Future @ Cloud: Cloud Computing meets Smart Ecosystems ... INDآ²UCE for HBase/Hadoop Cloud Databases

Embed Size (px)

Text of Future @ Cloud: Cloud Computing meets Smart Ecosystems ... INDآ²UCE for HBase/Hadoop Cloud...

  • © Fraunhofer IESE

    Future @ Cloud: Cloud Computing meets Smart Ecosystems Joerg Doerr, Fraunhofer IESE, Kaiserslautern, Germany Joerg.Doerr@iese.fraunhofer.de

  • © Fraunhofer IESE

    2

    Fraunhofer-Institute for Experimental Software Engineering (IESE)

    Leading Institute for Software Engineering

    Founded in 1996 in Kaiserslautern, Germany 200 employees Focus on software engineering ! Provide innovative and value-adding

    customer solutions with measurable effects

    ! Advance the state-of-the art in software and system engineering

    ! Promote the importance of empirically based software and system engineering

    www.iese.fraunhofer.de

  • © Fraunhofer IESE

    3

    Fraunhofer IESE – Our Competencies

    SOFTWARE-ENABLED INNOVATIONS

    for innovative Systems

  • © Fraunhofer IESE

    4

    Fraunhofer IESE – Our Competencies

    SOFTWARE-ENABLED INNOVATIONS

  • © Fraunhofer IESE

    5

    Digital Society Business Life: Integration Enables Innovation!

    … in Information Systems as well as in Embedded Systems

  • © Fraunhofer IESE

    6

    n New business models n  that did not work in the past start to work now (Apple Store,

    Micropayment, ..)

    n Private life pushes business life n Physical objects go digital

    n Machinery, things, living objects like plants and animals n Usage of Big Data to exploit available data

    n Uncertainty at runtime

    Trends and Implications

  • © Fraunhofer IESE

    7

    IT Mega Trend: Integration

    Big  Data  /  Data  Analy-cs  

  • © Fraunhofer IESE

    8

    Digital Ecosystems

    Software Ecosystems n  deliver innovations through integrated software systems n  are typically driven by multiple organizations at their own pace to interact with

    shared markets n  operate through the exchange of data, functions, or services

    with mutually influencing parts

    Smart Ecosystems n  integrate non-trivial information systems supporting business goals n  integrate non-trivial embedded systems supporting technical goals n  function as one unit to achieve a common, superior goal

    and share context-dependent information

  • © Fraunhofer IESE

    9

    Integration of IS and ES - Differences

    Key Goals Optimization of Business Processes

    Optimization of Technical Processes (sensors and actuators)

    Optimization of both, Business Processes & Technical Processes with Equal Rights

    Software Engineering

    IS-Driven (Information Systems 2.0) may include embedded data in workflows

    ES-Driven (Embedded Systems 2.0) may use information systems for data storage, e.g., in the cloud

    ES/IS-Integration Participative Engineering: Across Organizations (sometimes with Equal Rights)

    Key Qualities (Examples)

    Security Safety Safety & Security

  • © Fraunhofer IESE

    10

    Smart Ecosystems A Trend Across Domains

    Smart Ecosystems

    Industry 4.0

    V2X and C2X

    eEnergy

    eHealth

    Smart Farming

  • © Fraunhofer IESE

    11

    Research in Smart Ecosystems Key Challenges

    Diversity

    Uncertainty

    Complexity

    Guaranteed Qualities

    e.g., Safety and Security

    Lifecycle Management

    Big Data

  • © Fraunhofer IESE

    12

    Big Data Analysis in Smart Ecosystems

    Organiza-on  1  

    Run$me  environment  

    Data  sourcesn  

    Algorithmics+analyses  

    Visualiza$on  

    Modeling  

    Data  Miner  &  Generator  

    Organiza-on  N  

    Run$me  environment  

    Data  sources  

    Algorithmics+analyses  

    Visualiza$on  

    Modeling  

    Data  Miner  &  Generator  

    Virtual  run$me  environment  

    Global  analyses,  algorithmics,  data  fusion,  analysis  data  base        

    Visualiza$on  

    Ecosystem   Simulator  Crowd  Data  Miner   Data  genera$on  

    Standardized  modeling  for  analyses  and  released  data  

    Usage   control  

    Usage   control  …  

  • © Fraunhofer IESE

    13

    Dealing with Data in Smart Ecosystems– Cloud as Potential Boost for Analytics & Interoperation – Data Usage Control as Key Business Enabler

