Security Audit Compliance for Cloud Computing

Cloud computing has grown largely over the past three years and is widely popular amongst today's IT landscape. In a comparative study between 250 IT decision makers of UK companies they said, that they already use cloud services for 61% of their systems. Cloud vendors promise "infinite scalability and resources" combined with on-demand access from everywhere. This lets cloud users quickly forget, that there is still a real IT infrastructure behind a cloud. Due to virtualization and multi-tenancy the complexity of these infrastructures is even increased compared to traditional data centers, while it is hidden from the user and outside of his control. This makes management of service provisioning, monitoring, backup, disaster recovery and especially security more complicated. Due to this, and a number of severe security incidents at commercial providers in recent years there is a growing lack of trust in cloud infrastructures. This thesis presents research on cloud security challenges and how they can be addressed by cloud security audits. Security requirements of an Infrastructure as a Service (IaaS) cloud are identified and it is shown how they differ from traditional data centres. To address cloud specific security challenges, a new cloud audit criteria catalogue is developed. Subsequently, a novel cloud security audit system gets developed, which provides a flexible audit architecture for frequently changing cloud infrastructures. It is based on lightweight software agents, which monitor key events in a cloud and trigger specific targeted security audits on demand - on a customer and a cloud provider perspective. To enable these concurrent cloud audits, a Cloud Audit Policy Language is developed and integrated into the audit architecture. Furthermore, to address advanced cloud specific security challenges, an anomaly detection system based on machine learning technology is developed. By creating cloud usage profiles, a continuous evaluation of events - customer specific as well as customer overspanning - helps to detect anomalies within an IaaS cloud. The feasibility of the research is presented as a prototype and its functionality is presented in three demonstrations. Results prove, that the developed cloud audit architecture is able to mitigate cloud specific security challenges

Using high-performance computing artifacts as a learning intervention : a systematic literature review

High-Performance Computing (HPC) artifacts provide opportunities for students to improve their understanding of parallel computing, which is important for students who study computer science. In line with that, many computing departments are integrating HPC systems into their curricula. However, there is a need to investigate HPC artifacts that have been used as learning interventions. This study has employed a systematic literature review to investigate published papers on HPC education from 1988 to 2018. The findings of our investigation of a stratified sample of 211 papers reveal the state of the practice of application of HPC artifacts in computing education in terms of the contexts, themes, nature and topics of the publications. The study revealed that a majority of publications reported the usage of Beowulf and other clusters as the pedagogical tools. Furthermore, the study discovered gaps in research on the application of HPC artifacts in ability and aptitude, teaching and learning, teaching and learning techniques, curriculum, parallel programming, and parallel processing. This study contributes to our understanding of what HPC artifacts are used in computer science education