IEEE 2009 International Conference on Cloud Computing
(CLOUD-II 2009), September 21-25, 2009, Bangalore, India
 Home News Call for Papers Organization Advance Program Keynotes Submission Registration         

Navigation in Cloud

  • Tutorials
  • Panels
  • Hotel Info
  • SU Fall School
  • Workshops
  • Innovation Show Case
  • Sponsors
  • ICWS 2009
  • SCC 2009SERVICES 2009

Sponsors


 

Community
Support
  • Computing Now from IEEEE Computer Society

Joint SCC/SERVICES-II/CLOUD 2009 TUTORIALS


Tutorial 1: Cloud Computing and Service Oriented Architecture, Anup Kumar and Alok Srivastava, University of Louisville and Microsoft, USA

Tutorial 2: Ubiquitous, Inter-organizational, P2P Workflows for Enterprise, Business Process Automation, Chelliah Muthusamy, HP Labs, India

Tutorial 3: Enterprise Mashups enabled by Data Dissemination Middleware, Chelliah Muthusamy, HP Labs, India

Tutorial 4: Assessing the Robustness and Security of Web Services: State-of-the-art and Research Opportunities, Marco Vieira, University of Coimbra, Portugal

Tutorial 5: Cloud Annexation & Security 2.0

Tutorial 1: Cloud Computing and Service Oriented Architecture

Anup Kumar and Alok Srivastava
University of Louisville and Microsoft, USA 

Abstract: 
Cloud is emerging as a phenomenon and it is happening at the confluence of several trends in the software industry. Service oriented architectures; virtualization and internet based application delivery have all matured over past several years. Cloud is a major next step in this area. Cloud computing allows various tasks to be executed over a network using various services. Different types of services including infrastructure as a service, platform as a service, software as service have been proposed for cloud computing. Some of the benefits of cloud computing include reduced cost, scalability, better performance, service oriented and availability of agile application development.  There are many types of cloud computing services available from various vendors. Computational cloud services provide on demand commuting resources that are scalable, inexpensive and can run any type of application.  Storage cloud services all clients to store their large datasets on provider’s storage banks. Application cloud allows access to many services that a developer can integrate to build their application. 

There is still a debate about what the cloud is and how it changes things. Are there many clouds? Is SaaS the same thing as cloud? The debate is still going on and several definitions of what cloud is and what it means are emerging as the IT providers are getting ready to make the cloud concept real. Technologically, cloud is a very large scale, elastic IT infrastructure that a business can adopt on its own terms. While talking about cloud it is important to note a few things: first the cloud forms a foundation for business relationships and inter-relationship between consumers and providers, next cloud is elastic and it can grow and shrink for a consumer according to their needs and last but not the least, cloud follows pay-as-you-use model. While a cloud may be defined as many things it helps to think about cloud as an abstraction for establishing business partnerships through services integration. There is one cloud not many and services are delivered in the cloud by the providers and consumers consume these services. Service level agreements (SLAs) are a way to ensure availability, scalability and performance for consumers who are willing to give up system level control of their applications and would trust platform service providers in the cloud for their critical infrastructure. It is very critical to understand that services in the cloud do not necessarily eliminate needs for in-house data centers. Cloud services (especially Platform as a service in the cloud) provide a new set of options to choose from. It is quite likely that as the services become robust and reliable in a cloud, users may benefit from moving all their applications in the cloud but a lot is yet to be proven. Another important observation to make is that cloud based services are gradually appearing and over time it will become a viable platform but the change will take place gradually not over night. 

