Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Datacenter Traffic Control: Understanding Techniques and Trade-offs

Datacenters provide cost-effective and flexible access to scalable compute and storage resources necessary for today's cloud computing needs. A typical datacenter is made up of thousands of servers connected with a large network and usually managed by one operator. To provide quality access to the variety of applications and services hosted on datacenters and maximize performance, it deems necessary to use datacenter networks effectively and efficiently. Datacenter traffic is often a mix of several classes with different priorities and requirements. This includes user-generated interactive traffic, traffic with deadlines, and long-running traffic. To this end, custom transport protocols and traffic management techniques have been developed to improve datacenter network performance. In this tutorial paper, we review the general architecture of datacenter networks, various topologies proposed for them, their traffic properties, general traffic control challenges in datacenters and general traffic control objectives. The purpose of this paper is to bring out the important characteristics of traffic control in datacenters and not to survey all existing solutions (as it is virtually impossible due to massive body of existing research). We hope to provide readers with a wide range of options and factors while considering a variety of traffic control mechanisms. We discuss various characteristics of datacenter traffic control including management schemes, transmission control, traffic shaping, prioritization, load balancing, multipathing, and traffic scheduling. Next, we point to several open challenges as well as new and interesting networking paradigms. At the end of this paper, we briefly review inter-datacenter networks that connect geographically dispersed datacenters which have been receiving increasing attention recently and pose interesting and novel research problems.Comment: Accepted for Publication in IEEE Communications Surveys and Tutorial

From Traditional Adaptive Data Caching to Adaptive Context Caching: A Survey

Context data is in demand more than ever with the rapid increase in the development of many context-aware Internet of Things applications. Research in context and context-awareness is being conducted to broaden its applicability in light of many practical and technical challenges. One of the challenges is improving performance when responding to large number of context queries. Context Management Platforms that infer and deliver context to applications measure this problem using Quality of Service (QoS) parameters. Although caching is a proven way to improve QoS, transiency of context and features such as variability, heterogeneity of context queries pose an additional real-time cost management problem. This paper presents a critical survey of state-of-the-art in adaptive data caching with the objective of developing a body of knowledge in cost- and performance-efficient adaptive caching strategies. We comprehensively survey a large number of research publications and evaluate, compare, and contrast different techniques, policies, approaches, and schemes in adaptive caching. Our critical analysis is motivated by the focus on adaptively caching context as a core research problem. A formal definition for adaptive context caching is then proposed, followed by identified features and requirements of a well-designed, objective optimal adaptive context caching strategy.Comment: This paper is currently under review with ACM Computing Surveys Journal at this time of publishing in arxiv.or

Graph Modeling for OpenFlow Switch Monitoring

Network monitoring allows network administrators to facilitate network activities and to resolve issues in a timely fashion. Monitoring techniques in software-defined networks are either (i) active, where probing packets are sent periodically, or (ii) passive, where traffic statistics are collected from the network forwarding elements. The centralized nature of software-defined networking implies the implementation of monitoring techniques imposes additional overhead on the network controller. We propose Graph Modeling for OpenFlow Switch Monitoring (GMSM), which is a lightweight monitoring technique. GMSM constructs a flow-graph overview using two types of asynchronous OpenFlow messages: packet-in and flow-removed, which improve monitoring and decision making. It classifies new flows based on the class of service. Experimental findings suggest that using GMSM leads to a decrease in network overhead resulting from the communication between the controller and the switches, with a reduction of 5.7% and 6.7% compared to state-of-the-art approaches. GMSM reduces the controller’s CPU utilization by more than 2% compared to other monitoring methods. Overhead reduction comes with a slight reduction of approximately 0.17 units in the estimation accuracy of links utilization because GMSM allows the user to monitor the network subject to a selected class of service, as opposed to having an exact view of the network utilization

