Analysis of technical implementations of security processes for cloud computing services

Створення автоматизованої системи аналізу журналів для виявлення аномалій і загроз безпеки в комп'ютерній системі // Кваліфікаційна робота ОР «Бакалавр» //Микитюк Тарас Володимирович// Тернопільський національний технічний університет імені Івана Пулюя, факультет комп’ютерно-інформаційних систем і програмної інженерії, кафедра кібербезпеки, група СБ-41 // Тернопіль, 2023 // С. – 52, рис. – 25, ліст. – 3.Парадигма хмарних обчислень стала основним рішенням для розгортання бізнес-процесів і програм. У загальнодоступному хмарному баченні послуги інфраструктури, платформи та програмного забезпечення надаються споживачам (тобто клієнтам і постачальникам послуг) на основі оплати за використання. Орендарі хмари можуть використовувати хмарні ресурси за нижчими цінами, з вищою продуктивністю та гнучкістю, ніж традиційні локальні ресурси, не турбуючись про керування інфраструктурою. Тим не менш, орендарі хмари залишаються стурбовані рівнем обслуговування хмари та нефункціональними властивостями, на які можуть розраховувати їхні програми. В останні кілька років дослідницьке співтовариство зосередилося на нефункціональних аспектах парадигми хмари, серед яких виділяється безпека хмари. Дослідження в цій роботі зосереджено на інтерфейсі між безпекою в хмарі та процесами забезпеченням безпеки в хмарі. По-перше, пропонується огляд рівня безпеки в хмарі. Потім подано поняття забезпечення безпеки хмари та аналіз його зростаючого впливу. В роботі наведено ряд рекомендацій стосовно безпеки при використанні хмарних обчислень.The cloud computing paradigm has become the primary solution for deploying business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provided to tenants (i.e., customers and service providers) on a actually utilized services fee basis. Cloud clients can use cloud resources at lower prices, with higher performance and flexibility than traditional on-premises resources. They do not worry about infrastructure management. However, cloud tenants remain concerned about cloud service levels and the non-functional features their applications can expect. Recent few years, the major researches was focused on the non-functional aspects of the cloud computing paradigm, with cloud security standing out. The research in this paper focuses on the interface between cloud security and cloud security processes. First, we provide an overview of the current state of cloud security. We then introduce the concept of cloud security and analyze its growing impact. The work gives a number of recommendations regarding security when using cloud computing for development.ВСТУП ... 7 РОЗДІЛ 1. АНАІЗ ПРОБЛЕМИ ФОРМУВАННЯ ВИМОГ В РОЗПОДІЛЕНИХ КОМАНДАХ ... 9 1.1 Критерії відбору ... 9 1.2 Виділення характеристик безпеки хмарних обчислень ... 10 1.3 Висновки до розділу ... 12 РОЗДІЛ 2. АНАЛІЗ ПУБЛІКАЦІЙ ВІДПОВІДНО ДО КЛАСИФІКАЦІЇ ... 13 2.1 Вразливості, загрози та атаки ... 13 2.1.1 Рівень програми ... 13 2.1.2 Рівень клієнт-клієнт ... 14 2.1.3 Рівень провайдер-клієнт та клієнт-провайдер ... 15 2.2 Безпека хмарних сервісів ... 16 2.2.1 Шифрування ... 17 2.2.2 Сигнатури ... 20 2.2.3 Управління доступом ... 21 2.2.4 Аутентифікація ... 23 2.2.5 Довірені обчислення ... 23 2.2.6 IDS/IPS ... 24 2.2.7 Узагальнення огляду методик забезпечення безпеки в хмарі ... 27 2.3 Забезпечення безпеки ... 27 2.3.1 Тестування ... 30 2.3.2 Моніторинг ... 30 2.3.3 Атестація ... 31 2.3.4 Хмарний аудит/відповідність ... 32 2.3.5 Угода про рівень обслуговування (SLA) ... 33 2.3.6 Узагальнення методів гарантування безпеки ... 34 2.4 Узагальнення результатів огляду літературних джерел ... 34 РОЗДІЛ 3. БЕЗПЕКА ЖИТТЄДІЯЛЬНОСТІ, ОСНОВИ ОХОРОНИ ПРАЦІ ... 41 3.1 Охорона праці та її актуальність в ІТ-сфері ... 41 3.2 Шкідлива дія шуту та вібрації і захист від неї ... 45 ВИСНОВОК ... 51 ПЕРЕЛІК ПОСИЛАНЬ ... 5

Adaptive resource management for balancing availability and performance in cloud computing

Security, availability and performance are critical to meet service level agreements in most Cloud computing services. In this paper, we build on the virtual machine technology that allows software components to be cheaply moved, replicated, and allocated on the hardware infrastructure to devise a solution that ensures users availability and performance requirements in Cloud environments. To deal with failures and vulnerabilities also due to cyber-attacks, we formulate the availability and performance attributes in the users perspective and show that the two attributes may often be competing for a given application. We then present a heuristicsbased approach that restores application's requirements in the failure and recovery events. Our algorithm uses Markov chains and queuing networks to estimate the availability and performance of different deployment contexts, and generates a set of actions to re-deploy a given application. By simulation, we show that our proposed approach improves the availability and lowers the degradation of system's response time compared to traditional static schemes