    Moving Data to the Cloud = Moving Data to Third Parties n  Data Protection Challenges

    n  Data Residency (data must be kept within defined geographic borders) n  Data Privacy (enterprise is responsible for any breach to data) n  Compliance (enterprise must comply with applicable laws) n  Data Usage Control (data is accessed from different entities)

    è Main concerns for critical infrastructure IT using the Cloud

    n  Security and Privacy

    https://seccrit.eu/upload/CloudCritITSurvey.pdf, 10-03-2014, SECCRIT

  • © Fraunhofer IESE

    14

    Motivation SECCRIT in a Nutshell

    n  Challenges n  Analyse and evaluate cloud computing

    with respect to security risks in sensitive environments (i.e., critical infrastructures)

    n  Goal n  Development of methodologies, technologies, best practices for secure,

    trustworthy, high assurance and legal compliant cloud computing environments for critical infrastructure IT.

    Enable cloud technologies to be used for critical infrastructure IT

  • © Fraunhofer IESE

    15

    SECCRIT Research Focus at Fraunhofer IESE

    n  Multi-layer Policy Decision and Enforcement for Usage Control Policies n  Policy enforcement on different abstraction layers of the cloud

    (e.g., cloud infrastructure or service level)

    n  Context-aware policy enforcement mechanisms (e.g., respecting geolocation if data or service is migrated)

    n  User-friendly Policy Specification n  Elicitation method for security demands and mapping to machine-

    enforceable security policies

    n  Reduction of errors and misunderstandings in policy specification

  • © Fraunhofer IESE

    16

    Policy Decision and Enforcement

  • © Fraunhofer IESE

    17

    Policy Decision and Enforcement Framework: IND²UCE

    n  Dynamic framework for policy decision and enforcement

    n  Seamless integration of new components

    n  Dynamic management during runtime

    n  Powerful policy language

  • © Fraunhofer IESE

    18

    Policy Decision and Enforcement SECCRIT Architectural Framework (Policy-oriented View)

    n  PEP and PXP as enforcement components on different abstraction levels

    n  PDP as central decision component

    n  PIP component as additional information retrieval component for the decision making

    n  PAP as interface between stakeholders and policy framework

  • © Fraunhofer IESE

    19

    Enforcement in the Cloud Infrastructure Level Scenario: Enforcing Anti-Affinity Policy

    Scenario: Tenant A runs critical infrastructure services on different machines (VMs) on a virtual datacenter. However, the services are not allowed to share the same physical resources!

    Problem: If Tenant A or the cloud infrastructure operator starts migrating virtual machines (VMs) to the same physical host, both critical services run on the same physical host.

    à VMware offers affinity rules, but allows their violation

    Solution: An anti-affinity policy specifies that critical VMs have to be separated. Migrating critical VMs to the same physical host results in automatically migrating the other critical service away.

  • © Fraunhofer IESE

    20

    Enforcement in the Cloud Infrastructure Level Scenario: Enforcing Virtual Machine Snapshots Policy

    Scenario: A virtual machine is reserved as a sandbox for evaluating new software. Testers can install software on the machine, but it has to be reverted to previous state after usage. Only administrators are allowed to make persistent changes.

    Problem: A tester might forget to revert the machine or an administrator might forget to create a new snapshot. Creating snapshots and reverting has to be triggered manually. The vCenter user management has no automatic mechanisms for this kind of scenario.

    Solution: Virtual machine snapshots policies specify that a snapshot is created after an administrator logs out from the virtual machine. If a tester logs out from the virtual machine, the virtual machine is reverted.

  • © Fraunhofer IESE

    21

    Enforcement in the Cloud Infrastructure Level Scenario: Enforcing Virtual Machines Geolocation

    Scenario: A virtual machine hosts sensitive data and is only allowed to be operated in countries within Europe.

    Problem: A cl