Transparent, Provenance-assured, and Secure Software-as-a-Service

Orchestration is one of the cornerstone facilities in Cloud computing, and it has become critical with the advent of the Software-as-a-Service (SaaS) paradigm. It allows service providers to automatize the deployment of their software in Cloud computing infrastructure, thus making the process swift and scalable. However, trust remains a paramount concern still. In particular, transparency, provenance, and security present significant challenges for SaaS. Blockchain possesses the needed qualities to address these challenges. We propose a system capable of creating transparent, provenance-assured, and secure SaaS. The proposed solution addresses these concerns by dividing the orchestration process, i.e., the SaaS deployment, into self-contained steps, each of which is related to a specific domain, e.g., networking, access rules. The input for these steps, and the output of their execution, are both recorded into the blockchain, creating a trail of trust. An external user requiring to validate the orchestration process can query the blockchain. In this way, if the (infrastructure) Cloud provider is fully trusted, end users do not need to trust the service provider: The SaaS deployment becomes fully transparent, and the provenance of the deployed software stack can be ensured. This capability also guarantees security because it allows, e.g., source code auditing for any security threats. The proposed solution presents a generic ledger interface to interact with several blockchain solutions. The approach gives to the Cloud provider the freedom to select the blockchain technology to be used. We present an early evaluation of the overhead of our system against a standard orchestration framework, also presenting a discussion about the limitations of the current approach and possible solutions.