Security Audit Compliance for Cloud Computing

Cloud computing has grown largely over the past three years and is widely popular amongst today's IT landscape. In a comparative study between 250 IT decision makers of UK companies they said, that they already use cloud services for 61% of their systems. Cloud vendors promise "infinite scalability and resources" combined with on-demand access from everywhere. This lets cloud users quickly forget, that there is still a real IT infrastructure behind a cloud. Due to virtualization and multi-tenancy the complexity of these infrastructures is even increased compared to traditional data centers, while it is hidden from the user and outside of his control. This makes management of service provisioning, monitoring, backup, disaster recovery and especially security more complicated. Due to this, and a number of severe security incidents at commercial providers in recent years there is a growing lack of trust in cloud infrastructures. This thesis presents research on cloud security challenges and how they can be addressed by cloud security audits. Security requirements of an Infrastructure as a Service (IaaS) cloud are identified and it is shown how they differ from traditional data centres. To address cloud specific security challenges, a new cloud audit criteria catalogue is developed. Subsequently, a novel cloud security audit system gets developed, which provides a flexible audit architecture for frequently changing cloud infrastructures. It is based on lightweight software agents, which monitor key events in a cloud and trigger specific targeted security audits on demand - on a customer and a cloud provider perspective. To enable these concurrent cloud audits, a Cloud Audit Policy Language is developed and integrated into the audit architecture. Furthermore, to address advanced cloud specific security challenges, an anomaly detection system based on machine learning technology is developed. By creating cloud usage profiles, a continuous evaluation of events - customer specific as well as customer overspanning - helps to detect anomalies within an IaaS cloud. The feasibility of the research is presented as a prototype and its functionality is presented in three demonstrations. Results prove, that the developed cloud audit architecture is able to mitigate cloud specific security challenges

EC3: Elastic Cloud Computing Cluster

This paper introduces Elastic Cloud Computing Cluster (EC3), a tool that creates elastic virtual clusters on top of Infrastructure as a Service (IaaS) Clouds. The clusters are self-managed entities that scale out to a larger number of nodes on demand, up to a maximum size specified by the user. Whenever idle resources are detected, the clusters automatically scale in, according to some predefined policies, in order to cut down the costs in the case of using a public Cloud provider. This creates the illusion of a real cluster without requiring an investment beyond the actual usage. Two different case studies are presented to assess the effectiveness of an elastic virtual cluster. The results show that the usage of self-managed elastic clusters represents an important economic saving when compared both to physical clusters and to static virtual clusters deployed on an IaaS Cloud, with a reduced penalty in the elasticity management.©2013 Elsevier Inc. All rights reserved.The authors would like to thank the financial support received from the Generalitat Valenciana for the project GV/2012/076 and to the Ministerio de Ciencia e Innovacion for the project CodeCloud (TIN2010-17804).Caballer Fernández, M.; Alfonso Laguna, CD.; Alvarruiz Bermejo, F.; Moltó, G. (2013). EC3: Elastic Cloud Computing Cluster. Journal of Computer and System Sciences. 79(8):1341-1351. https://doi.org/10.1016/j.jcss.2013.06.005S1341135179

Self-managed Cost-efficient Virtual Elastic Clusters on Hybrid Cloud Infrastructures

In this study, we describe the further development of Elastic Cloud Computing Cluster (EC3), a tool for creating self-managed cost-efficient virtual hybrid elastic clusters on top of Infrastructure as a Service (IaaS) clouds. By using spot instances and checkpointing techniques, EC3 can significantly reduce the total execution cost as well as facilitating automatic fault tolerance. Moreover, EC3 can deploy and manage hybrid clusters across on-premises and public cloud resources, thereby introducing cloud bursting capabilities. We present the results of a case study that we conducted to assess the effectiveness of the tool based on the structural dynamic analysis of buildings. In addition, we evaluated the checkpointing algorithms in a real cloud environment with existing workloads to study their effectiveness. The results demonstrate the feasibility and benefits of this type of cluster for computationally intensive applications. © 2016 Elsevier B.V. All rights reserved.This study was supported by the program "Ayudas para la contratacion de personal investigador en formacion de caracter pre doctoral, programa VALi+d" under grant number ACIF/2013/003 from the Conselleria d'Educacio of the Generalitat Valenciana. We are also grateful for financial support received from The Spanish Ministry of Economy and Competitiveness to develop the project "CLUVIEM" under grant reference TIN2013-44390-R. Finally, we express our gratitude to D. David Ruzafa for support with the arduous task of analyzing the executions data.Calatrava Arroyo, A.; Romero Alcalde, E.; Moltó Martínez, G.; Caballer Fernández, M.; Alonso Ábalos, JM. (2016). Self-managed Cost-efficient Virtual Elastic Clusters on Hybrid Cloud Infrastructures. Future Generation Computer Systems. 61:13-25. https://doi.org/10.1016/j.future.2016.01.018S13256

Cloud e-learning for mechatronics: CLEM

his paper describes results of the CLEM project, Cloud E-learning for Mechatronics. CLEM is an example of a domain-specific cloud that is especially tuned to the needs of VET (Vocational, Education and Training) teachers. An interesting development has been the creation of remote laboratories in the cloud. Learners can access such laboratories to support their practical learning of mechatronics without the need to set up laboratories at their own institutions. The cloud infrastructure enables multiple laboratories to come together virtually to create an ecosystem for educators and learners. From such a system, educators can pick and mix materials to create suitable courses for their students and the learners can experience different types of devices and laboratories through the cloud. The paper provides an overview of this new cloud-based e-learning approach and presents the results. The paper explains how the use of cloud computing has enabled the development of a new method, showing how a holistic e-learning experience can be obtained through use of static, dynamic and interactive material together with facilities for collaboration and innovation