143 research outputs found

    Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

    Get PDF
    This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions

    A Taxonomy of Virtualization Security Issues in Cloud Computing Environments

    Get PDF
    Objectives: To identify the main challenges and security issues of virtualization in cloud computing environments. It reviews the alleviation techniques for improving the security of cloud virtualization systems. Methods/ Statistical Analysis: Virtualization is a fundamental technology for cloud computing, and for this reason, any cloud vulnerabilities and threats affect virtualization. In this study, the systematic literature review is performed to find out the vulnerabilities and risks of virtualization in cloud computing and to identify threats, and attacks result from those vulnerabilities. Furthermore, we discover and analyze the effective mitigation techniques that are used to protect, secure, and manage virtualization environments. Findings: Thirty vulnerabilities are identified, explained, and classified into six proposed classes. Furthermore, fifteen main virtualization threats and attacks ar defined according to exploited vulnerabilities in a cloud environment. Application/Improvements: A set of common mitigation solutions are recognized and discovered to alleviate the virtualization security risks. These reviewed techniques are analyzed and evaluated according to five specified security criteria

    Investigating a Science Gateway for an Agent-Based Simulation Application Using REPAST

    Get PDF
    The benefits of using e-Infrastructure environments, such as cloud, grid, and high performance computing, for performing scientific experiments could be quite significant. In particular, modeling and simulation, which can serve as a key decision making and system analysis tool, could benefit immensely from such environments ranging from issues of how a community of practice could access a simulation to how it could be run quickly. However, the access and use of these e-Infrastructure environments may present a completely different set of challenges, most especially for non-ICT users. Science Gateways (SG), which are digital interfaces to advanced technologies, can be used to overcome the challenges of running many simulations on e- Infrastructures in a reasonable amount of time. In this work, we developed a SG, based on the Liferay portal framework and the Catania grid and cloud engine. We show how an Agent- Based infection simulation, which has been implemented using the Recursive Porous Agent Simulation Toolkit (REPAST) Simphony, can be ported to a Science Gateway and deployed on distributed computing infrastructures. This demonstration illustrates how this technology can be used easily to allow multiple users across the world to access a simulation and to execute their applications in an e-Infrastructures environment.Special thanks go to the team at the University of Catania for their support and the provision of the infrastructures that enable the execution of our ABMS application jobs. This work was part-funded by the H2020 project Energising Scientific Endeavour through Science Gateways and e-Infrastructures in Africa (Sci-GaIA) (project number 654237)

    Game-Theoretic Foundations for Forming Trusted Coalitions of Multi-Cloud Services in the Presence of Active and Passive Attacks

    Get PDF
    The prominence of cloud computing as a common paradigm for offering Web-based services has led to an unprecedented proliferation in the number of services that are deployed in cloud data centers. In parallel, services' communities and cloud federations have gained an increasing interest in the recent past years due to their ability to facilitate the discovery, composition, and resource scaling issues in large-scale services' markets. The problem is that the existing community and federation formation solutions deal with services as traditional software systems and overlook the fact that these services are often being offered as part of the cloud computing technology, which poses additional challenges at the architectural, business, and security levels. The motivation of this thesis stems from four main observations/research gaps that we have drawn through our literature reviews and/or experiments, which are: (1) leading cloud services such as Google and Amazon do not have incentives to group themselves into communities/federations using the existing community/federation formation solutions; (2) it is quite difficult to find a central entity that can manage the community/federation formation process in a multi-cloud environment; (3) if we allow services to rationally select their communities/federations without considering their trust relationships, these services might have incentives to structure themselves into communities/federations consisting of a large number of malicious services; and (4) the existing intrusion detection solutions in the domain of cloud computing are still ineffective in capturing advanced multi-type distributed attacks initiated by communities/federations of attackers since they overlook the attacker's strategies in their design and ignore the cloud system's resource constraints. This thesis aims to address these gaps by (1) proposing a business-oriented community formation model that accounts for the business potential of the services in the formation process to motivate the participation of services of all business capabilities, (2) introducing an inter-cloud trust framework that allows services deployed in one or disparate cloud centers to build credible trust relationships toward each other, while overcoming the collusion attacks that occur to mislead trust results even in extreme cases wherein attackers form the majority, (3) designing a trust-based game theoretical model that enables services to distributively form trustworthy multi-cloud communities wherein the number of malicious services is minimal, (4) proposing an intra-cloud trust framework that allows the cloud system to build credible trust relationships toward the guest Virtual Machines (VMs) running cloud-based services using objective and subjective trust sources, (5) designing and solving a trust-based maxmin game theoretical model that allows the cloud system to optimally distribute the detection load among VMs within a limited budget of resources, while considering Distributed Denial of Service (DDoS) attacks as a practical scenario, and (6) putting forward a resource-aware comprehensive detection and prevention system that is able to capture and prevent advanced simultaneous multi-type attacks within a limited amount of resources. We conclude the thesis by uncovering some persisting research gaps that need further study and investigation in the future

