Secure Virtual Network Embedding in a Multi-Cloud Environment

Recently-proposed virtualization platforms give Cloud users the freedom to specify their network topologies and addressing schemes. These platforms have, however, been targeting a single datacenter of a cloud provider, which is insufficient to support (critical) applications that need to be deployed across multiple trust domains while enforcing diverse security requirements. This paper addresses this problem by presenting a novel solution for a central component of network virtualization –the online network embedding, which finds efficient mappings of virtual networks requests onto the substrate network. Our solution considers security as a first class citizen, enabling the definition of flexible policies in three central areas: on the communications, where alternative security compromises can be explored (e.g.,encryption); on the computations, supporting redundancy if necessary while capitalizing on hardware assisted trusted executions; across multiples clouds, including public and private facilities, with the associated trust levels. We formulate the solution as a Mixed Integer Linear Program (MILP), and evaluate our proposal against the most commonly used alternative. Our analysis gives insight into the trade-offs involved with the inclusion of security and trust into network virtualization, providing evidence that this notion may enhance profits under the appropriate cost models

D1.3 - SUPERCLOUD Architecture Implementation

In this document we describe the implementation of the SUPERCLOUD architecture. The architecture provides an abstraction layer on top of which SUPERCLOUD users can realize SUPERCLOUD services encompassing secure computation workloads, secure and privacy-preserving resilient data storage and secure networking resources spanning across different cloud service providers' computation, data storage and network resources. The components of the SUPERCLOUD architecture implementation are described. Integration between the different layers of the architecture (computing security, data protection, network security) and with the facilities for security self-management is also highlighted. Finally, we provide download and installation instructions for the released software components that can be downloaded from our common SUPERCLOUD code repository

Revisión sistemática del uso de Blockchains en datos clínicos y su aplicación en Colombia

Trabajo de investigaciónEste documento presenta una revisión sistemática realizada en 3 fuentes de datos como IEEE, Scopus y Web of Science, buscando una síntesis de información para visualizar qué aplicaciones o desarrollos hay en el mundo acerca de blockchain, qué temas y soluciones abarca, qué se está tratando, qué implantaciones hay en curso y cuáles son los retos actuales y futuros para de esta manera divisar cuáles pueden ser los campos en los que esta tecnología se incorpore en la salud colombiana.INTRODUCCIÓN 1. GENERALIDADES 2. PLANIFICACIÓN DE LA REVISIÓN SISTEMÁTICA 3. RESULTADOS 4. DESARROLLO DE LA PROPUESTA CONCLUSIONES RECOMENDACIONES BIBLIOGRAFÍA ANEXOSPregradoIngeniero de Sistema

An Acceptable Cloud Computing Model for Public Sectors

Cloud computing enables information technology (IT) leaders to shift from passive business support to active value creators. However, social economic-communication barriers inhibit individual users from strategic use of the cloud. Grounded in the theory of technology acceptance, the purpose of this multiple case study was to explore strategies IT leaders in public sector organizations implement to utilize cloud computing. The participants included nine IT leaders from public sector organizations in Texas, USA. Data were collected using semi-structured interviews, field notes, and publicly available artifacts documents. Data were analyzed using thematic analysis: five themes emerged (a) user-centric and data-driven cloud model; (b) multi-cloud, (c) visibility, (d) integrations, and (e) innovation and agility due to cloud. A key recommendation is for IT leaders to strategize for individual user behavior through the top-down approach. The implications for positive social change include the potential to improve civic services, civic engagement, collaborations between the public and government, policymaking, and added socioeconomic value

User-Centric Security and Dependability in the Clouds-of-Clouds

International audienceA promising vision of distributed cloud computing is a unified world of multiple clouds, with business benefits at hand. In practice, lack of interoperability among clouds and management complexity raise many security and dependability concerns. We introduce secure SUPERCLOUD computing as a new paradigm for security and dependability management of distributed clouds. SUPERCLOUD follows a user-centric and self-managed approach to avoid technology and vendor lock-ins. In SUPERCLOUD, users define U-Clouds, which are isolated sets of computation, data, and networking services run over both private and public clouds operated by multiple providers, with customized security requirements as well as self-management for reducing administration complexity. This paper presents the SUPERCLOUD architecture with focus on SUPERCLOUD security infrastructure. We also illustrate through several use cases how practical applicability of the SUPERCLOUD paradigm may be achieved

Context and communication profiling for IoT security and privacy: techniques and applications

During the last decade, two major technological changes have profoundly changed the way in which users consume and interact with on-line services and applications. The first of these has been the success of mobile computing, in particular that of smartphones, the primary end device used by many users for access to the Internet and various applications. The other change is the emergence of the so-called Internet-of-Things (IoT), denoting a technological transition in which everyday objects like household appliances that traditionally have been seen as stand-alone devices, are given network connectivity by introducing digital communication capabilities to those devices. The topic of this dissertation is related to a core challenge that the emergence of these technologies is introducing: how to effectively manage the security and privacy settings of users and devices in a user-friendly manner in an environment in which an ever-growing number of heterogeneous devices live and co-exist with each other? In particular we study approaches for utilising profiling of contextual parameters and device communications in order to make autonomous security decisions with the goal of striking a better balance between a system's security on one hand, and, its usability on the other. We introduce four distinct novel approaches utilising profiling for this end. First, we introduce ConXsense, a system demonstrating the use of user-specific longitudinal profiling of contextual information for modelling the usage context of mobile computing devices. Based on this ConXsense can probabilistically automate security policy decisions affecting security settings of the device. Further we develop an approach utilising the similarity of contextual parameters observed with on-board sensors of co-located devices to construct proofs of presence that are resilient to context-guessing attacks by adversaries that seek to fool a device into believing the adversary is co-located with it, even though it is in reality not. We then extend this approach to a context-based key evolution approach that allows IoT devices that are co-present in the same physical environment like the same room to use passively observed context measurements to iteratively authenticate their co-presence and thus gradually establish confidence in the other device being part of the same trust domain, e.g., the set of IoT devices in a user's home. We further analyse the relevant constraints that need to be taken into account to ensure security and usability of context-based authentication. In the final part of this dissertation we extend the profiling approach to network communications of IoT devices and utilise it to realise the design of the IoTSentinel system for autonomous security policy adaptation in IoT device networks. We show that by monitoring the inherent network traffic of IoT devices during their initial set-up, we can automatically identify the type of device newly added to the network. The device-type information is then used by IoTSentinel to adapt traffic filtering rules automatically to provide isolation of devices that are potentially vulnerable to known attacks, thereby protecting the device itself and the rest of the network from threats arising from possible compromise of vulnerable devices