The goal of the tutorial is to provide detailed understanding of cloud computing framework and its relation to service oriented architecture. This will include discussion on core concepts of virtualization, types of cloud computing services, and some of the commercial services available from various vendors. The tutorial will include demonstration and sample case studies from Azure cloud computing environment. Brief organization of tutorial is given below: High Level Tutorial Outline:
  • Introduction to Cloud computing
  • Understanding the impact
  • Doing business in the cloud
  • Cloud computing: Technologies Under the Hood
  • Types of Cloud Services
  • How to be a provider of cloud services
  • Consuming cloud services
  • Cloud computing case studies with code
  • Challenges for cloud computing
  • What to expect going forward
About Speaker: 
Anup Kumar (ak@louisville.edu) completed his Ph.D. from NCSU and is currently a Professor of CECS Department at the University of Louisville. He is also the Director of Mobile Information Network and Distributed Systems (MINDS) Lab (www.cs.louisville.edu/minds). His research interests include web services, wireless networks, distributed system modelling, and simulation. He has given several half day/full day tutorials at the international conferences in the past. He is an Associate Editor of IEEE Transactions on Services Computing. He is also the Associate Editor of Internal Journal of Web Services Research and International Society of Computers and Their Application Journal. He is a member of IEEE Distinguished Visitor Program (2006-2008). He is currently serving on the organising committees of many international conferences including MASS-2098, SCC-2009, ICWS-2009. He was the Chair of IEEE Computer Society Technical committee on Simulation (TCSIM) (2004-2007). He has published and presented over 150 papers. Some of his papers have appeared in ACM Multimedia Systems Journal, several IEEE Transactions, Wireless Communication and Mobile Computing, Journal of Parallel and Distributed Computing, IEEE Journal on Selected Areas in Communications etc. He was the Associate Editor of International Journal of Engineering Design and Automation 1995-1998. He has served on many conference program and organizing committees such as IEEE ISCC 2007, 2008, IEEE ICSW-2006, IEEE MASS-2005, 2007, 2008, IEEE SCC-2005, IEEE ICWS-2005, CIT-2005, IEEE MASCOTS, ADCOM 97 and 98. He has also edited special issues in IEEE Internet Magazine, and International Journal on Computers and Operations Research. He is a Senior Member of IEEE. 

Alok Srivastava is passionate about software architectures, large scale systems and distributed computing He has worked in software industry for upwards of 17 years during which he has filed for a dozen patents, published several papers and presented his ideas at several conferences. Alok has worked on large scale projects such as replication system monitoring and management, database extensibility, multimedia and content management in RDBMS, Web services, Portal technologies and content distribution networks. Alok has worked as an advisor with a large number of customers of all sizes. He has worked with the largest automotive company with their partner network at the same time helped a startup established development team, process and helped them get funding. As a solution architect for Microsoft, Alok brings in his years of experience and passion for software systems to all his engagements and strives to achieve the best results in all his projects. Alok holds a bachelors degree in Electrical and Electronics from Indian Institute of Technology, Kanpur (India) and has Master’s degree in Computer Engineering and Computer Science from University of Louisville, KY with major in distributed computing.

Tutorial 2: Ubiquitous, Inter-organizational, P2P Workflows for Enterprise, Business Process Automation

Chelliah Muthusamy
HP Labs, India 

Abstract: 
The proposed tutorial first provides background on RESTful Web services, and composition languages like WS-BPEL. Technical challenges in specifying and coordinating distributed, data-oriented, embedded workflows for business process automation are outlined next. Existing solutions for modeling document-centric workflows, composing inter-organizational business processes and choreographing embedded web services are reviewed afterwards. The session concludes with a summary of reviewed state-of-the-art and future research directions for overcoming issues like data heterogeneity, security / privacy and constrained footprint. We summarize below background/challenges/solutions for a flavor of tutorial topics.

Background
Process languages like WS-BPEL have accelerated the adoption of Web services in e-commerce applications created over the net wherein distributed business partners collaborate remotely to provide value-added services. A workflow is the automation of a business process during which document, information and tasks are passed among participants according to a set of rules which define the order of and data flow among constituent activities. Mobile agents embedded on ubiquitous devices facilitate context-sensitive e-commerce applications like shopping/payment through code to manage remote resources without a centralized server enabled just by intelligent information gathering through peer interaction as needed. 

