Português English
Contato
Publicado em: 20/03/2013

Dissertação de Mestrado em Redes de Computadores

UNIVERSIDADE FEDERAL DO RIO GRANDE DO SUL
INSTITUTO DE INFORMÁTICA
PROGRAMA DE POS-GRADUAÇÃO EM COMPUTAÇÃO
———————————————————
DEFESA DE DISSERTAÇÃO DE MESTRADO

Aluno: Daniel Stefani Marcon
Orientador: Prof. Dr. Antonio Marinho Pilla Barcellos

Título: Trust-based Application Grouping for Cloud Datacenters: improving security in shared infrastructures.
Linha de Pesquisa: Redes de Computadores

Data: 26/03/2013
Hora: 10h30min
Local: Auditório José Mauro Volkmer de Castilho, Prédio 43424 – Instituto de Informática

Banca Examinadora:
Prof. Dr. Avelino Francisco Zorzo (PUCRS)
Prof. Dr. Alberto Egon Schaeffer Filho (UFRGS)
Prof. Dr. Luiz Fernando Bittencourt (UNICAMP)

Presidente da Banca: Prof. Dr. Antonio Marinho Pilla Barcellos

Resumo:

Cloud computing can offer virtually unlimited resources without any upfront capital investment through a pay-per-use pricing model. However, the shared nature of multi-tenant cloud datacenter networks enables unfair or malicious use of the intra-cloud network by tenants, allowing attacks against the privacy and integrity of data and the availability of resources. Recent research has proposed resource allocation algorithms that cannot protect tenants against attacks in the network or result in underutilization of resources. In this thesis, we introduce a resource allocation strategy that increases the security of network resource sharing among tenant applications. This is achieved by grouping applications from mutually trusting users into logically isolated domains composed of a set of virtual machines as well as the virtual network interconnecting them (virtual infrastructures – VIs), while considering the amount of traffic generated by the communication between VMs from the same application. Due to the hardness of the cloud resource allocation problem, we decompose the strategy in two steps. The first one allocates a given set of VIs onto the physical substrate, while the second distributes and maps applications into the set of virtual infrastructures. The use of VIs provides some level of isolation and higher security. However, groups may lead to fragmentation and negatively affect resource utilization. Therefore, we study the associated trade-off and feasibility of the proposed approach. Evaluation results show the benefits of our strategy, which is able to offer better network resource protection against attacks with low additional cost. In particular, the security can be increased with a logarithmic behavior according to the number of VIs, while internal resource fragmentation linearly grows as the number of VIs offered by the provider increases.

Palavras-Chave: Cloud computing, Resource allocation, Intra-cloud network sharing, Security, Performance interference, Denial of service