4,341 research outputs found
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Merlin: A Language for Provisioning Network Resources
This paper presents Merlin, a new framework for managing resources in
software-defined networks. With Merlin, administrators express high-level
policies using programs in a declarative language. The language includes
logical predicates to identify sets of packets, regular expressions to encode
forwarding paths, and arithmetic formulas to specify bandwidth constraints. The
Merlin compiler uses a combination of advanced techniques to translate these
policies into code that can be executed on network elements including a
constraint solver that allocates bandwidth using parameterizable heuristics. To
facilitate dynamic adaptation, Merlin provides mechanisms for delegating
control of sub-policies and for verifying that modifications made to
sub-policies do not violate global constraints. Experiments demonstrate the
expressiveness and scalability of Merlin on real-world topologies and
applications. Overall, Merlin simplifies network administration by providing
high-level abstractions for specifying network policies and scalable
infrastructure for enforcing them
MorphoSys: efficient colocation of QoS-constrained workloads in the cloud
In hosting environments such as IaaS clouds, desirable application performance is usually guaranteed through the use of Service Level Agreements (SLAs), which specify minimal fractions of resource capacities that must be allocated for unencumbered use for proper operation. Arbitrary colocation of applications with different SLAs on a single host may result in inefficient utilization of the host’s resources. In this paper, we propose that periodic resource allocation and consumption models -- often used to characterize real-time workloads -- be used for a more granular expression of SLAs. Our proposed SLA model has the salient feature that it exposes flexibilities that enable the infrastructure provider to safely transform SLAs from one form to another for the purpose of achieving more efficient colocation. Towards that goal, we present MORPHOSYS: a framework for a service that allows the manipulation of SLAs to enable efficient colocation of arbitrary workloads in a dynamic setting. We present results from extensive trace-driven simulations of colocated Video-on-Demand servers in a cloud setting. These results show that potentially-significant reduction in wasted resources (by as much as 60%) are possible using MORPHOSYS.National Science Foundation (0720604, 0735974, 0820138, 0952145, 1012798
Relational Cloud: The Case for a Database Service
In this paper, we make the case for â databases as a serviceâ (DaaS), with two target scenarios in mind: (i) consolidation of data management functionality for large organizations and (ii) outsourcing data management to a cloud-based service provider for small/medium organizations. We analyze the many challenges to be faced, and discuss the design of a database service we are building, called Relational Cloud. The system has been designed from scratch and combines many recent advances and novel solutions. The prototype we present exploits multiple dedicated storage engines, provides high-availability via transparent replication, supports automatic workload partitioning and live data migration, and provides serializable distributed transactions. While the system is still under active development, we are able to present promising initial results that showcase the key features of our system. The tests are based on TPC benchmarks and real-world data from epinions.com, and show our partitioning, scalability and balancing capabilities
A policy-based containerized filter for secure information sharing in organizational environments
In organizational environments, sensitive information is unintentionally exposed and sent to the cloud without encryption by insiders that even were previously informed about cloud risks. To mitigate the effects of this information privacy paradox, we propose the design, development and implementation of SecFilter, a security
filter that enables organizations to implement security policies for
information sharing. SecFilter automatically performs the following
tasks: (a) intercepts files before sending them to the cloud; (b)
searches for sensitive criteria in the context and content of the
intercepted files by using mining techniques; (c) calculates the risk
level for each identified criterion; (d) assigns a security level to
each file based on the detected risk in its content and context; and (e)
encrypts each file by using a multi-level security engine, based on
digital envelopes from symmetric encryption,
attribute-based encryption and digital signatures to guarantee the
security services of confidentiality, integrity and authentication on
each file at the same time that access control mechanisms
are enforced before sending the secured file versions to cloud storage.
A prototype of SecFilter was implemented for a real-world file sharing
application that has been deployed on a private cloud. Fine-tuning of
SecFilter components is described and a case study has been conducted
based on document sharing of a well-known repository (MedLine corpus).
The experimental evaluation revealed the feasibility and efficiency of
applying a security filter to share information in organizational
environmentsThis work has been partially supported by the Spanish “Ministerio de Economia y Competitividad” under the project grant TIN2016-79637-P “Towards Unification of HPC and Big Dataparadigms”
- …