Data Analysis on Blockchain Distributed File Systems: Systematic Literature Review

The interest on the discovery of information hidden in large amounts of data exploded in the last decade, bringing to light the need of efficient and effective tools to access all sources and kinds of data. On the other hand, the need to secure and share valuable data led to the development of new technologies, like blockchain, that warrant data integrity and transparency. Combining both is a natural demand, but several issues become clear, such as the lack of access efficiency and the need of data replication in common solutions. Indeed, the unique existing approach is by emulating queries, mostly through Smart Contracts, and applying traditional machine learning algorithms over the resulting data, stored externally for allowing multiple accesses. In this paper, we performed a systematic literature review that provides the above conclusions. Later, we discuss a new system architecture for the analysis of data stored in a blockchain, exploring the scalability and high-performance of data access in distributed file systems and the fast and up-to-date predictions of a streaming analysis approach

Enhanced security architecture for support of credential repository in grid computing.

Grid Computing involves heterogeneous computers and resources, multiple administrative domains and the mechanisms and techniques for establishing and maintaining effective and secure communications between devices and systems. Both authentication and authorization are required. Current authorization models in each domain vary from one system to another, which makes it difficult for users to obtain authorization across multiple domains at one time. We propose an enhanced security architecture to provide support for decentralized authorization based on attribute certificates which may be accessed via the Internet. This allows the administration of privileges to be widely distributed over the Internet in support of autonomy for resource owners and providers. In addition, it provides a uniform approach for authorization which may be used by resource providers from various domains. We combine authentication with the authorization mechanism by using both MyProxy online credential repository and LDAP directory server. In our architecture, we use MyProxy server to store identity certificates for authentication, and utilize an LDAP server-based architecture to store attribute certificates for authorization. Using a standard web browser, a user may connect to a grid portal and allow the portal to retrieve those certificates in order to access grid resources on behalf of the user. Thus, our approach can make use of the online credential repository to integrate authentication, delegation and attribute based access control together to provide enhanced, flexible security for grid system. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .C54. Source: Masters Abstracts International, Volume: 43-01, page: 0231. Adviser: R. D. Kent. Thesis (M.Sc.)--University of Windsor (Canada), 2004

User authentication and remote execution across administrative domains

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 73-77).(cont.) selectively delegates authority to processes running on remote machines that need to access other resources. The delegation mechanism lets users incrementally construct trust policies for remote machines. Measurements of the system demonstrate that the modularity of REX's architecture does not come at the cost of performance.A challenge in today's Internet is providing easy collaboration across administrative boundaries. Using and sharing resources between individuals in different administrative domains should be just as easy and secure as sharing them within a single domain. This thesis presents a new authentication service and a new remote login and execution utility that address this challenge. The authentication service contributes a new design point in the space of user authentication systems. The system provides the flexibility to create cross-domain groups in the context of a global, network file system using a familiar, intuitive interface for sharing files that is similar to local access control mechanisms. The system trades off freshness for availability by pre-fetching and caching remote users and groups defined in other administrative domains, so the file server can make authorization decisions at file-access time using only local information. The system offers limited privacy for group lists and has all-or-nothing delegation to other administrative domains via nested groups. Experiments demonstrate that the authentication server scales to groups with tens of thousands of members. REX contributes a new architecture for remote execution that offers extensibility and security. To achieve extensibility, REX bases much of its functionality on a single new abstraction-emulated file descriptor passing across machines. This abstraction is powerful enough for users to extend REX's functionality in many ways without changing the core software or protocol. REX addresses security in two ways. First, the implementation internally leverages file descriptor passing to split the server into several smaller programs, reducing both privileged and remotely exploitable code. Second, REXby Michael Kaminsky.Ph.D

Analysis and performance optimization of e-mail server

Nowadays the use of electronic services and Internet communications are increasingly common among citizens and thus the demand for better services and better solutions is constantly growing. In recent years we have seen the emergence of new infrastructures and computing platforms as well as the improvement of the existing ones. The need to improve services and electronic communications is compelling and it requires constant monitoring and studying new solutions towards new infrastructures and platforms. To cope with the increase of tra c as well as the dimension of organizations, several architectures have been evolving, such as cluster or cloud computing, promising new paradigms of service delivery, which can possibility to solve many current problems such as scalability, increased storage and processing capacity, greater rationalization of resources, cost reduction, and increase in performance. However, there it is not clear if they are suitable to host e-mail servers. In this dissertation we perform the evaluation of the performance of e-mail servers, in di erent hosting architectures. Beyond computing platforms, was also analyze di erent server applications. Tests were run to determine which combinations of computer platforms and applications obtained better performances for the SMTP service and for services POP3/IMAP. The tests are performed by measuring the number of sessions per ammount of time, in several test scenarios. We used Qmail and Post x as SMTP servers and Qmail, Courier and Dovecot for POP and IMAP services. Nos dias de hoje, o uso de serviços de comunicações electrónicas e de Internet é cada vez mais comum entre os cidadãos. Neste sentido, a demanda por melhores serviços e melhores soluções est_a em constante crescimento. Nos últimos anos tem-se assistido ao aparecimento de novas infra-estruturas e plataformas de computação, bem como a melhoria das já existentes. A constante necessidade de melhorar os serviços e comunicações electrónicas exige um constante acompanhamento e estudo de novas soluções para novas infra-estruturas e plataformas. Para lidar com o aumento do tráfego, bem como a dimensão da organizações, várias arquitecturas foram evoluindo, tais como o cluster ou cloud computing, promissores de novos paradigmas de prestação de serviços, que podem possibilitar a resolução de muitos dos problemas actuais, tais como escalabilidade, maior armazenamento e capacidade de processamento, uma maior racionalização de recursos, redução de custos e aumento no desempenho. No entanto, não está claro se estes estão adequados para os servidores de e-mail. Nesta dissertação realizamos a avaliação do desempenho dos servidores de e-mail em diferentes arquitecturas. Para além das plataformas de computação, também foram analisadas diferentes aplicações servidoras. Foram realizados testes para determinar que combinações de plataformas de computação e aplicações obtêm melhor desempenho para o serviço SMTP e para os serviços POP3/IMAP. Os testes são realizados através da medição do número de sessões por quantidade de tempo, em vários cenários de teste. Optou-se por usar o Qmail e o Post_x como serviço de SMTP e servidores Qmail, Courier e Dovecot para os serviços POP e IMAP

