SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)

A Software Defined Networking Architecture for DDoS-Attack in the storage of Multi-Microgrids

Multi-microgrid systems can improve the resiliency and reliability of the power system network. Secure communication for multi-microgrid operation is a crucial issue that needs to be investigated. This paper proposes a multi-controller software defined networking (SDN) architecture based on fog servers in multi-microgrids to improve the electricity grid security, monitoring and controlling. The proposed architecture defines the support vector machine (SVM) to detect the distributed denial of service (DDoS) attack in the storage of microgrids. The information of local SDN controllers on fog servers is managed and supervised by the master controller placed in the application plane properly. Based on the results of attack detection, the power scheduling problem is solved and send a command to change the status of tie and sectionalize switches. The optimization application on the cloud server implements the modified imperialist competitive algorithm (MICA) to solve this stochastic mixed-integer nonlinear problem. The effective performance of the proposed approach using an SDN-based architecture is evaluated through applying it on a multi-microgrid based on IEEE 33-bus radial distribution system with three microgrids in simulation results

Multi-stakeholder Interactive Simulation for Federated Satellite Systems

Federated satellite systems (FSS) are a new class of space-based systems which emphasize a distributed architecture. New information exchanging functions among FSS members enable data transportation, storage, and processing as on-orbit services. As a system-of-systems, however there are significant technical and social barriers to designing a FSS. To mitigate these challenges, this paper develops a multi-stakeholder interactive simulation for use in future design activities. An FSS simulation interface is defined using the High Level Architecture to include orbital and surface assets and associated transmitters, receivers, and signals for communication. Sample simulators (federates) using World Wind and Orekit open source libraries are applied in a prototype simulation (federation). The application case studies a conceptual FSS using the International Space Station (ISS) as a service platform to serve Earth-observing customers in sun-synchronous orbits (SSO). Results identify emergent effects between FSS members including favorable ISS power conditions and potential service bottlenecks to serving SSO customers

Monitoring Large-Scale Cloud Systems with Layered Gossip Protocols

Monitoring is an essential aspect of maintaining and developing computer systems that increases in difficulty proportional to the size of the system. The need for robust monitoring tools has become more evident with the advent of cloud computing. Infrastructure as a Service (IaaS) clouds allow end users to deploy vast numbers of virtual machines as part of dynamic and transient architectures. Current monitoring solutions, including many of those in the open-source domain rely on outdated concepts including manual deployment and configuration, centralised data collection and adapt poorly to membership churn. In this paper we propose the development of a cloud monitoring suite to provide scalable and robust lookup, data collection and analysis services for large-scale cloud systems. In lieu of centrally managed monitoring we propose a multi-tier architecture using a layered gossip protocol to aggregate monitoring information and facilitate lookup, information collection and the identification of redundant capacity. This allows for a resource aware data collection and storage architecture that operates over the system being monitored. This in turn enables monitoring to be done in-situ without the need for significant additional infrastructure to facilitate monitoring services. We evaluate this approach against alternative monitoring paradigms and demonstrate how our solution is well adapted to usage in a cloud-computing context.Comment: Extended Abstract for the ACM International Symposium on High-Performance Parallel and Distributed Computing (HPDC 2013) Poster Trac

Towards Transaction as a Service

This paper argues for decoupling transaction processing from existing two-layer cloud-native databases and making transaction processing as an independent service. By building a transaction as a service (TaaS) layer, the transaction processing can be independently scaled for high resource utilization and can be independently upgraded for development agility. Accordingly, we architect an execution-transaction-storage three-layer cloud-native database. By connecting to TaaS, 1) the AP engines can be empowered with ACID TP capability, 2) multiple standalone TP engine instances can be incorporated to support multi-master distributed TP for horizontal scalability, 3) multiple execution engines with different data models can be integrated to support multi-model transactions, and 4) high performance TP is achieved through extensive TaaS optimizations and consistent evolution. Cloud-native databases deserve better architecture: we believe that TaaS provides a path forward to better cloud-native databases

Multi-Paradigm Reasoning for Access to Heterogeneous GIS

Accessing and querying geographical data in a uniform way has become easier in recent years. Emerging standards like WFS turn the web into a geospatial web services enabled place. Mediation architectures like VirGIS overcome syntactical and semantical heterogeneity between several distributed sources. On mobile devices, however, this kind of solution is not suitable, due to limitations, mostly regarding bandwidth, computation power, and available storage space. The aim of this paper is to present a solution for providing powerful reasoning mechanisms accessible from mobile applications and involving data from several heterogeneous sources. By adapting contents to time and location, mobile web information systems can not only increase the value and suitability of the service itself, but can substantially reduce the amount of data delivered to users. Because many problems pertain to infrastructures and transportation in general and to way finding in particular, one cornerstone of the architecture is higher level reasoning on graph networks with the Multi-Paradigm Location Language MPLL. A mediation architecture is used as a “graph provider” in order to transfer the load of computation to the best suited component – graph construction and transformation for example being heavy on resources. Reasoning in general can be conducted either near the “source” or near the end user, depending on the specific use case. The concepts underlying the proposal described in this paper are illustrated by a typical and concrete scenario for web applications

System architecture and deployment scenarios for SESAME: small cEllS coordinAtion for Multi-tenancy and Edge services

The surge of the Internet traffic with exabytes of data flowing over operators’ mobile networks has created the need to rethink the paradigms behind the design of the mobile network architecture. The inadequacy of the 4G UMTS Long term Evolution (LTE) and even of its advanced version LTE-A is evident, considering that the traffic will be extremely heterogeneous in the near future and ranging from 4K resolution TV to machine-type communications. To keep up with these changes, academia, industries and EU institutions have now engaged in the quest for new 5G technology. In this paper we present the innovative system design, concepts and visions developed by the 5G PPP H2020 project SESAME (Small cEllS coordinAtion for Multi-tenancy and Edge services). The innovation of SESAME is manifold: i) combine the key 5G small cells with cloud technology, ii) promote and develop the concept of Small Cells-as-a-Service (SCaaS), iii) bring computing and storage power at the mobile network edge through the development of non-x86 ARM technology enabled micro-servers, and iv) address a large number of scenarios and use cases applying mobile edge computing