM policies within a VM. This involves demonstrating how UM monitors and controls the usage of a resource after a user has been granted access to the resource. We then explain our approach to optimize performance of cloud resources by using RA, while simultaneously optimizing the security associated with each VM.

Data repositories, such as Amazon S3 hold the data and associated policies within “buckets”. The metadata option of 979

the database to a VM that is instantiated according to the security levels.

Database

3 Request and Context

Resource and Policy

Step 5: VM resource utilization information from the various VMs is sent to the RA module from the node controller in order to compute the cost function.

Instantiate VMs 4

Usage Management Module

Node Controller

Step 6: The results from the RA module are sent to the UMM which distributes the resources among the various VMs based on different security parameters and performance.

1 2 6 VM

……

VM

Authentication System

User Access the VMs

5DQGRPL]HG $OJRULWKP Open Loop Optimizer

B. UM Enforcement This section explains the details of how the UM works inside a VM. Whether it is a public or a private cloud we use a base VM image to instantiate our VMs. With this approach we are able to successfully inject our UM framework locally inside a VM. When a VM is created for a user to fetch the resource which the user wants to access, the associated policy files are also supplied along with the resource. The local UMM is responsible for enforcing the policies associated with the resource within the VM. Any contextual change in the operating environment of the user is reported to the UMM within the VM by the central UM system. The UM system monitors any changes in the database, and correspondingly interacts and updates the UMM within the VM. If the policy requirements of the resource are not met because of any contextual changes then the resource is retracted.

5

Fig. 1. Architecture for resource and security optimization for an IaaS cloud system.

the resource links the resource with the policy file. Amazon EC2 and OpenStack provide cloud resources which have a context associated with them. A user context describes the information about the user, such as user credentials and computing environment of the user. In our approach, we developed a local usage management module (UMM) that is injected into any VMs that are provisioned by the central UM framework. Using a web interface, a user logs into the system, and is presented with a list of resources the user can access based upon the user’s context. Each resource carries an associated policy, both of which are stored in a repository. The policies are generated by the license generator based upon the service level agreement (SLA) requirements. If the user wishes to access a resource, the user and his computing environment information stored in the context is retrieved by the UM framework and checked against the policy of the respective resource. If the user is granted access to the resource based upon the context and the policy of the resource, the resource and the associated policy file are moved to a VM with respective security attributes pertaining to the policy.

UMM within the VM is implemented as a daemon process running in Linux, where any request is passed through this daemon process before the requested action takes place. For example, in order to take any action such as copy, print, read or send a file through the network, a request is passed down to the UMM, which checks whether or not its corresponding policy allows this particular action. The implementation of the UMM within a VM is a work in progress. C. Optimizing Resources in the Cloud Within the scope of SLA requirements between users and cloud service providers, we propose to optimize the distribution of cloud resources based on the user needs, while guaranteeing power savings to the provider. In this section, we propose a mathematical approach based on unconstrained optimization theory to fulfill this goal.

Once the user has been granted access to the resource, the UM system continues to process the policy agreements inside the secure VM. The UMM is responsible for enforcing policies throughout the lifetime of the resource, while taking into account any change in the context within which the user operates the VM. If the UMM determines that the context of the public cloud no longer confirms to the policy of the resources stored on it, then the resources are retracted.

1) Cost Function: Because of the random variation of the workload in the cloud, we propose to model the following performance measures as random variables : Cμ = % of CPU utilization Mμ = % of memory utilization T = Total execution time of benchmark S = Measure of Security, (see Section II-C2) W = Hourly cost associated to the VMs in use

Figure 1 shows the architecture of our system. The operation steps are explained below. Step 1: First, a user requests a policy-protected resource. Following this, the context information is sent to the UM system .

Let us define Θ as the set of triplets formed by the available VMs, cryptographic ciphers and hard-drives (volumes), e.g., Θ := {{θ = {θ1 , θ2 , θ3 } : θ1 ∈ {m1.small, m1.medium, . . . , m3.2xlarge}, θ2 ∈ { NE, DES, AES-128-ECB, . . . , AES-256-CTR}, θ3 ∈ { HD-8-GB, HD-10-GB, . . . , HD-32-GB}} .

Step 2: The UM system authenticates and authorizes the user for access to the resource based on the access control policy associated with the resource. Steps 3 and 4: The resource and policy are then moved from

980

TABLE I.

Sec. Lvl Si 0.1 0.2 0.3 0.4 0.5

Notice that 1−δ is a measure of confidence and 1−n , n = 1, 2 are measures of accuracy. To see the relevance of the previous RA, let us assume nC = 10 × 10 × 5 = 500 meaning 10 levels of security, 10 hard drive sizes and 5 different instances. Moreover, assume δ = 1 = 2 = 0.05, therefore M1 ≥ 199 and M2 ≥ 1, 935. Notice that assessing 199 combinations of instances θ ∈ Θ is much better than evaluating all the 500 possible combinations of parameters. In this example we can assert with a confidence of 95% that we find a minimum of the cost function (1)–(2) with accuracy of 95%.

M EASURE OF SECURITY ASSOCIATED TO CIPHERS AND MODES OF OPERATION .

