Grid and Cloud Security: A Confluence
NII Shonan Meeting:
@ Shonan Village Center, October 15-18, 2012
NII Shonan Meeting Report (ISSN 2186-7437):No.2012-8
●? Barton P. Miller, University of Wisconsin, USA
●? Yoshio Tanaka, National Institute of Advanced Industrial Science and Technology, Japan
●? Elisa Heymann, Autònoma de Barcelona, Spain
Topics of the Seminar
The threats are clear: crime gangs, rogue nation-states and terrorists are using the Internet to raise money, steal information, promote their causes, and disrupt the infrastructure of those that they oppose. These organizations are motivated, well funded, and highly skilled.
The cost to society of not addressing these threats is high: lost revenue and funds, lost data, violated privacy, disrupted network services, and even the potential to disrupt physical services. Often the extent of damaged is not known until long after an attack is successfully executed.
The target environment is rich: online services and databases that hold valuable personal, financial, commercial, and scientific data, and that provide critical services to each of the areas. The cost of disruption can be measured in terms of monetary loss, damage to business, loss of privacy, and severe delays in scientific progress.
In the past several years, Grids and Clouds have emerged as particularly productive environments for leveraging the technology of the Internet:
1. Computational Grids: Grids bring together and dynamically manage a diverse and geographically distributed collection of users, data sources, computational resources, networks, and data sources to solve problems that no single organization can attempt. Organizations must manage complex patterns of sharing, data movement, and remote access.
2. Cloud Computing: Clouds virtualize computing resources, allowing an organization to dynamically provision their computational, service, and storage needs from a cloud provider. The cloud provider controls access, sharing, and allocation of resources to a diverse customer base.
In each of these two environments, unrelated users are accessing common computational, network, and storage resources, and organizations are extending their trust boundaries well beyond the traditional physical limitations of their own facilities.
The software that comprises the services provided by each of these environments is complex and multifaceted, and not well understood by the typical user. As a result, the threats that seem obvious to a user may have an actual risk that is quite minimal, while there are significant and emerging threats of which users are completely unaware.
Our goal for this Seminar is to take advantage of Shonan’s unique environment to bring together a diverse community of researchers, practitioners, and developers across several dimensions:
1. Grid and Cloud security;
2. Industry, government, and academia;
3. Theoretical and practical interests; and
4. Scientific and business communities.
Goals of the Seminar
A Shonan meeting offers the unique opportunities to harvest the benefits of both a meeting of Grid and Cloud experts as well as a meeting of practitioners and theoreticians. The week-long format offers an opportunity for these communities to familiarize themselves with each other and establish a basis for collaboration. Such a joining of disparate communities is difficulty to achieve in a typical workshop. Thus, the seminar is to answer the following questions among others:
? A meeting of experts from the Grids and Clouds area:
? Grid computing and its predecessors (distributed computing, metacomputing, . . . ) has long had to address security issues. How can we leverage these lessons and apply them to Clouds?
? What solutions are coming from Cloud computing that can be applied to Grids?
? What new challenges come as Grids extend into the Clouds, using such facilities as dynamically provisioning Grids from Cloud resources?
? A meeting of practitioners and theoreticians: Security meetings and projects tend to have either a strong theoretical or practical bent.
? What recent theoretical results in security can improve our way of securing Grids and Clouds?
? What are the most current pressing practical problems in Grids and Clouds for which we would like to see new algorithms and techniques?
IT security management is typically divided into the areas of confidentiality, integrity, and availability. Having the chance to gather experts from all these areas guarantees a comprehensive overview on the subject. During the week-long session, we will provide an opportunity to share each other’s experiences, leverage each other’s knowledge, and develop a joint strategy for securing these critical computational and informational resources as Grids and Clouds do offer. The meeting would consist of representative background presentations to set the context for discussions, sessions for identifying ways of identifying work that can be leveraged across areas, sessions for developing joint research and development agendas going forward, and a capped off by a session that focuses joint problem-solving of a target issue selected during the week.