DEPENDABILITY IN CLOUD COMPUTING

The technological advances and success of Service-Oriented Architectures and the Cloud computing paradigm have produced a revolution in the Information and Communications Technology (ICT). Today, a wide range of services are provisioned to the users in a flexible and cost-effective manner, thanks to the encapsulation of several technologies with modern business models. These services not only offer high-level software functionalities such as social networks or e-commerce but also middleware tools that simplify application development and low-level data storage, processing, and networking resources. Hence, with the advent of the Cloud computing paradigm, today's ICT allows users to completely outsource their IT infrastructure and benefit significantly from the economies of scale. At the same time, with the widespread use of ICT, the amount of data being generated, stored and processed by private companies, public organizations and individuals is rapidly increasing. The in-house management of data and applications is proving to be highly cost intensive and Cloud computing is becoming the destination of choice for increasing number of users. As a consequence, Cloud computing services are being used to realize a wide range of applications, each having unique dependability and Quality-of-Service (Qos) requirements. For example, a small enterprise may use a Cloud storage service as a simple backup solution, requiring high data availability, while a large government organization may execute a real-time mission-critical application using the Cloud compute service, requiring high levels of dependability (e.g., reliability, availability, security) and performance. Service providers are presently able to offer sufficient resource heterogeneity, but are failing to satisfy users' dependability requirements mainly because the failures and vulnerabilities in Cloud infrastructures are a norm rather than an exception. This thesis provides a comprehensive solution for improving the dependability of Cloud computing -- so that -- users can justifiably trust Cloud computing services for building, deploying and executing their applications. A number of approaches ranging from the use of trustworthy hardware to secure application design has been proposed in the literature. The proposed solution consists of three inter-operable yet independent modules, each designed to improve dependability under different system context and/or use-case. A user can selectively apply either a single module or combine them suitably to improve the dependability of her applications both during design time and runtime. Based on the modules applied, the overall proposed solution can increase dependability at three distinct levels. In the following, we provide a brief description of each module. The first module comprises a set of assurance techniques that validates whether a given service supports a specified dependability property with a given level of assurance, and accordingly, awards it a machine-readable certificate. To achieve this, we define a hierarchy of dependability properties where a property represents the dependability characteristics of the service and its specific configuration. A model of the service is also used to verify the validity of the certificate using runtime monitoring, thus complementing the dynamic nature of the Cloud computing infrastructure and making the certificate usable both at discovery and runtime. This module also extends the service registry to allow users to select services with a set of certified dependability properties, hence offering the basic support required to implement dependable applications. We note that this module directly considers services implemented by service providers and provides awareness tools that allow users to be aware of the QoS offered by potential partner services. We denote this passive technique as the solution that offers first level of dependability in this thesis. Service providers typically implement a standard set of dependability mechanisms that satisfy the basic needs of most users. Since each application has unique dependability requirements, assurance techniques are not always effective, and a pro-active approach to dependability management is also required. The second module of our solution advocates the innovative approach of offering dependability as a service to users' applications and realizes a framework containing all the mechanisms required to achieve this. We note that this approach relieves users from implementing low-level dependability mechanisms and system management procedures during application development and satisfies specific dependability goals of each application. We denote the module offering dependability as a service as the solution that offers second level of dependability in this thesis. The third, and the last, module of our solution concerns secure application execution. This module considers complex applications and presents advanced resource management schemes that deploy applications with improved optimality when compared to the algorithms of the second module. This module improves dependability of a given application by minimizing its exposure to existing vulnerabilities, while being subject to the same dependability policies and resource allocation conditions as in the second module. Our approach to secure application deployment and execution denotes the third level of dependability offered in this thesis. The contributions of this thesis can be summarized as follows.The contributions of this thesis can be summarized as follows. \u2022 With respect to assurance techniques our contributions are: i) de finition of a hierarchy of dependability properties, an approach to service modeling, and a model transformation scheme; ii) de finition of a dependability certifi cation scheme for services; iii) an approach to service selection that considers users' dependability requirements; iv) de finition of a solution to dependability certifi cation of composite services, where the dependability properties of a composite service are calculated on the basis of the dependability certi ficates of component services. \u2022 With respect to off ering dependability as a service our contributions are: i) de finition of a delivery scheme that transparently functions on users' applications and satisfi es their dependability requirements; ii) design of a framework that encapsulates all the components necessary to o er dependability as a service to the users; iii) an approach to translate high level users' requirements to low level dependability mechanisms; iv) formulation of constraints that allow enforcement of deployment conditions inherent to dependability mechanisms and an approach to satisfy such constraints during resource allocation; v) a resource management scheme that masks the a ffect of system changes by adapting the current allocation of the application. \u2022 With respect to security management our contributions are: i) an approach that deploys users' applications in the Cloud infrastructure such that their exposure to vulnerabilities is minimized; ii) an approach to build interruptible elastic algorithms whose optimality improves as the processing time increases, eventually converging to an optimal solution