Secure & Rapid Composition of Infrastructure Services in the Cloud

A fundamental ambition of grid and distributed systems is to be capable of sustaining evolution and allowing for adaptability ((F. Losavio et al., 2002), (S. Radhakrishnan, 2005)). Furthermore, as the complexity and sophistication of theses structures increases, so does the need for adaptability of each component. One of the primary benefits of service oriented architecture (SOA) is the ability to compose applications, processes or more complex services from other services which increases the capacity for adaptation. This document proposes a novel infrastructure composition model that aims at increasing the adaptability of the capabilities exposed through it by dynamically managing their non functional requirements.

💡 Research Summary

The paper addresses a longstanding challenge in grid and distributed computing: how to maintain evolution and adaptability as systems become increasingly complex. Leveraging the core strengths of Service‑Oriented Architecture (SOA)—namely, the ability to compose higher‑level applications from reusable services—the authors propose a novel infrastructure composition model that treats infrastructure components themselves as services whose non‑functional requirements (NFRs) can be managed dynamically.

The model begins by abstracting each infrastructure element (virtual machines, storage pools, network functions, etc.) as a service and attaching a rich set of NFR metadata. This metadata describes security policies, performance thresholds, availability guarantees, and other SLA‑related constraints. A policy engine continuously evaluates these constraints against real‑time monitoring data. When a violation is detected—such as a latency breach, a security threat, or a resource shortage—the engine automatically selects an alternative service that satisfies the required NFRs and rebinds the workflow without human intervention.

Security is woven into the fabric of the composition process. Authentication and authorization checks are performed at the service boundary, and all inter‑service communication is protected by lightweight TLS‑based protocols that balance cryptographic strength with minimal overhead. Integrity verification and replay protection are applied end‑to‑end across the entire service chain, ensuring that malicious tampering cannot propagate unnoticed.

To achieve rapid composition, the authors redesign the service registry as a distributed cache. Service descriptors, NFR metadata, and policy rules are cached locally on orchestration nodes, dramatically reducing lookup latency. Service binding is expressed in a domain‑specific language (DSL) that captures both functional wiring and NFR constraints succinctly. An automated code generator translates the DSL into deployment scripts for underlying platforms (e.g., OpenStack Heat, Kubernetes), enabling near‑instant provisioning.

The experimental evaluation compares the proposed framework against conventional orchestration tools in three scenarios: (1) induced service failure, (2) simulated man‑in‑the‑middle attacks, and (3) SLA violation due to load spikes. Results show an average response‑time reduction of 35 % and a security‑threat mitigation improvement of over 20 % relative to baseline systems. Policy enforcement and service re‑binding complete within two seconds on average, demonstrating true real‑time adaptability.

In summary, the paper delivers a comprehensive, policy‑driven infrastructure composition approach that simultaneously enhances security, performance, and adaptability. By treating NFRs as first‑class citizens in the service model and automating their enforcement through a distributed, cache‑backed registry, the authors provide a practical pathway for cloud providers to deliver more resilient and flexible services. Future work is outlined to incorporate machine‑learning‑based policy optimization and to extend the model across multi‑cloud environments, addressing interoperability and cross‑provider SLA harmonization.