50 research outputs found
Security in Distributed, Grid, Mobile, and Pervasive Computing
This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security
SLA Violation Detection Model and SLA Assured Service Brokering (SLaB) in Multi-Cloud Architecture
Cloud brokering facilitates CSUs to find cloud services according to their requirements. In the current practice, CSUs or Cloud Service Brokers (CSBs) select cloud services according to SLA committed by CSPs in their website. In our observation, it is found that most of the CSPs do not fulfill the service commitment mentioned in the SLA agreement. Verified cloud service performances against their SLA commitment of CSPs provide an additional trust on CSBs to recommend services to the CSUs. In this thesis work, we propose a SLA assured service-brokering framework, which considers both committed and delivered SLA by CSPs in cloud service recommendation to the users.
For the evaluation of the performance of CSPs, two evaluation techniques: Heat Map and IFL are proposed, which include both directly measurable and non-measurable parameters in the performance evaluation CSPs. These two techniques are implemented using real data measured from CSPs. The result shows that Heat Map technique is more transparent and consistent in CSP performance evaluation than IFL technique. In this work, regulatory compliance of the CSPs is also analyzed and visualized in performance heat map table to provide legal status of CSPs. Moreover, missing points in their terms of service and SLA document are analyzed and recommended to add in the contract document. In the revised European GPDR, DPIA is going to be mandatory for all organizations/tools. The decision recommendation tool developed using above mentioned evaluation techniques may cause potential harm to individuals in assessing data from multiple CSPs. So, DPIA is carried out to assess the potential harm/risks to individuals due to our tool and necessary precaution to be taken in the tool to minimize possible data privacy risks. It also analyzes the service pattern and future performance behavior of CSPs to help CSUs in decision making to select appropriate CSP
Service level agreement specification for IoT application workflow activity deployment, configuration and monitoring
PhD ThesisCurrently, we see the use of the Internet of Things (IoT) within various domains
such as healthcare, smart homes, smart cars, smart-x applications, and smart
cities. The number of applications based on IoT and cloud computing is projected
to increase rapidly over the next few years. IoT-based services must meet
the guaranteed levels of quality of service (QoS) to match users’ expectations.
Ensuring QoS through specifying the QoS constraints using service level agreements
(SLAs) is crucial. Also because of the potentially highly complex nature
of multi-layered IoT applications, lifecycle management (deployment, dynamic
reconfiguration, and monitoring) needs to be automated. To achieve this it is
essential to be able to specify SLAs in a machine-readable format.
currently available SLA specification languages are unable to accommodate
the unique characteristics (interdependency of its multi-layers) of the IoT domain.
Therefore, in this research, we propose a grammar for a syntactical structure
of an SLA specification for IoT. The grammar is based on a proposed conceptual
model that considers the main concepts that can be used to express the requirements
for most common hardware and software components of an IoT application
on an end-to-end basis. We follow the Goal Question Metric (GQM) approach to
evaluate the generality and expressiveness of the proposed grammar by reviewing
its concepts and their predefined lists of vocabularies against two use-cases
with a number of participants whose research interests are mainly related to IoT.
The results of the analysis show that the proposed grammar achieved 91.70% of
its generality goal and 93.43% of its expressiveness goal.
To enhance the process of specifying SLA terms, We then developed a toolkit
for creating SLA specifications for IoT applications. The toolkit is used to simplify
the process of capturing the requirements of IoT applications. We demonstrate
the effectiveness of the toolkit using a remote health monitoring service (RHMS)
use-case as well as applying a user experience measure to evaluate the tool by
applying a questionnaire-oriented approach. We discussed the applicability of our
tool by including it as a core component of two different applications: 1) a contextaware
recommender system for IoT configuration across layers; and 2) a tool for
automatically translating an SLA from JSON to a smart contract, deploying it
on different peer nodes that represent the contractual parties. The smart contract
is able to monitor the created SLA using Blockchain technology. These two
applications are utilized within our proposed SLA management framework for IoT.