On the Application of Identity-Based Cryptography in Grid Security

This thesis examines the application of identity-based cryptography (IBC) in designing security infrastructures for grid applications. In this thesis, we propose a fully identity-based key infrastructure for grid (IKIG). Our proposal exploits some interesting properties of hierarchical identity-based cryptography (HIBC) to replicate security services provided by the grid security infrastructure (GSI) in the Globus Toolkit. The GSI is based on public key infrastructure (PKI) that supports standard X.509 certificates and proxy certificates. Since our proposal is certificate-free and has small key sizes, it offers a more lightweight approach to key management than the GSI. We also develop a one-pass delegation protocol that makes use of HIBC properties. This combination of lightweight key management and efficient delegation protocol has better scalability than the existing PKI-based approach to grid security. Despite the advantages that IKIG offers, key escrow remains an issue which may not be desirable for certain grid applications. Therefore, we present an alternative identity-based approach called dynamic key infrastructure for grid (DKIG). Our DKIG proposal combines both identity-based techniques and the conventional PKI approach. In this hybrid setting, each user publishes a fixed parameter set through a standard X.509 certificate. Although X.509 certificates are involved in DKIG, it is still more lightweight than the GSI as it enables the derivation of both long-term and proxy credentials on-the-fly based only on a fixed certificate. We also revisit the notion of secret public keys which was originally used as a cryptographic technique for designing secure password-based authenticated key establishment protocols. We introduce new password-based protocols using identity-based secret public keys. Our identity-based techniques can be integrated naturally with the standard TLS handshake protocol. We then discuss how this TLS-like identity-based secret public key protocol can be applied to securing interactions between users and credential storage systems, such as MyProxy, within grid environments

On the Adoption Dynamics of Internet Technologies: Models and Case Studies

Today, more than any time in history, our life-styles depend on networked systems, ranging from power grids to the Internet and social networks. From shopping online to attending a conference via P2P technologies, the Internet is changing the way we perform certain tasks, which incentivizes more users to join the network. This user population growth as well as higher demand for a better access to the Internet call for its expansion and development, and therefore, fuel the emergence of new Internet technologies. However, many such technologies fail to get adopted by their target user population due to various technical or socio-economical problems. Understanding these (adoption) problems and the factors that play a significant role in them, not only gives researchers a better insight into the dynamics of Internet technology adoption, but also provides them with enhanced guidelines for designing new Internet technologies. The primary motivation of this thesis is, therefore, to provide researchers and network technology developers with an insight into what factors are responsible for, or at least correlated with, the success or failure of an Internet technology. We start by delving deeply into (arguably) the salient adoption problem the Internet has faced in its 40+ years of existence, and continues to face for at least a foreseeable future, namely, IPv6 adoption. The study is composed of an extensive measurement component, in addition to models that capture the roles of different Internet stakeholders in the adoption of IPv6. Then, we extend it to a broad set of Internet protocols, and investigate the factors that affect their adoptions. The findings show performance as the primary factor that not only affected the adoption of IPv6, but also plays a role in the adoption of any other network data plane protocol. Moreover, they show how backward compatibility as well as other factors can affect the adoption of various protocols. The study provides a number of models and methodologies that can be extended to other similar problems in various research areas, such as network technology adoption and design, two-sided markets, and network economics

XSEDE: eXtreme Science and Engineering Discovery Environment Third Quarter 2012 Report

The Extreme Science and Engineering Discovery Environment (XSEDE) is the most advanced, powerful, and robust collection of integrated digital resources and services in the world. It is an integrated cyberinfrastructure ecosystem with singular interfaces for allocations, support, and other key services that researchers can use to interactively share computing resources, data, and expertise.This a report of project activities and highlights from the third quarter of 2012.National Science Foundation, OCI-105357