SLA-based trust model for secure cloud computing

Cloud computing has changed the strategy used for providing distributed services to many business and government agents. Cloud computing delivers scalable and on-demand services to most users in different domains. However, this new technology has also created many challenges for service providers and customers, especially for those users who already own complicated legacy systems. This thesis discusses the challenges of, and proposes solutions to, the issues of dynamic pricing, management of service level agreements (SLA), performance measurement methods and trust management for cloud computing.In cloud computing, a dynamic pricing scheme is very important to allow cloud providers to estimate the price of cloud services. Moreover, the dynamic pricing scheme can be used by cloud providers to optimize the total cost of cloud data centres and correlate the price of the service with the revenue model of service. In the context of cloud computing, dynamic pricing methods from the perspective of cloud providers and cloud customers are missing from the existing literature. A dynamic pricing scheme for cloud computing must take into account all the requirements of building and operating cloud data centres. Furthermore, a cloud pricing scheme must consider issues of service level agreements with cloud customers.I propose a dynamic pricing methodology which provides adequate estimating methods for decision makers who want to calculate the benefits and assess the risks of using cloud technology. I analyse the results and evaluate the solutions produced by the proposed scheme. I conclude that my proposed scheme of dynamic pricing can be used to increase the total revenue of cloud service providers and help cloud customers to select cloud service providers with a good quality level of service.Regarding the concept of SLA, I provide an SLA definition in the context of cloud computing to achieve the aim of presenting a clearly structured SLA for cloud users and improving the means of establishing a trustworthy relationship between service provider and customer. In order to provide a reliable methodology for measuring the performance of cloud platforms, I develop performance metrics to measure and compare the scalability of the virtualization resources of cloud data centres. First, I discuss the need for a reliable method of comparing the performance of various cloud services currently being offered. Then, I develop a different type of metrics and propose a suitable methodology to measure the scalability using these metrics. I focus on virtualization resources such as CPU, storage disk, and network infrastructure.To solve the problem of evaluating the trustworthiness of cloud services, this thesis develops a model for each of the dimensions for Infrastructure as a Service (IaaS) using fuzzy-set theory. I use the Takagi-Sugeno fuzzy-inference approach to develop an overall measure of trust value for the cloud providers. It is not easy to evaluate the cloud metrics for all types of cloud services. So, in this thesis, I use Infrastructure as a Service (IaaS) as a main example when I collect the data and apply the fuzzy model to evaluate trust in terms of cloud computing. Tests and results are presented to evaluate the effectiveness and robustness of the proposed model

Privacy-preserved security-conscious framework to enhance web service composition

The emergence of loosely coupled and platform-independent Service-Oriented Computing (SOC) has encouraged the development of large computing infrastructures like the Internet, thus enabling organizations to share information and offer valueadded services tailored to a wide range of user needs. Web Service Composition (WSC) has a pivotal role in realizing the vision of implementing just about any complex business processes. Although service composition assures cost-effective means of integrating applications over the Internet, it remains a significant challenge from various perspectives. Security and privacy are among the barriers preventing a more extensive application of WSC. First, users possess limited prior knowledge of security concepts. Second, WSC is hindered by having to identify the security required to protect critical user information. Therefore, the security available to users is usually not in accordance with their requirements. Moreover, the correlation between user input and orchestration architecture model is neglected in WSC with respect to selecting a high performance composition execution process. The proposed framework provides not only the opportunity to securely select services for use in the composition process but also handles service users’ privacy requirements. All possible user input states are modelled with respect to the extracted user privacy preferences and security requirements. The proposed approach supports the mathematical modelling of centralized and decentralized orchestration regarding service provider privacy and security policies. The output is then utilized to compare and screen the candidate composition routes and to select the most secure composition route based on user requests. The D-optimal design is employed to select the best subset of all possible experiments and optimize the security conscious of privacy-preserving service composition. A Choreography Index Table (CIT) is constructed for selecting a suitable orchestration model for each user input and to recommend the selected model to the choreographed level. Results are promising that indicate the proposed framework can enhance the choreographed level of the Web service composition process in making adequate decisions to respond to user requests in terms of higher security and privacy. Moreover, the results reflect a significant value compared to conventional WSC, and WSC optimality was increased by an average of 50% using the proposed CIT

Biochemical scores comparison with TE (fibroscan) in HCV cirrhotic patients treated with DAA

