Institut für Informatik Lehr- und Forschungseinheit für Programmierung und Softwaretechnik Oettingenstraße 67 D-80538 München Masterarbeit im Elitestudiengang Software Engineering Formal Specification and Analysis of Cloud Computing Management Tobias Johann Mühlbauer Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 3. DATES COVERED 24 JAN 2012 2. REPORT TYPE 00-00-2012 to 00-00-2012 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER Formal Specification And Analysis Of Cloud Computing Management 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION Institute for Computer Science ,Teaching and research unit for REPORT NUMBER programming and software engineering ,Oettingenstr. 67. D-80538 Munich, Germany, , 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S) 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT Cloud Computing-based systems (i) are safety- and security-critical systems which have strong qualitative and quantitative formal requirements, (ii) have equally important timecritical performance-based quality of service properties (e.g., availability), and (iii) need to dynamically adapt to changes in the potentially hostile (e.g., distributed denial of service attacks) and often probabilistic environment they operate in. These aspects make distributed and Cloud-based systems complex and hard to design, build, test, and verify; and in this context, Cloud Computing management has to deal with a multitude of obstacles for the growth and adoption of the Cloud Computing paradigm. In this thesis, we focus on three of these obstacles: bugs in large distributed systems, service availability, and performance unpredictability. To tackle these challenges and the aforementioned complexity, we propose solutions based on executable formal specifications and formal analysis, using an adequate semantic framework. We chose rewriting logic as the semantic framework and Maude, a language and system based on rewriting logic that offers the possibility of executing and formally analyzing specifications, as the foundation for our work. The main contributions of this thesis are ? The specification of formal languages for the design and analysis of Cloud-based architectures. In particular, the rewriting logic-based specification of formal languages based on the coordination language and mobile calculus KLAIM. ? The specification of a modularized actor model of computation which incorporates the Russian Dolls model and fulfills the requirements for statistical model checking; thus allowing the specification of hierarchically structured distributed systems and their quantitative and qualitative formal analysis. ? The formal specification and formal analysis of the denial of service (DoS) defense mechanism ASV+SR, which is a combination of the DoS defense mechanism ASV and the Cloud-based resource provisioning mechanism SR. We show that ASV+SR provides stable availability at a reasonable cost; where stable availability means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. ? The formal specification of a Publish/Subscribe system that is used to (a) answer the question of how a Publish/Subscribe architecture can be enriched with Cloud-based dynamic resource provisioning mechanisms to better meet quality of service (QoS) requirements and (b) show that predictions about QoS properties can be made using statistical analysis. 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF 18. NUMBER 19a. NAME OF ABSTRACT OF PAGES RESPONSIBLE PERSON a. REPORT b. ABSTRACT c. THIS PAGE Same as 236 unclassified unclassified unclassified Report (SAR) Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Institut für Informatik Lehr- und Forschungseinheit für Programmierung und Softwaretechnik Oettingenstraße 67 D-80538 München Masterarbeit im Elitestudiengang Software Engineering Formal Specification and Analysis of Cloud Computing Management Tobias Johann Mühlbauer Matrikelnummer: 1110475 Erstgutachter: Prof. Dr. Martin Wirsing Zweitgutachter: Prof. Dr. Alexander Knapp Betreuer: Prof. Dr. José Meseguer Abgabe: 24. Januar 2012 Hiermit versichere ich, dass ich diese Masterarbeit selbständig verfasst habe. Ich habe dazu keine anderen als die angegebenen Quellen und Hilfsmittel verwendet. Tobias Johann Mühlbauer Augsburg, den 24. Januar 2012 Acknowledgements This thesis would not have been possible without helpful guidance and advice. I want to express my gratitude to everyone involved. My special thanks go to Prof. Dr. José Meseguer, for all his contributions of time, ideas, and guidance without which this thesis would nothavebeenpossible. IwanttothankProf. Meseguerforofferingmetheopportunity to work on this thesis at the University of Illinois at Urbana-Champaign and for the productive, inspiring, and funtime we spent inthe “Moraira research institute”. Ithas been my great honor to be your student. Prof. Dr. Martin Wirsing, for offering me this great thesis opportunity and for all his guidance and support throughout. His academic experience was invaluable during the work on this thesis. Prof. Dr. Alexander Knapp, for being a great teacher. Without the knowledge gained through his lectures I would have lacked the fundamentals to work on this thesis. Prof. Dr. Santiago Escobar, for all the inspiring conversations and fun I enjoyed with him, especially during coffee breaks. Prof. Musab Al-Turki, Ph.D., for all the great help he provided with the ASV protocol, statistical model checking, and the Maude system in general. Kyungmin Bae, Prof. Dr. Francisco Durán, Michael Katelman, Ph.D., Camilo Rocha, Dr. Raúl Gutiérrez, and Ralf Sasse, my colleagues andfriends, notonly forbeingsupportive during the work onthis thesis but also for the fun times we spent together. Prof. Klara Nahrstedt, Ph.D., and Guijun Wang, Ph.D., for all the advice they provided to the work on the formal specification and analysis of Publish/Subscribe systems. Denise and Ron Mazza, for giving me the possibility to stay in beautiful Cardiff-by-the-Sea where parts of this thesis originated. vii Acknowledgements Anita, Johann, and Verena Mühlbauer, my parents and my sister, for all their love and encouragement, and their support in all my pursuits. Thank you. Lastly,myveryspecialthanksgotoJonas Eckhardt,whohasbeenagreatcolleagueand friend over the past several months. The work in this thesis originated in collaboration with him and would not have been possible without his contributions of ideas and inspiration. Thank you for our sincere friendship and the fun time we spent together in the United States, in Spain, and throughout our studies in Germany. This work was funded in part by NSF Grant CCF 09-05584, AFOSR Grant FA8750- 11-2-0084, the EU-funded projects FP7-257414 ASCENS and FP7-256980 NESSoS, the PROSALMU scholarship forresearchstaysabroad, andtheSoftware Engineering EliteGrad- uate Program. viii