    OpenID Connect Client Registration API for Federated Cloud Platforms

    Get PDF
    Nowadays, information technology is a key driver in our world. Big cloud federations are aiming to increase their computing power and achieve better results while being scalable. This huge IT systems are managed by multiple users having different roles and at the same time, new services deployment automation is needed to be able to cope with the rising need of resources. This flexibility in deployment has created concerns on the security and the main- tainability of these extensive systems. These requisites have led to start CYCLONE platform, a project focused to provide authentication and authorization services towards services running under control of federated unions of users. CYCLONE, at the moment working as a proof of concept, now allows to authenticate and authorize access to users using one-click-deployment applications against their federation’s credentials. However, actual SSO systems require registration of the services against their Identity Providers in order to provide user validation. In this master thesis, we present two the components of CYCLONE. The first one is a service registration for clients of the OpenID Connect Single Sign-On protocol that allows newly deployed services to be registered automatically against CYCLONE’s SSO component, using RedHat’s Keycloak authentication solution. Based on the real world scenarios that defined the CYCLONE platform, we have designed and implemented a solution alternative to the ones provided by Keycloak, and to evaluate it we have compared it to Keycloak’s alternatives. As a result we have created a simple API implementation from where it’s possible to track who is executing this registrations of new clients, in comparison to the anonymous ones provided by other solutions. The second one is a module that allows easy SSH authorization through the use of CYCLONE’s SSO backend as identity provider and that has been evaluated and tested by one of CYCLONE’s use cases

    Cloud Computing cost and energy optimization through Federated Cloud SoS

    Get PDF
    2017 Fall.Includes bibliographical references.The two most significant differentiators amongst contemporary Cloud Computing service providers have increased green energy use and datacenter resource utilization. This work addresses these two issues from a system's architectural optimization viewpoint. The proposed approach herein, allows multiple cloud providers to utilize their individual computing resources in three ways by: (1) cutting the number of datacenters needed, (2) scheduling available datacenter grid energy via aggregators to reduce costs and power outages, and lastly by (3) utilizing, where appropriate, more renewable and carbon-free energy sources. Altogether our proposed approach creates an alternative paradigm for a Federated Cloud SoS approach. The proposed paradigm employs a novel control methodology that is tuned to obtain both financial and environmental advantages. It also supports dynamic expansion and contraction of computing capabilities for handling sudden variations in service demand as well as for maximizing usage of time varying green energy supplies. Herein we analyze the core SoS requirements, concept synthesis, and functional architecture with an eye on avoiding inadvertent cascading conditions. We suggest a physical architecture that diminishes unwanted outcomes while encouraging desirable results. Finally, in our approach, the constituent cloud services retain their independent ownership, objectives, funding, and sustainability means. This work analyzes the core SoS requirements, concept synthesis, and functional architecture. It suggests a physical structure that simulates the primary SoS emergent behavior to diminish unwanted outcomes while encouraging desirable results. The report will analyze optimal computing generation methods, optimal energy utilization for computing generation as well as a procedure for building optimal datacenters using a unique hardware computing system design based on the openCompute community as an illustrative collaboration platform. Finally, the research concludes with security features cloud federation requires to support to protect its constituents, its constituents tenants and itself from security risks

    Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

    Get PDF
    This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions
    • …
    corecore