Towards Migrating Security Policies along with Virtual Machines in Cloud

Multi-tenancy and elasticity are important characteristics of every cloud. Multi-tenancy can be economical; however, it raises some security concerns. For example, contender companies may have Virtual Machines (VM) on the same server and have access to the same resources. There is always the possibility that one of them tries to get access to the opponent's data. In order to address these concerns, each tenant in the cloud should be secured separately and firewalls are one of the means that can help in that regard. Firewalls also protect virtual machines from the outside threats using access control lists and policies. On the other hand, virtual machines migrate frequently in an elastic cloud and this raises another apprehension about what happens to the security policies that are associated with the migrated virtual machine. In this thesis, we primarily contribute by proposing a novel framework that coordinates the mobility of the associated security policies along with the virtual machine in Software-Defined Networks (SDN). We then design and develop a prototype application called Migration Application (MigApp), based on our framework that moves security policies and coordinates virtual machine and security policy migration. MigApp runs on top of SDN controllers and uses a distributed messaging system in order to interact with virtual machine monitor and other MigApp instances. We integrate MigApp with Floodlight controller and evaluate our work through simulations. In addition, we prepare a test-bed for security testing in clouds that are based on traditional networks. We focus on virtual machine migration and use open-source utilities to equip this test-bed. We design an architecture based on GNS3 network emulator in order to provide a distributed testing environment. We then propose a virtual machine migration framework on Oracle VirtualBox; and finally, we enrich the security aspect of framework by adding firewall rule migration and security verification mechanisms into it

Adaptive Energy Aware Cooperation Strategy in Heterogeneous Multi-domain Sensor Networks

AbstractIn some applications of sensor networks, multi-domain exists and cooperation among domains could lead to longer lifetime. In this paper, we consider heterogeneous multi-domain sensor networks. It means that different networks belong to different domains and sensors are deployed at the same physical location and their topology is heterogonous. Apparently, domains life time can be increased by means of cooperation in packet forwarding; however selfishness is inevitable from rational perspective. We investigate this problem to find out cooperation of authorities while their sensors are energy aware. When sensors are energy aware, spontaneous cooperation cannot take place. Therefore we presented the Adaptive Energy Aware strategy, a novel algorithm that is based on TIT-FOR-TAT, starts with generosity and ends up with conservative behaviour. Our simulation results showed that this algorithm could prolong its network lifetime in competition with other networks