Sla Management in a Collaborative Network Of Federated Clouds: The Cloudland

Cloud services have always promised to be available, flexible, and speedy. However, not a single Cloud provider can deliver such promises to their distinctly demanding customers. Cloud providers have a constrained geographical presence, and are willing to invest in infrastructure only when it is profitable to them. Cloud federation is a concept that collectively combines segregated Cloud services to create an extended pool of resources for Clouds to competently deliver their promised level of services. This dissertation is concerned with studying the governing aspects related to the federation of Clouds through collaborative networking. The main objective of this dissertation is to define a framework for a Cloud network that considers balancing the trade-offs among customers’ various quality of service (QoS) requirements, as well as providers\u27 resources utilization. We propose a network of federated Clouds, CloudLend, that creates a platform for Cloud providers to collaborate, and for customers to expand their service selections. We also define and specify a service level agreement (SLA) management model in order to govern and administer the relationships established between different Cloud services in CloudLend. We define a multi-level SLA specification model to annotate and describe QoS terms, in addition to a game theory-based automated SLA negotiation model that supports both customers and providers in negotiating SLA terms, and guiding them towards signing a contract. We also define an adaptive agent-based SLA monitoring model which identifies the root causes of SLA violations, and impartially distributes any updates and changes in established SLAs to all relevant entities. Formal verification proved that our proposed framework assures customers with maximum optimized guarantees to their QoS requirements, in addition to supporting Cloud providers to make informed resource utilization decisions. Additionally, simulation results demonstrate the effectiveness of our SLA management model. Our proposed Cloud Lend network and its SLA management model paves the way to resource sharing among different Cloud providers, which allows for the providers’ lock-in constraints to be broken, allowing effortless migration of customers’ applications across different providers whenever is needed

Reliable and secure low energy sensed spectrum communication for time critical cloud computing applications

Reliability and security of data transmission and access are of paramount importance to enhance the dependability of time critical remote monitoring systems (e.g. tele-monitoring patients, surveillance of smart grid components). Potential failures for data transmissions include wireless channel unavailability and delays due to the interruptions. Reliable data transmission demands seamless channel availability with minimum delays in spite of interruptions (e.g. fading, denial-of-service attacks). Secure data transmissions require sensed data to be transmitted over unreliable wireless channels with sucient security using suitable encryption techniques. The transmitted data are stored in secure cloud repositories. Potential failures for data access include unsuccessful user authentications due to mis-management of digital identities and insucient permissions to authorize situation specic data access requests. Reliable and secure data access requires robust user authentication and context-dependent authorization to fulll situation specic data utility needs in cloud repositories. The work herein seeks to enhance the dependability of time critical remote monitoring applications, by reducing these failure conditions which may degrade the reliability and security of data transmission or access. As a result of an extensive literature survey, in order to achieve the above said security and reliability, the following areas have been selected for further investigations. The enhancement of opportunistic transmissions in cognitive radio networks to provide greater channel availability as opposed to xed spectrum allocations in conventional wireless networks. Delay sensitive channel access methods to ensure seamless connectivity in spite of multiple interruptions in cognitive radio networks. Energy ecient encryption and route selection mechanisms to enhance both secure and reliable data transmissions. Trustworthy digital identity management in cloud platforms which can facilitate ecient user authentication to ensure reliable access to the sensed remote monitoring data. Context-aware authorizations to reliably handle the exible situation specic data access requests. Main contributions of this thesis include a novel trust metric to select non-malicious cooperative spectrum sensing users to reliably detect vacant channels, a reliable delaysensitive cognitive radio spectrum hand-o management method for seamless connectivity and an energy-aware physical unclonable function based encryption key size selection method for secure data transmission. Furthermore, a trust based identity provider selection method for user authentications and a reliable context-aware situation specic authorization method are developed for more reliable and secure date access in cloud repositories. In conclusion, these contributions can holistically contribute to mitigate the above mentioned failure conditions to achieve the intended dependability of the timecritical remote monitoring applications

Cloud provider capacity augmentation through automated resource bartering

© 2017 Elsevier B.V. Growing interest in Cloud Computing places a heavy workload on cloud providers which is becoming increasingly difficult for them to manage with their primary data centre infrastructures. Resource scarcity can make providers vulnerable to significant reputational damage and it often forces customers to select services from the larger, more established companies, sometimes at a higher price. Funding limitations, however, commonly prevent emerging and even established providers from making a continual investment in hardware speculatively assuming a certain level of growth in demand. As an alternative, they may opt to use the current inter-cloud resource sharing systems which mainly rely on monetary payments and thus put pressure on already stretched cash flows. To address such issues, a new multi-agent based Cloud Resource Bartering System (CRBS) is implemented in this work that fosters the management and bartering of pooled resources without requiring costly financial transactions between IAAS cloud providers. Agents in CRBS collaborate to facilitate bartering among providers which not only strengthens their trading relationships but also enables them to handle surges in demand with their primary setup. Unlike existing systems, CRBS assigns resources by considering resource urgency which comparatively improves customers’ satisfaction and the resource utilization rate by more than 50%. The evaluation results verify that our system assists providers to timely acquire the additional resources and to maintain sustainable service delivery. We conclude that the existence of such a system is economically beneficial for cloud providers and enables them to adapt to fluctuating workloads

