Cloud-based Virtual Organization Engineering

Nowadays we may notice that SOA arrived to its maturity stage and Cloud Computing brings the next paradigm-shift regarding the software delivery business model. In such a context, we consider that there is a need for frameworks to guide the creation, execution and management of virtual organizations (VO) based on services from different Clouds. This paper will introduce the main components of such a framework that will innovatively combine the principles of event-driven SOA, REST and ISO/IEC 42010:2007 multiple views and viewpoints in order to provide the required methodology for Cloud-based virtual organization (Cloud-VO) engi-neering. The framework will consider the resource concept found in software architectures like REST or RDF as the basic building block of Cloud-VO. and will make use of resources’ URIs to create the Cloud-VO’s resource allocation matrix. While the matrix is used to declare activity-resources relationships, the resource catalogue concept will be introduced as a way to describe the resource in one place, using as many viewpoints as needed, and then to reuse that description for the creation or simulation of different VOs

A CBR Approach to Allocate Computational Resources Within a Cloud Platform

Cloud Computing paradigm continues growing very quickly. The underlying computational infrastructure has to cope with this increase on the demand and the high number of end-users. To do so, platforms usually use mathematical models to allocate the computational resource among the offered services to the end-user. Although these mathematical models are valid and they are widely extended, they can be improved by means of use intelligent techniques. Thus, this study proposes an innovative approach based on an agent-based system that integrated a case-based reasoning system. This system is able to dynamically allocate resources over a Cloud Computing platform

An adaptive trust based service quality monitoring mechanism for cloud computing

Cloud computing is the newest paradigm in distributed computing that delivers computing resources over the Internet as services. Due to the attractiveness of cloud computing, the market is currently flooded with many service providers. This has necessitated the customers to identify the right one meeting their requirements in terms of service quality. The existing monitoring of service quality has been limited only to quantification in cloud computing. On the other hand, the continuous improvement and distribution of service quality scores have been implemented in other distributed computing paradigms but not specifically for cloud computing. This research investigates the methods and proposes mechanisms for quantifying and ranking the service quality of service providers. The solution proposed in this thesis consists of three mechanisms, namely service quality modeling mechanism, adaptive trust computing mechanism and trust distribution mechanism for cloud computing. The Design Research Methodology (DRM) has been modified by adding phases, means and methods, and probable outcomes. This modified DRM is used throughout this study. The mechanisms were developed and tested gradually until the expected outcome has been achieved. A comprehensive set of experiments were carried out in a simulated environment to validate their effectiveness. The evaluation has been carried out by comparing their performance against the combined trust model and QoS trust model for cloud computing along with the adapted fuzzy theory based trust computing mechanism and super-agent based trust distribution mechanism, which were developed for other distributed systems. The results show that the mechanisms are faster and more stable than the existing solutions in terms of reaching the final trust scores on all three parameters tested. The results presented in this thesis are significant in terms of making cloud computing acceptable to users in verifying the performance of the service providers before making the selection

Grid Information Technology as a New Technological Tool for e-Science, Healthcare and Life Science

Nowadays, scientific projects require collaborative environments and powerful computing resources capable of handling huge quantities of data, which gives rise to e-Science. These requirements are evident in the need to optimise time and efforts in activities to do with health. When e-Science focuses on the collaborative handling of all the information generated in clinical medicine and health, e-Health is the result. Scientists are taking increasing interest in an emerging technology – Grid Information Technology – that may offer a solution to their current needs. The current work aims to survey how e-Science is using this technology all around the world. We also argue that the technology may provide an ideal solution for the new challenges facing e-Health and Life Science.Hoy en día, los proyectos científicos requieren poderosos recursos de computación capaces de manejar grandes cantidades de datos, los cuales han dado paso a la ciencia electrónica (e-ciencia). Estos requerimientos se hacen evidentes en la necesidad de optimizar tiempo y esfuerzos en actividades relacionadas con la salud. Cuando la e-ciencia se enfoca en el manejo colaborativo de toda la información generada en la medicina clínica y la salud, da como resultado la salud electrónica (e-salud). Los científicos se han interesado cada vez más y más en una tecnología emergente, como lo es la Tecnología de información en red, la que puede ofrecer solución a sus necesidades cotidianas. El siguiente trabajo apunta a examinar como la e-ciencia es empleada en el mundo. También se discute que la tecnología puede proveer una solución ideal para encarar nuevos desafíos en e-salud y Ciencias de la Vida.Nowadays, scientific projects require collaborative environments and powerful computing resources capable of handling huge quantities of data, which gives rise to e-Science. These requirements are evident in the need to optimise time and efforts in activities to do with health. When e-Science focuses on the collaborative handling of all the information generated in clinical medicine and health, e-Health is the result. Scientists are taking increasing interest in an emerging technology – Grid Information Technology – that may offer a solution to their current needs. The current work aims to survey how e-Science is using this technology all around the world. We also argue that the technology may provide an ideal solution for the new challenges facing e-Health and Life Science

