Security in Cloud Computing: Evaluation and Integration

Au cours de la dernière décennie, le paradigme du Cloud Computing a révolutionné la manière dont nous percevons les services de la Technologie de l’Information (TI). Celui-ci nous a donné l’opportunité de répondre à la demande constamment croissante liée aux besoins informatiques des usagers en introduisant la notion d’externalisation des services et des données. Les consommateurs du Cloud ont généralement accès, sur demande, à un large éventail bien réparti d’infrastructures de TI offrant une pléthore de services. Ils sont à même de configurer dynamiquement les ressources du Cloud en fonction des exigences de leurs applications, sans toutefois devenir partie intégrante de l’infrastructure du Cloud. Cela leur permet d’atteindre un degré optimal d’utilisation des ressources tout en réduisant leurs coûts d’investissement en TI. Toutefois, la migration des services au Cloud intensifie malgré elle les menaces existantes à la sécurité des TI et en crée de nouvelles qui sont intrinsèques à l’architecture du Cloud Computing. C’est pourquoi il existe un réel besoin d’évaluation des risques liés à la sécurité du Cloud durant le procédé de la sélection et du déploiement des services. Au cours des dernières années, l’impact d’une efficace gestion de la satisfaction des besoins en sécurité des services a été pris avec un sérieux croissant de la part des fournisseurs et des consommateurs. Toutefois, l’intégration réussie de l’élément de sécurité dans les opérations de la gestion des ressources du Cloud ne requiert pas seulement une recherche méthodique, mais aussi une modélisation méticuleuse des exigences du Cloud en termes de sécurité. C’est en considérant ces facteurs que nous adressons dans cette thèse les défis liés à l’évaluation de la sécurité et à son intégration dans les environnements indépendants et interconnectés du Cloud Computing. D’une part, nous sommes motivés à offrir aux consommateurs du Cloud un ensemble de méthodes qui leur permettront d’optimiser la sécurité de leurs services et, d’autre part, nous offrons aux fournisseurs un éventail de stratégies qui leur permettront de mieux sécuriser leurs services d’hébergements du Cloud. L’originalité de cette thèse porte sur deux aspects : 1) la description innovatrice des exigences des applications du Cloud relativement à la sécurité ; et 2) la conception de modèles mathématiques rigoureux qui intègrent le facteur de sécurité dans les problèmes traditionnels du déploiement des applications, d’approvisionnement des ressources et de la gestion de la charge de travail au coeur des infrastructures actuelles du Cloud Computing. Le travail au sein de cette thèse est réalisé en trois phases.----------ABSTRACT: Over the past decade, the Cloud Computing paradigm has revolutionized the way we envision IT services. It has provided an opportunity to respond to the ever increasing computing needs of the users by introducing the notion of service and data outsourcing. Cloud consumers usually have online and on-demand access to a large and distributed IT infrastructure providing a plethora of services. They can dynamically configure and scale the Cloud resources according to the requirements of their applications without becoming part of the Cloud infrastructure, which allows them to reduce their IT investment cost and achieve optimal resource utilization. However, the migration of services to the Cloud increases the vulnerability to existing IT security threats and creates new ones that are intrinsic to the Cloud Computing architecture, thus the need for a thorough assessment of Cloud security risks during the process of service selection and deployment. Recently, the impact of effective management of service security satisfaction has been taken with greater seriousness by the Cloud Service Providers (CSP) and stakeholders. Nevertheless, the successful integration of the security element into the Cloud resource management operations does not only require methodical research, but also necessitates the meticulous modeling of the Cloud security requirements. To this end, we address throughout this thesis the challenges to security evaluation and integration in independent and interconnected Cloud Computing environments. We are interested in providing the Cloud consumers with a set of methods that allow them to optimize the security of their services and the CSPs with a set of strategies that enable them to provide security-aware Cloud-based service hosting. The originality of this thesis lies within two aspects: 1) the innovative description of the Cloud applications’ security requirements, which paved the way for an effective quantification and evaluation of the security of Cloud infrastructures; and 2) the design of rigorous mathematical models that integrate the security factor into the traditional problems of application deployment, resource provisioning, and workload management within current Cloud Computing infrastructures. The work in this thesis is carried out in three phases

A fuzzy constraint satisfaction approach to achieving stability in dynamic constraint satisfaction problems.

