Research and Development on Dynamic Security Detection / Mediation Control Technology in Hybrid Cloud

研究成果の概要 (和文) : ハイブリッドクラウドにおける動的セキュリティ検知・調停制御技術に対し、計画に基づき推進し、当初目標を達成した。動的セキュリティ検知では、場のリスクを計算するセキュリティ場の基本理論構築ならびにプロトタイプを開発した。異種ネットワーク間のセキュリティポリシーでは、ポリシーを陽に表現するサービスモデルを新たに提案しLoAエレベーションを加えた基盤のプロトタイプを構築した。最適データ配置では、秘密分散を用いた分散データ管理を提案し、パブリッククラウドのみの最適組み合わせによりプライベートクラウドより廉価な構成となることを示した。これらは、論文発表するとともに成果論文集を発行し関係機関に広く周知した。研究成果の概要 (英文) : This project promoted according to the schedule and achieved the original purpose. About dynamic security detection, the new basic theory of the security field which calculates the risk of the field was created. Moreover, functions for the management of entrance / exit control to the security field was developed as a prototype of dynamic security detection and is evaluated. About the security policy between different networks, the service model which can explicitly express a service policy was proposed and the prototype which makes an authentication level variable dynamically adding LoA elevation was developed. About optimized data arrangement, the distributed data management approach using secret sharing scheme was proposed and developed. In addition, it was shown to enable the combination with the high confidentiality and availability at a lower price than the private cloud by the best combinations only of public clouds. The collection of contributed papers had been published

A Comparison of Cloud Computing Platforms

Cloud computing concept has overhauled the entire structure representation, required for the implementation of IT Infrastructure. This cloud computing approach is gradually eliminating the existing client server system and grid computing. The capabilities associated with the innovation of cloud computing have given rise to users to develop and share different applications on the internet infrastructure. This has also led to the ability to access data at each computer node anytime and anywhere across computer network without limitation of resource requirement or hardware demands. This paper explores the underlying platform that is used by computer architects to design and module cloud computing in order to satisfy the usage requirement. Existing cloud computing module and services can influence and shape the future of IT infrastructure and their development. A comparison of four cloud computing platform namely: AbiCloud, Eucalyptus, Nimbus, and OpenNebula cloud will be presented

Detecting Specific Types of DDoS Attacks in Cloud Environment by Using Anomaly Detection

RÉSUMÉ Un des avantages les plus importants de l'utilisation du cloud computing est d'avoir des services sur demande, et donc la méthode de paiement dans l'environnement du cloud est de type payer selon l'utilisation (pay per use). Cette caractéristique introduit un nouveau type d'attaque de déni des services appelée déni économique de la durabilité (Economic Denial of Sustainability EDoS) où le client paie des montants supplémentaires au fournisseur du cloud à cause de l'attaque. Les attaques DDoS avec leur nouvelle version sont divisées en trois catégories: 1) Les attaques de consommation de la bande passante. 2) Les attaques qui ciblent des applications spécifiques. 3) Les attaques d'épuisement sur la couche des connections. Dans ce travail, nous avons proposé un nouveau modèle pour détecter précisément les différents types des attaques DDoS et EDoS en comparant le trafic et l'utilisation des ressources dans des situations normale et d'attaque. Des caractéristiques (features) qui sont liées au trafic et à l'utilisation des ressources dans le cas de chaque attaque ont été recueillies. Elles constituent les métriques de notre modèle de détection. Dans la conception de notre modèle, nous avons utilisé les caractéristiques liées à tous les 3 types d'attaques puisque les caractéristiques d'un type d'attaque jouent un rôle important pour détecter un autre type. En effet, pour trouver un point de changement dans l'utilisation des ressources et le comportement du trafic nous avons utilisé l'algorithme des sommes cumulées CUSUM. La précision de notre algorithme a ensuite été étudiée en comparant sa performance avec celle d'un travail populaire précédent. Le taux de détection du modele était élevé, Ce qui indique la haute précision de l'algorithme conçu.----------ABSTRACT One of the most important benefits of using cloud computing is to have on-demand services; accordingly the method of payment in cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS) in which the customer pays extra to the cloud provider because of the attack. DDoS attacks and a new version of these attacks which called EDoS attack are divided into three different categories: 1) Bandwidth–consuming attacks, 2) Attacks which target specific applications and 3) Connection–layer exhaustion attacks. In this work we proposed a novel and inclusive model to precisely detect different types of DDoS and EDoS attacks by comparing the traffic and resource usage in normal and attack situations. Features which are related to traffic and resource usage in each attack were collected as the metrics of our detection model. In designing our model, we used the metrics related to all 3 types of attacks since features of one kind of attack play an important role to detect another type. Moreover, to find a change point in resource usage and traffic behavior we used CUSUM algorithm. The accuracy of our algorithm was then investigated by comparing its performance with one of the popular previous works. Achieving a higher rate of correct detection in our model proved the high accuracy of the designed algorithm

