Secure FaaS orchestration in the fog: how far are we?

AbstractFunction-as-a-Service (FaaS) allows developers to define, orchestrate and run modular event-based pieces of code on virtualised resources, without the burden of managing the underlying infrastructure nor the life-cycle of such pieces of code. Indeed, FaaS providers offer resource auto-provisioning, auto-scaling and pay-per-use billing at no costs for idle time. This makes it easy to scale running code and it represents an effective and increasingly adopted way to deliver software. This article aims at offering an overview of the existing literature in the field of next-gen FaaS from three different perspectives: (i) the definition of FaaS orchestrations, (ii) the execution of FaaS orchestrations in Fog computing environments, and (iii) the security of FaaS orchestrations. Our analysis identify trends and gaps in the literature, paving the way to further research on securing FaaS orchestrations in Fog computing landscapes

An access control management protocol for Internet of things devices

Internet enabled computing devices are increasingly at risk of misuse by individuals or malware. Initially such misuse was targeted mainly at computers, however there is increasing targeting of tablet and smartphone devices. In this paper we examine an access control management protocol for Internet of things devices in order to attempt to provide some protection against misuse of such devices. Although anti-malware software is commonly used in computers, and is increasingly being used for tablets and smartphones, this may be a less practicable approach for Internet of things devices. The access control management protocol for Internet of things devices examined in this paper involves the use of physical proximity ‘registration’ for remote control of such devices, encryption of communications, verification of geo-location of the mobile device used to control the IoT device, safe operation controls, and exception reporting as a means of providing a tiered security approach for such devices

Design and Implementation of Multilevel Secure Database in Website

Multi-tier web server systems are used in many importantcontexts and their security is a major cause of concern.Such systems can exploit strategies. In this paper, a model was present based onthree-tier architecture (Client tier, Server tier and Database tier) and applying multilevel security on it. The database server tier consists of the DBMS or the database management system and the database and we built it off-line to reduce unauthorized access to sensitive data. The Client tier, which is usually a web browser, processes and displays HTML resources, issues HTML requests and processes the responses. These web browsers are HTTP clients that interact with the Web servers using standard protocols. The Middle or application server tier consists most of the application logic. Inputs receives from the clients and interacts with the database but only the results sent to application server then to client. This achieved by using multilevel of security to protect database, using Authorization, Password Encryption. The process of authorization done by allowing the access to proposed system pages depending on authorized level; Password encrypted using bcrypt with fallbacks on sha-256/512 with key stretching to protect it from cracking by any types of attack. Client-to-Application Server Protocol (CAP) uses the RC4A algorithm to provide data confidentiality to secure transmitted information from application server to client. Keywords: Authentication, Multi-tier model, Multi-Tier Security, Security, Data protection, Internet security

Iowa Public Television’s Planning Targets 2011-2014

Agency Performance Plan, Iowa Public Televisio