Workshop on Security and Dependability of Multi-Domain Infrastructures
Multi-domain infrastructures are increasingly imposing themselves as leading architectures for distributed systems. They achieve effective convergence of cloud systems and networks through virtualization. They allow federating resource-specialized infrastructures into unified control and data planes for computing, storage, networking, and device resources, their architectures ranging from centralized to fully distributed (also known as cloud-of-clouds, edge, fog, etc.).
One central property of such infrastructures is also being software-defined: the domain abstraction plays a central role for resource control, either shallow, or reaching deep in multiple infrastructure layers. The control capabilities are more extensive for private infrastructures where security services may be selectively added at low-level, SDN also enabling full network control. In public networks, on the other hand, control is much reduced, as the hardware remains out of reach, visible only as a "big-switch" abstraction.
Due to their heterogeneity and complexity, such infrastructures raise acute security and dependability challenges. The potential of (insider) attacks renders many central software layers, such as the hypervisor, untrustworthy. This calls for primitives for secure isolated computation, and strong system mechanisms for trust guarantees across layers and domains. Similarly, making the infrastructure immune to cloud or network availability zone outage in a multi-provider setting, in order to avoid Internet-scale single point of failures, calls for fault-tolerant, replicated, and distributed control architectures.
Lack of control on the infrastructure also prevents building user-centric clouds and networks and full customization of security and their related benefits, e.g., overcoming vendor lock-ins, choosing best-of-breed providers (price, performance, etc.). Heterogeneity of system abstractions and mechanisms in the virtualization infrastructure remains a major barrier towards such goals.
This workshop focuses on new system architectures and mechanisms for security and availability of multi-domain infrastructures. The aim is to explore how such system-level solutions could allow the user to regain control over such infrastructures and address the previous security and resilience challenges. Platforms that include hybrid clouds, and SDN-based virtualized networks require novel models, architectures, designs, security and resilience mechanisms that go beyond traditional virtualization and networking architectures. Finding the right abstraction and system mechanisms can help enforce control at all (necessary) levels, both across domains and layers to enhance security and dependability of such infrastructures. Additionally, infrastructures of such complexity require holistic automation of security and dependability, posing new research problems on specification, enforcement, and management of policies and SLAs.
XDOM0'17 is a forum for researchers and practitioners, both from academia and industry, in virtualization security, operating systems, storage, networking, and fault-tolerance to present and discuss innovative designs and implementations to guarantee security and dependability of these new multi-domain infrastructures
The XDOM0 workshop is sponsored by the H2020 SUPERCLOUD project: http://supercloud-project.eu/.