A discrete Fourier transform for virtual memory machines

An algebraic theory of the Discrete Fourier Transform is developed in great detail. Examination of the details of the theory leads to a computationally efficient fast Fourier transform for the use on computers with virtual memory. Such an algorithm is of great use on modern desktop machines. A FORTRAN coded version of the algorithm is given for the case when the sequence of numbers to be transformed is a power of two

Security supportive energy-aware scheduling and energy policies for cloud environments

Cloud computing (CC) systems are the most popular computational environments for providing elastic and scalable services on a massive scale. The nature of such systems often results in energy-related problems that have to be solved for sustainability, cost reduction, and environment protection. In this paper we defined and developed a set of performance and energy-aware strategies for resource allocation, task scheduling, and for the hibernation of virtual machines. The idea behind this model is to combine energy and performance-aware scheduling policies in order to hibernate those virtual machines that operate in idle state. The efficiency achieved by applying the proposed models has been tested using a realistic large-scale CC system simulator. Obtained results show that a balance between low energy consumption and short makespan can be achieved. Several security constraints may be considered in this model. Each security constraint is characterized by: (a) Security Demands (SD) of tasks; and (b) Trust Levels (TL) provided by virtual machines. SD and TL are computed during the scheduling process in order to provide proper security services. Experimental results show that the proposed solution reduces up to 45% of the energy consumption of the CC system. Such significant improvement was achieved by the combination of an energy-aware scheduler with energy-efficiency policies focused on the hibernation of VMs.COST Action IC140

THREE ESSAYS ON SAUDI ARABIA AGRICULTURAL MARKETS

The first essay compares six common models, linear, quadratic, Cobb-Douglas, translog, logarithmic, and transcendental, to estimate wheat yield and area functions for Saudi Arabia. Data cover 1990-2016 for all the variables that affect wheat supply. After testing the models using Box-Cox, multicollinearity, and autocorrelation tests, we decide that the Cobb-Douglas models provide the best fit for both yield and area. We find the price elasticity of wheat is inelastic. Yield price elasticities are more inelastic than area elasticities. The impact of government policy number 335 has a larger effect on area than yield. The cultivated area of wheat, the one-year lag of yield, and the number of machines per hectare are the most influential factors affecting wheat yield. The primary factors influencing the area models are a one-year lag of both cultivated area and yield, as well as the number of machines per hectare. The second essay estimates the residual demand elasticity that rice exporters face in Saudi Arabia. The inverse residual demand methods, as proposed by Reed and Saghaian 2004, are used for rice exporters to Saudi Arabia during the period 1993-2014. Estimation results of the elasticities of the residual demand indicate that Australia, India, and Pakistan enjoy market power, while Egypt faces a perfectly elastic demand curve. We find Thailand and the US had positive inverse residual demand which means they also have no market power. The last essay is about the virtual water trade in Saudi Arabia. Using the concept of virtual water introduced by Allan 1994 and developed by Hoekstra and Hung (2002), we estimate virtual water trade for 20 crops of Saudi Arabia during 2000-2016. Our result shows the average virtual water trade was 12.5 billion m3/year. Saudi has net virtual water imports, with the most significant virtual water imports coming from cereals & alfalfa and vegetables; and there is net virtual water export of fruit. Saudi virtual water trade reduces pressure on water resources by 52%. Distance plays a role in Saudi virtual water export; we found that more than 90% of exports go to neighboring countries, including 45% to GCC countries. More than 30% of virtual water imports come from Europe. A Gravity model is used to investigate whether water scarcity variables influence trade. We compare the OLS, Fixed effects, Random effects, and PPML estimators to get the best model. The AIC, and tests for multicollinearity, and heteroskedasticity assist in determining estimation procedures and the final models. We cluster the errors by distance to improve the specific country effect variables such as economic mass variables. For the cereals and alfalfa group, we find that water-related variables influence virtual water imports of cereals, millet, sorghum, corn, barley, and sesame. Therefore, we suggest that a basic gravity model be applied to the other crops. In the vegetable group, we find that related water variables impact virtual water trade for all crops except marrow. Dates are the only fruit crop that are not influenced by the water-related variables

Flowrider: Fast On-Demand Key Provisioning for Cloud Networks

Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or even increased. We present Flowrider, a novel key provisioning mechanism for cloud networks that unlocks scalable use of symmetric keys and significantly reduces the related computational load on network endpoints. We describe the application of Flowrider to common transport security protocols, the results of its formal verification, and its prototype implementation. Our evaluation shows that Florwider uses up to an order of magnitude less CPU to establish a TLS session while preventing by construction some known attacks

