351,707 research outputs found
UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications
In Service Oriented Architecture (SOA) environment, a software application is a
composition of services, which are scattered across enterprises and architectures.
Security plays a vital role during the design, development and operation of SOA
applications. However, analysis of today's software development approaches reveals
that the engineering of security into the system design is often neglected. Security is
incorporated in an ad-hoc manner or integrated during the applications development
phase or administration phase or out sourced. SOA security is cross-domain and all of
the required information is not available at downstream phases. The post-hoc, low-level
integration of security has a negative impact on the resulting SOA applications. General
purpose modeling languages like Unified Modeling Language (UML) are used for
designing the software system; however, these languages lack the knowledge of the
specific domain and "security" is one of the essential domains. A Domain Specific
Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of
security objectives along the business process modeling of SOA applications.
Furthermore, Saleem's MDS (Model Driven Security) services composition framework
is proposed for the development of a secure web service composition
Service-Oriented Ad Hoc Grid Computing
Subject of this thesis are the design and implementation of an ad hoc Grid infrastructure. The vision of an ad hoc Grid further evolves conventional service-oriented Grid systems into a more robust, more flexible and more usable environment that is still standards compliant and interoperable with other Grid systems. A lot of work in current Grid middleware systems is focused on providing transparent access to high performance computing (HPC) resources (e.g. clusters) in virtual organizations spanning multiple institutions. The ad hoc Grid vision presented in this thesis exceeds this view in combining classical Grid components with more flexible components and usage models, allowing to form an environment combining dedicated HPC-resources with a large number of personal computers forming a "Desktop Grid".
Three examples from medical research, media research and mechanical engineering are presented as application scenarios for a service-oriented ad hoc Grid infrastructure. These sample applications are also used to derive requirements for the runtime environment as well as development tools for such an ad hoc Grid environment.
These requirements form the basis for the design and implementation of the Marburg ad hoc Grid Environment (MAGE) and the Grid Development Tools for Eclipse (GDT). MAGE is an implementation of a WSRF-compliant Grid middleware, that satisfies the criteria for an ad hoc Grid middleware presented in the introduction to this thesis. GDT extends the popular Eclipse integrated development environment by components that support application development both for traditional service-oriented Grid middleware systems as well as ad hoc Grid infrastructures such as MAGE. These development tools represent the first fully model driven approach to Grid service development integrated with infrastructure management components in service-oriented Grid computing.
This thesis is concluded by a quantitative discussion of the performance overhead imposed by the presented extensions to a service-oriented Grid middleware as well as a discussion of the qualitative improvements gained by the overall solution. The conclusion of this thesis also gives an outlook on future developments and areas for further research.
One of these qualitative improvements is "hot deployment" the ability to install and remove Grid services in a running node without interrupt to other active services on the same node. Hot deployment has been introduced as a novelty in service-oriented Grid systems as a result of the research conducted for this thesis. It extends service-oriented Grid computing with a new paradigm, making installation of individual application components a functional aspect of the application.
This thesis further explores the idea of using peer-to-peer (P2P networking for Grid computing by combining a general purpose P2P framework with a standard compliant Grid middleware. In previous work the application of P2P systems has been limited to replica location and use of P2P index structures for discovery purposes. The work presented in this thesis also uses P2P networking to realize seamless communication accross network barriers. Even though the web service standards have been designed for the internet, the two-way communication requirement introduced by the WSRF-standards and particularly the notification pattern is not well supported by the web service standards. This defficiency can be answered by mechanisms that are part of such general purpose P2P communication frameworks.
Existing security infrastructures for Grid systems focus on protection of data during transmission and access control to individual resources or the overall Grid environment. This thesis focuses on security issues within a single node of a dynamically changing service-oriented Grid environment. To counter the security threads arising from the new capabilities of an ad hoc Grid, a number of novel isolation solutions are presented. These solutions address security issues and isolation on a fine-grained level providing a range of applicable basic mechanisms for isolation, ranging from lightweight system call interposition to complete para-virtualization of the operating systems
UML-SOA-Sec and Saleem’s MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications
In Service Oriented Architecture (SOA) environment, a software application is a
composition of services, which are scattered across enterprises and architectures.
