A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

Towards Run-Time Verification of Compositions in the Web of Things using Complex Event Processing

Following the vision of the Internet of Things, physical world entities are integrated into virtual world things. Things are expected to become active participants in business and social processes. Then, the Internet of Things could benefit from the Web Service architecture like today’s Web does, so Future ser-vice-oriented Internet things will offer their functionality via service-enabled in-terfaces. In previous work, we demonstrated the need of considering the behav-iour of things to develop applications in a more rigorous way, and we proposed a lightweight model for representing such behaviour. Our methodology relies on the service-oriented paradigm and extends the DPWS profile to specify the order with which things can receive messages. We also proposed a static verifi-cation technique to check whether a mashup of things respects the behaviour, specified at design-time, of the composed things. However, a change in the be-haviour of a thing may cause that some compositions do not fulfill its behaviour anymore. Moreover, given that a thing can receive requests from instances of different mashups at run-time, these requests could violate the behaviour of that thing, even though each mashup fulfills such behaviour, due to the change of state of the thing. To address these issues, we present a proposal based on me-diation techniques and complex event processing to detect and inhibit invalid invocations, so things only receive requests compatible with their behaviour.Work partially supported by projects TIN2008-05932, TIN2012-35669, CSD2007-0004 funded by Spanish Ministry MINECO and FEDER; P11-TIC-7659 funded by Andalusian Government; and Universidad de Málaga, Campus de Excelencia Internacional Andalucía Tec

Architectures for Real-Time Automatic Sign Language Recognition on Resource-Constrained Device

Powerful, handheld computing devices have proliferated among consumers in recent years. Combined with new cameras and sensors capable of detecting objects in three-dimensional space, new gesture-based paradigms of human computer interaction are becoming available. One possible application of these developments is an automated sign language recognition system. This thesis reviews the existing body of work regarding computer recognition of sign language gestures as well as the design of systems for speech recognition, a similar problem. Little work has been done to apply the well-known architectural patterns of speech recognition systems to the domain of sign language recognition. This work creates a functional prototype of such a system, applying three architectures seen in speech recognition systems, using a Hidden Markov classifier with 75-90% accuracy. A thorough search of the literature indicates that no cloud-based system has yet been created for sign language recognition and this is the first implementation of its kind. Accordingly, there have been no empirical performance analyses regarding a cloud-based Automatic Sign Language Recognition (ASLR) system, which this research provides. The performance impact of each architecture, as well as the data interchange format, is then measured based on response time, CPU, memory, and network usage across an increasing vocabulary of sign language gestures. The results discussed herein suggest that a partially-offloaded client-server architecture, where feature extraction occurs on the client device and classification occurs in the cloud, is the ideal selection for all but the smallest vocabularies. Additionally, the results indicate that for the potentially large data sets transmitted for 3D gesture classification, a fast binary interchange protocol such as Protobuf has vastly superior performance to a text-based protocol such as JSON

Opportunities of IoT in Fog Computing for High Fault Tolerance and Sustainable Energy Optimization

Today, the importance of enhanced quality of service and energy optimization has promoted research into sensor applications such as pervasive health monitoring, distributed computing, etc. In general, the resulting sensor data are stored on the cloud server for future processing. For this purpose, recently, the use of fog computing from a real-world perspective has emerged, utilizing end-user nodes and neighboring edge devices to perform computation and communication. This paper aims to develop a quality-of-service-based energy optimization (QoS-EO) scheme for the wireless sensor environments deployed in fog computing. The fog nodes deployed in specific geographical areas cover the sensor activity performed in those areas. The logical situation of the entire system is informed by the fog nodes, as portrayed. The implemented techniques enable services in a fog-collaborated WSN environment. Thus, the proposed scheme performs quality-of-service placement and optimizes the network energy. The results show a maximum turnaround time of 8 ms, a minimum turnaround time of 1 ms, and an average turnaround time of 3 ms. The costs that were calculated indicate that as the number of iterations increases, the path cost value decreases, demonstrating the efficacy of the proposed technique. The CPU execution delay was reduced to a minimum of 0.06 s. In comparison, the proposed QoS-EO scheme has a lower network usage of 611,643.3 and a lower execution cost of 83,142.2. Thus, the results show the best cost estimation, reliability, and performance of data transfer in a short time, showing a high level of network availability, throughput, and performance guarantee