Technical Challenges
While the first-generation, mobile applications were based on fixed interfaces with well-known service points which nomadic device connect to, emergence of mobile commerce requires dynamic association of devices/users with services in local environments. Such transient usage pattern presents tremendous information modeling challenges w.r.t workflow context and I/O relationships between various workflow tasks. Also, security constraints of component Web services allow only pair-wise interaction without any coordinating third-party entity and centralized workflows suffer from issues pertaining to performance, scalability and fault-tolerance as well as deployment difficulties on footprint-constrained ubiquitous devices.

Existing Solutions
Modeling document-centric workflows
Document-centered collaboration exposes workflow state as a set of documents that can be operated on with existing tools transparent to users whereas computation attached to the document enforces workflow coordination constraints. An extensive tooling platform/client modules, which work with self-describing data and handle records at run-time, enables RESTful e-commerce services that are accessed by ubiquitous, mobile devices. BPEL4REST natively supports the composition of light-weight services augmenting the concept of a business process with notion of a resource. GUI-based toolkits make it easy for users to discover, compose, invoke and publish atomic/composite services thereby enabling graphical creation of workflows in a transparent manner and save them as BPEL processes.

Composing inter-organizational business processes
Declarative composition of Web services through state charts and data conversion rules are translated into XML documents which can be interpreted by P2P interconnected software components to provision the distributed workflow without requiring a central authority. The innovative execution model specifies how partner process instances across enterprises are made aware of peer progress through messages for synchronization/data exchange with management at the process rather than conversation level. This model enforces inter-task dependencies without incurring a significant communication cost through:
  • a light-weight component called workflow stub which attaches to an agent located at each peer organization,
  • disjoint partitions called self-describing workflows with sufficient information to be executed by the local agent.
Choreographing embedded web services
Lightweight coordination component with minimal footprint on each peer node allows these workflows to be executed even on a handheld device and empowers stateless Web services into self-coordinating stateful entities interlinked through workflow primitives. Active ECA rules governing the behavior of individual devices are executed in a decentralized fashion thereby resulting in scalable/light-weight implementation of message communication based on events. An innovative BPM agent framework, wherein a document is encapsulated as a mobile agent that handles the business activity and can trace/monitor the business document, reduces network loading and makes the communication between agents more flexible. 

About Speaker: 
Chelliah Muthusamy is a Senior Research Scientist in HP Labs, India focused on paper-based workflows and document services. He has been working with HP in the US and India for the past 15 years assuming roles alternatively in product R&D and corporate research on a broad portfolio spanning distributed, enterprise middleware ranging from utility computing through management software to OS security. Chelliah holds a Ph.D in Computer Science from Georgia Tech., Atlanta,USA.

Tutorial 3: Enterprise Mashups enabled by Data Dissemination Middleware

Chelliah Muthusamy
HP Labs, India 

Abstract: 
The proposed tutorial first provides background on RESTful Web services, syndication standards and mashups basics. Technical challenges in casually combining available data sources in a user-friendly manner are outlined next. Existing solutions for opening data feeds deeply buried in enterprise repositories, combining them in an intuitive fashion with off-the-shelf toolkits and realizing interesting situational applications are reviewed afterwards. The session concludes with a summary of reviewed state-of-the-art and future research directions for overcoming issues like data heterogeneity, security / privacy and ease of use. We summarize below background/challenges/solutions for a flavor of tutorial topics.

Background
Phenomenal increase of enterprise data in the past decade has necessitated powerful integration solutions which go beyond enabling simple data exchange. Moreover, a lot of semi-structured data and services is available on the web today to accomplish a goal within or outside of enterprises. End user however cannot anticipate which data sources or how they need to be integrated or displayed. Even if a special-purpose application is developed through labor-intensive programming, users would still want to tailor it for their own needs. Mashups however move data closer to point of use and thus differ from traditional integration techniques wherein owners connect data in planned/structured fashion. Compared to developer-centric composition technologies (e.g., BPEL), mashups provide a flexible/easy-to-use way for drawing upon content retrieved from external data sources to create entirely new services. Numerous content retrieval APIs from popular web sites and development solutions utilizing AJAX technology have fueled explosive growth of mashups in the recent past. Key problem faced today in creating mashups though is the programming expertise necessary in areas like databases, HTML, web crawling and pattern matching. Also, users need to understand various web services and installation of web application environments. 

