IEEE Press Editorial Board
Ekram Hossain, Editor in Chief
Giancarlo Fortino | Andreas Molisch | Linda Shafer |
David Alan Grier | Saeid Nahavandi | Mohammad Shahidehpour |
Donald Heirman | Ray Perez | Sarah Spurgeon |
Xiaoou Li | Jeffrey Reed | Ahmet Murat Tekalp |
This edition first published 2018
© 2018 the IEEE Computer Society, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.
The rights of Roy H. Campbell, Charles A. Kamhoua, and Kevin A. Kwiat to be identified as the authors of the editorial material in this work have been asserted in accordance with law.
Registered Office
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA
Editorial Office
111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of Warranty
While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging-in-Publication Data
Names: Campbell, Roy Harold, editor. | Kamhoua, Charles A., editor. | Kwiat, Kevin A., editor.
Title: Assured cloud computing / edited by Roy H. Campbell, Charles A. Kamhoua, Kevin A. Kwiat.
Description: First edition. | Hoboken, NJ : IEEE Computer Society, Inc./Wiley, 2018. | Includes bibliographical references and index. | Identifiers: LCCN 2018025067 (print) | LCCN 2018026247 (ebook) | ISBN 9781119428503 (Adobe PDF) | ISBN 9781119428480 (ePub) | ISBN 9781119428633 (hardcover)
Subjects: LCSH: Cloud computing.
Classification: LCC QA76.585 (ebook) | LCC QA76.585 .A87 2018 (print) | DDC 004.67/82–dc23
LC record available at https://lccn.loc.gov/2018025067
Cover image: Abstract gray polka dots pattern background - ©shuoshu/Getty Images; Abstract modern background - ©tmeks/iStockphoto; Abstract wave - ©Keo/Shutterstock
Cover design by Wiley
Starting around 2009, higher bandwidth networks, low-cost commoditized computers and storage, hardware virtualization, large user populations, service-oriented architectures, and autonomic and utility computing together provided the foundation for a dramatic change in the scale at which computation could be provisioned and managed. Popularly, the resulting phenomenon became known as cloud computing. The National Institute of Standards and Technology (NIST), tasked with addressing the phenomenon, defines it in the following way:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” [1]
In 2011, the U.S. Air Force, through the Air Force Research Laboratory (AFRL) and the Air Force Office of Scientific Research (AFOSR), established the Assured Cloud Computing Center of Excellence (ACC-UCoE) at the University of Illinois at Urbana-Champaign to explore how cloud computing could be used to better support the computing and communication needs of the Air Force. The Center then pursued a broad program of collaborative research and development to address the core technical obstacles to the achievement of assured cloud computing, including ones related to design, formal analysis, runtime configuration, and experimental evaluation of new and modified architectures, algorithms, and techniques. It eventually amassed a range of research contributions that together represent a comprehensive and robust response to the challenges presented by cloud computing. The team recognized that there would be significant value in making a suite of key selected ACC-UCoE findings readily available to the cloud computing community under one cover, pulled together with newly written connective material that explains how the individual research contributions relate to each other and to the big picture of assured cloud computing. Thus, we produced this book, which offers in one volume some of the most important and highly cited research findings of the Assured Cloud Computing Center.
Military computing requirements are complex and wide-ranging. Indeed, rapid technological advances and the advent of computer-based weapon systems have created the need for network-centric military superiority. However, network-centricity is stretched in the context of global networking requirements and the desire to use cloud computing. Furthermore, cloud computing is heavily based on the use of commercial off-the-shelf technology. Outsourcing operations on commercial, public, and hybrid clouds introduces the challenge of ensuring that a computation and its data are secure even as operations are performed remotely over networks over which the military does not have absolute control. Finally, nowadays, military superiority requires agility and mobility. This both increases the benefits of using cloud computing, because of its ubiquitous accessibility, and increases the difficulty of assuring access, availability, security, and robustness.
However, although military requirements are driving major research efforts in this area, the need for assured cloud computing is certainly not limited to the military. Cloud computing has also been widely adopted in industry, and the government has asked its agencies to adopt it as well. Cloud computing offers economic advantages by amortizing the cost of expensive computing infrastructure and resources over many client services. A survivable and distributed cloud-computing-based infrastructure can enable the configuration of any dynamic systems-of-systems that contain both trusted and partially trusted resources (such as data, sensors, networks, and computers) and services sourced from multiple organizations. To assure mission-critical computations and workflows that rely on such dynamically configured systems-of-systems, it is necessary to ensure that a given configuration does not violate any security or reliability requirements. Furthermore, it is necessary to model the trustworthiness of a workflow or computations' completion to gain high assurances.
