Formalization and analysis of a resource allocation security protocol for secure service migration

The advent of virtual machine technology for example, VMware, and container technology, such as Docker, have made the migration of services between different Cloud Systems possible. This enables the development of mobile services that can ensure low latencies between servers and their mobile clients resulting in better QOS. Though there are many mechanisms in place to support for mobile services, a key component that is missing is the development of security protocols that allow the safe transfer of servers to different Cloud environments. In this paper, we propose a Resource Allocation Security Protocol for secure service migration. We explore two approaches; In the first approach, the protocol is developed and formally verified by Automated Validation of Internet Security Protocols and Applications tool. The protocol satisfies the security properties of secrecy and authentication. In addition, nonces are used for replay protection and to ensure freshness. In the second approach, a secure symmetrical session key is used to do the safe transfer and an automatic cryptographic protocol verifier ProVerif is employed to verify secrecy, authentication and key exchange

Formalization and analysis of a resource allocation security protocol for secure service migration

The advent of virtual machine technology for example, VMware, and container technology, such as Docker, have made the migration of services between different Cloud Systems possible. This enables the development of mobile services that can ensure low latencies between servers and their mobile clients resulting in better QOS. Though there are many mechanisms in place to support for mobile services, a key component that is missing is the development of security protocols that allow the safe transfer of servers to different Cloud environments. In this paper, we propose a Resource Allocation Security Protocol for secure service migration. We explore two approaches; In the first approach, the protocol is developed and formally verified by Automated Validation of Internet Security Protocols and Applications tool. The protocol satisfies the security properties of secrecy and authentication. In addition, nonces are used for replay protection and to ensure freshness. In the second approach, a secure symmetrical session key is used to do the safe transfer and an automatic cryptographic protocol verifier ProVerif is employed to verify secrecy, authentication and key exchange

Exploring a resource allocation security protocol for secure service migration in commercial cloud environments

Recently, there has been a significant increase in the popularity of cloud computing systems that offer Cloud services such as Networks, Servers, Storage, Applications, and other available on-demand re-sources or pay-as-you-go systems with different speeds and Qualities of Service. These cloud computing environments share resources by providing virtualization techniques that enable a single user to ac-cess various Cloud Services Thus, cloud users have access to an infi-nite computing resource, allowing them to increase or decrease their resource consumption capacity as needed. However, an increasing number of Commercial Cloud Services are available in the market-place from a wide range of Cloud Service Providers (CSPs). As a result, most CSPs must deal with dynamic resource allocation, in which mobile services migrate from one cloud environment to another to provide heterogeneous resources based on user requirements. A new service framework has been proposed by Sardis about how ser-vices can be migrated in Cloud Infrastructure. However, it does not address security and privacy issues in the migration process. Fur-thermore, there is still a lack of heuristic algorithms that can check requested and available resources to allocate and deallocate before the secure migration begins. The advent of Virtual machine technol-ogy, for example, VMware, and container technology, such as Docker, LXD, and Unikernels has made the migration of services possible. As Cloud services, such as Vehicular Cloud, are now being increasingly offered in highly mobile environments, Y-Comm, a new framework for building future mobile systems, has developed proactive handover to support the mobile user. Though there are many mechanisms in place to provide support for mobile services, one way of addressing the challenges arising because of this emerging application is to move the computing resources closer to the end-users and find how much computing resources should be allocated to meet the performance re-quirements/demands. This work addresses the above challenges by proposing the development of resource allocation security protocols for secure service migration that allow the safe transfer of servers and monitoring of the capacity of requested resources to different Cloud environments. In this thesis, we propose a Resource Allocation Secu-rity Protocol for secure service migration that allows resources to be allocated efficiently is analyzed. In our research, we use two differ-ent formal modelling and verification techniques to verify an abstract protocol and validate the security properties such as secrecy, authen-tication, and key exchange for secure service migration. The new protocol has been verified in AVISPA and ProVerif formal verifier and is being implemented in a new Service Management Framework Prototype to securely manage and allocate resources in Commercial Cloud Environments. And then, a Capability-Based Secure Service Protocol (SSP) was developed to ensure that capability-based service protocol proves secrecy, authentication, and authorization, and that it can be applied to any service. A basic prototype was then devel-oped to test these ideas using a block storage system known as the Network Memory Service. This service was used as the backend of a FUSE filesystem. The results show that this approach can be safely implemented and should perform well in real environments

Regional Address Registries, Governance and Internet Freedom

Regional Internet Address Registries (RIRs) are private, nonprofit and transnational governance entities that evolved organically with the growth of the Internet to manage and coordinate Internet Protocol addresses. The RIR's management of Internet address resources is becoming more contentious and more central to global debates over Internet governance. This is happening because of two transformational problems: 1) the depletion of the IPv4 address space; and 2) the attempt to introduce more security into the Internet routing system. We call these problems "transformational" because they raise the stakes of the RIR's policy decisions, make RIR processes more formal and institutionalized, and have the potential to create new, more centralized control mechanisms over Internet service providers and users. A danger in this transition is that the higher stakes and centralized control mechanisms become magnets for political contention, just as ICANN's control of the DNS root did. In order to avoid a repeat of the problems of ICANN, we need to think carefully about the relationship between RIRs, governments, and Internet freedom. In particular, we need to shield RIRs from interference by national governments, and strengthen and institutionalize their status as neutral technical coordinators with limited influence over other areas of Internet governance

Algorithms for advance bandwidth reservation in media production networks

Media production generally requires many geographically distributed actors (e.g., production houses, broadcasters, advertisers) to exchange huge amounts of raw video and audio data. Traditional distribution techniques, such as dedicated point-to-point optical links, are highly inefficient in terms of installation time and cost. To improve efficiency, shared media production networks that connect all involved actors over a large geographical area, are currently being deployed. The traffic in such networks is often predictable, as the timing and bandwidth requirements of data transfers are generally known hours or even days in advance. As such, the use of advance bandwidth reservation (AR) can greatly increase resource utilization and cost efficiency. In this paper, we propose an Integer Linear Programming formulation of the bandwidth scheduling problem, which takes into account the specific characteristics of media production networks, is presented. Two novel optimization algorithms based on this model are thoroughly evaluated and compared by means of in-depth simulation results

Land Tenure Security and Sustainable Development

This open access book presents a nuanced and accessible synthesis of the relationship between land tenure security and sustainable development. Contributing authors have collectively worked for decades on land tenure as connected with conservation and development across all major regions of the globe. The first section of this volume is intended as a standalone primer on land tenure security and its connections with sustainable development. The book then explores key thematic challenges that interact directly with land tenure security, followed by a section on strategies for addressing tenure insecurity. The book concludes with a section on new frontiers in research, policy, and action. An invaluable reference for researchers in the field and for practitioners looking for a comprehensive overview of this important topic. This is an open access book

CODEWEAVE: exploring fine-grained mobility of code

This paper is concerned with an abstract exploration of code mobility constructs designed for use in settings where the level of granularity associated with the mobile units exhibits significant variability. Units of mobility that are both finer and coarser grained than the unit of execution are examined. To accomplish this, we take the extreme view that every line of code and every variable declaration are potentially mobile, i.e., it may be duplicated or moved from one program context to another on the same host or across the network. We also assume that complex code assemblies may move with equal ease. The result is CODEWEAVE, a model that shows how to develop new forms of code mobility, assign them precise meaning, and facilitate formal verification of programs employing them. The design of CODEWEAVE relies greatly on Mobile UNITY, a notation and proof logic for mobile computing. Mobile UNITY offers a computational milieu for examining a wide range of constructs and semantic alternatives in a clean abstract setting, i.e., unconstrained by compilation and performance considerations traditionally associated with programming language design. Ultimately, the notation offered by CODEWEAVE is given exact semantic definition by means of a direct mapping to the underlying Mobile UNITY model. The abstract and formal treatment of code mobility offered by CODEWEAVE establishes a technical foundation for examining competing proposals and for subsequent integration of some of the mobility constructs both at the language level and within middleware for mobility

