Secure Cloud Computing:
An Architecture Ontology Approach
KEVIN JACKSON

Forces Driving Cloud Computing - The New IT Era
rev date 3/25/2009 slide 2

Cloud Computing Value
rev date 3/25/2009 slide 3

Cloud Computing Challenge
rev date 3/25/2009 slide 4

Unified Ontology of Cloud Computing
(http://www.cs.ucsb.edu/~lyouseff/CCOntology/CloudOntology.pdf)
Cloud Application
(SaaS)
Cloud Software Environment
(PaaS)
Cloud Software Infrastructure
Computational Storage Communications
Resources (IaaS) (DaaS) (CaaS)
Software Kernal
Firmware / Hardware (HaaS)
Lamia Youseff
University of California, Santa Barbara
Maria Butrico, Dilma Da Silva
IBM T.J. Watson Research Center

Tactical Employment Issues
 Internet connectivity assumed
 SOA platform
• Security management
• Application service discovery and management
• Workflow orchestration
 Access management

Ontology Modifications for Tactical Cloud Computing
Access Management
Cloud Application
Access Management
(SaaS)
Cloud Application (SaaS)
Cloud Application (SaaS)
Cloud Application
Workflow Orchestration – Policy Engine
(SaaS)
Workflow Orchestration
Security API
Cloud Software Environment
Security API
Services / Services(PaaS)
Discovery
Cloud Software Environment
Services / Services Discovery
(PaaS)
Service Management
Service Management
Cloud Software Environment
Cloud Software Infrastructure
(PaaS)
Cloud Software Environment
Cloud Software Infrastructure
(PaaS)
Cloud Software Infrastructure
Network Security Communications
Computational Storage
Cloud Software Infrastructure
Computational Storage Communications
Resources (IaaS) (DaaS) (CaaS)
Network(DaaS)
Connectivity
Resources (IaaS) (CaaS)
ComputationalNetwork Storage Communications
Security
Computational Resources (IaaS)
Resources (DaaS) (CaaS)
Storage
Communications (CaaS)
Software Kernal
(IaaS) (DaaS)
Software Kernal
Software Kernal
Software Kernal
Firmware / Hardware (HaaS)
Firmware / Hardware (HaaS)

Tactical Cloud Computing Ontology
Access Management
Cloud Application (SaaS)
Workflow Orchestration – Policy Engine
Security API
Services / Services Discovery
Service Management
Cloud Software Environment
(PaaS)
Cloud Software Infrastructure
Network Security
Network Connectivity
Network Security
Computational Resources Storage
Communications (CaaS)
(IaaS) (DaaS)
Software Kernal
Firmware / Hardware (HaaS)

Ontology Modification – Federated SOA
Global Governance
Dynamic Tasking
Access Management Access Management
Cloud Application (SaaS) Cloud Application (SaaS)
Workflow Orchestration – Policy Engine Workflow Orchestration – Policy Engine
Security API Security API
Services / Services Discovery Services / Services Discovery
Service Management Service Management
Cloud Software Environment Cloud Software Environment
(PaaS) (PaaS)
Cloud Software Infrastructure Cloud Software Infrastructure
Network Security Network Security
Network Connectivity Network Connectivity
Network Security Network Security
Storage Storage
Computational Resources (IaaS) Communications (CaaS) Computational Resources (IaaS) Communications (CaaS)
(DaaS) (DaaS)
Software Kernal Software Kernal
Firmware / Hardware (HaaS) Firmware / Hardware (HaaS)

Secure Cloud Computing – An Approach
•Access Management
• “Out of Band” Access Management
Cloud Application (SaaS)
authentication
•Security API Workflow Orchestration – Policy Engine
• Use of services Security API
Services / Services Discovery
• Binding of service
Service Management
• COI driven
Cloud Software Environment
management (PaaS)
•Network Security
Cloud Software Infrastructure
• No VPN
Network Security
• “Data in Motion”
Network Connectivity
security
Network Security
•Computational Resources Computational Resources Storage
Communications (CaaS)
• VM management (IaaS) (DaaS)
• Data-centric security Software Kernal
model
Firmware / Hardware (HaaS)
• Storage
• “Data at Rest” security
• COI driven access

Network Centric Operations Industry Consortium
 Mission
 Our mission is to facilitate global realization of the benefit inherent in
Network Centric Operations. To that end, we seek to enable continuously
increasing levels of interoperability across the spectrum of joint,
interagency, intergovernmental, and multinational industrial and
commercial operations. We will execute this mission in good faith as a
global organization with membership open to all enterprises in quest of
applying the vast potential of network centric technology to the operational
challenges faced by our nations and their citizens.
 Past successes
◦ Network Centric Analysis Tool (NCAT)
◦ NCOIC Interoperability Framework (NIF)
 Future
◦ Develop “operational art” in support of netcentric operations
◦ Support operational art advances through collaboration (Government,
Industry, Non-profits, Interest Groups)
◦ Provide value to members
 Use of NCOIC developed process provided differentiator in recent
European procurement for a member company
 NCOIC Patterns addressing interoperability concerns of member
government agencies

Cloud Computing Operational Art
 Embrace collaboration
• OSD – tactical Cloud Computing
• TIGR – Government Cloud Computing
• Cloud Interoperability Forum
 Use Operational and Capability pattern process to develop Cloud
Computing Technical Patterns
 Identify key netcentric operations interoperability requirements and
preferences within identified technical patterns
 Iterate with NCOIC stakeholder companies and government
organizations
 Use Capability and Operational patterns to validate operational
impact of reduced cloud interoperability
 Leverage analysis to drive cloud interoperability recommendations
and best practices

Thank You !
Kevin.jackson@dataline.com
http://cloudcomputing.dataline.com
http://govcloud.ulitzer.com