Existing Solutions
Data Service Platforms
A prototype information broker uses SaaS model to collect/integrate diverse patient data from autonomous healthcare agencies while respecting individual/organization privacy constraints. A similar service for integrated access to a huge amount of hydrological information from a collection of heterogeneous data sources exists as well. A middleware platform provides a declarative foundation for building generic services that need to compose information from a range of enterprise data sources. A comprehensive data architecture strategy tackles with inconsistencies/redundancies in enterprise data storage mechanisms; there is still a need for presentation-oriented services which data aggregators could use for dynamic generation of content from the same base XML data. 

Mashup Toolkits
Existing mashup enablement solutions alternatively adopt two fundamentally different approaches for data integration:

  • mashing external content while browsing,
  • programming activity in visual environment can be further subdivided on the basis of data flow support:
  • wizards which help the user pass through several screens and enter required data,
  • drag/drop of functional modules from a list on the canvas and linking those blocks together.
A mashup framework pioneered value-add services (e.g., query generation, iterative refinement and online matching) as well as script-based development necessary for complex, dynamic, data integration mashups. Most of the readily available mashup toolkits do not deal with enterprise data sources  unlike  a few emerging research prototypes described next.

Enterprise Situational Applications
A light-weight enterprise data integration engine advocates a data model/primitive operators and an abstraction built on the model for combining, filtering and transforming enterprise data feeds. An AJAX-based Web 2.0 application allows the user to combine unstructured information from the web with structured business content from an enterprise system. Its light-weight composition platform enables a user to create information mashups without needing cumbersome development. 

About Speaker: 
Chelliah Muthusamy is a Senior Research Scientist in HP Labs, India focused on paper-based workflows and document services. He has been working with HP in the US and India for the past 15 years assuming roles alternatively in product R&D and corporate research on a broad portfolio spanning distributed, enterprise middleware ranging from utility computing through management software to OS security. Chelliah holds a Ph.D in Computer Science from Georgia Tech., Atlanta,USA.

Tutorial 4: Assessing the Robustness and Security of Web Services: State-of-the-art and Research Opportunities

Marco Vieira
University of Coimbra, Portugal 

Abstract: 
Developing robust and non-vulnerable web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs) and/or security flaws (e.g., having code injection vulnerabilities). Several techniques for the identification of robustness problems and security vulnerabilities have been proposed in the past, including both blackbox (e.g., robustness testing, penetration testing) and white-box (e.g., code inspection, static code analysis) approaches. 

Software faults (i.e., program defects or bugs) are recognized as the major cause of computer system failures. Interface faults, related to problems in the interaction among software components/modules [33], are particularly relevant in service-oriented environments. In fact, web services must provide a robust and non-vulnerable interface to the client applications, even in the presence of invalid inputs, which may occur due to bugs in the client applications, corruptions caused by silent network failures, or even security attacks (web services are so widely exposed that any existing security vulnerability will most probably be uncovered and exploited by hackers). This way, it is clear that web service developers urge the definition of tools that help them identifying robustness and security issues. These tools have to be of easy use and as much automated as possible. 
In this tutorial we will present different approaches and tools for the evaluation of robustness and security of web services, ranging form black-box approaches (e.g., robustness testing, penetration testing) to white-box approaches (e.g., code inspection, static code analysis, vulnerability injection). The tutorial will address both current research topics and industry practice. Several case studies will be presented and used to demonstrate the effectiveness of existing tools. Future research opportunities will be identified and discussed. The intended audience is researchers and practitioners interested in learning the state-of-theart on techniques and tools to assess and compare the robustness and security of web services.  