Semantic Security for E-Health: A Case Study in Enhanced Access Control

Data collection, access and usage are essential for many forms of collaborative research. E-Health represents one area with much to gain by sharing of data across organisational boundaries. In such contexts, security and access control are essential to protect the often complex, privacy and information governance concerns of associated stakeholders. In this paper we argue that semantic technologies have unique benefits for specification and enforcement of security policies that cross organisation boundaries. We illustrate this through a case study based around the International Niemann-Pick Disease (NPD) Registry (www.inpdr.org) - which typifies many current e-Health security processes and policies. We show how approaches based upon ontology-based policy specification overcome many of the current security challenges facing the development of such systems and enhance access control by leveraging existing security information associated with clinical collaborators

Towards mobile cloud computing with single sign-on access

This is a post-peer-review, pre-copyedit version of an article published in Journal of Grid Computing. The final authenticated version is available online at: http://dx.doi.org/10.1007/s10723-017-9413-3The low computing power of mobile devices impedes the development of mobile applications with a heavy computing load. Mobile Cloud Computing (MCC) has emerged as the solution to this by connecting mobile devices with the “infinite” computing power of the Cloud. As mobile devices typically communicate over untrusted networks, it becomes necessary to secure the communications to avoid privacy-sensitive data breaches. This paper presents work on implementing MCC applications with secure communications. For that purpose, we built on COMPSs-Mobile, a redesigned implementation of the COMP Superscalar (COMPSs) framework aiming to MCC platorms. COMPSs-Mobile automatically exploits the parallelism inherent in an application and orchestrates its execution on loosely-coupled distributed environment. To avoid a vendor lock-in, this extension leverages on the Generic Security Services Application Program Interface (GSSAPI) (RFC2743) as a generic way to access security services to provide communications with authentication, secrecy and integrity. Besides, GSSAPI allows applications to take profit of more advanced features, such as Federated Identity or Single Sign-On, which the underlying security framework could provide. To validate the practicality of the proposal, we use Kerberos as the security services provider to implement SSO; however, applications do not authenticate themselves and require users to obtain and place the credentials beforehand. To evaluate the performance, we conducted some tests running an application on a smartphone offloading tasks to a private cloud. Our results show that the overhead of securing the communications is acceptable.This work has been supported by the Spanish Government (contracts TIN2012-34557, TIN2015-65316-P and grants BES-2013-067167, EEBB-I-15-09808 of the Research Training Program and SEV-2011-00067 of Severo Ochoa Program), by Generalitat de Catalunya (contract 2014-SGR-1051) and by the European Commission (ASCETiC project, FP7-ICT-2013.1.2 contract 610874). The second author was partially supported by the European Commission's Horizon2020 programme under grant agreement 653965 (AARC).Peer ReviewedPostprint (author's final draft

Report of the 2014 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure

This event was supported in part by the National Science Foundation under Grant Number 1234408. Any opinions, findings, and conclusions or recommendations expressed at the event or in this report are those of the authors and do not necessarily reflect the views of the National Science Foundation

Intercloud Resource Discovery: A Future Perspective using Blockchain Technology

Intercloud is a single logical entity orchestrating resources from different individual clouds providing on-demand resource provisioning in a seamless manner. However, achieving efficient resource discovery in the intercloud environment remains a challenging task owing to the heterogeneity of resources and diversity of cloud platforms. The paper briefs about intercloud resource discovery, outlines the current work done using existing approaches and examines the challenges involved. Finally, the paper explains the concept of blockchain and presents an innovative conceptual model for efficient resource discovery in intercloud

The Value of Community Clouds for Collaboration in the Public Sector

The public sector has discovered cloud computing technologies and therefore demands an adequate cloud provisioning model. The community cloud seems to be a good balance between safety and trust as well as efficiency, cost reduction, and competitiveness for public facilities. Following this presumption, we analyzed the network potential for cooperation in the public sector. First, we reviewed the scientific literature around this concept and clarified the term ‘community cloud’. Then, we conducted a study of network theories to derive common values that are addressed in cooperation. In combination with network characteristics, we developed a framework that characterizes a network and assesses its specific network value. For evaluation purposes, we applied the framework to community cloud implementations in the public sector and discussed the results regarding the network value. The research findings reveal basic network values for community clouds in the public sector and will serve as analysis and assessment guidelines