Furthermore, we propose a greedy heuristic algorithm to decentralize workflow
activities of an IoT application across Edge and Cloud resources to enhance
response time, cost, energy consumption and network usage. We evaluated the
efficiency of our proposed approach using iFogSim simulator. The performance
analysis shows that the proposed algorithm minimized cost, execution time, networking,
and Cloud energy consumption compared to Cloud-only and edge-ward
placement approaches
Supporting Autonomic Management of Clouds: Service-Level-Agreement, Cloud Monitoring and Similarity Learning
Cloud computing has grown rapidly during the past few
years and has become a fundamental paradigm in the Information
Technology (IT) area. Clouds enable dynamic, scalable
and rapid provision of services through a computer network,
usually the Internet. However, managing and optimising
clouds and their services in the presence of dynamism and
heterogeneity is one of the major challenges faced by industry
and academia. A prominent solution is resorting to selfmanagement
as fostered by autonomic computing.
Self-management requires knowledge about the system and
the environment to enact the self-* properties. Nevertheless,
the characteristics of cloud, such as large-scale and dynamism,
hinder the knowledge discovery process. Moreover, cloud systems
abstract the complexity of the infrastructure underlying
the provided services to their customers, which obfuscates
several details of the provided services and, thus, obstructs
the effectiveness of autonomic managers.
While a large body of work has been devoted to decisionmaking
and autonomic management in the cloud domain,
there is still a lack of adequate solutions for the provision of
knowledge to these processes.
In view of the lack of comprehensive solutions for the provision
of knowledge to the autonomic management of clouds,
we propose a theoretical and practical framework which addresses
three major aspects of this process: (i) the definition
of services’ provision through the specification of a formal
language to define Service-Level-Agreements for the cloud domain;
(ii) the collection and processing of information through
an extensible knowledge discovery architecture to monitor
autonomic clouds with support to the knowledge discovery
process; and (iii) the knowledge discovery through a machine
learning methodology to calculate the similarity among services,
which can be employed for different purposes, e.g. service
scheduling and anomalous behaviour detection. Finally,
in a case study, we integrate the proposed solutions and show
the benefits of this integration in a hybrid cloud test-bed
Recommended from our members
Cloud Broker Based Trust Assessment of Cloud Service Providers
Cloud computing is emerging as the future Internet technology due to its advantages such as sharing of IT resources, unlimited scalability and flexibility and high level of automation. Along the lines of rapid growth, the cloud computing technology also brings in concerns of security, trust and privacy of the applications and data that is hosted in the cloud environment. With large number of cloud service providers available, determining the providers that can be trusted for efficient operation of the service deployed in the provider’s environment is a key requirement for service consumers.
In this thesis, we provide an approach to assess the trustworthiness of the cloud service providers. We propose a trust model that considers real-time cloud transactions to model the trustworthiness of the cloud service providers. The trust model uses the unique uncertainty model used in the representation of opinion. The Trustworthiness of a cloud service provider is modelled using opinion obtained from three different computations, namely (i) compliance of SLA (Service Level Agreement) parameters (ii) service provider satisfaction ratings and (iii) service provider behaviour. In addition to this the trust model is extended to encompass the essential Cloud characteristics, credibility for weighing the feedbacks and filtering mechanisms to filter the dubious feedback providers. The credibility function and the early filtering mechanisms in the extended trust model are shown to assist in the reduction of impact of malicious feedback providers
An investigation into specifying service level agreements for provisioning cloud computing services
Within the U.S. Department of Defense (DoD), service level agreements are a widely used tool for acquiring enterprise-level information technology (IT) resources. In order to contain, if not reduce, the total cost of ownership of IT resources to the enterprise, the DoD has undertaken outsourcing its IT needs to Cloud service providers. In this thesis, we explore how service level agreements are specified for non-Cloud-based services, followed by determining how to tailor those practices to specifying service level agreements for Cloud-based service provision, with a focus on end-to-end management of the service-provisioning.http://archive.org/details/aninvestigationi1094527852Civilian, United States Navy SPAWAR SSC PacificApproved for public release; distribution is unlimited
From security to assurance in the cloud: a survey