Towards Migrating Security Policies along with Virtual Machines in Cloud

Multi-tenancy and elasticity are important characteristics of every cloud. Multi-tenancy can be economical; however, it raises some security concerns. For example, contender companies may have Virtual Machines (VM) on the same server and have access to the same resources. There is always the possibility that one of them tries to get access to the opponent's data. In order to address these concerns, each tenant in the cloud should be secured separately and firewalls are one of the means that can help in that regard. Firewalls also protect virtual machines from the outside threats using access control lists and policies. On the other hand, virtual machines migrate frequently in an elastic cloud and this raises another apprehension about what happens to the security policies that are associated with the migrated virtual machine. In this thesis, we primarily contribute by proposing a novel framework that coordinates the mobility of the associated security policies along with the virtual machine in Software-Defined Networks (SDN). We then design and develop a prototype application called Migration Application (MigApp), based on our framework that moves security policies and coordinates virtual machine and security policy migration. MigApp runs on top of SDN controllers and uses a distributed messaging system in order to interact with virtual machine monitor and other MigApp instances. We integrate MigApp with Floodlight controller and evaluate our work through simulations. In addition, we prepare a test-bed for security testing in clouds that are based on traditional networks. We focus on virtual machine migration and use open-source utilities to equip this test-bed. We design an architecture based on GNS3 network emulator in order to provide a distributed testing environment. We then propose a virtual machine migration framework on Oracle VirtualBox; and finally, we enrich the security aspect of framework by adding firewall rule migration and security verification mechanisms into it

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

An exploratory study in to the money laundering threats, vulnerabilities, and controls within the UK bookmaker sector, with a specific focus on Fixed-Odds Betting Terminals

The purpose of this exploratory study was to generate an understanding in to the money laundering threats, vulnerabilities and controls found within UK betting shops, with a direct focus on the exponential growth of Fixed-Odd Betting Terminals. Qualitative research methods facilitated eight semi-structured interviews with key stakeholders linked to the gambling and/or money laundering sphere. This included the Gambling Commission, Campaign for Fairer Gambling, an ex-Head of Security and Safety at a major bookmaker, and five regular Fixed-Odd Betting Terminal users. The interviews were recorded, transcribed and coded for thematic analysis, subsequently resulting in the emergence of four interesting and meaningful themes. These were (1) Ineffective CDD enforcement facilitating anonymity (2) Weak anti-money laundering safeguards unable to mitigate known threats (3) A lack of anti-money laundering training, awareness, and resources (4) The Gambling Commission’s attempt for increased anti-money laundering regulation unsuccessful. By allowing a phenomenological framework to guide the data collection process, the interpreted subjective views and experiences of the participants involved, although somewhat limited, indicate that money laundering threats within the bookmaker sector are inherently high, with a lack of effective safeguards in place to mitigate the identified vulnerabilities

An Analisys of Business VPN Case Studies

A VPN (Virtual Private Network) simulates a secure private network through a shared public insecure infrastructure like the Internet. The VPN protocol provides a secure and reliable access from home/office on any networking technology transporting IP packets. In this article we study the standards for VPN implementation and analyze two case studies regarding a VPN between two routers and two firewalls.VPN; Network; Protocol.

