SLA-based risk analysis in cloud computing environments

The cloud computing has been evolved in recent years which led many customers to utilize the cloud computing technologies. The research work in this area has spread due to many issues that have coincided with the vast growth of the cloud computing technologies. On the other hand, the cloud security concern has become one of the important issues that cloud computing introduces. One of the main components of cloud services is the service level agreement (SLA) that works as a contractual document between the cloud providers and their customers and states some metrics and parameters that must be enforced by the cloud providers or consumers. Despite various issues of the SLA in cloud computing, there is one issue that has not been discussed frequently in cloud computing security, which is the SLA in term of risk management. This research tends to perform SLA-based risk analysis in cloud computing environments. Moreover, it evaluates different SLA parameters such the risk factor, the response time factor, and the service cost factor. This paper also designates the importance of considering risk management as an SLA parameter in the negotiation stage between the provider and the consumer. However, it looks for the relation between those SLA metrics and risk factor associated with the cloud services

Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model

Gerenciamento de nuvem computacional usando critérios de segurança

Orientador: Paulo Lício de GeusTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: A nuvem computacional introduziu novas tecnologias e arquiteturas, mudando a computação empresarial. Atualmente, um grande número de organizações optam por utilizar arquiteturas computacionais tradicionais por considerarem esta tecnologia não confiável, devido a problemas não resolvidos relacionados a segurança e privacidade. Em particular, quanto á contratação de um serviço na nuvem, um aspecto importante é a forma como as políticas de segurança serão aplicadas neste ambiente caracterizado pela virtualização e serviços em grande escala de multi-locação. Métricas de segurança podem ser vistas como ferramentas para fornecer informações sobre o estado do ambiente. Com o objetivo de melhorar a segurança na nuvem computacional, este trabalho apresenta uma metodologia para a gestão da nuvem computacional usando a segurança como um critério, através de uma arquitetura para monitoramento da segurança com base em acordos de níveis de serviço de segurança Security-SLA para serviços de IaaS, PaaS e SaaS, que usa métricas de segurançaAbstract: Cloud Computing has introduced new technology and architectures that changed enterprise computing. Currently, there is a large number of organizations that choose to stick to traditional architectures, since this technology is considered unreliable due to yet unsolved problems related to security and privacy. In particular, when hiring a service in the cloud, an important aspect is how security policies will be applied in this environment characterized by both virtualization and large-scale multi-tenancy service. Security metrics can be seen as tools to provide information about the status of the environment. Aimed at improving security in the Cloud Computing, this work presents a methodology for Cloud Computing management using security as a criterion, across an architecture for security monitoring based on Security-SLA for IaaS, PaaS and SaaS services using security metricsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação23/200.308/2009FUNDEC

Keskkonna heterogeensuse ja taimede mitmekesisuse seos väikesel ruumiskaalal

Väitekirja elektrooniline versioon ei sisalda publikatsioone.Küllap olete märganud, et mida mitmekesisem on ümbritsev keskkond, seda rohkem leidub seal ka erinevaid elusorganisme. Näiteks alal, kus on lähestikku kuiv niit, niiske rohumaa ja tiik, elutseb rohkem liike, kui niidul üksi. Positiivne seos keskkonna heterogeensuse ja liigilise mitmekesisuse vahel on üldlevinud arusaam ökoloogias ning aluseks mitmetele ökoloogilistele teooriatele ja otsustele looduskaitses. Milline on aga olukord, kui näiteks niidul on erinevad keskkonnatingimused omakorda laiguliselt paigutunud? Kas selline väikeseskaalaline keskkonna heterogeensus lubab samuti rohkematel liikidel koos elada? Mitmed varasemad uurimistööd taimekooslustes on näidanud, et keskkonnatingimuste väikeseskaalaline laigulisus võib taimede mitmekesisusele hoopis negatiivset mõju avaldada. Selle töö eesmärgiks oli välja selgitada, miks ja kuidas keskkonna heterogeensus väikesel ruumiskaalal taimede mitmekesisust vähendab. Kasutades andmeid varasematest töödest, mudelsimulatsioonist ja kasvuhoonekatsest, leidsime, et väikesel ruumiskaalal on heterogeensuse-mitmekesisuse seos enamasti negatiivne ning seda kahel põhjusel. Esiteks, kui keskkonnalaigud on suuremad kui taimeisendid, võib heterogeensus takistada levimist ning seeläbi vähendada taimepopulatsioonide elujõulisust ja koosluse liigirikkust. Mida heterogeensem on keskkond, seda suurem on tõenäosus, et ümbritsevad keskkonnatingimused ei ole järglastele sobivad ning levida tuleb kaugemale. Teiseks, kui keskkonnalaigud on taimeisendist väiksemad, on edukamad sellised liigid, mis suudavad kiiresti paigutada oma juured või maapealsed võsundid sobivasse keskkonnalaiku. Need liigid saavad kasvada suuremaks ning seeläbi tõrjuda kooslusest välja väiksemad või aeglase kasvuga liigid, mis sobivate tingimusteni ei jõuagi. Keskkonna väikeseskaalaline heterogeensus on looduses tavaline nähtus ning selle negatiivset mõju taimekooslustele peaks arvesse võtma ka järgnevates uurimistöödes ja looduskaitses.Have you noticed that environments that exhibit various conditions support higher species diversity? For example, one can probably find more species in an area that has patches of dry grasslands, wet meadows and ponds than in a uniform grassland area. This positive relationship between environmental heterogeneity and species diversity is a common knowledge in ecology, and forms a basis for several ecological theories and nature conservation decisions. But what if environmental conditions are heterogeneously distributed also within a community; for example, some patches are more fertile than others? Does this small-scale environmental heterogeneity also support more species? Several studies in plant communities have shown that environmental heterogeneity occurring at small spatial scales has a negative effect on plant co-existence. In this thesis, I shed further light on the negative heterogeneity-diversity relationship and describe mechanisms behind this pattern. We used data from previous studies, a computer simulation and a greenhouse experiment and found that small-scale heterogeneity can negatively impact on species diversity in two ways, depending on the relative sizes of plant individuals and habitat patches. If the patches are larger than individuals, heterogeneity can restrict dispersal between suitable patches that become more isolated. This decreases population sizes and lowers species diversity. If the patches are smaller than plant individuals, large and fast-growing species can quickly forage through different quality patches and take advantage of heterogeneous conditions, outcompeting small and slow-growing species. Small-scale heterogeneity is common in nature and can have significant impacts on community structure. Understanding the mechanisms behind a negative heterogeneity-diversity relationship can help to predict future changes in plant communities and aid conservation decisions