Risk-based maintenance of critical and complex systems

Tableau d’honneur de la Faculté des études supérieures et postdoctorales, 2016-2017.De nos jours, la plupart des systèmes dans divers secteurs critiques tels que l'aviation, le pétrole et les soins de santé sont devenus très complexes et dynamiques, et par conséquent peuvent à tout moment s'arrêter de fonctionner. Pour éviter que cela ne se reproduise et ne devienne incontrôlable ce qui engagera des pertes énormes en matière de coûts et d'indisponibilité; l'adoption de stratégies de contrôle et de maintenance s'avèrent plus que nécessaire et même vitale. Dans le génie des procédés, les stratégies optimales de maintenance pour ces systèmes pourraient avoir un impact significatif sur la réduction des coûts et sur les temps d'arrêt, sur la maximisation de la fiabilité et de la productivité, sur l'amélioration de la qualité et enfin pour atteindre les objectifs souhaités des compagnies. En outre, les risques et les incertitudes associés à ces systèmes sont souvent composés de plusieurs relations de cause à effet de façon extrêmement complexe. Cela pourrait mener à une augmentation du nombre de défaillances de ces systèmes. Par conséquent, un outil d'analyse de défaillance avancée est nécessaire pour considérer les interactions complexes de défaillance des composants dans les différentes phases du cycle de vie du produit pour assurer les niveaux élevés de sécurité et de fiabilité. Dans cette thèse, on aborde dans un premier temps les lacunes des méthodes d'analyse des risques/échec et celles qui permettent la sélection d'une classe de stratégie de maintenance à adopter. Nous développons ensuite des approches globales pour la maintenance et l'analyse du processus de défaillance fondée sur les risques des systèmes et machines complexes connus pour être utilisées dans toutes les industries. Les recherches menées pour la concrétisation de cette thèse ont donné lieu à douze contributions importantes qui se résument comme suit: Dans la première contribution, on aborde les insuffisances des méthodes en cours de sélection de la stratégie de maintenance et on développe un cadre fondé sur les risques en utilisant des méthodes dites du processus de hiérarchie analytique (Analytical Hierarchy Process (AHP), de cartes cognitives floues (Fuzzy Cognitive Maps (FCM)), et la théorie des ensembles flous (Fuzzy Soft Sets (FSS)) pour sélectionner la meilleure politique de maintenance tout en considérant les incertitudes. La deuxième contribution aborde les insuffisances de la méthode de l'analyse des modes de défaillance, de leurs effets et de leur criticité (AMDEC) et son amélioration en utilisant un modèle AMDEC basée sur les FCM. Les contributions 3 et 4, proposent deux outils de modélisation dynamique des risques et d'évaluation à l'aide de la FCM pour faire face aux risques de l'externalisation de la maintenance et des réseaux de collaboration. Ensuite, on étend les outils développés et nous proposons un outil d'aide à la décision avancée pour prédire l'impact de chaque risque sur les autres risques ou sur la performance du système en utilisant la FCM (contribution 5).Dans la sixième contribution, on aborde les risques associés à la maintenance dans le cadre des ERP (Enterprise Resource Planning (ERP)) et on propose une autre approche intégrée basée sur la méthode AMDEC floue pour la priorisation des risques. Dans les contributions 7, 8, 9 et 10, on effectue une revue de la littérature concernant la maintenance basée sur les risques des dispositifs médicaux, puisque ces appareils sont devenus très complexes et sophistiqués et l'application de modèles de maintenance et d'optimisation pour eux est assez nouvelle. Ensuite, on développe trois cadres intégrés pour la planification de la maintenance et le remplacement de dispositifs médicaux axée sur les risques. Outre les contributions ci-dessus, et comme étude de cas, nous avons réalisé un projet intitulé “Mise à jour de guide de pratique clinique (GPC) qui est un cadre axé sur les priorités pour la mise à jour des guides de pratique cliniques existantes” au centre interdisciplinaire de recherche en réadaptation et intégration sociale du Québec (CIRRIS). Nos travaux au sein du CIRRIS ont amené à deux importantes contributions. Dans ces deux contributions (11e et 12e) nous avons effectué un examen systématique de la littérature pour identifier les critères potentiels de mise à jour des GPCs. Nous avons validé et pondéré les critères identifiés par un sondage international. Puis, sur la base des résultats de la onzième contribution, nous avons développé un cadre