IRCoC: Intelligent Resilience for Cloud-of-Clouds Services
- Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
- Sponsor: FCT
- Project Number: PTDC/EEI-SRC/6970/2014
- Total award amount: 99.9K Euros
- Coordinator: Alysson Bessani
- Partners: FCUL
- Start Date: Jul. 2016
- Duration: 36 months
- Keywords: Distributed Systems, Security and Dependability, Cloud Computing, Replication
- Team at FCUL: 5 researchers, including Alysson Bessani, Nuno Ferreira Neves, António Casimiro, João Sousa, Tiago Oliveira
Cloud services have been changing the way computing is done in the last years due to its pay-as-you-go cost model and the ubiquity of service access. However, employing resources from a public cloud provider (e.g., Amazon) implicitly requires complete trust in such provider, an issue particularly relevant when companies consider moving critical data and applications to the cloud. First, there are concerns related with the dependability of the access network and of the cloud provider infrastructure. Although usually providers implement means to tolerate and recover from failures, recent incidents affecting the cloud have resulted in temporary unavailability, data loss and even corruption. Additionally, once the datacenter of an organization is “cloudified”, applications have to be utilized through the internet and consequently the quality of the service becomes highly sensitive to the latency and throughput of the interconnection. Second, security is a fundamental concern since the cloud has complete control over the data and processing of the services. Issues like confidentiality and integrity of the data are becoming paramount, with an already large number of distinct attacks known. These can be performed, for instance, by the employees of the provider or by other tenants sharing the resources. Finally, there is the risk of vendor lock-in, in which companies can become dependent on a particular cloud service, as the organization is unable to switch to another provider without incurring substantial costs.
One way to address these problems is through the use of multiple cloud providers, or a cloud-of-clouds (CoC): since each provider operates independently, a common failure affecting multiple clouds is expected to be very unlikely. Moreover, since their datacenters are connected to the internet at different locations, path diversity increases and, as a consequence, good quality of service for its users becomes more attainable. Security can also be obtained by leveraging from the multiple clouds, e.g., a computation can be replicated in three providers and, in case the integrity of one of the results is violated, the user is able to detect the fault by observing the majority of correct results, from the other two. Finally, since CoC services need to operate on various providers, vendor lock-in is no longer an issue.
The IRCoC project aims to make significant advances on the use of a CoC for storage, coordination and execution of critical services, enabling organizations and individuals to benefit from the clouds without requiring complete trust on any single provider. More precisely, the project aims to make two main contributions. First, we will design new data-centric replication solutions, in which the cloud services (e.g., Rackspace Queue, Amazon DynamoDB) are modeled as fail-prone shared objects [Jay98] where no code or functionality (besides what they provide) can be deployed. The key advantage of this approach is the low costs and the ease of management, since there are no servers to be configured and maintained. We plan to investigate some fundamental theoretical questions on this model and provide practical multi-writer resilient storage and coordination algorithms for this setting. Second, novel replication protocols will be developed, ensuring the correct execution of web services running across multiple clouds. These protocols will be highly configurable to support different security requirements and adaptable to the conditions of the network and clouds. This will enable a more intelligent deployment of resources, departing from existing solutions that are mostly static.
- Ricardo Mendes, Tiago Oliveira, Vinicius Vielmo Cogo, Nuno Ferreira Neves, Alysson Bessani, “CHARON: A Secure Cloud-of-Clouds System for Storing and Sharing Big Data”, IEEE Transactions on Cloud Computing, vol. 9, no. 4, pp. 1349–1361, Oct. 2021. 10.1109/TCC.2019.2916856
- Vinicius Vielmo Cogo, Alysson Bessani, “Brief Announcement: Auditable Register Emulations”, in 35th International Symposium on Distributed Computing (DISC 2021), Oct. 2021.
- Vinicius Vielmo Cogo, João Paulo, Alysson Bessani, “GenoDedup: Similarity-Based Deduplication and Delta-Encoding for Genome Sequencing Data”, IEEE Transactions on Computers, vol. 70, no. 5, pp. 669–681, May 2021. DOI: 10.1109/TC.2020.2994774
- Fernando Alves, Aurélien Bettini, Pedro M. Ferreira, Alysson Bessani, “Processing Tweets for Cybersecurity Threat Awareness”, Information Systems, vol. 95, Jan. 2021.
- Vinicius Vielmo Cogo, Alysson Bessani, “Enabling the Efficient, Dependable Cloud-based Storage of Human Genomes”, in 1st Workshop on Distributed and Reliable Storage Systems (DRSS'19), Oct. 2019.
- André Nogueira, António Casimiro, Alysson Bessani, “Elastic State Machine Replication”, IEEE Transactions on Parallel and Distributed Systems, Mar. 2017.
- Tiago Oliveira, Ricardo Mendes, Alysson Bessani, “Exploring Key-Value Stores in Multi-Writer Byzantine-Resilient Register Emulations”, in Proceedings of the 20th International Conference On Principles Of DIstributed Systems (OPODIS'16), Dec. 2016.
- Eduardo Adilio Pelinson Alchieri, Alysson Bessani, Fabíola Greve, Joni da Silva Fraga, “Knowledge Connectivity Requirements for Solving Byzantine Consensus with Unknown Participants”, IEEE Transactions on Dependable and Secure Computing, Mar. 2016. accepted for publication
BibTeXNavigators - IRCoC project
|Current projects:||VEDLIoT, SATO, ADMORPH, SEAL, AQUAMON, UPVN, REDBOOK, ThreatAdapt, SEL, Xivt|
|Past projects:||TCLOUDS, MASSIF, MAFTIA, RESIST NoE, DiSIEM, KARYON, HIDENETS, CORTEX, CRUTIAL, TRONE, SITAN, ReD, IRCoC, DIVERSE, CloudFIT, READAPT, REGENESYS, RC-Clouds, TACID, DARIO, RITAS, AJECT, MICRA, DEAR-COTS, COPE, DEFEATS, MOOSCO, TOPCOM, RE:DY, NORTH, Abyss, SUPERCLOUD, COST Action IC1402, SEGRID, BioBankCloud, SAPIENT, PROPHECY, SecFuNet, FTH-Grid, AIR-II, AIR, ESFORS, CaberNet, GODC, BROADCAST, CoDiCom, Delta-4, RAPTOR|