Secure store and forward proxy for dynamic IoT applications over M2M networks

Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality

A Black-box Monitoring Approach to Measure Microservices Runtime Performance

Microservices changed cloud computing by moving the applications' complexity from one monolithic executable to thousands of network interactions between small components. Given the increasing deployment sizes, the architectural exploitation challenges, and the impact on data-centers' power consumption, we need to efficiently track this complexity. Within this article, we propose a black-box monitoring approach to track microservices at scale, focusing on architectural metrics, power consumption, application performance, and network performance. The proposed approach is transparent w.r.t. the monitored applications, generates less overhead w.r.t. black-box approaches available in the state-of-the-art, and provides fine-grain accurate metrics

Enhancing Federated Cloud Management with an Integrated Service Monitoring Approach

Cloud Computing enables the construction and the provisioning of virtualized service-based applications in a simple and cost effective outsourcing to dynamic service environments. Cloud Federations envisage a distributed, heterogeneous environment consisting of various cloud infrastructures by aggregating different IaaS provider capabilities coming from both the commercial and the academic area. In this paper, we introduce a federated cloud management solution that operates the federation through utilizing cloud-brokers for various IaaS providers. In order to enable an enhanced provider selection and inter-cloud service executions, an integrated monitoring approach is proposed which is capable of measuring the availability and reliability of the provisioned services in different providers. To this end, a minimal metric monitoring service has been designed and used together with a service monitoring solution to measure cloud performance. The transparent and cost effective operation on commercial clouds and the capability to simultaneously monitor both private and public clouds were the major design goals of this integrated cloud monitoring approach. Finally, the evaluation of our proposed solution is presented on different private IaaS systems participating in federations. © 2013 Springer Science+Business Media Dordrecht

Raamistik mobiilsete asjade veebile

Internet on oma arengus läbi aastate jõudnud järgmisse evolutsioonietappi - asjade internetti (ingl Internet of Things, lüh IoT). IoT ei tähista ühtainsat tehnoloogiat, see võimaldab eri seadmeil - arvutid, mobiiltelefonid, autod, kodumasinad, loomad, virtuaalsensorid, jne - omavahel üle Interneti suhelda, vajamata seejuures pidevat inimesepoolset seadistamist ja juhtimist. Mobiilseadmetest nagu näiteks nutitelefon ja tahvelarvuti on saanud meie igapäevased kaaslased ning oma mitmekülgse võimekusega on nad motiveerinud teadustegevust mobiilse IoT vallas. Nutitelefonid kätkevad endas võimekaid protsessoreid ja 3G/4G tehnoloogiatel põhinevaid internetiühendusi. Kuid kui kasutada seadmeid järjepanu täisvõimekusel, tühjeneb mobiili aku kiirelt. Doktoritöö esitleb energiasäästlikku, kergekaalulist mobiilsete veebiteenuste raamistikku anduriandmete kogumiseks, kasutades kergemaid, energiasäästlikumaid suhtlustprotokolle, mis on IoT keskkonnale sobilikumad. Doktoritöö käsitleb põhjalikult energia kokkuhoidu mobiilteenuste majutamisel. Töö käigus loodud raamistikud on kontseptsiooni tõestamiseks katsetatud mitmetes juhtumiuuringutes päris seadmetega.The Internet has evolved, over the years, from just being the Internet to become the Internet of Things (IoT), the next step in its evolution. IoT is not a single technology and it enables about everything from computers, mobile phones, cars, appliances, animals, virtual sensors, etc. that connect and interact with each other over the Internet to function free from human interaction. Mobile devices like the Smartphone and tablet PC have now become essential to everyday life and with extended capabilities have motivated research related to the mobile Internet of Things. Although, the recently developed Smartphones enjoy the high performance and high speed 3G/4G mobile Internet data transmission services, such high speed performances quickly drain the battery power of the mobile device. This thesis presents an energy efficient lightweight mobile Web service provisioning framework for mobile sensing utilizing the protocols that were designed for the constrained IoT environment. Lightweight protocols provide an energy efficient way of communication. Finally, this thesis highlights the energy conservation of the mobile Web service provisioning, the developed framework, extensively. Several case studies with the use of the proposed framework were implemented on real devices and has been thoroughly tested as a proof-of-concept.https://www.ester.ee/record=b522498