The focus of this book is on providing solutions to the problems of cloud computing to ensure a robust, dependable computational and data cyberinfrastructure for operations and missions. While the research has been funded by the Air Force, its outcomes are relevant and applicable to cloud computing across all domains, not just to military activities. The Air Force acknowledges the value of this interdomain transfer as exemplified by the Air Force's having patented – with an intended goal of commercialization – some of the cloud computing innovation described in this book.
This material is based on research sponsored by the Air Force Research Laboratory (AFRL) and the Air Force Office of Scientific Research (AFOSR) under agreement number FA8750-11-2-0084, and we would like to thank AFRL and AFOSR for their financial support, collaboration, and guidance.1 The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright notation thereon. The work described in this book was also partially supported by the Boeing Company and by other sources acknowledged in individual chapters.
The editors would like to acknowledge the contributions of the following individuals (in alphabetical order): Cristina L. Abad, Gul Agha, Masooda N. Bashir, Rakesh B. Bobba, Chris X. Cai, Roy H. Campbell, Tej Chajed, Brian Cho, Domenico Cotroneo, Fei Deng, Carlo Di Giulio, Peter Dinges, Zachary J. Estrada, Jatin Ganhotra, Mainak Ghosh, Jon Grov, Indranil Gupta, Gopalakrishna Holla, Jingwei Huang, Jun Ho Huh, Ravishankar K. Iyer, Zbigniew Kalbarczyk, Charles A. Kamhoua, Manoj Kumar, Kevin A. Kwiat, Luke Kwiat, Luke M. Leslie, Tianwei Li, Philbert Lin, Si Liu, Yi Lu, Andrew Martin, José Meseguer, Priyesh Narayanan, Sivabalan Narayanan, Son Nguyen, David M. Nicol, Shadi A. Noghabi, Peter Csaba Ölveczky, Antonio Pecchia, Boyang Peng, Cuong Pham, Mayank Pundir, Muntasir Rahman, Nathan Roberts, Aashish Sharma, Reza Shiftehfar, Yosub Shin, Stephen Skeirik, Read Sprabery, Sriram Subramanian, Jian Tang, Gary Wang, Wenting Wang, Le Xu, Lok Yan, Mindi Yuan, and Mammad Zadeh. We would also like to thank Todd Cushman, Robert Herklotz, Tristan Nguyen, Laurent Njilla, Andrew Noga, James Perretta, Anna Weeks, and Stanley Wenndt. Finally, we would like to thank and acknowledge Jenny Applequist, who helped edit and collect the text into its final form, as well as Mary Hatcher, Vishnu Narayanan, Victoria Bradshaw, and Melissa Yanuzzi of Wiley and Vinod Pandita of Thomson Digital for their kind assistance in guiding this book through the publication process.
Roy H. Campbell is Associate Dean for Information Technology of the College of Engineering, the Sohaib and Sara Abbasi Professor in the Department of Computer Science, and Director of the NSA-designated Center for Academic Excellence in Information Assurance Education and Research at the University of Illinois at Urbana-Champaign (UIUC); previously, he was Director of the Air Force-funded Assured Cloud Computing Center in the Information Trust Institute at UIUC from 2011 to 2017. He received his Honors B.S. degree in Mathematics, with a Minor in Physics, from the University of Sussex in 1969 and his M.S. and Ph.D. degrees in Computer Science from the University of Newcastle upon Tyne in 1972 and 1976, respectively. Professor Campbell's research interests are the problems, engineering, and construction techniques of complex system software. Cloud computing, data analytics, big data, security, distributed systems, continuous media, and real-time control pose system challenges, especially to operating system designers. Past research includes path expressions as declarative specifications of process synchronization, real-time deadline recovery mechanisms, error recovery in asynchronous systems, streaming video for the Web, real-time Internet video distribution systems, object-oriented parallel processing operating systems, CORBA security architectures, and active spaces in ubiquitous and pervasive computing. He is a Fellow of the IEEE.
Charles A. Kamhoua is a researcher at the Network Security Branch of the U.S. Army Research Laboratory (ARL) in Adelphi, MD, where he is responsible for conducting and directing basic research in the area of game theory applied to cyber security. Prior to joining the Army Research Laboratory, he was a researcher at the U.S. Air Force Research Laboratory (AFRL), Rome, New York for 6 years and an educator in different academic institutions for more than 10 years. He has held visiting research positions at the University of Oxford and Harvard University. He has coauthored more than 100 peer-reviewed journal and conference papers. He has presented over 40 invited keynote and distinguished speeches and has co-organized over 10 conferences and workshops. He has mentored more than 50 young scholars, including students, postdocs, and AFRL Summer Faculty Fellowship scholars. He has been recognized for his scholarship and leadership with numerous prestigious awards, including the 2017 AFRL Information Directorate Basic Research Award “For Outstanding Achievements in Basic Research,” the 2017 Fred I. Diamond Award for the best paper published at AFRL's Information Directorate, 40 Air Force Notable Achievement Awards, the 2016 FIU Charles E. Perry Young Alumni Visionary Award, the 2015 Black Engineer of the Year Award (BEYA), the 2015 NSBE Golden Torch Award – Pioneer of the Year, and selection to the 2015 Heidelberg Laureate Forum, to name but a few. He received a B.S. in electronics from the University of Douala (ENSET), Cameroon, in 1999, an M.S. in Telecommunication and Networking from Florida International University (FIU) in 2008, and a Ph.D. in Electrical Engineering from FIU in 2011. He is currently an advisor for the National Research Council, a member of the FIU alumni association and ACM, and a senior member of IEEE.
