andrea margheri francesco tiezzi yuriy zacchia lun...
TRANSCRIPT
![Page 1: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/1.jpg)
Policing autonomic clouds
Andrea Margheri Francesco Tiezzi
Irfan Khan Tanoli Vitaly BuravlevYuriy Zacchia Lun Alessandro Maggi
ASCENS Spring School on Engineering Collective Autonomic Systems
Lucca, March 27, 2015
www.ascens-ist.eu
![Page 2: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/2.jpg)
The case study: Autonomic Cloud
LMU Munich
SCPi
SCPi
SCPi
MunichEnglish Garden
SCPi
IMT Lucca
SCPi
SCPi
SCPi
PaaS volunteer cloud that provides aruntime platform for applications
Realised as collection of notebooks,desktops, servers, or VMs runninginstances of Science Cloud Platform
It relies on autonomic nodes todeal with leaving and joining nodes,fluctuating load, hw/sw requirements
ASCENS Spring School 2
![Page 3: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/3.jpg)
Autonomic Cloud: issues
In this project we had to face the following issues:
Authorisation: checking principal’scapabilities
Confidentiality of Data: avoidingviolation of the confidentiality model
Resource Management:allocating applications correctly
Adaptation Mechanism:self-adaptation to ensure SLAs
ASCENS Spring School 3
![Page 4: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/4.jpg)
Goal of the Project
create some FACPL policies thought of asbeing deployed on every Science CloudPlatform instances
manage the following aspects of the platform:
the level of trust of each componentplatform actions, resources, and applicationsuser credentials and profileself-adaptation to ensure application SLAs
pass (possibly all) tests that have been defined
ASCENS Spring School 4
![Page 5: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/5.jpg)
FACPL ToolChain
ASCENS Spring School 5
![Page 6: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/6.jpg)
FACPL Eclipse IDE
ASCENS Spring School 6
![Page 7: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/7.jpg)
FACPL Evaluation Process
ASCENS Spring School 7
![Page 8: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/8.jpg)
The FACPL Policy Language
Language elements
Rule: positive (or negative) basic authorisation controls
Policy: list of rules
PolicySet: list of policies
Obligation: additional action calculated by policies
Rules specify
effect: permit (or deny) consequence of the rule
target: condition indicating the applicability of the rule
obligations
Obligations are run-time generated actions used foracting on the policed system and enforcing adaptation strategies
ASCENS Spring School 8
![Page 9: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/9.jpg)
The FACPL Policy Language
Language elements
Rule: positive (or negative) basic authorisation controls
Policy: list of rules
PolicySet: list of policies
Obligation: additional action calculated by policies
Rules specify
effect: permit (or deny) consequence of the rule
target: condition indicating the applicability of the rule
obligations
Obligations are run-time generated actions used foracting on the policed system and enforcing adaptation strategies
ASCENS Spring School 8
![Page 10: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/10.jpg)
The FACPL Policy Language
Language elements
Rule: positive (or negative) basic authorisation controls
Policy: list of rules
PolicySet: list of policies
Obligation: additional action calculated by policies
Rules specify
effect: permit (or deny) consequence of the rule
target: condition indicating the applicability of the rule
obligations
Obligations are run-time generated actions used foracting on the policed system and enforcing adaptation strategies
ASCENS Spring School 8
![Page 11: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/11.jpg)
Access Control - Setting
ASCENS Spring School 9
![Page 12: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/12.jpg)
Access Control - Confidentiality
”high” trust users can interact with both ”low” and ”high” trustinstances (unless strict access requested)
”low” trust users can only interact with ”low” trust instances
ASCENS Spring School 10
![Page 13: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/13.jpg)
Access Control - Confidentiality
ASCENS Spring School 11
![Page 14: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/14.jpg)
Access Control - Authorisation
users with profile P Usr can only add Usr Type APPs
users with profile P Adm can add both types
ASCENS Spring School 12
![Page 15: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/15.jpg)
Access Control - Authorisation
ASCENS Spring School 13
![Page 16: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/16.jpg)
Resource Allocation
Each SCP instance has limited computing resources
a free SCPi has 10 units of available resources;
a Sys Type APP consumes 1 unit of resource;
a Usr Type APP consumes 2 units of resource;
ASCENS Spring School 14
![Page 17: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/17.jpg)
Adaptation - System Apps
can be instantiated unless no resources available
can be executed only from 1.00 a.m. to 6.00 a.m. (freeze otherwise)
ASCENS Spring School 15
![Page 18: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/18.jpg)
Adaptation - System Apps
ASCENS Spring School 16
![Page 19: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/19.jpg)
