Orchestration is one of the cornerstone facilities in Cloud computing, and it has become critical with the advent of the Software-as-a-Service (SaaS) paradigm. It allows service providers to automatize the deployment of their software in Cloud computing infrastructure, thus making the process swift and scalable. However, trust remains a paramount concern still. In particular, transparency, provenance, and security present significant challenges for SaaS. Blockchain possesses the needed qualities to address these challenges. We propose a system capable of creating transparent, provenance-assured, and secure SaaS. The proposed solution addresses these concerns by dividing the orchestration process, i.e., the SaaS deployment, into self-contained steps, each of which is related to a specific domain, e.g., networking, access rules. The input for these steps, and the output of their execution, are both recorded into the blockchain, creating a trail of trust. An external user requiring to validate the orchestration process can query the blockchain. In this way, if the (infrastructure) Cloud provider is fully trusted, end users do not need to trust the service provider: The SaaS deployment becomes fully transparent, and the provenance of the deployed software stack can be ensured. This capability also guarantees security because it allows, e.g., source code auditing for any security threats. The proposed solution presents a generic ledger interface to interact with several blockchain solutions. The approach gives to the Cloud provider the freedom to select the blockchain technology to be used. We present an early evaluation of the overhead of our system against a standard orchestration framework, also presenting a discussion about the limitations of the current approach and possible solutions.

Transparent, Provenance-assured, and Secure Software-as-a-Service

Tapas N.
Primo
;
Longo F.
Secondo
;
Merlino G.
Penultimo
;
Puliafito A.
Ultimo
2019

Abstract

Orchestration is one of the cornerstone facilities in Cloud computing, and it has become critical with the advent of the Software-as-a-Service (SaaS) paradigm. It allows service providers to automatize the deployment of their software in Cloud computing infrastructure, thus making the process swift and scalable. However, trust remains a paramount concern still. In particular, transparency, provenance, and security present significant challenges for SaaS. Blockchain possesses the needed qualities to address these challenges. We propose a system capable of creating transparent, provenance-assured, and secure SaaS. The proposed solution addresses these concerns by dividing the orchestration process, i.e., the SaaS deployment, into self-contained steps, each of which is related to a specific domain, e.g., networking, access rules. The input for these steps, and the output of their execution, are both recorded into the blockchain, creating a trail of trust. An external user requiring to validate the orchestration process can query the blockchain. In this way, if the (infrastructure) Cloud provider is fully trusted, end users do not need to trust the service provider: The SaaS deployment becomes fully transparent, and the provenance of the deployed software stack can be ensured. This capability also guarantees security because it allows, e.g., source code auditing for any security threats. The proposed solution presents a generic ledger interface to interact with several blockchain solutions. The approach gives to the Cloud provider the freedom to select the blockchain technology to be used. We present an early evaluation of the overhead of our system against a standard orchestration framework, also presenting a discussion about the limitations of the current approach and possible solutions.
File in questo prodotto:
File Dimensione Formato  
nca2019.pdf

solo utenti autorizzati

Tipologia: Versione Editoriale (PDF)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 289.62 kB
Formato Adobe PDF
289.62 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11570/3167131
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact