A Secure and Fair Resource Sharing Model for Community Clouds

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today\u27s IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is developed which makes the resource availability and usage transparent to the community so that members can make informed decisions about their own resource requirements based on the resource usage and availability within the community. Furthermore, the fair-share model discusses methods that can be employed to address situations when the demand for a resource is higher than the resource availability in the resource pool. Various methods that include reduction in the requested amount of resource, early release of the resources and taxing members have been studied, Based on comparisons of these methods along with the advantages and disadvantages of each model outlined, a hybrid method that only taxes members for unused resources is developed. All these methods have been studied through simulations

Privacy In The Smart Grid: An Information Flow Analysis

Project Final Report prepared for CIEE and California Energy Commissio

Business roles and negotiation models for Web service based provision

The emergence of XML as the lingua franca for communication among applications over the Web, the recent advances in service oriented computing and in web service architectures and the applicability of these technologies in the area of eCommerce necessitates the conceptualisation of business roles and negotiation models for web service based provision. According to the web service paradigm it is envisaged that services will be provided to customers based on dynamic web service composition. This places additional requirements to SLA negotiation in comparison to the traditional service provision paradigm where negotiation for service was performed with a single service provider system. This paper addresses the research challenges with regard to SLA negotiation for web service based provision and outlines business roles and a negotiation model for establishing SLAs with multiple web service providers in order to offer combined web service functionality to match user needs

Future consumer mobile phone security: a case study using the data centric security model

In the interconnected world that we live in, traditional security barriers are\ud broken down. Developments such as outsourcing, increased usage of mobile\ud devices and wireless networks each cause new security problems.\ud To address the new security threats, a number of solutions have been suggested,\ud mostly aiming at securing data rather than whole systems or networks.\ud However, these visions (such as proposed by the Jericho Forum [9] and IBM\ud [4]) are mostly concerned with large (inter-) enterprise systems. Until now, it is\ud unclear what data-centric security could mean for other systems and environments.\ud One particular category of systems that has been neglected is that of\ud consumer mobile phones. Currently, data security is usually limited to a PIN\ud number on startup and the option to disable wireless connections. The lack of\ud protection does not seem justified, as these devices have steadily increased in\ud capabilities and capacity; they can connect wirelessly to the Internet and have\ud a high risk of being lost or stolen [8]. This not only puts end users at risk, but\ud also their contacts, as phones can contain privacy sensitive data of many others.\ud For example, if birth dates and addresses are kept with the contact records, in\ud many cases a thief will have enough information to impersonate a contact and\ud steal his identity.\ud Could consumer mobile phones benefit from data-centric security? How\ud useful is data-centric security in this context? These are the core questions we\ud will try to address here

Cloud Security : A Review of Recent Threats and Solution Models

The most significant barrier to the wide adoption of cloud services has been attributed to perceived cloud insecurity (Smitha, Anna and Dan, 2012). In an attempt to review this subject, this paper will explore some of the major security threats to the cloud and the security models employed in tackling them. Access control violations, message integrity violations, data leakages, inability to guarantee complete data deletion, code injection, malwares and lack of expertise in cloud technology rank the major threats. The European Union invested €3m in City University London to research into the certification of Cloud security services. This and more recent developments are significant in addressing increasing public concerns regarding the confidentiality, integrity and privacy of data held in cloud environments. Some of the current cloud security models adopted in addressing cloud security threats were – Encryption of all data at storage and during transmission. The Cisco IronPort S-Series web security appliance was among security solutions to solve cloud access control issues. 2-factor Authentication with RSA SecurID and close monitoring appeared to be the most popular solutions to authentication and access control issues in the cloud. Database Active Monitoring, File Active Monitoring, URL Filters and Data Loss Prevention were solutions for detecting and preventing unauthorised data migration into and within clouds. There is yet no guarantee for a complete deletion of data by cloud providers on client requests however; FADE may be a solution (Yang et al., 2012)

Health Insurance Exchanges: Health Insurance “Navigators” and In-Person Assistance

The 2010 Patient Protection and Affordable Care Act (ACA, P.L. 111-148) allows certain individuals and small businesses to buy health insurance through state exchanges, beginning on October 1, 2013. The exchanges are not themselves insurers, but rather are special marketplaces where insurance firms may sell health policies that meet set, federal guidelines. As of September 2013, 16 states and the District of Columbia had secured Department of Health and Human Services (HHS) approval to create their own exchanges, 7 to enter into partnership exchanges, 26 to have federally facilitated exchanges, and 1 to have a state-based Small Business Health Options Program (SHOP)/federally facilitated individual exchange. An estimated 24 million individuals are expected to secure coverage through the exchanges by 2022. The ACA requires exchanges to perform outreach to help consumers and small businesses make informed decisions about their insurance options, including the creation of “navigator” programs. Navigators are to carry out public education activities; provide information to prospective enrollees about insurance options and federal assistance; and examine enrollees’ eligibility for other federal or state health care programs, such as Medicaid. Navigators may assist consumers in comparing insurance plans, but may not determine their eligibility for subsidies or enroll them in plans—functions that are left to the exchanges. A variety of organizations may become navigators, including labor unions, trade associations, chambers of commerce, and other entities. Navigators may not be health insurers or take compensation from insurers for selling health policies. Navigators will be required to have 20-30 hours of training on consumer privacy, exchanged-based insurance offerings, and other issues. HHS in August 2013 allocated $67 million in 12-month grants for navigators at federally facilitated and partnership exchanges. In addition, HHS has determined that state-based exchanges may use ACA exchange establishment funds to create parallel, in-person, or non-navigator, assistance programs that perform the same function as navigators. Exchanges must also certify “certified application counselors” to help with outreach and enrollment, though no new ACA funds are available for such programs. Consumers and small businesses may continue to use insurance brokers and agents, including web-based brokers, to compare and buy coverage, both on and off the exchanges. Brokers and agents are licensed by the states, and are generally paid on a commission basis by insurance companies. While brokers and agents may choose to become navigators, they may not accept compensation from health insurance companies in that role. Consumers may also purchase policies directly from health insurers. Outside non-profit groups and businesses, such as insurers, are launching their own separate efforts to educate consumers about the ACA and the process of applying for qualified health plans (QHP) and other programs. Some lawmakers, agents, and brokers have raised questions about the navigator and other assistance programs. Issues include whether navigators will have sufficient training and whether HHS regulations provide sufficiently stringent consumer and privacy safeguards. A number of states have passed legislation to further regulate navigators, including requiring navigators to be licensed and to be liable for financial losses due to their advice. HHS has determined that the ACA gives states authority to set additional standards, so long as they do not prevent implementation of Title I of the law, which includes the exchanges and navigator program. This report describes exchange outreach programs, the role of brokers, agents and insurers, and emerging issues regarding consumer outreach assistance