INDIGO-Datacloud: foundations and architectural description of a Platform as a Service oriented to scientific computing

Software Engineering.-- et al.In this paper we describe the architecture of a Platform as a Service (PaaS) oriented to computing and data analysis. In order to clarify the choices we made, we explain the features using practical examples, applied to several known usage patterns in the area of HEP computing. The proposed architecture is devised to provide researchers with a unified view of distributed computing infrastructures, focusing in facilitating seamless access. In this respect the Platform is able to profit from the most recent developments for computing and processing large amounts of data, and to exploit current storage and preservation technologies, with the appropriate mechanisms to ensure security and privacy.INDIGO-DataCloud is co-founded by the Horizon 2020Framework Programme.Peer reviewe

Deployment and Operation of Complex Software in Heterogeneous Execution Environments

This open access book provides an overview of the work developed within the SODALITE project, which aims at facilitating the deployment and operation of distributed software on top of heterogeneous infrastructures, including cloud, HPC and edge resources. The experts participating in the project describe how SODALITE works and how it can be exploited by end users. While multiple languages and tools are available in the literature to support DevOps teams in the automation of deployment and operation steps, still these activities require specific know-how and skills that cannot be found in average teams. The SODALITE framework tackles this problem by offering modelling and smart editing features to allow those we call Application Ops Experts to work without knowing low level details about the adopted, potentially heterogeneous, infrastructures. The framework offers also mechanisms to verify the quality of the defined models, generate the corresponding executable infrastructural code, automatically wrap application components within proper execution containers, orchestrate all activities concerned with deployment and operation of all system components, and support on-the-fly self-adaptation and refactoring

Authentication of professionals in the RTS e-Health system

This paper describes the design and implementation of a PKI-based e-Health authentication architecture. This architecture was developed to authenticate e-Health Professionals accessing RTS (Rede Telemática da Saúde), a regional platform for sharing clinical data among a set of affiliated health institutions. The architecture had to accommodate specific RTS requirements, namely the security of Professionals' credentials, the mobility of Professionals, and the scalability to accommodate new health institutions. The adopted solution uses short lived certificates and cross-certification agreements between RTS and e-Health institutions for authenticating Professionals accessing the RTS. These certificates carry as well the Professional's role at their home institution for role-based authorization. Trust agreements between health institutions and RTS are necessary in order to make the certificates recognized by the RTS. As a proof of concept, a prototype was implemented with Windows technology. The presented authentication architecture is intended to be applied to other medical telematic systems

