Data Privacy and System Security for Banking and Financial Services Industry based on Cloud Computing Infrastructure

© 2018 IEEE. Cloud computing architecture and infrastructure has received an acceptance from corporations and governments across the globe. Cloud computing helped to reduce cost of management of physical and technical infrastructure at the same time has made information systems available for locally globally deployed work force. Cloud computing infrastructure provides access to data and applications from any location and this has made organizations to keep evaluating privacy and security framework. Banking and financial services have data and applications which are internally developed to remain ahead of competition. This data and applications becomes the Intellectual Property (IP) that serves specific business processes and goals. When this data and applications can be accessed from remote locations, there may be a potential risks of data leakages and erosion of IP over a period of time. With an adoption of cloud computing, banking and financial services industry continues to be under strict regulatory and compliance framework to maintain privacy of data and security of systems. Privacy and security of cloud architecture infrastructure continues to be the challenge across the globe. In this paper, various aspects of cloud computing related to data privacy and system security for banking and financial services industry have been introduced

A framework for IP and non-IP multicast services for vehicular networks

International audienceEnabling drivers to be connected to the Internet and/or Vehicular Ad-hoc networks, is one of the main challenges of the future networking. This enables drivers to benefit from the existing Internet services as well as emerging ITS applications based on IP or non-IP communications (e.g geonetworking). Many of ITS applications such as fleet management require multicast data delivery. Existing works on this subject tackle mainly the problems of IP multicasting inside the Internet or geocasting in VANETs. This paper presents a new framework that enables Internet-based multicast services on top of VANETs. We introduce a self-configuring multicast addressing scheme based on the geographic locations of the vehicles coupled with a simplified approach that locally manages the group membership to allow packet delivery from the Internet. Moreover, we propose an approach that selects the appropriate network-layer protocol for either geocasting or IP multicasting depending on the vehicles' context and the application requirements. Finally, we present the integration of the designed framework to the ITS reference architecture

Supporting quality of service for internet applications

University of Technology, Sydney. Faculty of Information Technology.Regarding the dominance of IP applications and the requirement of providing quality of service for users, it is critical to provide an scalable network architecture capable of supporting sufficient Quality of Service (QoS). Of the two network models (Integrated Services and Differentiated Services) approved by the Internet Engineering Task Force (IETF) [1, 2], the differentiated service model has gained wider acceptance because of its scalability. Differentiated Services (DiffServ) QoS architecture is scalable but inadequate to deal with network congestion and unable to provide fairness among its traffic aggregates. Recently, IETF has recommended additional functions including admission control and resource discovery to enhance the original DiffServ [2]. In this thesis, we propose a new framework based on DiffServ. The new architecture, called Fair Intelligent Congestion Control DiffServ (FICC- DiffServ), applies the FICC algorithm and control loop to provide fairness among traffic aggregates and control congestion inside DiffServ networks. The augmented architecture is realisable within the existing IP network infrastructures. Simulation results show that the FICC-DiffServ performs excellently in terms of guaranteed fairness, minimised packet delay and jitter, as well as being robust to traffic attributes, and being simple to implement. Moreover, providing end-to-end QoS for Internet applications presents difficult problems, because the Internet is composed of many independently administrative domains called Autonomous Systems. Enabling end-to-end QoS, negotiations between domains is then crucial. As a means of negotiations, inter- autonomous system QoS routings play an important role in advertising the available network resources between domains. In this thesis, the Border Gateway Protocol (BGP) is extended to provide end-to-end QoS. The BGP is selected for two reasons: (1) BGP is an inter-domain routing protocol widely used on the Internet and (2) the use of attributes attached to routes makes BGP be a powerful and scalable inter-domain routing protocol. For end-to-end QoS, a completed framework includes a FICC-DiffServ in each domain, an extended BGP between domains and an admission control at the edge router. Via simulation, we demonstrate the reliability of the BGP-extended architecture, including route selection policy and overhead reduction issues

A framework for the development of tolerant real time applications

This work presents a framework architecture for the development of distributed real-time applications to be integrated into WWW clients. It assumes a WWW environment over networks providing a best-effort delivery service like the internets based on the IP protocol. The framework is that of an application programming interface (API) providing the program developer with the services needed by tolerant realtime applications. Once developed, an application is bundled together with the API to form a WWW plug-in which can subsequently be called from a WWW client interface or browser. The application is then perceived as being integrated into the WWW environment. The design aims to provide real-time applications with a transport service layer assuring near end-to-end isochronism despite the weak guaranties of the underlying network service. The implementation of the mechanisms that allow multistream real-time communications to adapt to the operational conditions of these networks are discussed. In this work, the RTP and RTCP protocols were also implemented as part of the API. Experience with this framework reports the development of a prototype real-time application for multimedia group communication and the analysis of the behaviour of RTP sessions in a real operational situation. The analysis uses protocol state data logged during their operation

Linking session based services with transport plane resources in IP multimedia subsystems.