Estudio para la implementación de nubes híbridas en establecimientos educativos. Caso de estudio: LTIC de la Facultad de Ingeniería de Sistemas de la Pontificia Universidad Católica del Ecuador.

Desde hace algunos años atrás los establecimientos educativos producen grandes cantidades de datos diariamente, estos datos deben ser tratados con mucho cuidado ya que son importes, como, por ejemplo: Se manejan datos financieros, información personal del alumno, información de docentes, notas de cada estudiante, etc. La información anteriormente mencionada tiene que ser almacenada en algún sitio que brinde la seguridad necesaria para que los datos se mantengan íntegros y a su mismo tiempo disponibles. Debido a la gran cantidad de información que manejan los establecimientos educativos, se ven en la necesidad de poner su información en la nube. En la cual se ha encontrado un ambiente en el que se combina los dos tipos de nubes existes que son: Públicas y Privadas (Judith, Marcia, Fern, & Daniel Kirsch, 2012). Donde las nubes privadas son muy costosas debido a que se debe realizar una fuerte inversión inicial en la implementación de infraestructura local. Mientras tanto las nubes públicas no tienen la seguridad garantizada debido a que a estas se pueden acceder por medio de un proveedor de servicio de Internet y se encuentran en desarrollo, por lo mencionado anteriormente los centros de estudio se han visto en la necesidad de implementar alguna variante al alojamiento de datos con el que se venía trabajando (Judith, Marcia, Fern, & Daniel Kirsch, 2012). En la actualidad, la variante que se encuentra en las nubes es la de utilizar una nube híbrida la cual es más que una colección de servicios desconectados que se ejecutan en diferentes plataformas. Es una forma pragmática en la que los centros de estudio están comenzando a buscar la mejor plataforma para proporcionar los tipos de servicios que se adapten de mejor manera a las necesidades de los componentes internos y externos de cada empresa (Judith, Marcia, Fern, & Daniel Kirsch, 2012). Estos centros de estudio deben tener una visión de crecimiento constante, por lo cual no tienen que arriesgar su economía y se ven en la necesida

A Machine Learning Framework for Optimising File Distribution Across Multiple Cloud Storage Services

Storing data using a single cloud storage service may lead to several potential problems for the data owner. Such issues include service continuity, availability, performance, security, and the risk of vendor lock-in. A promising solution is to distribute the data across multiple cloud storage services , similarly to the manner in which data are distributed across multiple physical disk drives to achieve fault tolerance and to improve performance . However, the distinguishing characteristics of different cloud providers, in term of pricing schemes and service performance, make optimising the cost and performance across many cloud storage services at once a challenge. This research proposes a framework for automatically tuning the data distribution policies across multiple cloud storage services from the client side, based on file access patterns. The aim of this work is to explore the optimisation of both the average cost per gigabyte and the average service performance (mainly latency time) on multiple cloud storage services . To achieve these aims, two machine learning algorithms were used: 1. supervised learning to predict file access patterns. 2. reinforcement learning to learn the ideal file distribution parameters. File distribution over several cloud storage services . The framework was tested in a cloud storage services emulator, which emulated a real multiple-cloud storage services setting (such as Google Cloud Storage, Amazon S3, Microsoft Azure Storage, and Rack- Space file cloud) in terms of service performance and cost. In addition, the framework was tested in various settings of several cloud storage services. The results of testing the framework showed that the multiple cloud approach achieved an improvement of about 42% for cost and 76% for performance. These findings indicate that storing data in multiple clouds is a superior approach, compared with the commonly used uniform file distribution and compared with a heuristic distribution method