DRIVE: A Distributed Economic Meta-Scheduler for the Federation of Grid and Cloud Systems

The computational landscape is littered with islands of disjoint resource providers including commercial Clouds, private Clouds, national Grids, institutional Grids, clusters, and data centers. These providers are independent and isolated due to a lack of communication and coordination, they are also often proprietary without standardised interfaces, protocols, or execution environments. The lack of standardisation and global transparency has the effect of binding consumers to individual providers. With the increasing ubiquity of computation providers there is an opportunity to create federated architectures that span both Grid and Cloud computing providers effectively creating a global computing infrastructure. In order to realise this vision, secure and scalable mechanisms to coordinate resource access are required. This thesis proposes a generic meta-scheduling architecture to facilitate federated resource allocation in which users can provision resources from a range of heterogeneous (service) providers. Efficient resource allocation is difficult in large scale distributed environments due to the inherent lack of centralised control. In a Grid model, local resource managers govern access to a pool of resources within a single administrative domain but have only a local view of the Grid and are unable to collaborate when allocating jobs. Meta-schedulers act at a higher level able to submit jobs to multiple resource managers, however they are most often deployed on a per-client basis and are therefore concerned with only their allocations, essentially competing against one another. In a federated environment the widespread adoption of utility computing models seen in commercial Cloud providers has re-motivated the need for economically aware meta-schedulers. Economies provide a way to represent the different goals and strategies that exist in a competitive distributed environment. The use of economic allocation principles effectively creates an open service market that provides efficient allocation and incentives for participation. The major contributions of this thesis are the architecture and prototype implementation of the DRIVE meta-scheduler. DRIVE is a Virtual Organisation (VO) based distributed economic metascheduler in which members of the VO collaboratively allocate services or resources. Providers joining the VO contribute obligation services to the VO. These contributed services are in effect membership “dues” and are used in the running of the VOs operations – for example allocation, advertising, and general management. DRIVE is independent from a particular class of provider (Service, Grid, or Cloud) or specific economic protocol. This independence enables allocation in federated environments composed of heterogeneous providers in vastly different scenarios. Protocol independence facilitates the use of arbitrary protocols based on specific requirements and infrastructural availability. For instance, within a single organisation where internal trust exists, users can achieve maximum allocation performance by choosing a simple economic protocol. In a global utility Grid no such trust exists. The same meta-scheduler architecture can be used with a secure protocol which ensures the allocation is carried out fairly in the absence of trust. DRIVE establishes contracts between participants as the result of allocation. A contract describes individual requirements and obligations of each party. A unique two stage contract negotiation protocol is used to minimise the effect of allocation latency. In addition due to the co-op nature of the architecture and the use of secure privacy preserving protocols, DRIVE can be deployed in a distributed environment without requiring large scale dedicated resources. This thesis presents several other contributions related to meta-scheduling and open service markets. To overcome the perceived performance limitations of economic systems four high utilisation strategies have been developed and evaluated. Each strategy is shown to improve occupancy, utilisation and profit using synthetic workloads based on a production Grid trace. The gRAVI service wrapping toolkit is presented to address the difficulty web enabling existing applications. The gRAVI toolkit has been extended for this thesis such that it creates economically aware (DRIVE-enabled) services that can be transparently traded in a DRIVE market without requiring developer input. The final contribution of this thesis is the definition and architecture of a Social Cloud – a dynamic Cloud computing infrastructure composed of virtualised resources contributed by members of a Social network. The Social Cloud prototype is based on DRIVE and highlights the ease in which dynamic DRIVE markets can be created and used in different domains

