Certification-Based Cloud Adaptation

Abstract

Performance and dependability levels of cloud-based computations are difficult to guarantee by-design due to segregation of visibility and control between applications, data owners, and cloud providers. Lack of predictability increases users’ uncertainty about the service levels they will actually achieve. Cloud tenants compete for shared resources/services at all layers of the cloud stack, and pose heterogeneous and conflicting non-functional requirements over them. These requirements have implications for platform and infrastructure layers, which have to be configured to satisfy inter-tenants requirements. We argue that adaptation techniques can play a crucial role in providing a reliable cloud, supporting definite behavior of applications and stable quality of service. Existing adaptation techniques however are unsuitable for cloud use, since they mostly focus on single tenancy, performance requirements, and are based on unverifiable evidence, which is collected in an untrusted way. In this paper, we propose a multi-tenant, general-purpose adaptation technique for the cloud, based on evidence collected by means of a trustworthy certification process. We depart from traditional heavy and comprehensive certification processes, such as ISO/IEC 27017, and consider a flexible and lightweight certification process for the cloud. It is based on authentic evidence and provides accountable validation on the compliance of a cloud-based system. Our approach adapts the cloud at all layers to maintain stable non-functional properties in certificates over time, by continuously verifying certificate validity. We assess the performance and quality of our adaptation approach in a wide range of settings.