Blog: Cloud Robotics: Connected to the Cloud, Robots Get Smarter

Cloud Robotics: Connected to the Cloud, Robots Get Smarter
IEEE Spectrum (01/24/11) Erico Guizzo

Carnegie Mellon University (CMU) researchers are developing robots that use cloud computing to obtain new information and data. The method, known as cloud robotics, allows robots to offload compute-intensive tasks such as image processing and voice recognition. Cloud robotics could lead to lighter, cheaper, and faster robots, says CMU professor James Kuffner. He is working with Google to develop cloud robotics systems that involve "small mobile devices as Net-enabled brains for robots." In the future, cloud-enabled robots could become standardized, leading to an app store for robots, Kuffner says. "Coupling robotics and distributed computing could bring about big changes in robot autonomy," says Jean-Paul Laumond with France's Laboratory of Analysis and Architecture of Systems. Kuffner sees a future in which robots will feed data into a knowledge database, sharing their interactions with the world and learning about new objects, places, and behaviors.

View Full Article

Blog: New Research Improves Ability to Detect Malware in Cloud-Computing Systems

New Research Improves Ability to Detect Malware in Cloud-Computing Systems
NCSU News (09/21/10) Matt Shipman

North Carolina State University (NCSU) researchers have developed HyperSentry, software that offers enhanced security for cloud computing systems. The researchers say HyperSentry is better at detecting viruses and other malware in the "hypervisors" that are crucial to cloud computing. Hypervisors programs create the virtual workspace that enables different systems to run in isolation from each other. HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time. "The concern is that an attacker could compromise a hypervisor, giving them control of the cloud," says NCSU professor Peng Ning. As soon as an infected hypervisor is detected, a cloud administrator can take action, such as shutting down the computer, performing additional investigations to identify the scope of the problem, and limiting how far the damage can spread. "HyperSentry solves two problems," Ning says. "It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor."

View Full Article

Blog: Team Releases Tools for Secure Cloud Computing

Team Releases Tools for Secure Cloud Computing
UT Dallas News (08/02/10) Moore, David

University of Texas at Dallas (UTD) researchers have released software tools designed to facilitate cloud computing. "In order to use electricity, we do not maintain electricity generators at home, instead we get the electricity on demand from the grid when we need it," says UTD Cyber Security Research Center director Bhavani Thuraisingham. He says the cloud computing model works on a similar principle. Research shows that the biggest hurdle to broad adoption of cloud computing is concern about the security of sensitive data, so security has been one of the UTD team's focal points. "In building a cloud, we are using a number of open source tools, including Apache's Hadoop distributed file system, Google's Mapreduce, and the University of Cambridge's XEN Virtual Machine monitor," Thuraisingham says. He says the tools provide the infrastructure for security features. UTD's tools provide secure query processing capabilities and prevent unauthorized access to sensitive data. The system's framework consists of a network layer, an infrastructure layer, a storage layer, and a data layer.

View Full Article

Blog: Cloud security: Google won't like the enterprise view, neither will Facebook

Cloud security: Google won't like the enterprise view, neither will Facebook

By Dennis Howlett | July 6, 2010, 6:00am PDT

Last week I was at the grandly titled Cloud Computing World Forum for pretty much the whole of the week. Apart from chairing three sessions and participating in another I wanted to get a feel for what EU people really think about this topic du jour.

The panels gave me an opportunity to explore issues around security/privacy with people who are living the issues as end user representatives. Here’s a potted round up of views from some of those sitting in the check writing seats:

1. Generally, panelists are interested in and actively exploring opportunities presented by cloud services though they have plenty of caveats.
2. Gordon Penfold, CTO British Airways for example explained that as representative of an industry we all love to hate, data location is a sensitive issue.
3. Mary Hensher, CIO and IT partner, Deloitte UK and Switzerland said her company has regulatory requirements that demand data be stored up to eight years. She is under pressure to utilize cloud storage but is skeptical about whether such methods will allow her business to remain compliant. Many of the documents and emails that pass between clients and Deloitte are of a commercially sensitive nature and having them the subject of possible scrutiny by virtue of storage location was not something the firm is prepared to risk without a full understanding of what happens in a cloud environment.
4. Robert Johnson, head of front office technology Mitsubishi UFJ Securities International was adamant that while he is prepared to consider cloud for many types of data, counterparty data is off limits.
5. Miles Gray, hardware solutions architect, UK National Health Service argued that understanding how identity management impacts the various systems being integrated in the cloud is taking on greater importance.