The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud's level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions
MSL Framework: (Minimum Service Level Framework) for cloud providers and users
Cloud Computing ensures parallel computing and emerged as an efficient technology to meet
the challenges of rapid growth of data that we experienced in this Internet age. Cloud
computing is an emerging technology that offers subscription based services, and provide
different models such as IaaS, PaaS and SaaS among other models to cater the needs of
different user groups. The technology has enormous benefits but there are serious concerns
and challenges related to lack of uniform standards or nonexistence of minimum benchmark
for level of services offered across the industry to provide an effective, uniform and reliable
service to the cloud users. As the cloud computing is gaining popularity, organizations and
users are having problems to adopt the service ue to lack of minimum service level
framework which can act as a benchmark in the selection of the cloud provider and provide
quality of service according to the user’s expectations. The situation becomes more critical
due to distributed nature of the service provider which can be offering service from any part
of the world. Due to lack of minimum service level framework that will act as a benchmark
to provide a uniform service across the industry there are serious concerns raised recently interms
of security and data privacy breaches, authentication and authorization issues, lack of
third party audit and identity management problems, integrity, confidentiality and variable
data availability standards, no uniform incident response and monitoring standards,
interoperability and lack of portability standards, identity management issues, lack of
infrastructure protection services standards and weak governance and compliance standards
are major cause of concerns for cloud users. Due to confusion and absence of universal
agreed SLAs for a service model, different quality of services is being provided across the
cloud industry. Currently there is no uniform performance model agreed by all stakeholders;
which can provide performance criteria to measure, evaluate, and benchmark the level of
services offered by various cloud providers in the industry. With the implementation of
General Data Protection Regulation (GDPR) and demand from cloud users to have Green
SLAs that provides better resource allocations mechanism, there will be serious implications
for the cloud providers and its consumers due to lack of uniformity in SLAs and variable
standards of service offered by various cloud providers. This research examines weaknesses in service level agreements offered by various cloud
providers and impact due to absence of uniform agreed minimum service level framework on
the adoption and usage of cloud service. The research is focused around higher education
case study and proposes a conceptual model based on uniform minimum service model that
acts as benchmark for the industry to ensure quality of service to the cloud users in the higher
education institution and remove the barriers to the adoption of cloud technology. The
proposed Minimum Service Level (MSL) framework, provides a set of minimum and
uniform standards in the key concern areas raised by the participants of HE institution which
are essential to the cloud users and provide a minimum quality benchmark that becomes a
uniform standard across the industry. The proposed model produces a cloud computing
implementation evaluation criteria which is an attempt to reduce the adoption barrier of the
cloud technology and set minimum uniform standards followed by all the cloud providers
regardless of their hosting location so that their performance can be measured, evaluated and
compared across the industry to improve the overall QoS (Quality of Service) received by the
cloud users, remove the adoption barriers and concerns of the cloud users and increase the
competition across the cloud industry.A computação em nuvem proporciona a computação paralela e emergiu como uma tecnologia
eficiente para enfrentar os desafios do crescimento rápido de dados que vivemos na era da
Internet. A computação em nuvem é uma tecnologia emergente que oferece serviços
baseados em assinatura e oferece diferentes modelos como IaaS, PaaS e SaaS, entre outros
modelos para atender as necessidades de diferentes grupos de utilizadores. A tecnologia tem
enormes benefícios, mas subsistem sérias preocupações e desafios relacionados com a falta
de normas uniformes ou inexistência de um referencial mínimo para o nível de serviços
oferecidos, na indústria, para proporcionar uma oferta eficaz, uniforme e confiável para os
utilizadores da nuvem. Como a computação em nuvem está a ganhar popularidade, tanto
organizações como utilizadores estão enfrentando problemas para adotar o serviço devido à
falta de enquadramento de nível de serviço mínimo que possa agir como um ponto de
referência na seleção de provedor da nuvem e fornecer a qualidade dos serviços de acordo
com as expectativas do utilizador. A situação torna-se mais crítica, devido à natureza
distribuída do prestador de serviço, que pode ser oriundo de qualquer parte do mundo.