Introdução: A infeção pelo Vírus da Hepatite C (HCV) é uma das principais causas de doença hepática crónica no mundo. Com elevado risco de cirrose e carcinoma hepatocelular. A terapêutica antivírica direta (DAA) estendeu o alcance terapêutico a praticamente todos os indivíduos infetados, com resposta virológica sustentada (SVR) em mais de 90% dos tratados, proporcionando melhoria da sobrevida e da fibrose hepática. Métodos: Neste estudo retrospetivo foram incluídos 64 doentes monoinfetados com HCV e com fibrose avançada que alcançaram SVR após tratamento com DAA iniciada entre janeiro de 2015 e junho de 2016. Antes do inicio do tratamento e 24 semanas pós-tratamento foram testadas a sensibilidade e especificidade dos scores ALT/AST ratio (AAR), Aspartate aminotransferase to platelet ratio index (APRI) e FIB-4, comparando com o FibroScan. Resultados: Na comparação antes do tratamento, os scores tiveram desempenhos semelhantes: FIB-4 com AUC 0.784, 79% sensibilidade e 82 % especificidade. Na comparação pós-tratamento: FIB-4 com AUC 0.809, 82% sensibilidade e 70% especificidade; APRI com AUC 0.841, 64% sensibilidade e 90% especificidade; AAR não apresentou resultados estatisticamente significativos. Discussão: No inicio, todos os scores mostraram boa capacidade diagnóstica para cirrose, especialmente o FIB-4. No pós-tratamento, principal objetivo do estudo, o FIB-4 e o APRI apresentaram bom desempenho, comparativamente com o FibroScan, na avaliação das alterações na extensão da fibrose hepática. O AAR falhou, possivelmente devido a confundidores. Conclusão: O FIB-4 e o APRI demonstraram ser boas alternativas ao FibroScan na avaliação das alterações na extensão da fibrose hepática. Apesar de serem necessários estudos maiores para confirmação desta hipótese.Backround: Hepatitis C virus (HCV) infection is one of the main causes of chronic liver disease worldwide. With elevated risk for development of cirrhosis and Hepatocellular carcinoma. The Direct Acting Antiviral (DAA) therapy extended the treatment reach to practically every patient, achieving Sustained Virological Responses (SVR) in over 90% of patients, providing improvement of clinical outcomes and liver fibrosis. Methods: In this retrospective cohort study were enrolled 64 monoinfected HCV patients with advanced fibrosis who achieved SVR after treatment with DAA therapy beginning from January 2015 to June 2016. At baseline and 24 weeks post-treatment were tested the sensibility and specificity of the ALT/AST ratio (AAR), Aspartate aminotransferase to platelet ratio index (APRI) and the FIB-4 score against TE (FibroScan). Results: At the baseline checkpoint, all scores were similar, with FIB-4 accomplishing AUC 0.784, 79% sensitivity and 82 % specificity. At the post-treatment checkpoint: FIB-4 had AUC 0.809, 82% sensitivity and 70% specificity; APRI had AUC 0.841, 64% sensitivity and 90% specificity; AAR did not show statistically significative results. Discussion: At baseline, all scores had a good diagnostic accuracy for cirrhosis, specially FIB-4. At the post-treatment, the main endpoint, the FIB-4 and APRI scores performed well compared with FibroScan to evaluate the changes in the extension of liver fibrosis. The AAR failed possible due to confounding. Conclusion: The FIB-4 and APRI scores proved to be acceptable alternatives for the FibroScan to evaluate the changes in the extension of liver fibrosis. Though bigger studies are needed for confirming this hypothesis