Adaptation - User Apps
user apps are executed locally if resources available or obtainable (byfreezing system apps) on instanceotherwise they are added to another instance with available resourcesif no SCPi available, run on a new SCP instance
ASCENS Spring School 17
![Page 20: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/20.jpg)
Adaptation - User Apps
ASCENS Spring School 18
![Page 21: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/21.jpg)
Adaptation - Big Picture
ASCENS Spring School 19
![Page 22: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/22.jpg)
School Testing Environment
ASCENS Spring School 20
![Page 23: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/23.jpg)
Extra requirements and scenarios
Language elements
reactivation of frozen apps
managing removal of a SCPi
handling exceptional behaviours: Break-the-Glass approach
ASCENS Spring School 21
![Page 24: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/24.jpg)
Extra requirements and scenarios
Language elements
reactivation of frozen apps
managing removal of a SCPi
handling exceptional behaviours: Break-the-Glass approach
ASCENS Spring School 21
![Page 25: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/25.jpg)
Extra requirements and scenarios
Language elements
reactivation of frozen apps
managing removal of a SCPi
handling exceptional behaviours: Break-the-Glass approach
ASCENS Spring School 21
![Page 26: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/26.jpg)
Break-the-Glass
model Exception behaviour and Regular behaviour as twonon-interfering PolicySets
select appropriate PolicySet according to exception attribute of thesystem
Malicious APP: exception PolicySet allows explicit freeze of both app types
System update: allow freezing of all apps and execution of Sys Type apps(regardless of time)
ASCENS Spring School 22
![Page 27: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/27.jpg)
Break-the-Glass
model Exception behaviour and Regular behaviour as twonon-interfering PolicySets
select appropriate PolicySet according to exception attribute of thesystem
Malicious APP: exception PolicySet allows explicit freeze of both app types
System update: allow freezing of all apps and execution of Sys Type apps(regardless of time)
ASCENS Spring School 22
![Page 28: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/28.jpg)
Break-the-Glass
model Exception behaviour and Regular behaviour as twonon-interfering PolicySets
select appropriate PolicySet according to exception attribute of thesystem
Malicious APP: exception PolicySet allows explicit freeze of both app types
System update: allow freezing of all apps and execution of Sys Type apps(regardless of time)
ASCENS Spring School 22
![Page 29: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/29.jpg)
Conclusions
Through this small workshop focused on learning the basics of the FACPLlanguage for policies specification we managed to:
define correct policies satisfying the requirements in a short amountof time
handle complex scenarios in terms of pre-conditions andpost-conditions
design hierarchical compositions of different policies allowing for anhigher degree of adaptability
Easy-to-use, intuitive language
Expressive language
Scalable language
ASCENS Spring School 23
![Page 30: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/30.jpg)
Conclusions
Through this small workshop focused on learning the basics of the FACPLlanguage for policies specification we managed to:
define correct policies satisfying the requirements in a short amountof time
handle complex scenarios in terms of pre-conditions andpost-conditions
design hierarchical compositions of different policies allowing for anhigher degree of adaptability
Easy-to-use, intuitive language
Expressive language
Scalable language
ASCENS Spring School 23
![Page 31: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/31.jpg)
Conclusions
Through this small workshop focused on learning the basics of the FACPLlanguage for policies specification we managed to:
define correct policies satisfying the requirements in a short amountof time
handle complex scenarios in terms of pre-conditions andpost-conditions
design hierarchical compositions of different policies allowing for anhigher degree of adaptability
Easy-to-use, intuitive language
Expressive language
Scalable language
ASCENS Spring School 23
![Page 32: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/32.jpg)
Conclusions
Through this small workshop focused on learning the basics of the FACPLlanguage for policies specification we managed to:
define correct policies satisfying the requirements in a short amountof time
handle complex scenarios in terms of pre-conditions andpost-conditions
design hierarchical compositions of different policies allowing for anhigher degree of adaptability
Easy-to-use, intuitive language
Expressive language
Scalable language
ASCENS Spring School 23
![Page 33: Andrea Margheri Francesco Tiezzi Yuriy Zacchia Lun ...facpl.sourceforge.net/wp-content/uploads/2015/03/project_facpl.pdf · Andrea Margheri Francesco Tiezzi ... Yuriy Zacchia Lun](https://reader030.vdocuments.mx/reader030/viewer/2022040523/5e851453fc568e76b7077298/html5/thumbnails/33.jpg)
Thank you
for your attention!
ASCENS Spring School 24