Abstract
Nowadays risk analysis becomes critical in the Cloud Computing domain due to the increasing number of threats affecting applications running on cloud infrastructures. Multi-cloud environments allow connecting and migrating services from multiple cloud providers to manage risks. This paper addresses the question of how to model and configure multi-cloud services that can adapt to changes in user preferences and threats on individual and composite services. We propose an approach that combines Product Line (PL) and Machine Learning (ML) techniques to model and timely find optimal configurations of large adaptive systems such as multi-cloud services. A three-layer variability modeling on domain, user preferences, and adaptation constraints is proposed to configure multi-cloud solutions. ML regression algorithms are used to quantify the risk of resulting configurations by analyzing how a service was affected by incremental threats over time. An experimental evaluation on a real life electronic identification and trust multi-cloud service shows the applicability of the proposed approach to predict the risk for alternative re-configurations on autonomous and decentralized services that continuously change their availability and provision attributes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The complete PL specification is available at: https://github.com/governit/MultiCloud/tree/master/MultiCloudPL/models.
- 2.
Datasets are available at: https://github.com/governit/MultiCloud/tree/master/RiskQuantification.
- 3.
- 4.
- 5.
References
Ahmed, N., Abraham, A.: Modeling cloud computing risk assessment using machine learning. In: Abraham, A., Krömer, P., Snasel, V. (eds.) Afro-European Conference for Industrial Advancement. AISC, vol. 334, pp. 315–325. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-13572-4_26
Assis, M.R.M., Bittencourt, L.F., Tolosana-Calasanz, R.: Cloud federation: characterisation and conceptual model. In: 7th International Conference on Utility and Cloud Computing, pp. 585–590. IEEE (2014). https://doi.org/10.1109/UCC.2014.90
Böckle, G.: Introduction to software product line engineering. In: Pohl, K., Böckle, G., van der Linden, F. (eds.) Software Product Line Engineering, pp. 3–18. Springer, Heidelberg (2005). https://doi.org/10.1007/3-540-28901-1_1
Garg, S.K., Versteeg, S., Buyya, R.: SMICloud: a framework for comparing and ranking cloud services. In: 4th International Conference on Utility and Cloud Computing, pp. 210–218. IEEE (2011). https://doi.org/10.1109/UCC.2011.36
Grozev, N., Buyya, R.: Inter-cloud architectures and application brokering: taxonomy and survey. Softw. Pract. Exp. 44(3), 369–390 (2014). https://doi.org/10.1002/spe.2168
Hu, Y., Huang, J., Chen, J., Liu, M., Xie, K., Yat-sen, S.: Software project risk management modeling with neural network and support vector machine approaches. In: Third International Conference on Natural Computation, vol. 3, pp. 358–362. IEEE (2007). https://doi.org/10.1109/ICNC.2007.672
Khorshed, M.T., Ali, A.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012). https://doi.org/10.1016/j.future.2012.01.006
Leite, A.F., Alves, V., Rodrigues, G.N., Tadonki, C., Eisenbeis, C., de Melo, A.C.M.A.: Automating resource selection and configuration in inter-clouds through a software product line method. In: International Conference on Cloud Computing, CC 2015, pp. 726–733. IEEE, Washington (2015). https://doi.org/10.1109/CLOUD.2015.101
Ma, H., Hu, Z., Li, K., Zhang, H.: Toward trustworthy cloud service selection: a time-aware approach using interval neutrosophic set. J. Parallel Distrib. Comput. 96, 75–94 (2016). https://doi.org/10.1016/j.jpdc.2016.05.008
Martens, B., Teuteberg, F.: Decision-making in cloud computing environments: a cost and risk based approach. Inf. Syst. Front. 14(4), 871–893 (2012). https://doi.org/10.1007/s10796-011-9317-x
Ochoa, L., González-Rojas, O.: Program synthesis for configuring collaborative solutions in feature models. In: Ciuciu, I., et al. (eds.) OTM 2016. LNCS, vol. 10034, pp. 98–108. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-55961-2_10
Ochoa, L., González-Rojas, O., Thüm, T.: Using decision rules for solving conflicts in extended feature models. In: International Conference on Software Language Engineering, pp. 149–160. ACM, New York (2015). https://doi.org/10.1145/2814251.2814263
Ochoa, L., González-Rojas, O., Verano, M., Castro, H.: Searching for optimal configurations within large-scale models: a cloud computing domain. In: Link, S., Trujillo, J.C. (eds.) ER 2016. LNCS, vol. 9975, pp. 65–75. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47717-6_6
Saripalli, P., Walters, B.: QUIRC: a quantitative impact and risk assessment framework for cloud security. In: 3rd International Conference on Cloud Computing, pp. 280–288. IEEE (2010). https://doi.org/10.1109/CLOUD.2010.22
Stolen, K., et al.: Model-based risk assessment - the coras approach. In: iTrust Workshop (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
González-Rojas, O., Tafurth, J. (2019). Multi-cloud Services Configuration Based on Risk Optimization. In: Panetto, H., Debruyne, C., Hepp, M., Lewis, D., Ardagna, C., Meersman, R. (eds) On the Move to Meaningful Internet Systems: OTM 2019 Conferences. OTM 2019. Lecture Notes in Computer Science(), vol 11877. Springer, Cham. https://doi.org/10.1007/978-3-030-33246-4_45
Download citation
DOI: https://doi.org/10.1007/978-3-030-33246-4_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33245-7
Online ISBN: 978-3-030-33246-4
eBook Packages: Computer ScienceComputer Science (R0)