Read Full Article

Blog: Is Cloud Computing Fast Enough for Science?

Is Cloud Computing Fast Enough for Science?
Government Computer News (06/18/10) Lipowicz, Alice

The U.S. Department of Energy's (DOE's) Magellan cloud computing testbed has shown that commercially available clouds suffer in performance when operating message passing interface (MPI) applications such as weather calculations. "For the more traditional MPI applications there were significant slowdowns, over a factor of 10," says National Energy Research Scientific Computing's Kathy Yelick. However, for computations that can be performed serially, such as genomics calculations, there was little or no deterioration in performance in a commercial cloud, Yelick says. DOE is using the Magellan project to explore a wide range of scientific issues regarding cloud computing, and to advise DOE how to incorporate cloud computing into its research. "Our goal is to inform DOE and the scientists and industry what is the sweet spot for cloud computing in science; what do you need to do to configure a cloud for science, how do to manage it, what is the business model, and do you need to buy your own cloud," Yelick says.

View Full Article

Blog: New Research Offers Security for Virtualization, Cloud Computing

New Research Offers Security for Virtualization, Cloud Computing
NCSU News (04/27/10) Shipman, Matt

North Carolina State University (NCSU) researchers have developed HyperSafe, software for resolving security concerns related to data privacy in virtualization and cloud computing. A key threat to virtualization and cloud computing is malicious software that enables computer viruses to spread to the underlying hypervisor, which allows different operating systems to run in isolation from one another, and eventually to the systems of other users. HyperSafe leverages existing hardware features to secure hypervisors against such attacks. "We can guarantee the integrity of the underlying hypervisor by protecting it from being compromised by any malware downloaded by an individual user," says NCSU professor Xuxian Jiang. HyperSafe uses non-bypassable memory lockdown, which blocks the introduction of new code by anyone other than the hypervisor administrator. HyperSafe also uses restricted pointer indexing, which characterizes a hypervisor's normal behavior and prevents any deviation from that profile.

View Full Article

Blog: Dynamic Nimbus Cloud Deployment Wins Challenge Award at Grid5000 Conference

Dynamic Nimbus Cloud Deployment Wins Challenge Award at Grid5000 Conference
Argonne National Laboratory (04/26/10) Taylor, Eleanor

The Argonne National Laboratory and University of Chicago's Nimbus toolkit, an open source set of software tools for providing cloud computing implementations, was demonstrated at the recent Grid5000 conference in France. Grid5000 is a testbed for studying large-scale systems using thousands of nodes distributed across nine sites in France and Brazil. University of Rennes student Pierre Riteau deployed Nimbus on hundreds of nodes spread across three Grid5000 sites to create a distributed virtual cluster. The deployment won Riteau the Grid5000 Large Scale Deployment Challenge Award. Argonne computer scientist Kate Keahey says the deployment was one of the largest to date and created a distributed environment that opens up computational opportunities for scientists by creating a "sky computing" cluster.

View Full Article

Blog: Feds Developing Cloud Security Program

Feds Developing Cloud Security Program
InformationWeek (03/31/10) Hoover, J. Nicholas

A U.S. federal interagency working group is developing a unified, governmentwide risk-management program that could greatly decrease the amount of security work agencies must do to access cloud services. The proposed new effort, called the Federal Risk and Authorization Management Program Pilot (FedRAMP), would give agencies a centralized approach to solving security problems such as certification and accreditation. FedRAMP will develop common security requirements for certain systems, provide ongoing risk assessments, and carry out governmentwide security authorizations. Agencies also will be able to see what security controls have been conducted for different products and services. The program would make certification and accreditation processes simpler because they would only need to be carried out once per cloud service, and agencies could share security management services. Initially, the program would focus on public and private cloud computing technologies, but could eventually expand to cover traditional Web hosting and other domains.