Security in peer-to-peer multimedia communications

Le architetture peer-to-peer (p2p) sono diventate molto popolari negli ultimi anni in conseguenza della grande varietà di servizi che esse possono fornire. Nate principalmente per l'utilizzo come semplice metodo scalabile e decentralizzato per scambiarsi file, sono adesso diventate molto popolari anche per una gran quantità di altri servizi, sfruttando la possibilità di condividere tra peer la banda, la potenza computazionale, la capacità di memorizzazione ed altre risorse. Tra i possibili usi per cui una tale architettura può essere sfruttata, un campo emergente è lo studio dell’applicazione di tecnologie p2p a comunicazioni VoIP in modo da superare alcuni dei problemi di cui soffrono correntemente le piattaforme centralizzate basate su SIP. Sfortunatamente, i problemi di sicurezza delle reti p2p sono ancora un campo di studio aperto, sia per il recente sviluppo di una tale piattaforma, sia per i rischi intrinseci di un ambiente distribuito stesso. Questa tesi ha lo scopo di studiare i problemi di sicurezza e le possibili soluzioni in modo da garantire una comunicazione sicura p2p. La ricerca è stata condotta in due direzioni: sicurezza a livello di routing e sicurezza a livello applicativo. Questi rappresentano I due possibili step di uno scenario di comunicazione: prima di tutto si deve trovare in modo sicuro la posizione di chi si vuole chiamare (che può essere memorizzata in una rete p2p stessa), e questo è un problema di lookup sicuro; in un secondo momento bisogna assicurarsi che la persona con cui si sta andando a parlare è veramente chi si voleva e che la comunicazione stessa sia confidenziale e non possa essere modificata; questi sono problemi di autenticazione e confidenzialità. Per quanto riguarda il primo punto, si sono studiati molti possibili attacchi a reti p2p strutturate e non strutturate, concentrandosi particolarmente sul Sybil attack da cui molti altri attacchi possono derivare. Dopo un analisi delle possibili contromisure presentate negli anni, ci siamo focalizzati sull’algoritmo DHT Kademlia, uno dei più usati nel mondo, studiando tramite simulazioni la degradazione delle performance in presenza di nodi malevoli. Si sono inoltre studiate contromisure basate su fiducia e reputazione e si è cercato di applicarle ad una rete Kademlia operante in un ambiente con un numero crescente di nodi malevoli. Per quanto riguarda il secondo punto, come prima cosa abbiamo studiato gli attuali key agreement protocol, focalizzandoci sul numero di messaggi scambiati e cercando di trovare possibili punti deboli persino in protocolli ed algoritmi largamente utilizzati. In un secondo tempo si è proposto un nuovo key agreement protocol basato su MIKEY e ZRTP che li integra nella procedura standard di INVITE di SIP. E’ stata inoltre fatta un’analisi del protocollo proposto. Su queste basi, si è andati oltre, aggiungendo anche metodi di autenticazione basati sui certificati ed un modo per gestire in maniera p2p certificati e firme. Infine, si è anche pensato ad un’architettura dove i certificati sono memorizzati in una rete p2p stessa tramite l’utilizzo di DHT.Peer-to-peer (P2P) architectures became very popular in the last years as a consequence of the great variety of services they can provide. When they were born, they were mainly deployed as a simple, decentralized and scalable way to exchange files, but they have now become very popular also for a lot of different services, exploiting the possibility of sharing bandwidth, computing power, storage capacity and other resources between peers. Among the possible uses such an architecture can be deployed for, an emerging field of study is the application of P2P technologies to VoIP communication scenarios in order to overcome some of the current issues centralized SIP-based platforms suffer of. Unfortunately, security issues in P2P networks are still an open field of investigation both because of the recent development of such a platform and for the inherent risks of a distributed environment itself. This thesis is meant to investigate the security issues and the possible solutions in order to setup a secure P2P communication. The research was conducted into two directions: - Security issues at routing level; - Security issues at application level. They represent the two steps of a possible communication scenario: first of all one must find in a secure way the location of the callee (maybe stored in a peer-to-peer network), this is a problem of secure lookup; then one must ensure that the person he is going to talk with is really who he wanted and that the communication itself is secret and cannot be tampered, these are problems of authentication and confidentiality. As regards the first point, we studied several possible attacks to structured and unstructured peer-to-peer networks particularly focalizing onto the disruptive Sybil attack from which many other attack can be derived. After an analysis of the possible countermeasures presented over the years, we focalized onto the Kademlia algorithm, one of the most used in the world, studying through simulations the degradation of performances in presence of malicious nodes. We also studied trust and reputation countermeasures and tried to apply them to a Kademlia-based network operating in an environment where there is a growing number of malicious nodes. For the second point, first of all we studied current key agreement protocols focusing on the number of messages and trying to find out possible drawbacks even in widely accepted protocols and algorithms. In a second time we proposed a new key agreement protocol based upon MIKEY and ZRTP integrating them into the standard SIP invite procedure. An analysis of the proposed protocol is also provided. On this basis we got further, adding also certificate-based authentication to our model and a way to manage in a P2P way certificates and signatures. Finally we also provided an architecture where certificates are stored in a P2P network itself with the use of a DHT