429 research outputs found
On Evaluating Commercial Cloud Services: A Systematic Review
Background: Cloud Computing is increasingly booming in industry with many
competing providers and services. Accordingly, evaluation of commercial Cloud
services is necessary. However, the existing evaluation studies are relatively
chaotic. There exists tremendous confusion and gap between practices and theory
about Cloud services evaluation. Aim: To facilitate relieving the
aforementioned chaos, this work aims to synthesize the existing evaluation
implementations to outline the state-of-the-practice and also identify research
opportunities in Cloud services evaluation. Method: Based on a conceptual
evaluation model comprising six steps, the Systematic Literature Review (SLR)
method was employed to collect relevant evidence to investigate the Cloud
services evaluation step by step. Results: This SLR identified 82 relevant
evaluation studies. The overall data collected from these studies essentially
represent the current practical landscape of implementing Cloud services
evaluation, and in turn can be reused to facilitate future evaluation work.
Conclusions: Evaluation of commercial Cloud services has become a world-wide
research topic. Some of the findings of this SLR identify several research gaps
in the area of Cloud services evaluation (e.g., the Elasticity and Security
evaluation of commercial Cloud services could be a long-term challenge), while
some other findings suggest the trend of applying commercial Cloud services
(e.g., compared with PaaS, IaaS seems more suitable for customers and is
particularly important in industry). This SLR study itself also confirms some
previous experiences and reveals new Evidence-Based Software Engineering (EBSE)
lessons
Optical TEMPEST
Research on optical TEMPEST has moved forward since 2002 when the first pair
of papers on the subject emerged independently and from widely separated
locations in the world within a week of each other. Since that time,
vulnerabilities have evolved along with systems, and several new threat vectors
have consequently appeared. Although the supply chain ecosystem of Ethernet has
reduced the vulnerability of billions of devices through use of standardised
PHY solutions, other recent trends including the Internet of Things (IoT) in
both industrial settings and the general population, High Frequency Trading
(HFT) in the financial sector, the European General Data Protection Regulation
(GDPR), and inexpensive drones have made it relevant again for consideration in
the design of new products for privacy. One of the general principles of
security is that vulnerabilities, once fixed, sometimes do not stay that way.Comment: 6 pages, 2 figures; accepted to the International Symposium and
Exhibition on Electromagnetic Compatibility (EMC Europe 2018), 27--30 August
2018, in Amsterdam, The Netherland
Mitigating Intersection Attacks in Anonymous Microblogging
Anonymous microblogging systems are known to be vulnerable to intersection
attacks due to network churn. An adversary that monitors all communications can
leverage the churn to learn who is publishing what with increasing confidence
over time. In this paper, we propose a protocol for mitigating intersection
attacks in anonymous microblogging systems by grouping users into anonymity
sets based on similarities in their publishing behavior. The protocol provides
a configurable communication schedule for users in each set to manage the
inevitable trade-off between latency and bandwidth overhead. In our evaluation,
we use real-world datasets from two popular microblogging platforms, Twitter
and Reddit, to simulate user publishing behavior. The results demonstrate that
the protocol can protect users against intersection attacks at low bandwidth
overhead when the users adhere to communication schedules. In addition, the
protocol can sustain a slow degradation in the size of the anonymity set over
time under various churn rates
- …