View Full Article

Early-adopter criminals embrace cloud computing; need for "inside-out" security

Early-adopter criminals embrace cloud computing

Toby Wolpe ZDNet UK

Published: 10 Feb 2010 16:53 GMT

Executives unsure of the viability of cloud computing need look no further than the criminal fraternity for a ringing endorsement of the technology, according to a security expert.

Cloud computing has been enthusiastically taken up by criminals for a range of activities, Rik Ferguson, senior security adviser at security firm Trend Micro, told delegates at a Westminster eForum on Wednesday.

"One of the things that persuades me personally that the cloud is absolutely a viable model and has longevity is that it has already been adopted by criminals," Ferguson said. "They are the people who are leading-edge adopters of technology that is going to work and going to stick around for a long time.

…

He said organisations need to rethink their security models, which have traditionally been "outside-in" and focused on stopping intruders entering networks. "When we become consumers of cloud we have to change the way we think and focus on inside-out security," he said.

...

Blog: U.S. Scientists Given Access to Cloud Computing

U.S. Scientists Given Access to Cloud Computing
New York Times (02/04/10) Markoff, John

The U.S. National Science Foundation (NSF) and Microsoft have agreed to offer U.S. scientific researchers free access to a new cloud computing service called Azure. The three-year project aims to give scientists the computing power to handle large amounts of research data. Access to the service will come in the form of grants from the foundation. Recently, emphasis has been placed on computing systems capable of storing and analyzing vast amounts of data. "We're trying to figure out how to engage the majority of scientists," says Microsoft's Dan Reed. He says Microsoft is prepared to invest millions of dollars in the program, which could provide thousands of scientists with access to the cloud computing service. "It's all about data," says Jeannette M. Wing, NSF's assistant director of computer and information science and engineering directorate. "We are generating streams and rivers of data."

View Full Article

Blog: Less Clumsy Code for the Cloud

Less Clumsy Code for the Cloud
Technology Review (12/16/09) Naone, Erica

Researchers at the University of California, Berkeley are working on a project called BOOM, which is developing new programming techniques for cloud computing. BOOM researchers hope to make cloud computing more efficient by using database programming techniques originally developed in the 1980s, which are designed to collect large data sets and process them in various ways. "We can't keep programming computers the way we are," says Berkeley professor Joseph Hellerstein. "People don't have an easy way to write programs that take advantage of the fact that they could rent 100 machines at Amazon." Bloom researchers are adapting an old language called Datalog to develop Bloom, a new language that would provide an easier way for programmers to work with cloud computing resources. The group also is creating a Bloom library that can be used with popular languages such as Java and Python. Oxford University professor Georg Gottlob, a Datalog expert, says the language may have been ahead of its time, but is gaining in popularity with the rise of distributed computing applications.

View Full Article

Blog: How Secure Is Cloud Computing?

How Secure Is Cloud Computing?
Technology Review (11/16/09) Talbot, David

The recent ACM Cloud Computing Security Workshop, which took place Nov. 13 in Chicago, was the first event devoted specifically to the security of cloud computing systems. Speaker Whitfield Diffie, a visiting professor at Royal Holloway, University of London, says that although cryptography solutions for cloud computing are still far-off, much can be done in the short term to help make cloud computing more secure. "The effect of the growing dependence on cloud computing is similar to that of our dependence on public transportation, particularly air transportation, which forces us to trust organizations over which we have no control, limits what we can transport, and subjects us to rules and schedules that wouldn't apply if we were flying our own planes," Diffie says. "On the other hand, it is so much more economical that we don't realistically have any alternative." He says current cloud computing techniques negate any economic benefit that would be gained by outsourcing computing tasks. Diffie says a practical near-term solution will require an overall improvement in computer security, including cloud computing providers choosing more secure operating systems and maintaining a careful configuration on the systems. Security-conscious computing services providers would have to provision each user with their own processors, caches, and memory at any given moment, and would clean systems between users, including reloading the operating system and zeroing all memory.

