12 research outputs found
Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts
Cloud computing is without a doubt one of the most significant innovations presented in the
global technological map. This new generation of technology has the potential to positively
change our lives since on the one hand it provides capabilities that make our digital lives
much easier, than before, while on the other hand it assists developers in creating services
that can be disseminated easier and faster, than before, and with significantly less cost.
However, one of the major research challenges for the successful deployment of cloud
services is a clear understanding of security and privacy issues on a cloud environment, since
the cloud architecture has dissimilarities comparing to the traditional distributed systems.
Such differences might introduce new threats and require different treatment of security and
privacy issues. Nevertheless, current security and privacy requirements engineering
techniques and methodologies have not been developed with cloud computing in mind and
fail to capture the unique characteristics of such domain. It is therefore important to
understand security and privacy within the context of cloud computing and identify relevant
security and privacy properties and threats that will support techniques and methodologies
aimed to analyze and design secure cloud based systems. The contribution of this paper to the
literature is two-fold. Firstly, it provides a clear linkage between a set of critical cloud
computing areas with security and privacy threats and properties. Secondly, it introduces a
number of requirements for analysis and design methodologies to consider for security and
privacy concerns in the cloud
Minimizing Network Complexity through Integrated Top-Down Design
The article of record as published may be located at http://dx.doi.org/10.1145/2535372.2535376.CoNEXT’13, December 9–12, 2013, Santa Barbara, California, USA.The network design process today remains ad-hoc and largely complexity
agnostic, often resulting in suboptimal networks characterized
by excessive amounts of dependencies and commands in
device configurations. The unnecessarily high configuration complexity
can lead to a huge increase in both the amount of manual
intervention required for managing the network and the likelihood
of configuration errors, and thus must be avoided. In this paper
we present an integrated top-down design approach and show how
it can minimize the unnecessary configuration complexity in realizing
user reachability control, a key network design objective
that involves designing three distinct network elements: VLAN,
IP address, and packet filter. Capitalizing on newly-developed abstractions,
our approach integrates the design of the three elements
into a unified framework by systematically modeling how the design
of one element may impact the complexity of other elements.
Our approach goes substantially beyond the current “divide-andconquer”
approach that designs each element in complete isolation,
and enables minimizing the combined complexity of all elements.
Specifically, two new optimization problems are formulated, and
novel algorithms and heuristics are developed to solve the formulated
problems. Evaluation on a large campus network shows that
our approach can effectively reduce the packet filter complexity and
VLAN trunking complexity by more than 85% and 70%, respectively,
when compared to the ad-hoc approach currently used by
the operators