Devido à falta de enquadramento de nível de serviço mínimo que irá agir como um
benchmark para fornecer um serviço uniforme em toda a indústria, existem sérias
preocupações levantadas recentemente em termos de violações de segurança e privacidade de
dados, autenticação e autorização, falta de questões de auditoria de terceiros e problemas de
gestão de identidade, integridade, confidencialidade e disponibilidade de dados, falta de
uniformidade de normas, a não resposta a incidentes e o monitoramento de padrões, a
interoperabilidade e a falta de padrões de portabilidade, questões relacionadas com a gestão
de identidade, falta de padrões de serviços de proteção das infraestruturas e fraca governança
e conformidade de padrões constituem outras importantes causas de preocupação para os
utilizadores. Devido à confusão e ausência de SLAs acordados de modo universal para um
modelo de serviço, diferente qualidade de serviços está a ser fornecida através da nuvem, pela
indústria da computação em nuvem. Atualmente, não há desempenho uniforme nem um
modelo acordado por todas as partes interessadas; que pode fornecer critérios de desempenho
para medir, avaliar e comparar o nível de serviços oferecidos por diversos fornecedores de
computação em nuvem na indústria. Com a implementação do Regulamento Geral de Protecção de Dados (RGPD) e a procura da
nuvem com base no impacto ambiental (Green SLAs), são acrescentadas precupações
adicionais e existem sérias implicações para os forncedores de computação em nuvem e para
os seus consumidores, também devido à falta de uniformidade na multiplicidade de SLAs e
padrões de serviço oferecidos. A presente pesquisa examina as fraquezas em acordos de nível
de serviço oferecidos por fornecedores de computação em nuvem e estuda o impacto da
ausência de um quadro de nível de serviço mínimo acordado sobre a adoção e o uso no
contexto da computação em nuvem. A pesquisa está orientada para a adoção destes serviços
para o caso do ensino superior e as instituições de ensino superior e propõe um modelo
conceptualt com base em um modelo de serviço mínimo uniforme que funciona como
referência para a indústria, para garantir a qualidade do serviço para os utilizadores da nuvem
numa instituição de ensino superior de forma a eliminar as barreiras para a adoção da
tecnologia de computação em nuvem. O nível de serviço mínimo proposto (MSL), fornece
um conjunto mínimo de normas uniformes e na áreas das principais preocupações levantadas
por responsáveis de instituições de ensino superior e que são essenciais, de modo a fornecer
um referencial mínimo de qualidade, que se possa tornar um padrão uniforme em toda a
indústria. O modelo proposto é uma tentativa de reduzir a barreira de adoção da tecnologia de
computação em nuvem e definir normas mínimas seguidas por todos os fornecedores de
computação em nuvem, independentemente do seu local de hospedagem para que os seus
desempenhos possam ser medidos, avaliados e comparados em toda a indústria, para
melhorar a qualidade de serviço (QoS) recebida pelos utilizadores e remova as barreiras de
adoção e as preocupações dos utilizadores, bem como fomentar o aumento da concorrência
em toda a indústria da computação em nuvem
MSL Framework: (Minimum Service Level Framework) for Cloud Providers and Users
Cloud Computing ensures parallel computing and emerged as an efficient technology to meet
the challenges of rapid growth of data that we experienced in this Internet age. Cloud
computing is an emerging technology that offers subscription based services, and provide
different models such as IaaS, PaaS and SaaS among other models to cater the needs of
different user groups. The technology has enormous benefits but there are serious concerns
and challenges related to lack of uniform standards or nonexistence of minimum benchmark
for level of services offered across the industry to provide an effective, uniform and reliable
service to the cloud users. As the cloud computing is gaining popularity, organizations and
users are having problems to adopt the service ue to lack of minimum service level
framework which can act as a benchmark in the selection of the cloud provider and provide