The massive success and proliferation of Internet technologies has forced network operators to recognise the benefits of an IP-based communications framework. The IP Multimedia Subsystem (IMS) has been proposed as a candidate technology to provide a non-disruptive strategy in the move to all-IP and to facilitate the true convergence of data and real-time multimedia services. Despite the obvious advantages of creating a controlled environment for deploying IP services, and hence increasing the value of the telco bundle, there are several challenges that face IMS deployment. The most critical is that posed by the widespread proliferation ofWeb 2.0 services. This environment is not seen as robust enough to be used by network operators for revenue generating services. However IMS operators will need to justify charging for services that are typically available free of charge in the Internet space. Reliability and guaranteed transport of multimedia services by the efficient management of resources will be critical to differentiate IMS services. This thesis investigates resource management within the IMS framework. The standardisation of NGN/IMS resource management frameworks has been fragmented, resulting in weak functional and interface specifications. To facilitate more coherent, focused research and address interoperability concerns that could hamper deployment, a Common Policy and Charging Control (PCC) architecture is presented that defines a set of generic terms and functional elements. A review of related literature and standardisation reveals severe shortcomings regarding vertical and horizontal coordination of resources in the IMS framework. The deployment of new services should not require QoS standardisation or network upgrade, though in the current architecture advanced multimedia services are not catered for. It has been found that end-to-end QoS mechanisms in the Common PCC framework are elementary. To address these challenges and assist network operators when formulating their iii NGN strategies, this thesis proposes an application driven policy control architecture that incorporates end-user and service requirements into the QoS negotiation procedure. This architecture facilitates full interaction between service control and resource control planes, and between application developers and the policies that govern resource control. Furthermore, a novel, session based end-to-end policy control architecture is proposed to support inter-domain coordination across IMS domains. This architecture uses SIP inherent routing information to discover the routes traversed by the signalling and the associated routes traversed by the media. This mechanism effectively allows applications to issue resource requests from their home domain and enable end-to-end QoS connectivity across all traversed transport segments. Standard interfaces are used and transport plane overhaul is not necessary for this functionality. The Common PCC, application driven and session based end-to-end architectures are implemented in a standards compliant and entirely open source practical testbed. This demonstrates proof of concept and provides a platform for performance evaluations. It has been found that while there is a cost in delay and traffic overhead when implementing the complete architecture, this cost falls within established criteria and will have an acceptable effect on end-user experience. The open nature of the practical testbed ensures that all evaluations are fully reproducible and provides a convenient point of departure for future work. While it is important to leave room for flexibility and vendor innovation, it is critical that the harmonisation of NGN/IMS resource management frameworks takes place and that the architectures proposed in this thesis be further developed and integrated into the single set of specifications. The alternative is general interoperability issues that could render end-to-end QoS provisioning for advanced multimedia services almost impossible

AKER: A Design and Verification Framework for Safe andSecure SoC Access Control

Modern systems on a chip (SoCs) utilize heterogeneous architectures where multiple IP cores have concurrent access to on-chip shared resources. In security-critical applications, IP cores have different privilege levels for accessing shared resources, which must be regulated by an access control system. AKER is a design and verification framework for SoC access control. AKER builds upon the Access Control Wrapper (ACW) -- a high performance and easy-to-integrate hardware module that dynamically manages access to shared resources. To build an SoC access control system, AKER distributes the ACWs throughout the SoC, wrapping controller IP cores, and configuring the ACWs to perform local access control. To ensure the access control system is functioning correctly and securely, AKER provides a property-driven security verification using MITRE common weakness enumerations. AKER verifies the SoC access control at the IP level to ensure the absence of bugs in the functionalities of the ACW module, at the firmware level to confirm the secure operation of the ACW when integrated with a hardware root-of-trust (HRoT), and at the system level to evaluate security threats due to the interactions among shared resources. The performance, resource usage, and security of access control systems implemented through AKER is experimentally evaluated on a Xilinx UltraScale+ programmable SoC, it is integrated with the OpenTitan hardware root-of-trust, and it is used to design an access control system for the OpenPULP multicore architecture