650 research outputs found
A Tree-based protocol for enforcing quotas in clouds
Services are increasingly being hosted on cloud
nodes to enhance their performance and increase their availability.
The virtually unlimited availability of cloud resources
enables service owners to consume resources without quantitative restrictions, paying only for what they use. To avoid cost overruns, resource consumption must be controlled and capped when necessary. We present a distributed tree-based protocol for managing quotas in clouds that minimizes communication overheads and reduces the time required to determine whether a quota has been exhausted. Experimental evaluation shows that our protocol reduces communication costs by 42% relative to a
distributed baseline solution and is up to 15 times faster
Environmental ethics in Antarctica
Includes bibliographical references.The concerns of environmental ethics on other continents fail in Antarctica, which is without sustainable development, or ecosystems for a "land ethic," or even familiar terrestrial fauna and flora. An Antarctic regime, developing politically, has been developing an ethics, underrunning the politics, remarkably exemplified in the Madrid Protocol, protecting "the intrinsic value of Antarctica." Without inhabitants, claims of sovereignty are problematic. Antarctica is a continent for scientists and, more recently, tourists. Both focus on wild nature. Life is driven to extremes; these extremes can intensify an ethic. Antarctica as common heritage transforms into wilderness, sanctuary, wonderland. An appropriate ethics for the seventh continent differs radically from that for the other six
Game-Theoretic Frameworks and Strategies for Defense Against Network Jamming and Collocation Attacks
Modern networks are becoming increasingly more complex, heterogeneous, and densely connected. While more diverse services are enabled to an ever-increasing number of users through ubiquitous networking and pervasive computing, several important challenges have emerged. For example, densely connected networks are prone to higher levels of interference, which makes them more vulnerable to jamming attacks. Also, the utilization of software-based protocols to perform routing, load balancing and power management functions in Software-Defined Networks gives rise to more vulnerabilities that could be exploited by malicious users and adversaries. Moreover, the increased reliance on cloud computing services due to a growing demand for communication and computation resources poses formidable security challenges due to the shared nature and virtualization of cloud computing. In this thesis, we study two types of attacks: jamming attacks on wireless networks and side-channel attacks on cloud computing servers. The former attacks disrupt the natural network operation by exploiting the static topology and dynamic channel assignment in wireless networks, while the latter attacks seek to gain access to unauthorized data by co-residing with target virtual machines (VMs) on the same physical node in a cloud server. In both attacks, the adversary faces a static attack surface and achieves her illegitimate goal by exploiting a stationary aspect of the network functionality. Hence, this dissertation proposes and develops counter approaches to both attacks using moving target defense strategies. We study the strategic interactions between the adversary and the network administrator within a game-theoretic framework. First, in the context of jamming attacks, we present and analyze a game-theoretic formulation between the adversary and the network defender. In this problem, the attack surface is the network connectivity (the static topology) as the adversary jams a subset of nodes to increase the level of interference in the network. On the other side, the defender makes judicious adjustments of the transmission footprint of the various nodes, thereby continuously adapting the underlying network topology to reduce the impact of the attack. The defender\u27s strategy is based on playing Nash equilibrium strategies securing a worst-case network utility. Moreover, scalable decomposition-based approaches are developed yielding a scalable defense strategy whose performance closely approaches that of the non-decomposed game for large-scale and dense networks. We study a class of games considering discrete as well as continuous power levels. In the second problem, we consider multi-tenant clouds, where a number of VMs are typically collocated on the same physical machine to optimize performance and power consumption and maximize profit. This increases the risk of a malicious virtual machine performing side-channel attacks and leaking sensitive information from neighboring VMs. The attack surface, in this case, is the static residency of VMs on a set of physical nodes, hence we develop a timed migration defense approach. Specifically, we analyze a timing game in which the cloud provider decides when to migrate a VM to a different physical machine to mitigate the risk of being compromised by a collocated malicious VM. The adversary decides the rate at which she launches new VMs to collocate with the victim VMs. Our formulation captures a data leakage model in which the cost incurred by the cloud provider depends on the duration of collocation with malicious VMs. It also captures costs incurred by the adversary in launching new VMs and by the defender in migrating VMs. We establish sufficient conditions for the existence of Nash equilibria for general cost functions, as well as for specific instantiations, and characterize the best response for both players. Furthermore, we extend our model to characterize its impact on the attacker\u27s payoff when the cloud utilizes intrusion detection systems that detect side-channel attacks. Our theoretical findings are corroborated with extensive numerical results in various settings as well as a proof-of-concept implementation in a realistic cloud setting
Undermining Isolation through Covert Channels in the Fiasco.OC Microkernel
In the new age of cyberwars, system designers have
come to recognize the merits of building critical systems on top
of small kernels for their ability to provide strong isolation at
system level. This is due to the fact that enforceable isolation is
the prerequisite for any reasonable security policy. Towards this
goal we examine some internals of Fiasco.OC, a microkernel of
the prominent L4 family. Despite its recent success in certain highsecurity
projects for governmental use, we prove that Fiasco.OC
is not suited to ensure strict isolation between components meant
to be separated.
