92,544 research outputs found
A Governance Framework for Mitigating Risks and Uncertainty in Collaborative Business Processes
International audienceThe development of collaborative business process relies mostly on software services spanning multiple organizations. Therefore, uncertainty related to the shared assets and risks of Intellectual Property infringement form major concerns and hamper the development of inter-enterprise collaboration. This paper proposes a governance framework to enhance trust and assurance in such collaborative context, coping with the impacts of Cloud infrastructure. First, a collaborative security requirements engineering approach analyzes assets sharing relations in business process, to identify risks and uncertainties and, therefore, elicits partners’ security requirements and profiles. Then, a ‘due usage’ aware policy model supports negotiation between asset provider’s requirements and consumer’s profiles. The enforcement mechanism adapts to dynamic business processes and Cloud infrastructures to provide end-to-end protection on shared assets
Game-Theoretic Foundations for Forming Trusted Coalitions of Multi-Cloud Services in the Presence of Active and Passive Attacks
The prominence of cloud computing as a common paradigm for offering Web-based services has led to an unprecedented proliferation in the number of services that are deployed in cloud data centers. In parallel, services' communities and cloud federations have gained an increasing interest in the recent past years due to their ability to facilitate the discovery, composition, and resource scaling issues in large-scale services' markets. The problem is that the existing community and federation formation solutions deal with services as traditional software systems and overlook the fact that these services are often being offered as part of the cloud computing technology, which poses additional challenges at the architectural, business, and security levels.
The motivation of this thesis stems from four main observations/research gaps that we have drawn through our literature reviews and/or experiments, which are: (1) leading cloud services such as Google and Amazon do not have incentives to group themselves into communities/federations using the existing community/federation formation solutions; (2) it is quite difficult to find a central entity that can manage the community/federation formation process in a multi-cloud environment; (3) if we allow services to rationally select their communities/federations without considering their trust relationships, these services might have incentives to structure themselves into communities/federations consisting of a large number of malicious services; and (4) the existing intrusion detection solutions in the domain of cloud computing are still ineffective in capturing advanced multi-type distributed attacks initiated by communities/federations of attackers since they overlook the attacker's strategies in their design and ignore the cloud system's resource constraints.
This thesis aims to address these gaps by (1) proposing a business-oriented community formation model that accounts for the business potential of the services in the formation process to motivate the participation of services of all business capabilities, (2) introducing an inter-cloud trust framework that allows services deployed in one or disparate cloud centers to build credible trust relationships toward each other, while overcoming the collusion attacks that occur to mislead trust results even in extreme cases wherein attackers form the majority, (3) designing a trust-based game theoretical model that enables services to distributively form trustworthy multi-cloud communities wherein the number of malicious services is minimal, (4) proposing an intra-cloud trust framework that allows the cloud system to build credible trust relationships toward the guest Virtual Machines (VMs) running cloud-based services using objective and subjective trust sources, (5) designing and solving a trust-based maxmin game theoretical model that allows the cloud system to optimally distribute the detection load among VMs within a limited budget of resources, while considering Distributed Denial of Service (DDoS) attacks as a practical scenario, and (6) putting forward a resource-aware comprehensive detection and prevention system that is able to capture and prevent advanced simultaneous multi-type attacks within a limited amount of resources.
We conclude the thesis by uncovering some persisting research gaps that need further study and investigation in the future
Security supportive energy-aware scheduling and energy policies for cloud environments
Cloud computing (CC) systems are the most popular computational environments for providing elastic
and scalable services on a massive scale. The nature of such systems often results in energy-related
problems that have to be solved for sustainability, cost reduction, and environment protection.
In this paper we defined and developed a set of performance and energy-aware strategies for resource
allocation, task scheduling, and for the hibernation of virtual machines. The idea behind this model is to
combine energy and performance-aware scheduling policies in order to hibernate those virtual machines
that operate in idle state. The efficiency achieved by applying the proposed models has been tested using
a realistic large-scale CC system simulator. Obtained results show that a balance between low energy
consumption and short makespan can be achieved.
Several security constraints may be considered in this model. Each security constraint is characterized
by: (a) Security Demands (SD) of tasks; and (b) Trust Levels (TL) provided by virtual machines. SD and TL
are computed during the scheduling process in order to provide proper security services.
Experimental results show that the proposed solution reduces up to 45% of the energy consumption
of the CC system. Such significant improvement was achieved by the combination of an energy-aware
scheduler with energy-efficiency policies focused on the hibernation of VMs.COST Action IC140
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
Evolution Oriented Monitoring oriented to Security Properties for Cloud Applications
Internet is changing from an information space to a dynamic computing
space. Data distribution and remotely accessible software
services, dynamism, and autonomy are prime attributes. Cloud technology
offers a powerful and fast growing approach to the provision
of infrastructure (platform and software services) avoiding the high
costs of owning, operating, and maintaining the computational
infrastructures required for this purpose. Nevertheless, cloud technology
still raises concerns regarding security, privacy, governance,
and compliance of data and software services offered through it.
Concerns are due to the difficulty to verify security properties of
the different types of applications and services available through
cloud technology, the uncertainty of their owners and users about
the security of their services, and the applications based on them,
once they are deployed and offered through a cloud. This work
presents an innovative and novel evolution-oriented, cloud-specific
monitoring model (including an architecture and a language) that
aim at helping cloud application developers to design and monitor
the behavior and functionality of their applications in a cloud
environment.Universidad de Málaga. Campus de Excelencia Internacional AndalucÃa Tech
Context-Awareness Enhances 5G Multi-Access Edge Computing Reliability
The fifth generation (5G) mobile telecommunication network is expected to
support Multi- Access Edge Computing (MEC), which intends to distribute
computation tasks and services from the central cloud to the edge clouds.
Towards ultra-responsive, ultra-reliable and ultra-low-latency MEC services,
the current mobile network security architecture should enable a more
decentralized approach for authentication and authorization processes. This
paper proposes a novel decentralized authentication architecture that supports
flexible and low-cost local authentication with the awareness of context
information of network elements such as user equipment and virtual network
functions. Based on a Markov model for backhaul link quality, as well as a
random walk mobility model with mixed mobility classes and traffic scenarios,
numerical simulations have demonstrated that the proposed approach is able to
achieve a flexible balance between the network operating cost and the MEC
reliability.Comment: Accepted by IEEE Access on Feb. 02, 201
A Secure and Fair Resource Sharing Model for Community Clouds
Cloud computing has gained a lot of importance and has been one of the most discussed segment of today\u27s IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is developed which makes the resource availability and usage transparent to the community so that members can make informed decisions about their own resource requirements based on the resource usage and availability within the community. Furthermore, the fair-share model discusses methods that can be employed to address situations when the demand for a resource is higher than the resource availability in the resource pool. Various methods that include reduction in the requested amount of resource, early release of the resources and taxing members have been studied, Based on comparisons of these methods along with the advantages and disadvantages of each model outlined, a hybrid method that only taxes members for unused resources is developed. All these methods have been studied through simulations
- …