Kevin A. Kwiat retired in 2017 as Principal Computer Engineer with the U.S. Air Force Research Laboratory (AFRL) in Rome, New York after more than 34 years of federal service. During that time, he conducted research and development in a wide range of areas, including high-reliability microcircuit selection for military systems, testability, logic and fault simulation, rad-hard microprocessors, benchmarking of experimental computer architectures, distributed processing systems, assured communications, FPGA-based reconfigurable computing, fault tolerance, survivable systems, game theory, cyber-security, and cloud computing. He received a B.S. in Computer Science and a B.A. in Mathematics from Utica College of Syracuse University, and an M.S. in Computer Engineering and a Ph.D. in Computer Engineering from Syracuse University. He holds five patents. He is co-founder and co-leader of Haloed Sun TEK of Sarasota, Florida, which is an LLC specializing in technology transfer and has joined forces with the Commercial Applications for Early Stage Advanced Research (CAESAR) Group. He is also an adjunct professor of Computer Science at the State University of New York Polytechnic Institute, and a Research Associate Professor with the University at Buffalo.
Cristina L. Abad
Escuela Superior Politecnica del Litoral
ESPOL
Guayaquil
Ecuador
Gul Agha
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Masooda Bashir
School of Information Sciences
University of Illinois at Urbana-Champaign
Champaign, IL
USA
Rakesh Bobba
School of Electrical Engineering and Computer Science
Oregon State University
Corvallis, OR
USA
Roy H. Campbell
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Minas Charalambides
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Domenico Cotroneo
Dipartimento di Ingegneria
Elettrica e delle Tecnologie dell'Informazione
Università degli Studi di Napoli Federico II
Naples
Italy
Fei Deng
Department of Electrical and Computer Engineering
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Carlo Di Giulio
Information Trust Institute
University of Illinois at Urbana-Champaign
Urbana, IL
USA
and
European Union Center
University of Illinois at Urbana-Champaign
Champaign, IL
USA
Zachary Estrada
Department of Electrical and Computer Engineering
Rose-Hulman Institute of Technology
Terre Haute, IN
USA
and
Department of Electrical and Computer Engineering
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Mainak Ghosh
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Jon Grov
Gauge AS
Oslo
Norway
Indranil Gupta
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Jingwei Huang
Department of Engineering Management and Systems Engineering
Old Dominion University
Norfolk, VA
USA
and
Information Trust Institute
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Jun Ho Huh
Samsung Research
Samsung Electronics
Seoul
South Korea
Ravishankar K. Iyer
Department of Electrical and Computer Engineering and Coordinated Science Laboratory
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Zbigniew Kalbarczyk
Department of Electrical and Computer Engineering and Coordinated Science Laboratory
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Charles A. Kamhoua
Network Security Branch
Network Sciences Division
U.S. Army Research Laboratory
Adelphi, MD
USA
Kevin A. Kwiat
Haloed Sun TEK
Sarasota, FL
USA
Luke Kwiat
Department of Industrial and Systems Engineering
University of Florida
Gainesville, FL
USA
Si Liu
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Kirill Mechitov
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
José Meseguer
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
David M. Nicol
Department of Electrical and Computer Engineering and
Information Trust Institute
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Shadi A. Noghabi
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Peter Csaba Ölveczky
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
and
Department of Informatics
University of Oslo
Oslo
Norway
Karl Palmskog
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Antonio Pecchia
Dipartimento di Ingegneria Elettrica e delle Tecnologie dell'Informazione
Università degli Studi di Napoli Federico II
Naples
Italy
Cuong Pham
Department of Electrical and Computer Engineering
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Atul Sandur
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Aashish Sharma
Lawrence Berkeley National Lab
Berkeley, CA
USA
Reza Shiftehfar
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Stephen Skeirik
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Jian Tang
Department of Electrical Engineering and Computer Science
Syracuse University
Syracuse, NY
USA
Gary Wang
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Le Xu
Department of Computer Science
University of Illinois at Urbana-Champaign
Urbana, IL
USA
Lok Yan
Air Force Research Laboratory
Rome, NY
USA