Sensor-cloud architecture: a taxonomy of security issues in cloud-assisted sensor networks

© 2021 The Authors. Published by IEEE. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://ieeexplore.ieee.org/document/9451213The orchestration of cloud computing with wireless sensor network (WSN), termed as sensor-cloud, has recently gained remarkable attention from both academia and industry. It enhances the processing and storage capabilities of the resources-constrained sensor networks in various applications such as healthcare, habitat monitoring, battlefield surveillance, disaster management, etc. The diverse nature of sensor network applications processing and storage limitations on the sensor networks, which can be overcome through integrating them with the cloud paradigm. Sensor-cloud offers numerous benefits such as flexibility, scalability, collaboration, automation, virtualization with enhanced processing and storage capabilities. However, these networks suffer from limited bandwidth, resource optimization, reliability, load balancing, latency, and security threats. Therefore, it is essential to secure the sensor-cloud architecture from various security attacks to preserve its integrity. The main components of the sensor-cloud architecture which can be attacked are: (i) the sensor nodes; (ii) the communication medium; and (iii) the remote cloud architecture. Although security issues of these components are extensively studied in the existing literature; however, a detailed analysis of various security attacks on the sensor-cloud architecture is still required. The main objective of this research is to present state-of-the-art literature in the context of security issues of the sensor-cloud architecture along with their preventive measures. Moreover, several taxonomies of the security attacks from the sensor-cloud’s architectural perspective and their innovative solutions are also provided.This work was supported by the Taif University, Taif, Saudi Arabia, through the Taif University Researchers Supporting Project under Grant TURSP-2020/126.Published versio

Quantitative risk assessment under multi-context environments

Doctor of PhilosophyDepartment of Computing and Information SciencesXinming OuIf you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hardening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network without a feasible risk prioritization methodology. Unlike height, weight or temperature, risk from vulnerabilities is sophisticated to assess and the assessment is heavily context-dependent. Existing vulnerability assessment methodologies (e.g. CVSS scoring system, etc) mainly focus on the evaluation over intrinsic risk of individual vulnerabilities without taking their contexts into consideration. Vulnerability assessment over network usually output one aggregated metric indicating the security level of each host. However, none of these work captures the severity change of each individual vulnerabilities under different contexts. I have captured a number of such contexts for vulnerability assessment. For example, the correlation of vulnerabilities belonging to the same application should be considered while aggregating their risk scores. At system level, a vulnerability detected on a highly depended library code should be assigned with a higher risk metric than a vulnerability on a rarely used client side application, even when the two have the same intrinsic risk. Similarly at cloud environment, vulnerabilities with higher prevalences deserve more attention. Besides, zero-day vulnerabilities are largely utilized by attackers therefore should not be ignored while assessing the risks. Historical vulnerability information at application level can be used to predict underground risks. To assess vulnerability with a higher accuracy, feasibility, scalability and efficiency, I developed a systematic vulnerability assessment approach under each of these contexts.

Cost-Based Automatic Recovery Policy in Data Centers

Today's data centers either provide critical applications to organizations or host computing clouds used by huge Internet populations. Their size and complex structure make management difficult, causing high operational cost. The large number of servers with various different hardware and software components cause frequent failures and need continuous recovery work. Much of the operational cost is from this recovery work. While there is significant research related to automatic recovery, from automatic error detection to different automatic recovery techniques, there is currently no automatic solution that can determine the exact fault, and hence the preferred recovery action. There is some study on how to automatically select a suitable recovery action without knowing the fault behind the error. In this thesis we propose an estimated-total-cost model based on analysis of the cost and the recovery-action-success probability. Our recovery-action selection is based on minimal estimated-total-cost; we implement three policies to use this model under different considerations of failed recovery attempts. The preferred policy is to reduce the recovery action-success probability when it failed to fix the error; we also study different reduction coefficients in this policy. To evaluate the various policies, we design and implement a simulation environment. Our simulation experiments demonstrate significant cost improvement over previous research based on simple heuristic models