Cipher Mode of Op. No encryption DES AES-128-ECB AES-192-ECB AES-256-ECB

Sec. Lvl Si 0.6 0.7 0.8 0.9 1.0

Cipher Mode of Op. AES-256-CBC AES-256-CFB AES-256-CFB-1 AES-256-OFB AES-256-CTR

Note: Due to the space limitations, we omit the details of the security levels assigned to the ciphers.

III.

Now, let us define the vector, T Δ = (Cμ , Mμ , T, S, W ) .

C ONCLUSION

In this paper we have shown how security can be optimized within an IaaS cloud along with other cloud resources. We have presented an integrated security framework for the cloud. This framework provides secure access and use of sensitive data within a secure VM, which is initialized while trying to simultaneously optimize both security and performance. We have measured the level of security associated with a VM in terms of the strength of encryption algorithms. Our optimization algorithm is then able to balance both security and resource allocation within the cloud. The advantages related to scalability and tractability of this multi-objective optimization process have been provided under the framework. In our future work we intend to include and quantify other security metrics such as the use of network monitoring, intrusion detection, etc. All these security measures imply increased security, and indirectly result in optimized use of the finite computing resources available to the cloud provider. The implementation and presentation of the results using Amazon EC2 are part of our future research agenda.

Every random vector Δ ∈ D is considered to be a sample of the performance vector of the system. Every normalized random variable is assumed to be a measurable function of θ ∈ Θ. We assign an index i ∈ (1, . . . , N ) ⊂ N to each client and for the i-th client we propose the cost function Ji (Δ, θ) s.t.,   Ji : D × Θ → R, given by, 1 Ji = E α1i Cμi + α2i Mμi + α3i Ti + α4i + α5i Wi , Si (1) and we define the multi-cost function, T (2) J = (J1 , . . . , JN ) , where α1i , . . . , α5i ∈ R correspond to the weights given to the variables based on the SLA requirements of the i-th client in the cloud. 2) Measure of Security: For this specific problem, we restrict the concept of security to the organization and implementation of several cryptographic ciphers. We are aware that security encompasses a broader set of techniques and methodologies. Other security metrics could be incorporated to the cost function (1)-(2) in the future. We propose to assign values to different cryptographic ciphers depending on their key sizes, ability to run in parallel, degree of synchronization, and susceptibility to cryptanalysis. In Table I we illustrate the different ciphers we are proposing with their respective security levels.

R EFERENCES [1]

[2] [3]

[4]

3) Randomized Algorithm: Since we do not have knowledge of the probability distributions of the random variables, we are unable to determine a closed form of the multi-cost function. Based on [8], under the assumption that J(Δ, θ) is measurable we can estimate φ(θ) = EΔ (J(Δ, θ)) by calculating the sample mean for a number of M2∈ N samples of M2 (k) ˆ M (J(Δ, θ)) = 1 Δ, namely φˆM2 (θ) = E , θ). 2 k=1 J(Δ M2 We implement the following RA based on [8]

[5]

[6]

Algorithm 1. Given 1 , 2 , δ ∈ (0, 1).  2nC  1 1) Draw M1 ≥ i.i.d. samples 2 ln δ (1) (M1 ) . φ ,...,φ 4M1 ln 2) Draw M2 ≥ 22δ i.i.d. samples Δ(1) , . . . , Δ(M2 ) . 1 3) Return the empirical controller, M2 1  J(Δ(k) , φ(i) ). φˆM1 M2 = arg min i=1,...,M1 M2

[7]

[8]

k=1

981

H. Takabi, J. B. D. Joshi, and G.-J. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security and Privacy, vol. 8, no. 6, pp. 24–31, Nov. 2010. D. Zissis and D. Lekkas, “Addressing cloud computing security issues,” Future Gener. Comput. Syst., vol. 28, no. 3, pp. 583–592, Mar. 2012. Peter Mell and Tim Grance, “The NIST Definition of Cloud Computing,” http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-defv15.doc, 2009. V. Nandina, J. M. Luna, E. J. Nava, C. C. Lamb, G. L. Heileman, and C. T. Abdallah, “Policy-based security provisioning and performance control in the cloud,” in Proceedings of 3rd International Conference on Cloud Computing and Services Science (CLOSER 2013), 2013, pp. 502–508. J. M. Luna, C. T. Abdallah, and G. Heileman, “On the stability of a market-oriented cloudd computing model with time-varying workloads,” in Proceedings of International Workshop on Feedback Computing (Feedback’13), San Jose, CA, June 2013, pp. 1–7. P. A. Jamkhedkar, C. C. Lamb, and G. L. Heileman, “Usage management in cloud computing.” in Proceedings of the 4th International Conference on Cloud Computing (IEEE CLOUD 2011), L. Liu and M. Parashar, Eds. IEEE, 2011, pp. 525–532. R. Buyya, S. K. Garg, and R. N. Calheiros, “Sla-oriented resource provisioning for cloud computing: Challenges, architecture, and solutions,” in Proceedings of the 2011 International Conference on Cloud and Service Computing, ser. CSC ’11. Washington, DC, USA: IEEE Computer Society, 2011, pp. 1–10. R. Tempo, G. Calafiore, and F. Dabbene, Randomized Algorithms for Analysis and Control of Uncertain Systems, E. D. Sontag, M. Thoma, A. Isidori, and J. V. Schippen, Eds. London: Springer-Verlag, 2013.