Abstractions, accounts and grid usability

The vision of the Grid is one of seamless, virtual and constantly changing resources where users need not concern themselves about details, such as exactly where an application is running or where their data is being stored. However, seamless and virtual often imply a lack of control that users may be wary of, or even opposed to. Drawing upon our studies of HCI and of collaborative work, this paper examines whether the Grid development community should be taking this vision literally and argues for the need for accountability of systems ‘in interaction’. We give examples of an alternative approach that seeks to provide ways in which administrators, technical support and user communities can make sense of the behaviour of the complex socio-technical ensembles that are the reality of Grids

Web services for rural areas-Security challenges in development and use

Web services (WS) are the modern response of traders and online service providers to satisfying the increasing needs and demands of the digital communities. WS formation and operation is based on a software system designed to support interoperable machine-to-machine interaction over a network. Security is of paramount importance to WS and the ability to measure and evaluate the level of security available is key to establishing and continuing to develop the level of trust based on reputation developed by the provider of the WS. The greatest challenge in offering secure WS is to groups of people where the level of expertise of the user is low and the need for transparency of the service provision quite high, such as the case with services offered primarily to people in rural areas. Providers of such services face many challenges in balancing the requirements for performance, interoperability, and security against the cost of implementing secure systems and running profitable operations through low income generating WS. A review of services offered, of the users and the challenges in building online trust among providers and users are discussed for the case of rural areas in the United Kingdom. © 2009 Elsevier B.V. All rights reserved

Dynamic Model-based Management of Service-Oriented Infrastructure.

Models are an effective tool for systems and software design. They allow software architects to abstract from the non-relevant details. Those qualities are also useful for the technical management of networks, systems and software, such as those that compose service oriented architectures. Models can provide a set of well-defined abstractions over the distributed heterogeneous service infrastructure that enable its automated management. We propose to use the managed system as a source of dynamically generated runtime models, and decompose management processes into a composition of model transformations. We have created an autonomic service deployment and configuration architecture that obtains, analyzes, and transforms system models to apply the required actions, while being oblivious to the low-level details. An instrumentation layer automatically builds these models and interprets the planned management actions to the system. We illustrate these concepts with a distributed service update operation

Using Control Frameworks to Map Risks in Web 2.0 Applications

Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria

Factors Affecting the Performance of Web Application Firewall

Web application firewalls (WAF) have been proven to be a useful tool in a much needed security for internet applications. Automation of ruleset development for WAF may reduce human errors and establish required baseline for web security. This research paper shows that mechanical implementation of highest paranoia levels on WAF may severely affect the productivity of the system and calls for the need for human intervention to critically review the proposed ruleset and find the optimal paranoia level that suits specific web application

Cyber Supply Chain Risks in Cloud Computing - Bridging the Risk Assessment Gap

Cloud computing represents a significant paradigm shift in the delivery of information technology (IT) services. The rapid growth of the cloud and the increasing security concerns associated with the delivery of cloud services has led many researchers to study cloud risks and risk assessments. Some of these studies highlight the inability of current risk assessments to cope with the dynamic nature of the cloud, a gap we believe is as a result of the lack of consideration for the inherent risk of the supply chain. This paper, therefore, describes the cloud supply chain and investigates the effect of supply chain transparency in conducting a comprehensive risk assessment. We conducted an industry survey to gauge stakeholder awareness of supply chain risks, seeking to find out the risk assessment methods commonly used, factors that hindered a comprehensive evaluation and how the current state-of-the-art can be improved. The analysis of the survey dataset showed the lack of flexibility of the popular qualitative assessment methods in coping with the risks associated with the dynamic supply chain of cloud services, typically made up of an average of eight suppliers. To address these gaps, we propose a Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by decision support analysis and supply chain mapping in the identification, analysis and evaluation of cloud risks