View on 5G Architecture: Version 2.0

The 5G Architecture Working Group as part of the 5GPPP Initiative is looking at capturing novel trends and key technological enablers for the realization of the 5G architecture. It also targets at presenting in a harmonized way the architectural concepts developed in various projects and initiatives (not limited to 5GPPP projects only) so as to provide a consolidated view on the technical directions for the architecture design in the 5G era. The first version of the white paper was released in July 2016, which captured novel trends and key technological enablers for the realization of the 5G architecture vision along with harmonized architectural concepts from 5GPPP Phase 1 projects and initiatives. Capitalizing on the architectural vision and framework set by the first version of the white paper, this Version 2.0 of the white paper presents the latest findings and analyses with a particular focus on the concept evaluations, and accordingly it presents the consolidated overall architecture design

An efficient approach based on trust and reputation for secured selection of grid resources

Security is a principal concern in offering an infrastructure for the formation of general-purpose computational grids. A number of grid implementations have been devised to deal with the security concerns by authenticating the users, hosts and their interactions in an appropriate fashion. Resource management systems that are sophisticated and secured are inevitable for the efficient and beneficial deployment of grid computing services. The chief factors that can be problematic in the secured selection of grid resources are the wide range of selection and the high degree of strangeness. Moreover, the lack of a higher degree of confidence relationship is likely to prevent efficient resource allocation and utilisation. In this paper, we present an efficient approach for the secured selection of grid resources, so as to achieve secure execution of the jobs. This approach utilises trust and reputation for securely selecting the grid resources. To start with, the self-protection capability and reputation weightage of all the entities are computed, and based on those values, the trust factor (TF) of all the entities are determined. The reputation weightage of an entity is the measure of both the user’s feedback and other entities’ feedback. Those entities with higher TF values are selected for the secured execution of jobs. To make the proposed approach more comprehensive, a novel method is employed for evaluating the user’s feedback on the basis of the existing feedbacks available regarding the entities. This approach is proved to be scalable for an increased number of user jobs and grid entities. The experimentation portrays that this approach offers desirable efficiency in the secured selection of grid resources

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

RISK ANALYSIS AND MANAGEMENT OF SECURITY THREATS IN VIRTUALISED INFORMATION SYSTEMS USING PREDICTIVE ANALYTICS

The use of online server applications has increased in recent years. To achieve the benefits of these technologies, cloud computing, with its ability to use virtual machine technologies to overcome limitations and guarantee security and quality of service to its end user customer, is being used as a platform to run online server applications. This however brings about a number of security issues aimed specifically at virtual machine technologies. A number of security solutions like virtual machine introspection, intrusion detection and many more, have been proposed and implemented, but the question to combat security issues in near or even real time still remains. To help answer the above question or even move a step further from the existing solutions, which still use data mining techniques to combat the security issues of virtualisation, we propose the novel use of predictive analytics for risk analysis and management of security threats in virtualised information systems as well as design and implement a novel predictive analytics framework used to design build and implement the same predictive analytics model In this project, we adopt the use of predictive analytics and demonstrate how it can be used for managing risks and security of virtualised environments. An experimental testbed for the simulation of attacks and data collection is set-up. Exploratory data analytics process is carried out to prepare the data for predictive modelling. A linear regression predictive model is built using the results from the exploratory data analytics using linear regression algorithm. The model is then validated and tested for predictive accuracy using Naïve Bayes and logistic algorithms respectively. Time series algorithms are then used to build a time series predictive model that will predict attacks (DoS attacks in this case) in real time using new data. Designing and implementing the proposed predictive analytics model, which is aimed at monitoring, analysing and mitigating security threats in real time successfully demonstrates the use of predictive analytics modelling as a security management tool for virtualised information systems as a novel contribution to virtualisation security

IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation

The cloud computing paradigm introduces an efficient utilisation of huge computing resources by multiple users with minimal expense and deployment effort compared to traditional computing facilities. Although cloud computing has incredible benefits, some governments and enterprises remain hesitant to transfer their computing technology to the cloud as a consequence of the associated security challenges. Security is, therefore, a significant factor in cloud computing adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing services are accessed through network connections and utilised by multi-users who can share the resources through virtualisation technology. Accordingly, an efficient access control system is crucial to prevent unauthorised access. This thesis mainly investigates the IaaS security enhancement from an access control point of view. [Continues.