global axé sur les priorités pour les GPCs. Ceci est la première fois qu'une telle méthode quantitative a été proposée dans la littérature des guides de pratiques cliniques. L'évaluation et la priorisation des GPCs existants sur la base des critères validés peuvent favoriser l'acheminement des ressources limitées dans la mise à jour de GPCs qui sont les plus sensibles au changement, améliorant ainsi la qualité et la fiabilité des décisions de santé.Today, most systems in various critical sectors such as aviation, oil and health care have become very complex and dynamic, and consequently can at any time stop working. To prevent this from reoccurring and getting out of control which incur huge losses in terms of costs and downtime; the adoption of control and maintenance strategies are more than necessary and even vital. In process engineering, optimal maintenance strategies for these systems could have a significant impact on reducing costs and downtime, maximizing reliability and productivity, improving the quality and finally achieving the desired objectives of the companies. In addition, the risks and uncertainties associated with these systems are often composed of several extremely complex cause and effect relationships. This could lead to an increase in the number of failures of such systems. Therefore, an advanced failure analysis tool is needed to consider the complex interactions of components’ failures in the different phases of the product life cycle to ensure high levels of safety and reliability. In this thesis, we address the shortcomings of current failure/risk analysis and maintenance policy selection methods in the literature. Then, we develop comprehensive approaches to maintenance and failure analysis process based on the risks of complex systems and equipment which are applicable in all industries. The research conducted for the realization of this thesis has resulted in twelve important contributions, as follows: In the first contribution, we address the shortcomings of the current methods in selecting the optimum maintenance strategy and develop an integrated risk-based framework using Analytical Hierarchy Process (AHP), fuzzy Cognitive Maps (FCM), and fuzzy Soft set (FSS) tools to select the best maintenance policy by considering the uncertainties.The second contribution aims to address the shortcomings of traditional failure mode and effect analysis (FMEA) method and enhance it using a FCM-based FMEA model. Contributions 3 and 4, present two dynamic risk modeling and assessment tools using FCM for dealing with risks of outsourcing maintenance and collaborative networks. Then, we extend the developed tools and propose an advanced decision support tool for predicting the impact of each risk on the other risks or on the performance of system using FCM (contribution 5). In the sixth contribution, we address the associated risks in Enterprise Resource Planning (ERP) maintenance and we propose another integrated approach using fuzzy FMEA method for prioritizing the risks. In the contributions 7, 8, 9, and 10, we perform a literature review regarding the risk-based maintenance of medical devices, since these devices have become very complex and sophisticated and the application of maintenance and optimization models to them is fairly new. Then, we develop three integrated frameworks for risk-based maintenance and replacement planning of medical devices. In addition to above contributions, as a case study, we performed a project titled “Updating Clinical Practice Guidelines; a priority-based framework for updating existing guidelines” in CIRRIS which led to the two important contributions. In these two contributions (11th and 12th) we first performed a systematic literature review to identify potential criteria in updating CPGs. We validated and weighted the identified criteria through an international survey. Then, based on the results of the eleventh contribution, we developed a comprehensive priority-based framework for updating CPGs based on the approaches that we had already developed and applied success fully in other industries. This is the first time that such a quantitative method has been proposed in the literature of guidelines. Evaluation and prioritization of existing CPGs based on the validated criteria can promote channelling limited resources into updating CPGs that are most sensitive to change, thus improving the quality and reliability of healthcare decisions made based on current CPGs. Keywords: Risk-based maintenance, Maintenance strategy selection, FMEA, FCM, Medical devices, Clinical practice guidelines