quality of service according to the user’s expectations. The situation becomes more critical
due to distributed nature of the service provider which can be offering service from any part
of the world. Due to lack of minimum service level framework that will act as a benchmark
to provide a uniform service across the industry there are serious concerns raised recently interms
of security and data privacy breaches, authentication and authorization issues, lack of
third party audit and identity management problems, integrity, confidentiality and variable
data availability standards, no uniform incident response and monitoring standards,
interoperability and lack of portability standards, identity management issues, lack of
infrastructure protection services standards and weak governance and compliance standards
are major cause of concerns for cloud users. Due to confusion and absence of universal
agreed SLAs for a service model, different quality of services is being provided across the
cloud industry. Currently there is no uniform performance model agreed by all stakeholders;
which can provide performance criteria to measure, evaluate, and benchmark the level of
services offered by various cloud providers in the industry. With the implementation of
General Data Protection Regulation (GDPR) and demand from cloud users to have Green
SLAs that provides better resource allocations mechanism, there will be serious implications
for the cloud providers and its consumers due to lack of uniformity in SLAs and variable
standards of service offered by various cloud providers. This research examines weaknesses in service level agreements offered by various cloud
providers and impact due to absence of uniform agreed minimum service level framework on
the adoption and usage of cloud service. The research is focused around higher education
case study and proposes a conceptual model based on uniform minimum service model that
acts as benchmark for the industry to ensure quality of service to the cloud users in the higher
education institution and remove the barriers to the adoption of cloud technology. The
proposed Minimum Service Level (MSL) framework, provides a set of minimum and
uniform standards in the key concern areas raised by the participants of HE institution which
are essential to the cloud users and provide a minimum quality benchmark that becomes a
uniform standard across the industry. The proposed model produces a cloud computing
implementation evaluation criteria which is an attempt to reduce the adoption barrier of the
cloud technology and set minimum uniform standards followed by all the cloud providers
regardless of their hosting location so that their performance can be measured, evaluated and
compared across the industry to improve the overall QoS (Quality of Service) received by the
cloud users, remove the adoption barriers and concerns of the cloud users and increase the
competition across the cloud industry.A computação em nuvem proporciona a computação paralela e emergiu como uma tecnologia
eficiente para enfrentar os desafios do crescimento rápido de dados que vivemos na era da
Internet. A computação em nuvem é uma tecnologia emergente que oferece serviços
baseados em assinatura e oferece diferentes modelos como IaaS, PaaS e SaaS, entre outros
modelos para atender as necessidades de diferentes grupos de utilizadores. A tecnologia tem
enormes benefícios, mas subsistem sérias preocupações e desafios relacionados com a falta
de normas uniformes ou inexistência de um referencial mínimo para o nível de serviços
oferecidos, na indústria, para proporcionar uma oferta eficaz, uniforme e confiável para os
utilizadores da nuvem. Como a computação em nuvem está a ganhar popularidade, tanto
organizações como utilizadores estão enfrentando problemas para adotar o serviço devido à
falta de enquadramento de nível de serviço mínimo que possa agir como um ponto de
referência na seleção de provedor da nuvem e fornecer a qualidade dos serviços de acordo
com as expectativas do utilizador. A situação torna-se mais crítica, devido à natureza
distribuída do prestador de serviço, que pode ser oriundo de qualquer parte do mundo.