Design and implementation of a multi-agent opportunistic grid computing platform

Opportunistic Grid Computing involves joining idle computing resources in enterprises into a converged high performance commodity infrastructure. The research described in this dissertation investigates the viability of public resource computing in offering a plethora of possibilities through seamless access to shared compute and storage resources. The research proposes and conceptualizes the Multi-Agent Opportunistic Grid (MAOG) solution in an Information and Communication Technologies for Development (ICT4D) initiative to address some limitations prevalent in traditional distributed system implementations. Proof-of-concept software components based on JADE (Java Agent Development Framework) validated Multi-Agent Systems (MAS) as an important tool for provisioning of Opportunistic Grid Computing platforms. Exploration of agent technologies within the research context identified two key components which improve access to extended computer capabilities. The first component is a Mobile Agent (MA) compute component in which a group of agents interact to pool shared processor cycles. The compute component integrates dynamic resource identification and allocation strategies by incorporating the Contract Net Protocol (CNP) and rule based reasoning concepts. The second service is a MAS based storage component realized through disk mirroring and Google file-system’s chunking with atomic append storage techniques. This research provides a candidate Opportunistic Grid Computing platform design and implementation through the use of MAS. Experiments conducted validated the design and implementation of the compute and storage services. From results, support for processing user applications; resource identification and allocation; and rule based reasoning validated the MA compute component. A MAS based file-system that implements chunking optimizations was considered to be optimum based on evaluations. The findings from the undertaken experiments also validated the functional adequacy of the implementation, and show the suitability of MAS for provisioning of robust, autonomous, and intelligent platforms. The context of this research, ICT4D, provides a solution to optimizing and increasing the utilization of computing resources that are usually idle in these contexts

Investigating Cloud Access Security Broker In A Healthcare Service : Creating A Cloud Access Security Broker (CASB) Discussion Frame-work For Evaluating Security in Cloud Healthcare Services

Master's thesis in Cyber security (IKT523)Covid-19 accentuated the importance of accessible services, causing a major increase in the adoption of cloud services for enterprises. Cloud computing is a new paradigm that promises significant benefits for organizations in healthcare services. However, cloud computing also transforms enterprise architectures and introduces new problems of information security. Decision-makers in a large healthcare service provider need to justify decisions on cloud adoption, but such a task is convoluted given the different views on cloud computing and the potential impact of cyberthreats on critical infrastructures. As a consequence, cloud security controls need to be selected and implemented to complement cloud services. Our research focuses on the decision-making process for selecting a Cloud Access Security Broker (CASB) in a large public healthcare ICT provider in Norway. This thesis applies Action Design Research (ADR) to design a decision support tool for cloud security control selection in healthcare organizations. The result is a framework for evaluating cloud security controls that facilitates the decision-making process by considering multiple aspects of enterprise security architectures. Participants in the decision-making process can achieve a common understanding of cloud security control and a tailored assessment of how the cloud will impact information security in the organization. We present the design process and apply the framework to the CASB selection problem. As a practical implication, our findings suggest that selecting a cloud security control in a healthcare service provider is an ill-structured or “wicked” problem that requires a unique problem-solving approac

Proceedings of the Automated Reasoning Workshop (ARW 2019)

Preface This volume contains the proceedings of ARW 2019, the twenty sixths Workshop on Automated Rea- soning (2nd{3d September 2019) hosted by the Department of Computer Science, Middlesex University, England (UK). Traditionally, this annual workshop which brings together, for a two-day intensive pro- gramme, researchers from different areas of automated reasoning, covers both traditional and emerging topics, disseminates achieved results or work in progress. During informal discussions at workshop ses- sions, the attendees, whether they are established in the Automated Reasoning community or are only at their early stages of their research career, gain invaluable feedback from colleagues. ARW always looks at the ways of strengthening links between academia, industry and government; between theoretical and practical advances. The 26th ARW is affiliated with TABLEAUX 2019 conference. These proceedings contain forteen extended abstracts contributed by the participants of the workshop and assembled in order of their presentations at the workshop. The abstracts cover a wide range of topics including the development of reasoning techniques for Agents, Model-Checking, Proof Search for classical and non-classical logics, Description Logics, development of Intelligent Prediction Models, application of Machine Learning to theorem proving, applications of AR in Cloud Computing and Networking. I would like to thank the members of the ARW Organising Committee for their advice and assis- tance. I would also like to thank the organisers of TABLEAUX/FroCoS 2019, and Andrei Popescu, the TABLEAUX Conference Chair, in particular, for the enormous work related to the organisation of this affiliation. I would also like to thank Natalia Yerashenia for helping in preparing these proceedings. London Alexander Bolotov September 201