Progressive accommodation for seniors : interfacing shelter and services

The purpose of this book is to explore the reasons why clients, agencies and governments are considering options that blend shelter and care, the barriers impeding their development and how these have or may be overcome at both the policy and the practice level. New ways of measuring person-environment fit and the potential of maximizing it via enabling technologies are also examined. The target readership includes researchers, architects, policy makers, developers, care providers and operators of existing seniors housing, all of whom can benefit from a better understanding of the multiple issues involved in interfacing shelter and services.TABLE OF CONTENTS: Introduction / Gloria M. Gutman and Andrew V. Wister; Part I: Changing Clients, Economics and Expectations in Housing for Seniors: Chapter 1- Current Demographics and Living Arrangements of Canada\u27s Elderly / Gordon E. Priest; Chapter 2- Choice, Control, and the Right to Age in Place / Veronica Doyle. Part II: Problems in Providing Service within Existing Seniors Housing: Chapter 3- Current Realities and Challenges in Providing Services to Seniors: The Home Care Perspective / Lois Borden and Joan McGregor; Chapter 4 - Difficulties in Providing Support Services in Buildings Constructed Under Shelter-Only Housing Policies / Reg Appleyard. Part III: Transcending Barriers to Combining Shelter and Services: Chapter 5- Public, Private and Non-Profit Partnerships: The CCPPPH Link / C.W. Lusk; Chapter 6- Group Homes: The Swedish Model of Care for Persons with Dementia of the Alzheimer\u27s Type / Elaine Gallagher; Chapter 7- Supportive Housing for Elderly Persons in Ontario / Garry Baker; Chapter 8- Social Policy Models for Shelter and Services: An International Perspective / Satya Brink. Part IV: Measuring and Maximizing Person-Environment Fit: Chapter 9- Measuring Person-Environment Fit Among Frail Older Adults Using Video / Andrew V. Wister and James R. Watzke; Chapter 10- Assessing the Client\u27s Perception of Person-Environment Fit Using the Canadian Occupational Performance Measure / Anne Carswell. Part V: Enabling Technologies in Housing for Seniors: Chapter 11- Personal Response Systems: Canadian Data on Subscribers and Alarms / James R. Watzke; Chapter 12- Older Adults\u27 Response to Automated Environmental Control Devices / James R. Watzke and Gary Birch; Chapter 13- Use and Potential Use of Assistive Devices by Home-Based Seniors / William C. Mann; Chapter 14 - Necessary Elements of a Cost-Effectiveness Analysis of Technical Aids for the Elderly / George Abrahamsohn, Gloria M. Gutman and Andrew V. Wister; Chapter 15- Bridging the Technology Gap - The Links Between Research, Development, Production and Policy for Products Supporting Independent Living / Satya Brin

Positioning facility management: informed by case investigations in Thailand

All organisations need facilities and services to support and sustain their operations and strategy. Different support arrangements are required in different sectors, at different stages in organisational development and in different countries and cultures. In time, support arrangements need to be modified as circumstances change. Although this issue is of fundamental importance for organisations of all kinds, it has not been adequately researched in any detail. This thesis focuses on the generic issues associated with the selection of appropriate facility management arrangement to support the specific needs of an organisation, with particular reference to the context of developments in Thailand. The thesis has four main parts. The first part identifies the key factors that reed to be considered when positioning and structuring facility management arrangements. This part of the Thesis describes the results from a comprehensive literature review and an investigation to establish the conceptual basis for the research. The second part describes specific case studies of the FM positioning process that were undertaken in five organisations with operations in Thailand, supported by document searches, semi-structured interviews and by direct observations. By undertaking cross-case comparisons, the changing patterns of relationship between organisational characteristics and their FM support arrangements were analysed and the main areas of decision within the FM positioning and repositioning process were identified. The results from these case studies inform the third part of the thesis which profiles the key areas of concern in detail and develops a seven part decision framework, with associated tools, to assist in a systematic process of data collection, option identification, evaluation, prioritisation, selection and implementation of FM support arrangements. The fourth and final part of the Thesis reports on field trials of the proposed positioning process. The trial included a critical examination of the practical applicability, potential use and value of the approach by a sample of independent experts, with their suggestions for the modification and improvement of the prototype decision framework and its tools. The thesis concludes with a detailed analysis of the field trial results, a revised and refined decision framework for Positioning FK followed by a discussion of future opportunities for the approach and the potential benefits of further research

Cloud adoption and cyber security in public organizations: an empirical investigation on Norwegian municipalities

The public sector in Norway, particularly municipalities, is currently transforming through the adoption of cloud solutions. This multiple case study investigates cloud adoption and is security challenges that come along with it. The objective is to identify the security challenges that cloud solutions present and techniques or strategies that can be used to mitigate these security challenges. The Systematic Literature Review (SLR) provided valuable insights into the prevalent challenges and associated mitigation techniques in cloud adoption. The thesis also uses a qualitative approach using Semi-Structured Interviews (SSI) to gather insight into informants’ experiences regarding cloud adoption and its security challenges. The study’s empirical data is based on interviews with six different Norwegian municipalities, providing a unique and broad perspective. The analysis of the empirical findings, combined with the literature, reveals several security challenges and mitigation techniques in adopting cloud solutions. The security challenges encompass organizational, environmental, legal, and technical aspects of cloud adoption in the municipality. Based on the findings, it is recommended that Norwegian municipalities act on these issues to ensure a more secure transition to cloud solutions