TLS on Android – Evolution over the last decade

Mobile Geräte und mobile Plattformen sind omnipräsent. Android hat sich zum bedeutendsten mobilen Betriebssystem entwickelt und bietet Milliarden Benutzer:innen eine Plattform mit Millionen von Apps. Diese bieten zunehmend Lösungen für alltägliche Probleme und sind aus dem Alltag nicht mehr wegzudenken. Mobile Apps arbeiten dazu mehr und mehr mit persönlichen sensiblen Daten, sodass ihr Datenverkehr ein attraktives Angriffsziel für Man-in-the-Middle-attacks (MitMAs) ist. Schutz gegen solche Angriffe bieten Protokolle wie Transport Layer Security (TLS) und Hypertext Transfer Protocol Secure (HTTPS), deren fehlerhafter Einsatz jedoch zu ebenso gravierenden Unsicherheiten führen kann. Zahlreiche Ereignisse und frühere Forschungsergebnisse haben diesbezüglich Schwachstellen in Android Apps gezeigt. Diese Arbeit präsentiert eine Reihe von Forschungsbeiträgen, die sich mit der Sicherheit von Android befassen. Der Hauptfokus liegt dabei auf der Netzwerksicherheit von Android Apps. Hierbei untersucht diese Arbeit verschiedene Möglichkeiten zur Verbesserung der Netzwerksicherheit und deren Erfolg, wobei sie die Situation in Android auch mit der generellen Evolution von Netzwerksicherheit in Kontext setzt. Darüber hinaus schließt diese Arbeit mit einer Erhebung der aktuellen Situation und zeigt Möglichkeiten zur weiteren Verbesserung auf.Smart devices and mobile platforms are omnipresent. Android OS has evolved to become the most dominating mobile operating system on the market with billions of devices and a platform with millions of apps. Apps increasingly offer solutions to everyday problems and have become an indispensable part of people’s daily life. Due to this, mobile apps carry and handle more and more personal and privacy-sensitive data which also involves communication with backend or third party services. Due to this, their network traffic is an attractive target for Man-in-the-Middle-attacks (MitMAs). Protection against such attacks is provided by protocols such as Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS). Incorrect use of these, however, can impose similar vulnerabilities lead to equally serious security issues. Numerous incidents and research efforts have featured such vulnerabilities in Android apps in this regard. This thesis presents a line of research addressing security on Android with a main focus on the network security of Android apps. This work covers various approaches for improving network security on Android and investigates their efficacy as well as it puts findings in context with the general evolution of network security in a larger perspective. Finally, this work concludes with a survey of the current state of network security in Android apps and envisions directions for further improvement

Network e-Volution

Modern society is a network society permeated by information technology (IT). As a result of innovations in IT, enormous amounts of information can be communicated to a larger number of recipients faster than ever before. The evolution of networks is heavily influenced by the extensive use of IT, which has enabled co-evolving advanced quantitative and qualitative forms of networking. Although several networks have been formed with the aim to reduce or deal with uncertainty through faster and broader access to information, it is in fact IT that has created new kinds of uncertainty. For instance, although digital information integration in supply chains has made production planning more robust, it has at the same time intensified mutual dependencies, thereby actually increasing the level of uncertainty. The aim of this working paper is to investigate the aspects of evolving networks and uncertainty in networks at the cutting edges of different types of networks and from the perspective of different layers defining these networks

Getting started with cloud computing : a LITA guide

"A one-stop guide for implementing cloud computing. Cloud computing can save your library time and money by enabling convenient, on-demand network access to resources like servers and applications. Libraries that take advantage of the cloud have fewer IT headaches because data centers provide continuous updates and mobility that standard computing cannot easily provide, which means less time and energy spent on software, and more time and energy to devote to the library's day to day mission and services. Here, leading LITA experts demystify language, deflate hype, and provide library-specific examples of real-world success you can emulate to guarantee efficiency and savings. Among several features, this book helps you select data access and file sharing services, build digital repositories, and utilize other cloud computing applications in your library. Together, you and the cloud can save time and money, and build the information destination your patrons will love."--Publisher's website.Edward M. Corrado, Heather Lea Moulaison, Editors ; with a Foreword by Roy Tennant.Perspectives on cloud computing in libraries / Heather Lea Moulaison and Edward M. Corrado -- Understanding the cloud : an introduction to the cloud / Rosalyn Metz -- Cloud computing : pros and cons / H. Frank Cervone -- What could computing means for libraries / Erik Mitchell -- Head in the clouds? A librarian/vendor perspective on cloud computing / Carl Grant -- Cloud computing for LIS education / Christinger R. Tomer and Susan W. Alman -- Library discovery services : from the ground to the cloud / Marshall Breeding -- Koha in the cloud / Christopher R. Nighswonger and Nicole C. Engard -- Leveraging OCLC cooperative library data in the cloud via web services / Karen A. Coombs -- Building push-button repositories in the cloud with dspace and amazon web services -- Untethering considerations : selecting a cloud-based data access and file-sharing solution / Heidi M. Nickisch Duggan and Michelle Frisque -- Sharepoint strategies for establishing a powerful library intranet / Jennifer Diffin and Dennis Nangle -- Using windows home server and amazon s3 to back up high-resolution digital objects to the cloud / Edward Iglesias -- Keeping your data on the ground when putting your (lib)guides in the cloud / Karen A. Reiman-Sendi, Kenneth J. Varnum, and Albert A. Bertram -- Parting the clouds : use of dropbox by embedded librarians / Caitlin A. Bagley -- From the cloud, a clear solution : how one academic library uses google calendar / Anne Leonard -- Integrating google forms into reference and instruction / Robin Elizabeth Miller -- Ning, fostering conversations in the cloud / Leland R. Deeds, Cindy Kissel-Ito, and Ann Thomas Knox -- Not every cloud has a silver lining : using a cloud application may not always be the best solution / Ann Whitney Gleason -- Speak up! using voicethread to encourage participation and collaboration in library instruction / Jennifer Ditkoff and Kara Young.Includes bibliographical references and index