Devido à falta de enquadramento de nível de serviço mínimo que irá agir como um
benchmark para fornecer um serviço uniforme em toda a indústria, existem sérias
preocupações levantadas recentemente em termos de violações de segurança e privacidade de
dados, autenticação e autorização, falta de questões de auditoria de terceiros e problemas de
gestão de identidade, integridade, confidencialidade e disponibilidade de dados, falta de
uniformidade de normas, a não resposta a incidentes e o monitoramento de padrões, a
interoperabilidade e a falta de padrões de portabilidade, questões relacionadas com a gestão
de identidade, falta de padrões de serviços de proteção das infraestruturas e fraca governança
e conformidade de padrões constituem outras importantes causas de preocupação para os
utilizadores. Devido à confusão e ausência de SLAs acordados de modo universal para um
modelo de serviço, diferente qualidade de serviços está a ser fornecida através da nuvem, pela
indústria da computação em nuvem. Atualmente, não há desempenho uniforme nem um
modelo acordado por todas as partes interessadas; que pode fornecer critérios de desempenho
para medir, avaliar e comparar o nível de serviços oferecidos por diversos fornecedores de
computação em nuvem na indústria. Com a implementação do Regulamento Geral de Protecção de Dados (RGPD) e a procura da
nuvem com base no impacto ambiental (Green SLAs), são acrescentadas precupações
adicionais e existem sérias implicações para os forncedores de computação em nuvem e para
os seus consumidores, também devido à falta de uniformidade na multiplicidade de SLAs e
padrões de serviço oferecidos. A presente pesquisa examina as fraquezas em acordos de nível
de serviço oferecidos por fornecedores de computação em nuvem e estuda o impacto da
ausência de um quadro de nível de serviço mínimo acordado sobre a adoção e o uso no
contexto da computação em nuvem. A pesquisa está orientada para a adoção destes serviços
para o caso do ensino superior e as instituições de ensino superior e propõe um modelo
conceptualt com base em um modelo de serviço mínimo uniforme que funciona como
referência para a indústria, para garantir a qualidade do serviço para os utilizadores da nuvem
numa instituição de ensino superior de forma a eliminar as barreiras para a adoção da
tecnologia de computação em nuvem. O nível de serviço mínimo proposto (MSL), fornece
um conjunto mínimo de normas uniformes e na áreas das principais preocupações levantadas
por responsáveis de instituições de ensino superior e que são essenciais, de modo a fornecer
um referencial mínimo de qualidade, que se possa tornar um padrão uniforme em toda a
indústria. O modelo proposto é uma tentativa de reduzir a barreira de adoção da tecnologia de
computação em nuvem e definir normas mínimas seguidas por todos os fornecedores de
computação em nuvem, independentemente do seu local de hospedagem para que os seus
desempenhos possam ser medidos, avaliados e comparados em toda a indústria, para
melhorar a qualidade de serviço (QoS) recebida pelos utilizadores e remova as barreiras de
adoção e as preocupações dos utilizadores, bem como fomentar o aumento da concorrência
em toda a indústria da computação em nuvem
Service Quality Assessment for Cloud-based Distributed Data Services
The issue of less-than-100% reliability and trust-worthiness of third-party controlled cloud components (e.g., IaaS and SaaS components from different vendors) may lead to laxity in the QoS guarantees offered by a service-support system S to various applications. An example of S is a replicated data service to handle customer queries with fault-tolerance and performance goals. QoS laxity (i.e., SLA violations) may be inadvertent: say, due to the inability of system designers to model the impact of sub-system behaviors onto a deliverable QoS. Sometimes, QoS laxity may even be intentional: say, to reap revenue-oriented benefits by cheating on resource allocations and/or excessive statistical-sharing of system resources (e.g., VM cycles, number of servers). Our goal is to assess how well the internal mechanisms of S are geared to offer a required level of service to the applications. We use computational models of S to determine the optimal feasible resource schedules and verify how close is the actual system behavior to a model-computed \u27gold-standard\u27. Our QoS assessment methods allow comparing different service vendors (possibly with different business policies) in terms of canonical properties: such as elasticity, linearity, isolation, and fairness (analogical to a comparative rating of restaurants). Case studies of cloud-based distributed applications are described to illustrate our QoS assessment methods.
Specific systems studied in the thesis are: i) replicated data services where the servers may be hosted on multiple data-centers for fault-tolerance and performance reasons; and ii) content delivery networks to geographically distributed clients where the content data caches may reside on different data-centers. The methods studied in the thesis are useful in various contexts of QoS management and self-configurations in large-scale cloud-based distributed systems that are inherently complex due to size, diversity, and environment dynamicity