Virtual Machine Lifecycle Management in Grid and Cloud Computing

Virtualisierungstechnologie ist die Grundlage für zwei wichtige Konzepte: Virtualized Grid Computing und Cloud Computing. Ersteres ist eine Erweiterung des klassischen Grid Computing. Es hat zum Ziel, die Anforderungen kommerzieller Nutzer des Grid hinsichtlich der Isolation von gleichzeitig ausgeführten Batch-Jobs und der Sicherheit der zugehörigen Daten zu erfüllen. Dabei werden Anwendungen in virtuellen Maschinen ausgeführt, um sie voneinander zu isolieren und die von ihnen verarbeiteten Daten vor anderen Nutzern zu schützen. Darüber hinaus löst Virtualized Grid Computing das Problem der Softwarebereitstellung, eines der bestehenden Probleme des klassischen Grid Computing. Cloud Computing ist ein weiteres Konzept zur Verwendung von entfernten Ressourcen. Der Fokus dieser Dissertation bezüglich Cloud Computing liegt auf dem “Infrastructure as a Service Modell”, das Ideen des (Virtualized) Grid Computing mit einem neuartigen Geschäftsmodell kombiniert. Dieses besteht aus der Bereitstellung von virtuellen Maschinen auf Abruf und aus einem Tarifmodell, bei dem lediglich die tatsächliche Nutzung berechnet wird. Der Einsatz von Virtualisierungstechnologie erhöht die Auslastung der verwendeten (physischen) Rechnersysteme und vereinfacht deren Administration. So ist es beispielsweise möglich, eine virtuelle Maschine zu klonen oder einen Snapshot einer virtuellen Maschine zu erstellen, um zu einem definierten Zustand zurückkehren zu können. Jedoch sind noch nicht alle Probleme im Zusammenhang mit der Virtualisierungstechnologie gelöst. Insbesondere entstehen durch den Einsatz in den sehr dynamischen Umgebungen des Virtualized Grid Computing und des Cloud Computing neue Herausforderungen für die Virtualisierungstechnologie. Diese Dissertation befasst sich mit verschiedenen Aspekten des Einsatzes von Virtualisierungstechnologie in Virtualized Grid und Cloud Computing Umgebungen. Zunächst wird der Lebenszyklus von virtuellen Maschinen in diesen Umgebungen untersucht, und es werden Modelle dieses Lebenszyklus entwickelt. Anhand der entwickelten Modelle werden Probleme identifiziert und Lösungen für diese Probleme entwickelt. Der Fokus liegt dabei auf den Bereichen Speicherung, Bereitstellung und Ausführung von virtuellen Maschinen. Virtuelle Maschinen werden üblicherweise in so genannten Disk Images, also Abbildern von virtuellen Festplatten, gespeichert. Dieses Format hat nicht nur Einfluss auf die Speicherung von größeren Mengen virtueller Maschinen, sondern auch auf deren Bereitstellung. In den untersuchten Umgebungen hat es zwei konkrete Nachteile: es verschwendet Speicherplatz und es verhindert eine effiziente Bereitstellung von virtuellen Maschinen. Maßnahmen zur Steigerung der Sicherheit von virtuellen Maschinen haben auf alle drei genannten Bereiche Einfluss. Beispielsweise sollte vor der Bereitstellung einer virtuellen Maschine geprüft werden, ob die darin installierte Software noch aktuell ist. Weiterhin sollte die Ausführungsumgebung Möglichkeiten bereitstellen, um die virtuelle Infrastruktur wirksam zu überwachen. Die erste in dieser Dissertation vorgestellte Lösung ist das Konzept der Image Composition. Es beschreibt die Komposition eines kombinierten Disk Images aus mehreren Schichten. Dadurch können Teile der einzelnen Schichten, die von mehreren virtuellen Maschinen verwendet werden, zwischen diesen geteilt und somit der Speicherbedarf für die Gesamtheit der virtuellen Maschinen reduziert werden. Der Marvin Image Compositor ist die Umsetzung dieses Konzepts. Die zweite Lösung ist der Marvin Image Store, ein Speichersystem für virtuelle Maschinen, das nicht auf den traditionell genutzten Disk Images basiert, sondern die darin enthaltenen Daten und Metadaten auf eine effiziente Weise getrennt voneinander speichert. Weiterhin werden vier Lösungen vorgestellt, die die Sicherheit von virtuellen Maschine verbessern können: Der Update Checker ist eine Lösung, die es ermöglicht, veraltete Software in virtuellen Maschinen zu identifizieren. Dabei spielt es keine Rolle, ob die jeweilige virtuelle Maschine gerade ausgeführt wird oder nicht. Die zweite Sicherheitslösung ermöglicht es, mehrere virtuelle Maschinen, die auf dem Konzept der Image Composition basieren, zentral zu aktualisieren. Das bedeutet, dass die einmalige Installation einer neuen Softwareversion ausreichend ist, um mehrere virtuelle Maschinen auf den neuesten Stand zu bringen. Die dritte Sicherheitslösung namens Online Penetration Suite ermöglicht es, virtuelle Maschinen automatisiert nach Schwachstellen zu durchsuchen. Die Überwachung der virtuellen Infrastruktur auf allen Ebenen ist der Zweck der vierten Sicherheitslösung. Zusätzlich zur Überwachung ermöglicht diese Lösung auch eine automatische Reaktion auf sicherheitsrelevante Ereignisse. Schließlich wird ein Verfahren zur Migration von virtuellen Maschinen vorgestellt, welches auch ohne ein zentrales Speichersystem eine effiziente Migration ermöglicht