Unfortunately, in addition to the construction of system-wide
denial of service attacks, our identified weaknesses of Fiasco.OC
also allow covert channels across security perimeters with high
bandwidth. We verified our results in a strong affirmative way
through many practical experiments. Indeed, for all potential use
cases of Fiasco.OC we implemented a full-fledged system on its
respective archetypical hardware: Desktop server/workstation on
AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on
ARM Cortex A9 CPU. The measured peak channel capacities
ranging from 13500 bits/s (Cortex-A9 device) to 30500 bits/s
(desktop system) lay bare the feeble meaningfulness of Fiasco.
OC’s isolation guarantee. This proves that Fiasco.OC cannot
be used as a separation kernel within high-security areas
Governance of Cloud-hosted Web Applications
Cloud computing has revolutionized the way developers implement and deploy applications. By running applications on large-scale compute infrastructures and programming platforms that are remotely accessible as utility services, cloud computing provides scalability, high availability, and increased user productivity.Despite the advantages inherent to the cloud computing model, it has also given rise to several software management and maintenance issues. Specifically, cloud platforms do not enforce developer best practices, and other administrative requirements when deploying applications. Cloud platforms also do not facilitate establishing service level objectives (SLOs) on application performance, which are necessary to ensure reliable and consistent operation of applications. Moreover, cloud platforms do not provide adequate support to monitor the performance of deployed applications, and conduct root cause analysis when an application exhibits a performance anomaly.We employ governance as a methodology to address the above mentioned issues prevalent in cloud platforms. We devise novel governance solutions that achieve administrative conformance, developer best practices, and performance SLOs in the cloud via policy enforcement, SLO prediction, performance anomaly detection and root cause analysis. The proposed solutions are fully automated, and built into the cloud platforms as cloud-native features thereby precluding the application developers from having to implement similar features by themselves. We evaluate our methodology using real world cloud platforms, and show that our solutions are highly effective and efficient
Cloud computing with an emphasis on PaaS and Google app engine
Thesis on cloud with an emphasis on PaaS and Google App Engin
Efficient System-Enforced Deterministic Parallelism
Deterministic execution offers many benefits for debugging, fault tolerance, and security. Current methods of executing parallel programs deterministically, however, often incur high costs, allow misbehaved software to defeat repeatability, and transform time-dependent races into input- or path-dependent races without eliminating them. We introduce a new parallel programming model addressing these issues, and use Determinator, a proof-of-concept OS, to demonstrate the model's practicality. Determinator's microkernel API provides only “shared-nothing” address spaces and deterministic interprocess communication primitives to make execution of all unprivileged code—well-behaved or not—precisely repeatable. Atop this microkernel, Determinator's user-level runtime adapts optimistic replication techniques to offer a private workspace model for both thread-level and process-level parallel programing. This model avoids the introduction of read/write data races, and converts write/write races into reliably-detected conflicts. Coarse-grained parallel benchmarks perform and scale comparably to nondeterministic systems, on both multicore PCs and across nodes in a distributed cluster
- …