View Full Article

Blog: 5 lessons from the dark side of cloud computing

5 lessons from the dark side of cloud computing

InfoWorld: Robert Lemos CIO.com; August 6, 2009

While many companies are considering moving applications to the cloud, the security of the third-party services still leaves much to be desired, security experts warned attendees at last week's Black Hat Security Conference.

The current economic downturn has made cloud computing a hot issue, with startups and smaller firms rushing to save money using virtual machines on the Internet and larger firms pushing applications such as customer relationship management to the likes of Salesforce.com. Yet companies need to be more wary of the security pitfalls in moving their infrastructure to the cloud, experts say.

Blog: Ozzie responds: Is Microsoft Azure just 'Hailstorm' revisited?

Ozzie responds: Is Microsoft Azure just ‘Hailstorm’ revisited?

Posted by Mary Jo Foley

At the Professional Developer Conference (PDC) in Los Angeles, I’ve heard a few long-time Microsoft watchers wondering aloud whether Microsoft’s newly unveiled “Azure” isn’t simply Microsoft taking another run at “Hailstorm.”

I had a chance to ask Ray Ozzie, Microsoft’s Chief Software Architect, that very question this week.

First, a quick refresher: For those who weren’t following the Microsoft juggernaut back in the late 1990s, Hailstorm was Microsoft’s first pass at a .Net services platform. “HailStorm” technologies will enable a new world of computing where all the applications, devices and services in an individual’s life can work together, on their behalf and under their control,” explained Microsoft in a 2001 press release. (Sounds eerily like Live Mesh/Live Services, doesn’t it?)

Microsoft ended up killing off Hailstorm before it ever really launched. One of the main reasons was privacy: Microsoft customers were nervous about trusting Microsoft with hosting their data. And the idea of an on-premise, customer-managed Hailstorm cloud was not fleshed out.

Isn’t Azure — Microsoft’s new cloud platform, of which Live Services are one key component — just Hailstorm Take 2? And if it’s not, how is it really different, I asked Ozzie.

…

“It’s amazing that at this point in time, as compared to that
long ago, (that) we still don’t have that one nailed from a privacy and
ownership perspective. That was what so many people complained about. But right
now you’ve got Open Social and Facebook Connect, and both of them want to still
create walled gardens, open walled gardens, whatever that is, but that they are
lending you your information back and withdrawing it within 24 hours or
whatever.”

“I think we need to get past that, and what we’re
trying to do with Mesh and the terms of use. We’re trying to get to a point
where you literally do own your data, we bring the personal of the personal
computer to the cloud where it’s your stuff, and if you do something with
someone, it better be a symmetrical synch relationship where you’re giving them
rights, they’re giving you rights, because I just don’t see how it works. We
can’t create a walled garden; it’s just not going to work.”

Blog: Enterprise readiness of Cloud ratcheting up

Enterprise readiness of Cloud ratcheting up

Posted by James Staten

It may just be time for enterprise customers to take a serious look at cloud computing. Major announcements in the past few days from Microsoft and Amazon have certainly signaled that the on-demand Internet computing model has staying power. And with a long recession looming there may be no better time to start getting familiar with something that could dramatically lower infrastructure costs.Amazon, which has been the dominant market leader and pioneer of cloud computing, finally lifted the “beta” tag from the Elastic Compute Cloud (EC2) and delivered an SLA for the service and support for Windows applications. It also announced plans to provide service monitoring, load balancing and automatic scaling services in the future. And Amazon’s even starting taking phone calls and providing premium support for enterprise customers. Nearly all of these capabilities have been available for months from smaller cloud players (especially those coming from an ISP background where such capabilities are commonplace).

Microsoft countered by signalling that cloud computing has such significant staying power that they are willing to bet the “Windows” brand on it. Ray Ozzie’s Windows Azure goes beyond the basic infrastructure and services of EC2 providing Visual Studio.Net developers with the promise of a complete platform for their works. This will put Microsoft in competition with EC2 as well as Salesforce.com’s Force.com platform. But Azure is just a technical preview today (aka “beta”).