Pages

Sunday, September 27, 2009

New Simple Cloud Storage API Launched

PHP/Zend, Microsoft, IBM, Rackspace, GoGrid and Nirvanix have launched a new low level cloud API for PHP called the "Simple Cloud API http://www.simplecloud.org/".

The API can best be described as low level storage focused API (An API for other API's). In a sense it's a way to create other higher level programmatic API interfaces such as REST or SOAP using an easy, yet portable PHP programming environment. The Simple API allows you to easily interact with a variety of cloud interfaces including support for File Storage, Document Storage, and Simple Queue services. The Simple Cloud API is not a web service; it is an API that exposes common operations in application services offered by different vendors, making it easier for PHP developers to build ‘cloud native’ applications.

According to the website http://www.simplecloud.org/, "The Simple Cloud API is here to bring cloud technologies to PHP and the PHP philosophy to the cloud. With it, developers can start writing scalable and highly available applications that are still *portable*. If you're looking for code to start playing around with immediately, you'll find the first file storage, document storage, and simple queue interfaces."

Interestingly the goal of API is not be a standard, but instead to foster an open source community that makes it easier for developers to use cloud application services by abstracting insignificant API differences. Another goal of this initiative is to define interfaces to be implemented as a new Zend Framework http://framework.zend.com/ component called ‘Zend_Cloud’. The Zend Framework will provide a repository of php appplication to host code for the Zend_Cloud.

Check out the project at http://www.simplecloud.org
Reblog this post [with Zemanta]

Wednesday, September 23, 2009

Enterprise mashup market to increase tenfold over next five years

A new report from Business Insights predicts that the enterprise mashup market, worth around $161 million in 2008, will expand more than tenfold to $1.74 billion by 2013.

About 33% of companies now use enterprise mashups, Business Insights says.

The catalyst for the enterprise mashup market will be SOA — Business Insights puts the SOA platform market at about $1.4 billion in 2008, which will double in size, to about $2.77 billion by 2014.

It’s interesting that the enterprise mashup market, which currently is about 11% the size of the overall SOA platform market, will soon be 63% the size, or getting close to comparable. This is huge for the front-end part of the equation, if these numbers pan out. But does it make sense?

Reblog this post [with Zemanta]

Friday, September 4, 2009

Researchers find a new way to attack the cloud

From: Researchers find a new way to attack the cloud

Amazon and Microsoft have been pushing cloud-computing services as a low-cost way to outsource raw computing power, but the products may introduce new security problems that have yet to be fully explored, according to researchers at the University of California, San Diego, and the Massachusetts Institute of Technology.

Cloud services can save companies money by allowing them to run new applications without having to buy new hardware. Services like Amazon’s Elastic Computer Cloud (EC2) host several different operating environments in virtual machines that run on a single computer. This lets Amazon squeeze more computing power out of each server on its network, but it may come at a cost, the researchers say.

In experiments with Amazon’s EC2 they showed that they could pull off some very basic versions of what are known as side-channel attacks. A side-channel attacker looks at indirect information related to the computer—the electromagnetic emanations from screens or keyboards, for example—to determine what is going on in the machine.

The researchers were able to pinpoint the physical server used by programs running on the EC2 cloud and then extract small amounts of data from these programs, by placing their own software there and launching a side-channel attack. Security experts say the attacks developed by the researchers are minor, but they believe side-channel techniques could lead to more serious problems for cloud computing.

In the past, some side-channel attacks have been very successful. In 2001, researchers at the University of California, Berkeley, showed how they were able to extract password information from an encrypted SSH (Secure Shell) data stream by performing a statistical analysis of the way keyboard strokes generated traffic on the network.

The UC and MIT researchers weren’t able to achieve anything that sophisticated, but they think their work may open the door to future research in this area. “A virtual machine is not proof against all of the kinds of side-channel attacks that we’ve been hearing about for years,” said Stefan Savage, associate professor with UC San Diego, and one of the authors of the paper.

By looking at the computer’s memory cache, the researchers were able to glean some basic information about when other users on the same machine were using a keyboard, for example to access the computer using an SSH terminal. They believe that by measuring the time between keystrokes they could eventually figure out what is being typed on the machine using the same techniques as the Berkeley researchers.

Virtual machines may do a good job of isolating operating systems and programs from each other, but there is always an opening for these side-channel attacks on systems that share resources, said Alex Stamos, a partner with security consultancy iSEC Partners. “It’s going to be a whole new class of bugs that people are going to have to fix in the next five years.”

His company has worked with a number of clients interested in cloud computing, but only if they can be assured that no one else is sharing the same machine. “I’m guessing the cloud-computing providers are going to be pushed by their clients to be able to provide physical machines.”

Amazon wasn’t quite ready to talk about side-channel attacks Thursday. “We take all security claims very seriously and are aware of this research,” a spokeswoman said. “We are investigating and will post updates to our security center.”

Reblog this post [with Zemanta]

ShareThis