DEPENDABILITY IN CLOUD COMPUTING

The technological advances and success of Service-Oriented Architectures and the Cloud computing paradigm have produced a revolution in the Information and Communications Technology (ICT). Today, a wide range of services are provisioned to the users in a flexible and cost-effective manner, thanks to the encapsulation of several technologies with modern business models. These services not only offer high-level software functionalities such as social networks or e-commerce but also middleware tools that simplify application development and low-level data storage, processing, and networking resources. Hence, with the advent of the Cloud computing paradigm, today's ICT allows users to completely outsource their IT infrastructure and benefit significantly from the economies of scale. At the same time, with the widespread use of ICT, the amount of data being generated, stored and processed by private companies, public organizations and individuals is rapidly increasing. The in-house management of data and applications is proving to be highly cost intensive and Cloud computing is becoming the destination of choice for increasing number of users. As a consequence, Cloud computing services are being used to realize a wide range of applications, each having unique dependability and Quality-of-Service (Qos) requirements. For example, a small enterprise may use a Cloud storage service as a simple backup solution, requiring high data availability, while a large government organization may execute a real-time mission-critical application using the Cloud compute service, requiring high levels of dependability (e.g., reliability, availability, security) and performance. Service providers are presently able to offer sufficient resource heterogeneity, but are failing to satisfy users' dependability requirements mainly because the failures and vulnerabilities in Cloud infrastructures are a norm rather than an exception. This thesis provides a comprehensive solution for improving the dependability of Cloud computing -- so that -- users can justifiably trust Cloud computing services for building, deploying and executing their applications. A number of approaches ranging from the use of trustworthy hardware to secure application design has been proposed in the literature. The proposed solution consists of three inter-operable yet independent modules, each designed to improve dependability under different system context and/or use-case. A user can selectively apply either a single module or combine them suitably to improve the dependability of her applications both during design time and runtime. Based on the modules applied, the overall proposed solution can increase dependability at three distinct levels. In the following, we provide a brief description of each module. The first module comprises a set of assurance techniques that validates whether a given service supports a specified dependability property with a given level of assurance, and accordingly, awards it a machine-readable certificate. To achieve this, we define a hierarchy of dependability properties where a property represents the dependability characteristics of the service and its specific configuration. A model of the service is also used to verify the validity of the certificate using runtime monitoring, thus complementing the dynamic nature of the Cloud computing infrastructure and making the certificate usable both at discovery and runtime. This module also extends the service registry to allow users to select services with a set of certified dependability properties, hence offering the basic support required to implement dependable applications. We note that this module directly considers services implemented by service providers and provides awareness tools that allow users to be aware of the QoS offered by potential partner services. We denote this passive technique as the solution that offers first level of dependability in this thesis. Service providers typically implement a standard set of dependability mechanisms that satisfy the basic needs of most users. Since each application has unique dependability requirements, assurance techniques are not always effective, and a pro-active approach to dependability management is also required. The second module of our solution advocates the innovative approach of offering dependability as a service to users' applications and realizes a framework containing all the mechanisms required to achieve this. We note that this approach relieves users from implementing low-level dependability mechanisms and system management procedures during application development and satisfies specific dependability goals of each application. We denote the module offering dependability as a service as the solution that offers second level of dependability in this thesis. The third, and the last, module of our solution concerns secure application execution. This module considers complex applications and presents advanced resource management schemes that deploy applications with improved optimality when compared to the algorithms of the second module. This module improves dependability of a given application by minimizing its exposure to existing vulnerabilities, while being subject to the same dependability policies and resource allocation conditions as in the second module. Our approach to secure application deployment and execution denotes the third level of dependability offered in this thesis. The contributions of this thesis can be summarized as follows.The contributions of this thesis can be summarized as follows. \u2022 With respect to assurance techniques our contributions are: i) de finition of a hierarchy of dependability properties, an approach to service modeling, and a model transformation scheme; ii) de finition of a dependability certifi cation scheme for services; iii) an approach to service selection that considers users' dependability requirements; iv) de finition of a solution to dependability certifi cation of composite services, where the dependability properties of a composite service are calculated on the basis of the dependability certi ficates of component services. \u2022 With respect to off ering dependability as a service our contributions are: i) de finition of a delivery scheme that transparently functions on users' applications and satisfi es their dependability requirements; ii) design of a framework that encapsulates all the components necessary to o er dependability as a service to the users; iii) an approach to translate high level users' requirements to low level dependability mechanisms; iv) formulation of constraints that allow enforcement of deployment conditions inherent to dependability mechanisms and an approach to satisfy such constraints during resource allocation; v) a resource management scheme that masks the a ffect of system changes by adapting the current allocation of the application. \u2022 With respect to security management our contributions are: i) an approach that deploys users' applications in the Cloud infrastructure such that their exposure to vulnerabilities is minimized; ii) an approach to build interruptible elastic algorithms whose optimality improves as the processing time increases, eventually converging to an optimal solution