Debating big data: A literature review on realizing value from big data

This is the final version. Available on open access from Elsevier via the DOI in this recordBig data has been considered to be a breakthrough technological development over recent years. Notwithstanding, we have as yet limited understanding of how organizations translate its potential into actual social and economic value. We conduct an in-depth systematic review of IS literature on the topic and identify six debates central to how organizations realize value from big data, at different levels of analysis. Based on this review, we identify two socio-technical features of big data that influence value realization: portability and interconnectivity. We argue that, in practice, organizations need to continuously realign work practices, organizational models, and stakeholder interests in order to reap the benefits from big data. We synthesize the findings by means of an integrated model

A new MDA-SOA based framework for intercloud interoperability

Cloud computing has been one of the most important topics in Information Technology which aims to assure scalable and reliable on-demand services over the Internet. The expansion of the application scope of cloud services would require cooperation between clouds from different providers that have heterogeneous functionalities. This collaboration between different cloud vendors can provide better Quality of Services (QoS) at the lower price. However, current cloud systems have been developed without concerns of seamless cloud interconnection, and actually they do not support intercloud interoperability to enable collaboration between cloud service providers. Hence, the PhD work is motivated to address interoperability issue between cloud providers as a challenging research objective. This thesis proposes a new framework which supports inter-cloud interoperability in a heterogeneous computing resource cloud environment with the goal of dispatching the workload to the most effective clouds available at runtime. Analysing different methodologies that have been applied to resolve various problem scenarios related to interoperability lead us to exploit Model Driven Architecture (MDA) and Service Oriented Architecture (SOA) methods as appropriate approaches for our inter-cloud framework. Moreover, since distributing the operations in a cloud-based environment is a nondeterministic polynomial time (NP-complete) problem, a Genetic Algorithm (GA) based job scheduler proposed as a part of interoperability framework, offering workload migration with the best performance at the least cost. A new Agent Based Simulation (ABS) approach is proposed to model the inter-cloud environment with three types of agents: Cloud Subscriber agent, Cloud Provider agent, and Job agent. The ABS model is proposed to evaluate the proposed framework.Fundação para a Ciência e a Tecnologia (FCT) - (Referencia da bolsa: SFRH SFRH / BD / 33965 / 2009) and EC 7th Framework Programme under grant agreement n° FITMAN 604674 (http://www.fitman-fi.eu

Swarm-Based Drone-as-a-Service for Delivery

There has been a growing interest in the applications of drones as a cost-effective, efficient, and environmentally friendly alternative in various domains. Particularly in the context of delivery services, the demand for contactless and efficient delivery solutions has surged. Drone delivery offers faster and greener deliveries. However, existing methods focus primarily on point-to-point delivery, limiting their potential for optimisation. This thesis proposes a novel approach to servitise drone delivery by operating through a skyway network composed of building rooftops, enabling drones to traverse between source and destination while recharging at intermediate nodes. Although single drone delivery offers numerous advantages, it faces significant challenges in scenarios where multiple packages require simultaneous delivery. Flight regulations, which often limit the carrying capacity of individual drones, necessitate the exploration of alternative solutions. Therefore, this thesis presents a novel Swarm-Based Drone-as-a-Service (SDaaS) model and framework for multiple package delivery. The proposed framework prioritises the composition of services that optimise Quality of Service (QoS) factors, such as delivery time and energy consumption. This thesis identifies swarm-specific constraints and leverages the unique characteristics of drone swarms. It explores swarm formations, in-flight wireless charging between drones, and allocation problems to maximise drone utilisation for consumer deliveries. Furthermore, this research investigates the recommendation of services to consumers based on their preferences, aiming to increase their satisfaction. Moreover, the framework addresses the resilience of SDaaS by addressing issues related to drone soft failures and their impact on other swarm members. Ultimately, this work paves the way for the widespread adoption and optimisation of swarm-based drone services in the context of last-mile delivery