Security plays a vital role during the design, development and operation of SOA
applications. However, analysis of today’s software development approaches reveals
that the engineering of security into the system design is often neglected. Security is
incorporated in an ad-hoc manner or integrated during the applications development
phase or administration phase or out sourced. SOA security is cross-domain and all of
the required information is not available at downstream phases. The post-hoc, low-level
integration of security has a negative impact on the resulting SOA applications. General
purpose modeling languages like Unified Modeling Language (UML) are used for
designing the software system; however, these languages lack the knowledge of the
specific domain and “security” is one of the essential domains. A Domain Specific
Language (DSL), named the “UML-SOA-Sec” is proposed to facilitate the modeling of
security objectives along the business process modeling of SOA applications.
Furthermore, Saleem’s MDS (Model Driven Security) services composition framework
is proposed for the development of a secure web service composition
Optimizing security and flexibility by designing a high security system for e-government servers
E-government is one of the most popular applications in the Web base applications.It helps people to do those work online, access the government sites, apply for online jobs, access to important data from the government database, and on top of that it also helps the government employees to access cameras and sensors over the country. However there are many challenges to keep the government data safe and secure in an open environment (network).Therefore, this paper is proposed to discuss two issues.In the first stage how to keep the data in safe, where this paper introduces many applications that guarantee a very high security for accessing and editing of data.The paper also carries a new design for E-government servers in which the authors try to distribute the security service on each line to avoid any attack from out or inside. The second issue is to ensure the flexibility of the data flow from the servers to the user which is the second challenge in the design.The experiment shows a good expected result, with the new approach have a high security and at the same time flexible E-government access.This paper provides a different view and uses a mixture of technologies to achieve a high security rate that will not affect different user's access.E-Government environment is subject to multiple security challenges, thus this paper proposed a model on how to secure the servers and how to ensure the flexibility of the system, in a simple way balance between a lot of security tools and the appreciate protecting vs. granting the flexible data flow up and download to the user
Cloud-native RStudio on Kubernetes for Hopsworks
In order to fully benefit from cloud computing, services are designed
following the "multi-tenant" architectural model, which is aimed at maximizing
resource sharing among users. However, multi-tenancy introduces challenges of
security, performance isolation, scaling, and customization. RStudio server is
an open-source Integrated Development Environment (IDE) accessible over a web
browser for the R programming language. We present the design and
implementation of a multi-user distributed system on Hopsworks, a
data-intensive AI platform, following the multi-tenant model that provides
RStudio as Software as a Service (SaaS). We use the most popular cloud-native
technologies: Docker and Kubernetes, to solve the problems of performance
isolation, security, and scaling that are present in a multi-tenant
environment. We further enable secure data sharing in RStudio server instances
to provide data privacy and allow collaboration among RStudio users. We
integrate our system with Apache Spark, which can scale and handle Big Data
processing workloads. Also, we provide a UI where users can provide custom
configurations and have full control of their own RStudio server instances. Our
system was tested on a Google Cloud Platform cluster with four worker nodes,
each with 30GB of RAM allocated to them. The tests on this cluster showed that
44 RStudio servers, each with 2GB of RAM, can be run concurrently. Our system
can scale out to potentially support hundreds of concurrently running RStudio
servers by adding more resources (CPUs and RAM) to the cluster or system.Comment: 8 pages, 4 figure
Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study
Cloud computing has emerged as a popular paradigm and an attractive model for
providing a reliable distributed computing model.it is increasing attracting
huge attention both in academic research and industrial initiatives. Cloud
deployments are paramount for institution and organizations of all scales. The
availability of a flexible, free open source cloud platform designed with no
propriety software and the ability of its integration with legacy systems and
third-party applications are fundamental. Open stack is a free and opensource
software released under the terms of Apache license with a fragmented and
distributed architecture making it highly flexible. This project was initiated
and aimed at designing a secured cloud infrastructure called BradStack, which
is built on OpenStack in the Computing Laboratory at the University of
Bradford. In this report, we present and discuss the steps required in
deploying a secured BradStack Multi-node cloud infrastructure and conducting
Penetration testing on OpenStack Services to validate the effectiveness of the
security controls on the BradStack platform. This report serves as a practical
guideline, focusing on security and practical infrastructure related issues. It
also serves as a reference for institutions looking at the possibilities of
implementing a secured cloud solution.Comment: 38 pages, 19 figures
- …