On the Security Assessment of the Cloud

Cloud computing is an enabling technology paradigm that provides access to the geodistributed pool of resources that are rapidly and flexibly provisioned at run-time with minimum management from the user. These benefits have driven the proliferation of the Cloud over the last decade. Many organizations have migrated to the Cloud or have a Cloudfirst strategy for their businesses. Despite these benefits, the security of the Cloud has been flagged as among the top concerns by its users. To address security concerns, Threat Analysis (TA) is often advocated to ascertain a system’s exposure to threats. A plethora of TA techniques exist that focus on analyzing threats to targeted assets at the system’s level (e.g., components, hardware) or at the user’s level (e.g., virtual machine) in the Cloud. These techniques are effective, but their applicability is limited beyond their targeted asset. However, the Cloud is a complex system entailing both the physical and virtual resources. Moreover, these resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to the users. On this background, this thesis aims at assessing the security of the Cloud holistically by considering the interactions among the services/components involved in the operational stack of the Cloud. In this regard, a technology-agnostic information flow model is developed that represents the Cloud’s functionality through a set of conditional transitions. Furthermore, threats are added to the model to analyze their impact on the Cloud. This enables the exploration of a threat’s behavior and its propagation across the Cloud and supports assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database (NVD), actual Cloud attacks were traced and speculatively postulated alternate potential attack paths. Furthermore, the thesis also investigates different threats with similar indicators of compromise (e.g., attack patterns) to be considered in the security assessment along with the specific user’s requirements. Finally, the thesis also targets the evaluation of potential violations from the Cloud providers that breach users’ requirements. The results presented in the thesis demonstrate that by ascertaining the attack paths and considering the interplay between threats and security requirements, the security of the Cloud can be comprehensively assessed

A Survey of Intelligent Network Slicing Management for Industrial IoT: Integrated Approaches for Smart Transportation, Smart Energy, and Smart Factory

This is the author accepted manuscript. The final version is available from IEEE via the DOI in this recordNetwork slicing has been widely agreed as a promising technique to accommodate diverse services for the Industrial Internet of Things (IIoT). Smart transportation, smart energy, and smart factory/manufacturing are the three key services to form the backbone of IIoT. Network slicing management is of paramount importance in the face of IIoT services with diversified requirements. It is important to have a comprehensive survey on intelligent network slicing management to provide guidance for future research in this field. In this paper, we provide a thorough investigation and analysis of network slicing management in its general use cases as well as specific IIoT services including smart transportation, smart energy and smart factory, and highlight the advantages and drawbacks across many existing works/surveys and this current survey in terms of a set of important criteria. In addition, we present an architecture for intelligent network slicing management for IIoT focusing on the above three IIoT services. For each service, we provide a detailed analysis of the application requirements and network slicing architecture, as well as the associated enabling technologies. Further, we present a deep understanding of network slicing orchestration and management for each service, in terms of orchestration architecture, AI-assisted management and operation, edge computing empowered network slicing, reliability, and security. For the presented architecture for intelligent network slicing management and its application in each IIoT service, we identify the corresponding key challenges and open issues that can guide future research. To facilitate the understanding of the implementation, we provide a case study of the intelligent network slicing management for integrated smart transportation, smart energy, and smart factory. Some lessons learnt include: 1) For smart transportation, it is necessary to explicitly identify service function chains (SFCs) for specific applications along with the orchestration of underlying VNFs/PNFs for supporting such SFCs; 2) For smart energy, it is crucial to guarantee both ultra-low latency and extremely high reliability; 3) For smart factory, resource management across heterogeneous network domains is of paramount importance. We hope that this survey is useful for both researchers and engineers on the innovation and deployment of intelligent network slicing management for IIoT.Engineering and Physical Sciences Research Council (EPSRC)Singapore University of Technology and Design (SUTD)Hong Kong RGC Research Impact Fund (RIF)National Natural Science Foundation of ChinaShenzhen Science and Technology Innovation Commissio