文章基本信息

标题：A COMPARISON OF PLATFORM AS A SERVICE (PAAS) CLOUDS WITH A DETAILED REFERENCE TO SECURITY AND GEOPROCESSING SERVICES
本地全文：下载
作者：B. Ludwig ; S. Coetzee
期刊名称：ISPRS Annals of the Photogrammetry, Remote Sensing and Spatial Information Sciences
印刷版ISSN：2194-9042
电子版ISSN：2194-9050
出版年度：2010
卷号：XXXVIII - 4/W13
出版社：Copernicus Publications
摘要：Cloud computing is an emerging computing paradigm aimed at running services over the inter net to pr ovide scalability and flexibility. The advantages in using the cloud for start-up and small businesses that lack infrastructure have been shown to far outweigh the disadvantages. Cloud platform services, also known as Platform as a Service (PaaS), provide a computing platform or solution stack on which software can be developed for later deployment in a cloud. However, there are a numb er of security challenges because users of the cloud have to rely on third par ty companies to provide confidentiality, integrity and availability. Geopr ocessing is the manipulation of geographic information, ranging from simple f eature overlays and geocoding to raster processing and advanced climate modelling. The Open Geospatial Consortium's (OGC) Web Processing Service (WPS) defines a standardized interface that facilitates the publishing of geospatial processes. Parallelization and distribution of geoprocessing services have r eceived much attention lately, including running them in a cloud. However, work on the security aspects of geoprocessing in a cloud is limited. In this paper, we compare three PaaS cloud computing solutions, namely Microsoft Azure, Google App Engine and GroundOS, with a detailed reference to cloud security concerns. An analysis of the security mechanisms and Service Level Agreements (SLA) provided by these PaaS clouds is presented. We then look at the implications of these security issues for geoprocessing services and the OGC's WPS specifically, investigating potential security pitfalls when developing a WPS in a PaaS cloud. Finally, recommendations for future work are presented. * Corresponding author. var currentpos,timer; function initialize() { timer=setInterval("scrollwindow()",10);} function sc(){clearInterval(timer); }function scrollwindow() { currentpos=document.body.scrollTop; window.scroll(0,++currentpos); if (currentpos != document.body.scrollTop) sc();} document.onmousedown=scdocument.ondblclick=initialize 1. INTRODUCTION Cloud computing is largely a combination of existing technologies that have been around since the early 1990's. These technologies include: grid computing; utility computing; and most r ecently virtualisation. Each of these technologies forms a layer in the cloud comp uting stack. Cloud computing allows a user to pay only for the resources used instead of paying a fixed cost; this is the concept of utility computing. One of the main drivers that launched cloud computing is virtualisation technology, which allows resources to be dynamically scaled on demand. This has a close relationship to the utility computing model where each additional virtual instance created will have associated with it additional costs because of the more resources provided by that instance. Cloud computing can be seen as another form of distributed high performance computing, which has similarities to cluster, parallel and grid computing. Based on our understanding and a study of various cloud def initions, we have come up with the following definition for a cloud: A cloud is a utility based computing model that provides a service, and allows virtualised resources to be easily and efficiently scaled on demand. Geopr ocessing is the manipulation of geographic information, ranging from simple feature overlays and geocoding to raster processing and advanced climate modelling. The Open Geospatial Consortium's (OGC) Web Pr ocessing Service (WPS) defines a standardized interface that facilitates the publishing of geospatial processes (OGC 2007). Par allelization and distribution of geoprocessing ser vices on grids and clouds have received much attention lately. For example, the research agenda for geoprocessing services pr oposed by Brauner et al. (2009) recommends further research into the use of cloud and grid computing to overcome the performance obstacle in geoprocessing services that are used in SDIs. In earlier work we analysed the technology choices for data grids in a spatial data infrastructure (SDI), including the use of a number of OGC web services (Coetzee and Bishop 2009). Here we limit our focus to the OGC WPS in relation to security in PaaS clouds. Work on the security aspects of geoprocessing in a cloud, which ar e investigated in this paper, is limited. Cloud computing provides three service models that provide different levels of control and security. These levels are, in decreasing order of control and increasing order of security: 1. Infrastructure as a Service (IaaS); 2. Platf orm as a Service (PaaS); and 3. Software as a Service ( SaaS) Each service model can be seen as a layer with IaaS at the base allowing full control of resources and storage, PaaS in the middle allowing development on an existing platform and finally, SaaS providing limited development opportunities but having appeal to end-users. Each layer provides different development and/or deployment opportunities that can be matched to the resource requirements of individuals and businesses. Security is one of the greatest concer ns currently preventing large-scale adoption of the cloud. This issue is emphasised in numerous recent literature articles, either stating that cloud computing security is still immature or just unreliable. Examples can be found in Everett (2009), Grossman (2009), Hutchinson et al. (2009), Kaufman (2009), and Sloan (2009), which all raise the question of security as a concern in the cloud computing environment. Since cloud computing is such a new and talked about topic, numerous blog and web articles are also talking about secur ity-related concerns in a cloud. Some examples are found in the following: Cloud Security Alliance (2009); InfoSecurity (2009); Knights (2009); and Twentyman (2009). The different service models offered by cloud providers determine the security mechanisms needed to provide adequate privacy and data protection in the cloud. Current published research lacks detailed explanations and more importantly practical exper ience of security measures provided by cloud computing providers. Many questions have been raised about security in cloud computing but few answers exists at this stage, as cloud computing is still in an adaptation or peak of inf lated expectations phase. In this paper we present the results of a comparison of three PaaS clouds, with specific reference to the three security goals: 1. Confidentiality; 2. Integrity; and 3. Availability An analysis of the security mechanisms and Service Level Agreements (SLAs) provided by these PaaS clouds are presented, as well as results from experiments that were run in the three PaaS clouds. Finally, the implications of these results for writing a WPS in a PaaS cloud are discussed. 2. PAAS CLOUD COMPARISON In this section we present the results of our comparison of three PaaS cloud computing solutions, namely Microsoft Azure (MWA), Google App Engine (GAE) and GroundOS (GOS). First we provide some background on the comparison and then we describe the results of our comparison. 2.1 Background Figure 1 shows the different cloud service models and how they relate to security and user control over resources. Typ ically, as you move up thr ough the layers from IaaS to SaaS, there are fewer security risks for the user and pr ovider but at the cost of less control by the user. Each layer serves a different purpose to serve both users who are just regular internet users, as well as developers. IaaS PaaS SaaS Security Control Figur e 1. Cloud service models related to security and user control
关键词：platform as a service; PaaS; geopr ocessing; cloud computing; distributed computing; service level agreement; SLA; ; security