Extending Office 365 with Microsoft Azure

The topic of this thesis is extending Office 365 with cloud services offered by Microsoft Azure. The purpose of this thesis is to identify and present Azure services which can be used to extend Office 365 functionality. The most essential services and tools are covered from built-in services to custom solutions. In addition to Azure services, Office 365 application programming interfaces are also covered as they can be used with several extension scenarios. Both Office 365 and Azure are rapidly developing cloud platforms that are constantly transforming and offering new features. This thesis will compare cloud solutions to traditional on-premises solutions and will also cover a few upcoming Azure features that can be used to extend Office 365 in the future. Almost all Azure services can be used to extend Office 365 in some way but the study is focused on common Office 365 extension scenarios. General description of each Azure service is given, after which the use cases with Office 365 are specified. This thesis provides an overview on Office 365 extension with a modern cloud computing platform. The extension scenarios are sorted under three topics which describe the usage with Office 365. Several Azure services are covered on some extension scenarios, comparing the options to achieve the most suitable solution for the case. A more profound study is presented of a single specific Office 365 extension scenario.Tässä opinnäytetyössä tutkittiin Office 365 -tuoteperheen laajentamista Microsoftin Azure-pilvipalveluiden avulla. Tavoitteena opinnäytetyössä oli selvittää, mitä Azuren palveluita voidaan käyttää Office 365 -laajentamisessa. Tutkimus on rajattu kaikkein olennaisimpiin Azuren palveluihin. Työssä kuvataan laajennusmahdollisuuksia sisäänrakennetuista palveluista ja työkaluista räätälöityihin ratkaisuihin. Azuren palveluiden lisäksi opinnäytetyössä kuvataan Office 365 -rajapinnat, jotka liittyvät moneen käsiteltävään laajennustapaukseen. Sekä Office 365 että Azure ovat Microsoftin nopeasti kehittyviä pilvipalveluja, jotka muuttuvat koko ajan tarjoten uusia ominaisuuksia. Tämä opinnäytetyö vertaa pilviratkaisuja perinteisiin paikallisiin ratkaisuihin ja esittelee myös muutaman uuden Azure-palvelun, joita voidaan hyödyntää Office 365 -laajentamisessa tulevaisuudessa. Lähes jokaista Azuren palvelua voidaan jollakin tavalla hyödyntää Office 365 -kehityksessä, mutta tutkimuksessa pyrittiin löytämään ratkaisuja yleisimpiin Office 365 -laajennustapauksiin. tarkennetaan palveluun liittyvät Office 365 -käyttötapaukset sekä palvelun käyttö kehitystyössä. Opinnäytetyö antaa kokonaiskuvan Office 365 -laajentamisesta modernin pilvipalvelun kautta. Laajennustapaukset ovat jaoteltu työssä muutaman kokonaisuuden alle. Joidenkin tapausten kohdalla kuvataan useampi Azure-palvelu, joita vertailemalla saadaan selville tapaukseen parhaiten sopiva ratkaisu. Yhden laajentamistapauksen rakentaminen Azure-palvelun avulla kuvataan opinnäytetyössä tarkemmin

Access control system for the epidemic marketplace

Tese de mestrado em Engenharia Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2013A Epidemic Marketplace (EM) é uma plataforma de integração e partilha de dados epidemiológicos. As questões da privacidade constituem sempre um aspecto muito delicado nos repositórios de plataformas desta natureza, já que envolvem a partilha de dados sensíveis. Os utilizadores requerem que lhes seja assegurado o acesso aos seus dados de acordo com políticas de acesso bem definidas. Para suportar tal requisito, o modelo de controlo de acesso suportado pela EM é baseado em grupos (GBAC). Numa primeira versão da plataforma, os recursos apenas podiam ser partilhados com grupos estáticos, o que limitava a expressividade das especificações. Além disso, a plataforma tinha problemas de desempenho que derivavam de uma implementação inicial, não escalável, do sistema de controlo de acesso. Neste trabalho, apresentam-se as soluções desenvolvidas para aumento da escalabilidade da EM e fornecimento de mecanismos mais expressivos para a partilha de recursos através da especificação de grupos dinâmicos. Dada a popularidade das redes sociais, a utilização dos grupos dinâmicos foi estendida para possibilitar a sua integração com estas redes, permitindo que os utilizadores da EM criem grupos baseados em ligações das redes sociais. A EM foi desenvolvida no âmbito do projecto Europeu Epiwork, que teve como objectivos monitorar surtos epidemiológicos, guardar os dados recolhidos e utilizá-los em modelos matemáticos destinados a simular e a melhor entender a disseminação de doenças.The Epidemic Marketplace (EM) is a platform for integrating and sharing epidemiological data. Privacy issues are always a delicate matter when users intend to store sensitive data in such repositories. The users require assurance that their data access will always be in compliance with defined policies. The access control model of the EM uses Group-Based Access Control (GBAC). However, in an initial version of the platform resources could only be shared with static groups, leading to a lack of expressiveness. In addition, the EM platform had performance limitations that derived from using a nonscalable access control system implementation which could only perform simple access control changes. This work reports how performance issues with the platform have been solved and its scalability improved. In addition, EM users have the possibility of sharing their resources with dynamic groups, which, being rule based, provide more expressive mechanisms to share data. Given the current popularity of Social Networks, dynamic groups have been integrated with Social Networks, enabling EM users to create groups based on Social connections, obtained from Social Networks. Such groups rely on user approval for granting EM access to Social Network data. The EM has been developed in part within the EU-funded Epiwork project, whose main concerns include monitoring epidemiological outbreaks, storing that data and feeding it to mathematical models for simulating and better understanding the dissemination of diseases