by Wong, Yin Pong Anthony.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 101-107).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Constraint Satisfaction Problems --- p.2Chapter 1.2 --- Solution Stability in Dynamic Constraint Satisfaction Problems --- p.3Chapter 1.3 --- Motivation of the Research --- p.5Chapter 1.4 --- Overview of the Thesis --- p.5Chapter 2 --- Related Work --- p.7Chapter 2.1 --- Complete Search Algorithms --- p.7Chapter 2.1.1 --- DnAC-4 --- p.8Chapter 2.1.2 --- ac --- p.9Chapter 2.1.3 --- DnAC-6 --- p.9Chapter 2.2 --- Algorithms for Stability --- p.10Chapter 2.2.1 --- Bellicha --- p.10Chapter 2.2.2 --- Dynamic Dynamic Backtracking --- p.11Chapter 2.2.3 --- Wallace and Freuder --- p.12Chapter 2.2.4 --- Unimodular Probing --- p.13Chapter 2.2.5 --- Train Rescheduling --- p.14Chapter 2.3 --- Constrained Optimization Algorithms --- p.14Chapter 2.3.1 --- Guided Local Search --- p.14Chapter 2.3.2 --- Anytime CSA with Iterative Deepening --- p.15Chapter 2.4 --- A Real-life Application --- p.16Chapter 3 --- Background --- p.17Chapter 3.1 --- Fuzzy Constraint Satisfaction Problems --- p.17Chapter 3.2 --- Fuzzy GENET --- p.19Chapter 3.2.1 --- Network Architecture --- p.19Chapter 3.2.2 --- Convergence Procedure --- p.21Chapter 3.3 --- Deficiency in Fuzzy GENET --- p.24Chapter 3.4 --- Rectification of Fuzzy GENET --- p.26Chapter 4 --- Using Fuzzy GENET for Solving Stability Problems --- p.30Chapter 4.1 --- Modelling Stability Problems as FCSPs --- p.30Chapter 4.2 --- Extending Fuzzy GENET for Solving Stability Problems --- p.36Chapter 4.3 --- Experiments --- p.38Chapter 4.3.1 --- Dynamic CSP Generation --- p.39Chapter 4.3.2 --- Problems Using Hamming Distance Function --- p.41Chapter 4.3.2.1 --- Variation in Number of Variables --- p.42Chapter 4.3.2.2 --- Variation in Domain Size --- p.45Chapter 4.3.2.3 --- Variation in Density and Tightness --- p.47Chapter 4.3.3 --- Comparison in Using Different Thresholds --- p.47Chapter 4.3.4 --- Problems Using Manhattan Distance Function --- p.50Chapter 5 --- Enhancement of the Modelling Scheme --- p.56Chapter 5.1 --- Distance Bound --- p.56Chapter 5.2 --- Enhancement of Convergence Procedure --- p.57Chapter 5.3 --- Comparison with Optimal Solutions --- p.60Chapter 5.4 --- Comparison with Fuzzy GENET(dcsp) --- p.64Chapter 5.4.1 --- Medium-sized Problems --- p.64Chapter 5.4.2 --- The 150-10-15-15 Problem --- p.67Chapter 5.4.3 --- Variation in Density and Tightness --- p.73Chapter 5.4.4 --- Variation in Domain Size --- p.76Chapter 5.5 --- Analysis of Fuzzy GENET(dcsp2) --- p.94Chapter 6 --- Conclusion --- p.98Chapter 6.1 --- Contributions --- p.98Chapter 6.2 --- Future Work --- p.99Bibliography --- p.10

Virtual camera selection using a semiring constraint satisfaction approach

Players and viewers of three-dimensional computer generated games and worlds view renderings from the viewpoint of a virtual camera. As such, determining a good view of the scene is important to present a good game or three-dimensional world. Previous research has developed technologies to nd good positions for the virtual camera, but little work has been done to automatically select between multiple virtual cameras, similar to a human director at a sporting event. This thesis describes a software tool to select among camera feeds from multiple virtual cameras in a virtual environment using semiring-based constraint satisfaction techniques (SCSP), a soft constraint approach. The system encodes a designer's preferences, and selects the best camera feed even in over-constrained or under-constrained environments. The system functions in real time for dynamic scenes using only current information (i.e. no prediction). To reduce the camera selection time the SCSP evaluation can be cached and converted to native code. This SCSP approach is implemented in two virtual environments: a virtual hockey game using a spectator viewpoint, and a virtual 3D maze game using a third person perspective. Comparisons against hard constraints are made using constraint satisfaction problems

