Conceptual Service Level Agreement Mechanism to Minimize the SLA Violation with SLA Negotiation Process in Cloud Computing Environment

تُستخدم الخدمة عبر الإنترنت لتكون بمثابة الدفع لكل استخدام في الحوسبة السحابية. لا يحتاج مستخدم الخدمة إلى عقد طويل مع مزودي الخدمات السحابية. اتفاقية مستوى الخدمة (SLAs) هي تفاهمات تم تحديدها بين مزودي الخدمة السحابية وغيرهم ، على سبيل المثال ، مستخدم الخدمة أو المشغل الوسيط أو المشغلين المراقبين. نظرًا لأن الحوسبة السحابية هي تقنية مستمرة تقدم العديد من الخدمات لتطبيقات الأعمال الأساسية وأنظمة قابلة للتكيف لإدارة الاتفاقيات عبر الإنترنت تعتبر مهمة تحافظ على اتفاقية مستوى الخدمةو جودة الخدمة لمستخدم السحابة. إذا فشل مزود الخدمة في الحفاظ على الخدمة المطلوبة ، فإن اتفاقية مستوى الخدمة تعتبر انتهاكًا لاتفاقية مستوى الخدمة. الهدف الرئيسي هو تقليل انتهاكات اتفاقية مستوى الخدمة (SLA) للحفاظ على جودة الخدمة لمستخدمي السحابة. في هذه المقالة البحثية ، اقترحنا صندوق أدوات للمساعدة في إجراء تبادل اتفاقية مستوى الخدمة مع مزودي الخدمة والذي سيمكن العميل السحابي من الإشارة إلى متطلبات جودة الخدمة واقترح خوارزمية بالإضافة إلى نموذج التفاوض من اجل التفاوض على الطلب مع الخدمة لمقدمي الخدمة لإنتاج اتفاقية أفضل بين مقدم الخدمة ومستهلك الخدمة السحابية. وبالتالي ، يمكن للإطار الذي تمت مناقشته تقليل انتهاكات اتفاقية مستوى الخدمة وكذلك خيبات الأمل في المفاوضات وتوسيع نطاق كفاية التكلفة. علاوة على ذلك ، فإن مجموعة أدوات اتفاقية مستوى الخدمة المقترحة منتجة بشكل إضافي للعملاء حتى يتمكن العملاء من تأمين سداد قيمة معقولة مقابل تقليل جودة الخدمة أو وقت التنازل. يوضح هذا البحث أنه يمكن الحفاظ على مستوى الضمان في موفري الخدمات السحابية من خلال نقل الخدمات دون انقطاع من منظور العميل.Online service is used to be as Pay-Per-Use in Cloud computing. Service user need not be in a long time contract with cloud service providers. Service level agreements (SLAs) are understandings marked between a cloud service providers and others, for example, a service user, intermediary operator, or observing operators. Since cloud computing is an ongoing technology giving numerous services to basic business applications and adaptable systems to manage online agreements are significant. SLA maintains the quality-of-service to the cloud user. If service provider fails to maintain the required service SLA is considered to be SLA violated. The main aim is to minimize the SLA violations for maintain the QoS of their cloud users. In this research article, a toolbox is proposed to help the procedure of exchanging of a SLA with the service providers that will enable the cloud client in indicating service quality demands and an algorithm as well as Negotiation model is also proposed to negotiate the request with the service providers to produce a better agreement between service provider and cloud service consumer. Subsequently, the discussed framework can reduce SLA violations as well as negotiation disappointments and have expanded cost-adequacy. Moreover, the suggested SLA toolkit is additionally productive to clients so clients can secure a sensible value repayment for diminished QoS or conceding time. This research shows the assurance level in the cloud service providers can be kept up by as yet conveying the services with no interruption from the client's perspectiv

Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas

The relationship between attackers and defenders has traditionally been asymmetric, with attackers having time as an upper hand to devise an exploit that compromises the defender. The push towards the Cloudification of the world makes matters more challenging, as it lowers the cost of an attack, with a de facto standardization on a set of protocols. The discovery of a vulnerability now has a broader impact on various verticals (business use cases), while previously, some were in a segregated protocol stack requiring independent vulnerability research. Furthermore, defining a perimeter within a cloudified system is non-trivial, whereas before, the dedicated equipment already created a perimeter. This proposal takes the newer technologies of network softwarization and virtualization, both Cloud-enablers, to create new dynamic security mechanisms that address this asymmetric relationship using novel Moving Target Defense (MTD) approaches. The effective use of the exploration space, combined with the reconfiguration capabilities of frameworks like Network Function Virtualization (NFV) and Management and Orchestration (MANO), should allow for adjusting defense levels dynamically to achieve the required security as defined by the currently acceptable risk. The optimization tasks and integration tasks of this thesis explore these concepts. Furthermore, the proposed novel mechanisms were evaluated in real-world use cases, such as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica, com os atacantes a terem o tempo como vantagem para conceberem uma exploração que comprometa o defensor. O impulso para a Cloudificação do mundo torna a situação mais desafiante, pois reduz o custo de um ataque, com uma padronização de facto sobre um conjunto de protocolos. A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em várias verticais (casos de uso empresarial), enquanto anteriormente, alguns estavam numa pilha de protocolos segregados que exigiam uma investigação independente das suas vulnerabilidades. Além disso, a definição de um perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento dedicado já criava um perímetro. Esta proposta toma as mais recentes tecnologias de softwarização e virtualização da rede, ambas facilitadoras da Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre esta relação assimétrica utilizando novas abordagens de Moving Target Defense (MTD). A utilização eficaz do espaço de exploração, combinada com as capacidades de reconfiguração de frameworks como Network Function Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir ajustar dinamicamente os níveis de defesa para alcançar a segurança necessária, tal como definida pelo risco actualmente aceitável. As tarefas de optimização e de integração desta tese exploram estes conceitos. Além disso, os novos mecanismos propostos foram avaliados em casos de utilização no mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Nature-inspired survivability: Prey-inspired survivability countermeasures for cloud computing security challenges

As cloud computing environments become complex, adversaries have become highly sophisticated and unpredictable. Moreover, they can easily increase attack power and persist longer before detection. Uncertain malicious actions, latent risks, Unobserved or Unobservable risks (UUURs) characterise this new threat domain. This thesis proposes prey-inspired survivability to address unpredictable security challenges borne out of UUURs. While survivability is a well-addressed phenomenon in non-extinct prey animals, applying prey survivability to cloud computing directly is challenging due to contradicting end goals. How to manage evolving survivability goals and requirements under contradicting environmental conditions adds to the challenges. To address these challenges, this thesis proposes a holistic taxonomy which integrate multiple and disparate perspectives of cloud security challenges. In addition, it proposes the TRIZ (Teorija Rezbenija Izobretatelskib Zadach) to derive prey-inspired solutions through resolving contradiction. First, it develops a 3-step process to facilitate interdomain transfer of concepts from nature to cloud. Moreover, TRIZ’s generic approach suggests specific solutions for cloud computing survivability. Then, the thesis presents the conceptual prey-inspired cloud computing survivability framework (Pi-CCSF), built upon TRIZ derived solutions. The framework run-time is pushed to the user-space to support evolving survivability design goals. Furthermore, a target-based decision-making technique (TBDM) is proposed to manage survivability decisions. To evaluate the prey-inspired survivability concept, Pi-CCSF simulator is developed and implemented. Evaluation results shows that escalating survivability actions improve the vitality of vulnerable and compromised virtual machines (VMs) by 5% and dramatically improve their overall survivability. Hypothesis testing conclusively supports the hypothesis that the escalation mechanisms can be applied to enhance the survivability of cloud computing systems. Numeric analysis of TBDM shows that by considering survivability preferences and attitudes (these directly impacts survivability actions), the TBDM method brings unpredictable survivability information closer to decision processes. This enables efficient execution of variable escalating survivability actions, which enables the Pi-CCSF’s decision system (DS) to focus upon decisions that achieve survivability outcomes under unpredictability imposed by UUUR

Systemic Risk and Vulnerability Analysis of Multi-cloud Environments

With the increasing use of multi-cloud environments, security professionals face challenges in configuration, management, and integration due to uneven security capabilities and features among providers. As a result, a fragmented approach toward security has been observed, leading to new attack vectors and potential vulnerabilities. Other research has focused on single-cloud platforms or specific applications of multi-cloud environments. Therefore, there is a need for a holistic security and vulnerability assessment and defense strategy that applies to multi-cloud platforms. We perform a risk and vulnerability analysis to identify attack vectors from software, hardware, and the network, as well as interoperability security issues in multi-cloud environments. Applying the STRIDE and DREAD threat modeling methods, we present an analysis of the ecosystem across six attack vectors: cloud architecture, APIs, authentication, automation, management differences, and cybersecurity legislation. We quantitatively determine and rank the threats in multi-cloud environments and suggest mitigation strategies.Comment: 27 pages, 9 figure

SciTech News Volume 71, No. 1 (2017)

Columns and Reports From the Editor 3 Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11 Reviews Sci-Tech Book News Reviews 12 Advertisements IEEE