3D printed Microneedles for Transdermal Drug Delivery

3D printing is a revolutionary manufacturing and prototyping technology that has altered the outlooks of numerous industrial and scientific fields since its introduction. Recently, it has attracted attention for its potential as a manufacturing tool for transdermal microneedles for drug delivery. In the present thesis, the 3D printability of solid and hollow microneedles via photopolymerisation-based 3D printing was investigated, aiming at establishing robust manufacturing strategies for reproducible, mechanically strong and versatile microneedles. The developed microneedles were employed as drug delivery systems for the treatment of diabetes via insulin administration. Solid microneedles featuring different geometries were designed and 3D printed. It was demonstrated that the printing and post-printing parameters affected the printed quality, a finding that was employed to optimise the manufacturing strategy. Microneedle geometry was also found to have an impact on the piercing and fracture behaviour; however all microneedle designs were found to be mechanically safe upon application. The solid microneedles were subsequently coated with insulin-polymer films, using a 2D inkjet printing technology. The coating process achieved spatial control of the drug deposition, with quantitative accuracy. The microneedle geometry was shown to influence the morphology of the coating film, an effect that was pronounced during in the in vitro delivery studies of insulin to porcine skin. Furthermore, hollow microneedles were designed and 3D printed, featuring different heights. Two photopolymerisation-based technologies were studied, and their performance was compared. The key influential parameters of the printing outcome and microneedle quality were identified to be the printing angle and the size of the microneedle opening. The hollow microneedles were found to be effective in piercing porcine skin without structural damaging. The hollow microneedles were incorporated into complex patches with internal microfluidic structures for the provision and distribution of drug-containing solutions. The developed complex hollow microneedle patches were coupled with a microelectromechanical system to create a novel platform device for controlled, personalised transdermal drug delivery. Advanced imaging techniques revealed that the device achieved distribution of the liquid within porcine skin tissue without the creation of depots that would delay absorption. The device was evaluated for its efficacy to transdermally deliver a model dye and insulin in vitro. In vivo trials were also conducted using diabetic rodents, with the device achieving faster onset of insulin action and sustained glycemic control, in comparison to subcutaneous injections. Overall, the findings of the present research are anticipated to elucidate key problematic areas associated with the application of 3D printing for microneedle manufacturing and propose feasible solutions. The outermost goal of this work is to contribute to the advancement of knowledge in the field of 3D printed transdermal drug delivery systems, in order to bring them one step closer to their adoption in the clinical setting

Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example

Description and evaluation of the process-based forest model 4C v2.2 at four European forest sites

The process-based model 4C (FORESEE) has been developed over the past 20 years to study climate impacts on forests and is now freely available as an open-source tool. The objective of this paper is to provide a comprehensive description of this 4C version (v2.2) for scientific users of the model and to present an evaluation of 4C at four different forest sites across Europe. The evaluation focuses on forest growth as well as carbon (net ecosystem exchange, gross primary production), water (actual evapotranspiration, soil water content), and heat fluxes (soil temperature) using data from the PROFOUND database. We applied different evaluation metrics and compared the daily, monthly, and annual variability of observed and simulated values. The ability to reproduce forest growth (stem diameter and biomass) differs from site to site and is best for a pine stand in Germany (Peitz, model efficiency ME=0.98). 4C is able to reproduce soil temperature at different depths in Sorø and Hyytiälä with good accuracy (for all soil depths ME > 0.8). The dynamics in simulating carbon and water fluxes are well captured on daily and monthly timescales (0.51 < ME < 0.983) but less so on an annual timescale (ME < 0). This model–data mismatch is possibly due to the accumulation of errors because of processes that are missing or represented in a very general way in 4C but not with enough specific detail to cover strong, site-specific dependencies such as ground vegetation growth. These processes need to be further elaborated to improve the projections of climate change on forests. We conclude that, despite shortcomings, 4C is widely applicable, reliable, and therefore ready to be released to the scientific community to use and further develop the model