Robustness and stability in dynamic constraint satisfaction problems

Constraint programming is a paradigm wherein relations between variables are stated in the form of constraints. It is well-known that many real life problems can be modeled as Constraint Satisfaction Problems (CSPs). Much effort has been spent to increase the efficiency of algorithms for solving CSPs. However, many of these techniques assume that the set of variables, domains and constraints involved in the CSP are known and fixed when the problem is modeled. This is a strong limitation because many problems come from uncertain and dynamic environments, where both the original problem may evolve because of the environment, the user or other agents. In such situations, a solution that holds for the original problem can become invalid after changes. There are two main approaches for dealing with these situations: reactive and proactive approaches. Using reactive approaches entails re-solving the CSP after each solution loss, which is a time consuming. That is a clear disadvantage, especially when we deal with short-term changes, where solution loss is frequent. In addition, in many applications, such as on-line planning and scheduling, the delivery time of a new solution may be too long for actions to be taken on time, so a solution loss can produce several negative effects in the modeled problem. For a task assignment production system with several machines, it could cause the shutdown of the production system, the breakage of machines, the loss of the material/object in production, etc. In a transport timetabling problem, the solution loss, due to some disruption at a point, may produce a delay that propagates through the entire schedule. In addition, all the negative effects stated above will probably entail an economic loss. In this thesis we develop several proactive approaches. Proactive approaches use knowledge about possible future changes in order to avoid or minimize their effects. These approaches are applied before the changes occur. Thus, our approaches search for robust solutions, which have a high probability to remain valid after changes. Furthermore, some of our approaches also consider that the solutions can be easily adapted when they did not resist the changes in the original problem. Thus, these approaches search for stable solutions, which have an alternative solution that is similar to the previous one and therefore can be used in case of a value breakage. In this context, sometimes there exists knowledge about the uncertain and dynamic environment. However in many cases, this information is unknown or hard to obtain. For this reason, for the majority of our approaches (specifically 3 of the 4 developed approaches), the only assumptions made about changes are those inherent in the structure of problems with ordered domains. Given this framework and therefore the existence of a significant order over domain values, it is reasonable to assume that the original bounds of the solution space may undergo restrictive or relaxed modifications. Note that the possibility of solution loss only exists when changes over the original bounds of the solution space are restrictive. Therefore, the main objective for searching robust solutions in this framework is to find solutions located as far away as possible from the bounds of the solution space. In order to meet this criterion, we propose several approaches that can be divided in enumeration-based techniques and a search algorithm.Climent Aunés, LI. (2013). Robustness and stability in dynamic constraint satisfaction problems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/34785TESI

Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

Insights into the myristoylated c-Src N-terminal Regulatory Element

[eng] c-Src is a non-receptor tyrosine kinase that controls numerous cellular signaling pathways. c-Src implication in human cancers was brought into the attention in the 1980s. Since its discovery, unveiling of c-Src structural architecture and subsequent regulatory function focused on the folded domains cassette SH3-SH2-SH1(kinase), while the remaining N-terminal intrinsically disordered myristoylated SH4 and Unique domains were assumed to have a membrane-connecting function. c-Src membrane binding has been well-characterized as a two-prong association requiring the burial of its myristoyl moiety and the electrostatic interaction of the cluster of basic residues in the SH4 domain to the anionic lipids. Membrane binding of c-Src is mostly reversible, however accumulated evidence shows clustering and irreversible binding of a small fraction of c-Src molecules upon membrane anchoring. All the elements required for c-Src self-association are found in the N-terminal myristoylated SH4 domain. However, self-association through the strongly positively charged SH4 domain (+5 net charge) is counterintuitive. The structural basis of this self- association has been investigated in this thesis using Surface Plasmon Resonance. Performing individual mutations, we have determined that the alternate lysine residues at positions 5, 7 and 9 in the myristoylated SH4 domain enables c-Src self-association upon membrane binding. Further analysis reveals that the positive charge of the lysine residues is essential for clustering and thus a role of the lipids in the membrane as mediators of the c-Src self-association is proposed. Recently, it was shown that the (non-myristoylated) N-terminal region comprising the intrinsically disordered SH4-Unique domains and the adjacent globular SH3 domain formed a novel regulatory unit designated as the c-Src N-terminal Regulatory Element (SNRE). The (non- myristoylated) SNRE features an interdomain fuzzy complex, where the Intrinsically Disordered Regions: SH4 and Unique domains (IDR) maintain multiple weak contacts with the SH3 domain. The unavoidable question is whether the nature of this fuzzy complex is altered when the SH4 domain is in its native myristoylated form. In this thesis, characterization of the myristoylated SNRE has been performed using Nuclear Magnetic Resonance and various constructs of the SNRE in the myristoylated and non-myristoylated forms. We show that the myristoyl moiety increases the local concentration of the intrinsically disordered SH4 and Unique domains in the proximity of the SH3 domain by cooperatively favoring the intramolecular interactions that define the fuzzy complex. When c-Src is not bound to the membrane, the myristoyl moiety is harbored in the fuzzy interdomain complex through multiple binding sites in the SH3 domain. Finally, a preliminary characterization of the SNRE with the adjacent SH2 domain has revealed that the interface region connecting the SH3-SH2 could also be a key component of the SNRE.[spa] c-Src es una tirosina quinasa no receptora que regula múltiples vías de señalización celular. Destaca su implicación en diversos tipos de cáncer en humanos. Desde su descubrimiento, el análisis de la arquitectura estructural de c-Src y posteriormente la función reguladora se centró en el casete de dominios plegados SH3-SH2-SH1 (quinasa), mientras que se asumió que la función de los dominios N-terminales intrínsecamente desordenados SH4 miristoilado y Unique era la unión a membrana. La asociación de c-Src a la membrana citoplasmática se caracteriza por la inserción del grupo miristoilo y la interacción electrostática del clúster de residuos básicos del dominio SH4 con los lípidos cargados negativamente. La interacción de c-Src con la membrana es en general reversible, aunque, se ha observado que una fracción minoritaria se une de manera permanente formando en su mayoría especies diméricas en la membrana. Esta dimerización de c-Src se produce mediante el dominio N-terminal SH4 miristoilado. Sin embargo, la autoasociación a través del dominio SH4 con una alta carga positiva (carga neta +5) es algo contradictoria. En la presente tesis se ha investigado la base estructural de esta autoasociación mediante Resonancia de Plasmones Superficiales. Mediante la realización mutaciones individuales en el dominio SH4 se determina que los residuos de lisina en las posiciones alternativas 5, 7 y 9 en el dominio SH4 miristoilado permiten la autoasociación de c- Src tras la unión a la membrana. Un análisis más detallado revela que la carga positiva de los residuos de lisina es esencial para la dimerización y, por lo tanto, se propone que los lípidos de la membrana son mediadores de la autoasociación de c-Src. Recientemente, se demostró que la región N-terminal (no miristoilada) que comprende los dominios intrínsecamente desordenados (SH4-Unique) y el dominio globular adyacente SH3 forman una unidad funcional conocida como Elemento Regulador N-terminal de c-Src (ERNS). El ERNS (no miristoilado) se caracteriza por la formación de un complejo difuso, donde las regiones intrínsecamente desordenadas: dominios SH4 y Unique mantienen múltiples interacciones débiles con el dominio SH3. La pregunta inevitable es si la naturaleza de este complejo difuso se altera cuando el dominio SH4 está en su forma nativa miristoilada. En esta tesis, se ha realizado la caracterización de la ERNS miristoilada mediante Resonancia Magnética Nuclear y utilizando varias construcciones del ERNS en las formas miristoilada y no miristoilada. Se demuestra que el grupo miristoílo aumenta la concentración local de los dominios SH4 y Unique intrínsecamente desordenados en la proximidad del dominio SH3 favoreciendo cooperativamente las interacciones intramoleculares que definen el complejo difuso. Cuando c- Src no está unido a la membrana, el grupo miristoílo se aloja de manera dinámica en el complejo difuso a través de múltiples sitios de unión en el dominio SH3. Por último, se ha realizado una caracterización preliminar del ERNS en presencia del dominio SH2 adyacente y ésta ha revelado que la región interfaz que conecta los dominios SH3-SH2 también podría ser un componente clave del ERNS

Finding regions of local repair in hierarchical constraint satisfaction

Algorithms for solving constraint satisfaction problems (CSP) have been successfully applied to several fields including scheduling, design, and planning. Latest extensions of the standard CSP to constraint optimization problems (COP) additionally provided new opportunities for solving several problems of combinatorial optimization more efficiently. Basically, two classes of algorithms have been used for searching constraint satisfaction problems (CSP): local search methods and systematic tree search extended by the classical constraint-processing techniques like e.g. forward checking and backmarking. Both classes exhibit characteristic advantages and drawbacks. This report presents a novel approach for solving constraint optimization problems that combines the advantages of local search and tree search algorithms which have been extended by constraint-processing techniques. This method proved applicability in a commercial nurse scheduling system as well as on randomly generated problems

Cyber Supply Chain Risks in Cloud Computing - Bridging the Risk Assessment Gap

Cloud computing represents a significant paradigm shift in the delivery of information technology (IT) services. The rapid growth of the cloud and the increasing security concerns associated with the delivery of cloud services has led many researchers to study cloud risks and risk assessments. Some of these studies highlight the inability of current risk assessments to cope with the dynamic nature of the cloud, a gap we believe is as a result of the lack of consideration for the inherent risk of the supply chain. This paper, therefore, describes the cloud supply chain and investigates the effect of supply chain transparency in conducting a comprehensive risk assessment. We conducted an industry survey to gauge stakeholder awareness of supply chain risks, seeking to find out the risk assessment methods commonly used, factors that hindered a comprehensive evaluation and how the current state-of-the-art can be improved. The analysis of the survey dataset showed the lack of flexibility of the popular qualitative assessment methods in coping with the risks associated with the dynamic supply chain of cloud services, typically made up of an average of eight suppliers. To address these gaps, we propose a Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, a quantitative risk assessment model which is supported by decision support analysis and supply chain mapping in the identification, analysis and evaluation of cloud risks