Accountability as a Service for the Cloud

SOA is a higher programming abstraction than objects and components looking at collaboration beyond physical and logical boundaries/scope which results in new business perspectives such as SaaS, IaaS and DaaS.

Cloud computing is just a utility for delivery of computing services (SaaS, etc) which is based around the Internet capabilities. The Total Ownership Cost and Quality of Service are improved by centralisation, with environmental friendliness resulting from aggregation of energy use with virtualisation.

Problem with Cloud Computing are issues of compliance and trust. Is the workflow operating as it is supposed to? (Business Logic). Are the services correctly acting as per Service level Agreements? At what stage is the job being processed, can it be monitored and debugged in time? In the Cloud, business processes cross domains, each with its own interests and priorities, along with the fact that misbehaving sectors will deceive and hide their poor performance. As a result all participants will not fully trust each other. Trusted systems will be trusted, warrant trust and be validated for trust in a convincing manner. When properly deployed a Trustworthy Service Oriented Architecture will be able to do RCA for all faults. Normal processes will alter to add an Evidence Log that demonstrates that trust is not misplaced.

The solution is another ‘service’ in the cloud where ‘service-oriented’ software agents assess quantum steps to report integrity of data, performance and workflow. The agents would record evidence in real time without disputation to enable solving later conflicts. Evidence should quantify system performance, and if there is a fault to provide enough evidence to undertake RCA.

Dr Chen then demonstrated this in an online credit card application, which can be seen at BPEL Transformation Example (YouTube) and Monitoring by Accountability (YouTube).



 

Dr Shiping Chen, Senior Research Scientist, CSIRO ICT Centre [shiping.chen@csiro.au] with Dr S Nepal (accompanying); 
from http://www.ict-csiro.au (Information Engineering Lab – one of 3 (autonomous systems, wireless & Networking 
technologies) and 2 joint centres (Aust e-Health Res Centre, Tasmanian ICT Centre) subgroup working on Trust, 
Security and Privacy and on Distributed Systems.]