About Speaker: 
Marco Vieira is an Assistant Professor at the University of Coimbra, Portugal, and an Adjunct Associate Teaching Professor at the Carnegie Mellon University, USA. Marco Vieira is an expert on experimental dependability and security assessment and benchmarking. His research interests also include robustness assessment and improvement in SOA, fault injection, security in database systems, software development processes, and software quality assurance, subjects in which he has authored or co-authored tens of papers in refereed conferences and journals (including ICWS 2007, SCC 2008, APSCC 2008, ICWS 2009, etc). He has participated in many research projects, both at the national and European level. Marco Vieira has served on program committees of the major conferences of the dependability and databases areas and acted as referee for many international conferences and journals in the dependability and databases areas. Marco Vieira has currently several projects with industry (including the European Space Agency and Portugal Telecom, the biggest company in Portugal)) in the areas of service-oriented architectures, databases, decision support systems, and software development processes. 

Tutorial 5: Cloud Annexation & Security 2.0

Dipto Chakravarty
Cloud Security, Novell, Inc.

Abstract:
Security is the final frontier of the Cloud Computing model. While Cloud Computing has become the main delivery platform, and most enterprise applications have been Cloud‐enabled, the weakest link is the Trust element. This session will discuss in detail, how the technical foundations of Cloud Computing, including Service-Oriented Architecture and Virtualization, are leveraged to deliver on the promise of hosted computing. Step 1 is to understand the techniques of Cloud Computing for sharing resources in the cloud value chain. Step 2 is to implement these elements into the framework in a scalable yet cost‐effective way. In this session you will also learn the barriers to entry to Cloud Computing in terms of security. Also, discuss the infrastructure (e.g. hardware, IT infrastructure management), software cloud (e.g. SaaS focusing on middleware as a service), application cloud (e.g. modeling tools as a service, social network as a service), and business cloud (e.g. business process as a service). As the Cloud Computing model proliferates, it will experience threats. The currency of countermeasures will be difficult and expensive for maintaining endpoint security and enforcing security across the Cloud fabric. While traditional endpoint security tools may protect organizations from external threats by enforcing security policies, the main driver would be to invent algorithms that can do predictive risk analysis with a high degree of reliability and trust. In this session you will learn about detective, preventive and corrective controls in the Cloud Computing model that ought to be implemented in layers using a combination of open source as well as proprietary tools to protect the business assets at the edge of the network in concert with the hub of the enterprise. Thanks to the Cloud, the line between the endpoint and the enterprise has blurred, and therefore it calls for a different kind of approach to secure the Cloud with trustworthy computing model.

About the speaker:
Dipto Chakravarty is the General Manager of Cloud Security, a new startup division of Novell, Inc. He also serves as the Vice President of Worldwide Engineering for Novell’s Identity and Security business unit. Prior to Novell, Chakravarty ran product engineering for e-Security. He previously served as CTO and founder at Artesia, a firm he started with management buyout in 1999. Besides startup businesses, Chakravarty has held a variety of management positions at IBM’s AIX kernel group, Thomson’s e-publishing group, and Bell Lab’s device drivers group. In addition to being a 20 year software industry veteran, Chakravarty is the author of two bestselling computer books from McGraw-Hill that have been translated in five languages, and has published over 45 technical papers in refereed journals. Chakravarty holds a B.S and M.S in Computer Science and Electrical Engineering from University of Maryland, an MBA from Wharton Business School, and has completed the GMP program from Harvard Business School.


 ===================================

Tutorial Proposal Submission for CLOUD-II 2009 

Submitted tutorial proposal will be limited to 1 page and required to be in a single column (see a Sample). Electronic submission of proposals (in PDF or Word formats) is required. Submissions should include tutorial title, abstract, name of authors, their affiliations, emails addresses, and postal addresses.

Please use the CLOUD-II 2009 Submission Page to submit your tutorial proposals to CLOUD 2009 in Bangalore, India.

 

CLOUD-II 2009 © Copyright