CONTRAIL SecurityOpen Computing Infrastructures for Elastic Services

Call FP7-ICT-2009-5Proposal Number FP7-257438

Dr Jens Jensenjens.jensen.at.stfc.ac.uk

STFC e-Science Centre, Oct 2010

contrail-project.eu2

CONTRAIL project - background

•EU funded•“Internet of Services” programme•Three year project•Started 01 Oct 2010

•Goals:•Open Source PaaS and IaaS

•Workflow, MapReduce, •Federation: flexible provider/consumer

boundaries

contrail-project.eu3

CONTRAIL partners•France:

•INRIA – Lead•Edge-IT

•Germany•ZIB

•Italy•CNR•HP Italy•Tiscali

•Netherlands•Genias•VUA

•Slovenia•XLAB

•UK•Constellation Tech•STFC

contrail-project.eu 4

Enhanced platform scalability, performance and security Complete software stack for IaaS Scalable fault-tolerant storage for Clouds Self-optimizing, self-healing properties Secure private network

QoS integrated within infrastructure (storage, network, VMs)

Efficiency through vertical integration of PaaS and IaaS e.g. Map/Reduce on GAFS file system

Seamless integration of (external) user resources

European, Open approach to Cloud Federation Federations as an evolving market for IaaS Contribute to the standardization process

Main Innovations and Contributions

5

CONTRAIL Subprojects and Partners

INRIA

XLAB

STFC

ZIB

VUA

TISC

INRIA

INRIA

INRIACNR

VUA

STFC

GENIAS

ZIBHP-IIC

CONST

CONST

CNRTISC

HP-IICTISC

STFC

EDGE

contrail-project.eu6

Contrail Output: IaaS•Cloud Buzzword: PaaS, IaaS, (DaaS)•Network: VIN – Virtual Infrastructure

Networks•Virtualisation:

•Hardware (Xen, KVM,…)•Process (OpenVZ, chroot) – sort of like pilot jobs•Booting images

•Storage:•Global Autonomous File System (GAFS)•Built on XtreemFS•“Open Source cloud storage not cloudy” – lack elasticity

contrail-project.eu7

Contrail Output: PaaS•Structured data services

•Eg databases•Distributed Key/Value store

•Runtime environments•MapReduce•Dynamic allocation of resources

•“Independent services scale differently”

•“Tightly coupled stack”•“Increase performance and integration”

contrail-project.eu8

CONTRAIL Security•Security Work package

•Lead: STFC•Main collaborators: INRIA, XLAB, CNR•Minor collaborators: Tiscali, HP, EDGE-IT

•Use of formal methods•verify architecture and implementation•Cf. B, Z, Event-B•Learning from other EU-funded projects such as DEPLOY

•Accounting•SLAs

•QoS – Quality of Service•QoP – Quality of Protection

contrail-project.eu9

CONTRAIL – Security Loose Ends

•Role of security in federation•Managing policies and resource sharing

•Authentication•Planned to use XtreemOS (X.509 sans GSI)•Also compare RESERVOIR (also X.509 but non-IGTF

currently)

•QoS is also security•Eg availability

•QoP is security•Eg integrity•Securing (virtual) networks•Securing VM images

contrail-project.eu10

CONTRAIL – Security Loose Ends

•Does “traditional” security apply to clouds•Understand and mitigate risks

•Users and trust•Cf CSA threats•Moving data outside trusted boundary•Legal issues with moving data

•Security of VM images•Cf. current work from HEPiX, JSPG, JSPG++

contrail-project.eu11

Service Provider – DDoS•RESERVOIR: “DDoS is greatest risk”

•Methods for dealing with attack

•Compare scaling existing services•“Cloud bursting”•Risk of billing user

•However, most “attacks” we see are “unintentional”

•Neither malicious, nor needing scaling•Dodgy scientist code•Users who don’t understand pitfalls of dist’d comp

contrail-project.eu12

CONTRAIL - Standards•Recognise OCCI as the “most promising”

•Did not consider CDMI (not available when proposal was written)

•Commitment to standardisation•Not clear what, yet•Need to aim up-front, though

•Need to liaise/collaborate with EGI and EMI?•SLAs from SLA@SOI and others

•Not standardised•“Can standardise underlying model”

•“Concertation”proposed standards bodies•ETSI, W3C, OASIS, OGF, OMG

contrail-project.eu13

CONTRAIL – Use Cases1. Distributed Provision of Geo-Referenced Data

o Tourist data on digital globe

2. Multimedia Processing Service Marketplaceo Content provider, licences

3. Clouds for High Performance Real-Time Data Analysiso Analysis of beamline data, fitting models

4. Large Scale Code Analysiso doc4.mandriva.org

5. High Throughput Electronic Drug Discoveryo Pharma use cases, genomics, NGS

contrail-project.eu

More information•http://www.contrail-project.eu/•jens.jensen.at.stfc.ac.uk