Securing cloud service archives for function and data shipping in industrial environments

Cloud Computing paradigm needs a standard for portability, and automated deployment and management of cloud services, to eliminate vendor lock-in and minimization of management efforts respectively. Topology and Orchestration Specification for Cloud Applications (TOSCA) language provides such standard by employing semantics for representation of components and business processes of a cloud application. Advancements in the fields of Cloud Computing and Internet of Things (IoT) has opened new research areas to support 4th industrial revolution (Industry 4.0), which in turn has resulted in the emergence of smart services. One application of smart services is predictive maintenance, which enables the anticipation of future devicesí states by implementing functions, for example, analytics algorithms, and collecting huge amounts of data from sensors. Considering performance demands and runtime constraints, either the data can be shipped to the function site, called data shipping or the functionality is provisioned closely to the data site, called function shipping. However, since this data can contain confidential information, it has to be assured that access to the data is strictly controlled. Although TOSCA already enables defining policies in general, a concrete data security policy approach is missing. Moreover, constituents of TOSCA are packaged in a self-contained and portable archive, called Cloud Service Archive (CSAR), which is also required to be secured and restricted to authorized personals only. Taking the above facts into account, the goal of this thesis is to refine and enhance the TOSCA standard to the field of smart services in production environments through the usage of policies, for example, being effectively able to define the security aspects. In this thesis, various available policy languages with frameworks supporting them are researched, and their applicability for the field of Industry 4.0 is analyzed. An approach is formulated with one language selected, to define policies for TOSCA compliant cloud applications. Furthermore, a prototype is developed to secure the content of CSAR using the proposed approach

A Survey of Dataspace Connector Implementations

The concept of dataspaces aims to facilitate secure and sovereign data exchange among multiple stakeholders. Technical implementations known as "connectors" support the definition of usage control policies and the verifiable enforcement of such policies. This paper provides an overview of existing literature and reviews current open-source dataspace connector implementations that are compliant with the International Data Spaces (IDS) standard. To assess maturity and readiness, we review four implementations with regard to their architecture, underlying data model and usage control language.Comment: 12 pages, 5 figure

USER CENTRIC POLICY MANAGEMENT

Internet use, in general, and online social networking sites, in particular, are ex- periencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protect- ing this information is a challenge. Access control policy composition is complex, laborious and tedious for the average user. Usable access control frameworks have lagged. Acceptance / use of available frameworks is low. As a result, policies are only partially configured and maintained. Or, they may be all together ignored. This leads to privacy information and content not being properly protected and potentially unknowingly made available to unintended recipients. We overcome these limitations by introducing User Centric Policy Management – a new paradigm of semi-automated tools that aid users in building, recommending and maintaining their online access control policies. We introduce six user centric policy management assistance tools: Policy Manager is a supervised learning based mech- anism that leverages user provided example policy settings to build classifiers that are the basis for auto-generated policies. Assisted Friend Grouping leverages proven clustering techniques to assist users in grouping their friends for policy management purposes. Same-As Subject Management leverages a user’s memory and opinion of their friends to set policies for other similar friends. Example Friend Selection pro- vides different techniques for aiding users in selecting friends used in the development of access control policies. Same-As Object Management leverages a user’s memory and perception of their objects for setting policies for other similar objects. iLayer is a least privilege based access control model for web and social networking sites that builds, recommends and enforces access control policies for third party developed applications. To demonstrate the effectiveness of these policy management assistance tools, we implemented a suite of prototype applications, conducted numerous experiments and completed a number of extensive user studies. The results show that User Centric Pol- icy Management is a more usable access control framework that is effective, efficient and satisfying to the user, which ultimately improves online security and privacy