Make mine a quadruple: Strengthening the security of graphical one-time PIN authentication

Secure and reliable authentication is an essential prerequisite for many online systems, yet achieving this in a way which is acceptable to customers remains a challenge. GrIDsure, a one-time PIN scheme using random grids and personal patterns, has been proposed as a way to overcome some of these challenges. We present an analytical study which demonstrates that GrIDsure in its current form is vulnerable to interception. To strengthen the scheme, we propose a way to fortify GrIDsure against Man-in-the-Middle attacks through (i) an additional secret transmitted out-of-band and (ii) multiple patterns. Since the need to recall multiple patterns increases user workload, we evaluated user performance with multiple captures with 26 participants making 15 authentication attempts each over a 3-week period. In contrast with other research into the use of multiple graphical passwords, we find no significant difference in the usability of GrIDsure with single and with multiple patterns. © 2011 IEEE

Noise-induced schooling of fish

We report on the dynamics of collective alignment in groups of the cichlid fish, Etroplus suratensis. Focusing on small-to-intermediate sized groups ($10<N<100$), we demonstrate that schooling (highly polarised and coherent motion) is noise-induced, arising from the intrinsic stochasticity associated with finite numbers of interacting fish. The fewer the fish, the greater the (multiplicative) noise and therefore the likelihood of alignment. Such empirical evidence is rare, and tightly constrains the possible underlying interactions between fish: computer simulations indicate that E. suratensis align with each other one at a time, which is at odds with the canonical mechanism of collective alignment, local direction-averaging. More broadly, our results confirm that, rather than simply obscuring otherwise deterministic dynamics, noise is fundamental to the characterisation of emergent collective behaviours, suggesting a need to re-appraise aspects of both collective motion and behavioural inference.Comment: Main manuscript: 8 pages (incl. refs), 4 figures. Supplementary: 11 pages, 5 figure

Attack trees in Isabelle

In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification

Data security issues in cloud scenarios

The amount of data created, stored, and processed has enormously increased in the last years. Today, millions of devices are connected to the Internet and generate a huge amount of (personal) data that need to be stored and processed using scalable, efficient, and reliable computing infrastructures. Cloud computing technology can be used to respond to these needs. Although cloud computing brings many benefits to users and companies, security concerns about the cloud still represent the major impediment for its wide adoption. We briefly survey the main challenges related to the storage and processing of data in the cloud. In particular, we focus on the problem of protecting data in storage, supporting fine-grained access, selectively sharing data, protecting query privacy, and verifying the integrity of computations

Astragaloside IV enhances the sensitivity of breast cancer stem cells to paclitaxel by inhibiting stemness.

Chemotherapy is one of the common treatments for breast cancer. The induction of cancer stem cells (CSCs) is an important reason for chemotherapy failure and breast cancer recurrence. Astragaloside IV (ASIV) is one of the effective components of the traditional Chinese medicine (TCM) , which can improve the sensitivity of various tumors to chemotherapy drugs. Here, we explored the sensitization effect of ASIV to chemotherapy drug paclitaxel (PTX) in breast cancer from the perspective of CSCs. The study included both and experiments. CSCs from the breast cancer cell line MCF7 with stem cell characteristics were successfully induced . Cell viability and proliferation were detected using the Cell Counting Kit-8 (CCK-8) and colony formation assays, and flow cytometry and terminal deoxynucleotidyl transferase dUTP nick end labeling (TUNEL) methods were performed to detect cell apoptosis. Stemness-related protein expression was determined by western blotting (WB) and immunohistochemistry (IHC). Body weight, histopathology, and visceral organ damage of mice were used to monitor drug toxicity. The expression of stemness markers including Sox2, Nanog, and ALDHA1 was stronger in MCF7-CSCs than in MCF7. PTX treatment inhibited the proliferation of tumor cells by promoting cell apoptosis, whereas the stemness of breast cancer stem cells (BCSCs) resisted the effects of PTX. ASIV decreased the stemness of BCSCs, increased the sensitivity of BCSCs to PTX, and synergistically promoted PTX-induced apoptosis of breast cancer cells. Our results showed that the total cell apoptosis rate increased by about 25% after adding ASIV compared with BCSCs treated with PTX alone. The experiments demonstrated that ASIV enhanced the ability of PTX to inhibit the growth of breast cancer. WB and IHC showed that ASIV reduced the stemness of CSCs. In this study, the resistance of breast cancer to PTX was attributed to the existence of CSCs; ASIV weakened the resistance of MCF7-CSCs to PTX by significantly attenuating the hallmarks of breast cancer stemness and improved the efficacy of PTX. [Abstract copyright: 2023 Translational Cancer Research. All rights reserved.

Data protection in Cloud scenarios

We present a brief overview of the main challenges related to data protection that need to be addressed when data are stored, processed, or managed in the cloud. We also discuss emerging approaches and directions to address such challenges