微型化應用程式：適用於雲端環境中不同信任階級節點之網路應用程式架構

Abstract

在雲端運算環境的普及下，一個應用程式得以運用更豐沛的資源來運行同時亦擁有更理想的可擴充性；然而，雲端應用程式除了具備分散式架構的先天特性外，其安全性、可靠性等問題也相繼而生，應用程式開發者也必須開始考慮對於各雲端節點之信任程度。一個節點若由較有公信力之單位維護，或者其背後所提供之安全機制較為強健，則讓開發者認為較能信任，相對地可能需要為此支付較高費用來使用；較不受信任節點情況則相反，雖然可能由較不受信任之第三方維護，或者其不提供各項安全性的保證，但相對地，租用價格一般來說較能被開發者所接受，因此，開發者仍然可能考慮租用這類節點的資源來運行應用程式。 對於雲端環境中各節點被信任度不一的情況，一個雲端應用程式若能適當地依據安全需求分成多個微型化應用程式，分別置放在不同信任度節點上運行，讓應用程式中的機密資料被限制只在可信任節點上流動，讓應用程式資料之安全性獲得保障，同時又能讓應用程式其餘無機密相關的部分能夠充分運用較不受信任節點的運算能力來完成任務，就能讓開發者更有效率地使用資金利用運算資源，又無資料是否安全的疑慮。為此，我們提出一套應用程式架構讓開發者套用至應用程式上來達到這個目標，開發者可簡單地以傳統單機或叢集環境架構的思維來開發雲端應用程式，並透過指出特定之資料、程式碼的安全性需求和對各節點之信任程度，進而藉由本研究中設計的機制限制機密資料、程式碼在足夠受信任的節點間流動；而對於各微型化應用程式間之連結，我們提供了一套有狀態性遠端呼叫機制來串連，使其能正確地運行於雲端環境中不同信任階級的各個節點上。我們也嘗試將本研究中實作之應用程式架構雛型套用在現實世界的應用程式上運作。

Cloud computing allows web applications to be distributed across multiple nodes around the globe to achieve high scalability and richer functionality. However, a node may be owned by an untrusted third-party, who may be malicious or simply uncompetitive for ensuring the reliability and security of the node. Still, a developer may be tempted to deploy applications on untrusted nodes for cost-saving purposes, as a highly trusted node is presumably expensive due to the cost of reliability and security enhancements. Therefore, developers will have to consider the uneven trustworthiness of nodes when deploying applications in cloud. An application can be split into multiple micro applications, each of which corresponds to a different level of security requirement and then be deployed to a node that can meet the corresponding security requirement. This will ensure sensitive information of the application will not be flowed to untrustworthy nodes, while allowing those insensitive parts of the application to utilize the computing power of those nodes. We propose the MicroApp framework to apply the above concept to a web application that was originally developed for traditional on-premises environments. A developer just needs to indicate the security levels in the application’s code and data and the trust levels for the cloud nodes. MicroApp will automatically generate the corresponding micro applications satisfying the security requirements and interconnect them by stateful remote procedure calls to ensure the application functionality is preserved.