Investigations of an SLA Support System for Cloud Computing (SLACC)

Cloud Providers (CP) and Cloud Users (CU) need to agree on a set of parameters expressed through Service Level Agreements (SLA) for a given Cloud service. However, even with the existence of many CPs in the market, it is still impossible today to see CPs who guarantee, or at least offer, an SLA specification tailored to CU's interests: not just offering percentage of availability, but also guaranteeing, for example, specific performance parameters for a certain Cloud application. Due to (1) the huge size of CPs' IT infrastructures and (2) the high complexity with multiple inter-dependencies of resources (physical or virtual), the estimation of specific SLA parameters to compose Service Level Objectives (SLOs) with trustful Key Performance Indicators (KPIs) tends to be inaccurate. This paper investigates an SLA Support System for CC (SLACC) which aims to estimate in a formalized methodology - based on available Cloud Computing infrastructure parameters - what CPs will be able to offer/accept as SLOs or KPIs and, as a consequence, which increasing levels of SLA specificity for their customers can be reache

Telecommunication Economics: Selected Results of the COST Action IS0605

This book constitutes a collaborative and selected documentation of the scientific outcome of the European COST Action IS0605 Econ@Tel "A Telecommunications Economics COST Network" which run from October 2007 to October 2011. Involving experts from around 20 European countries, the goal of Econ@Tel was to develop a strategic research and training network among key people and organizations in order to enhance Europe's competence in the field of telecommunications economics. Reflecting the organization of the COST Action IS0605 Econ@Tel in working groups the following four major research areas are addressed: - evolution and regulation of communication ecosystems; - social and policy implications of communication technologies; - economics and governance of future networks; - future networks management architectures and mechanisms

Investigating Regulative Implications for User-generated Content and a Design Proposal

The rapid increase of the Internet connectivity and the data publishing activity, like user-generated content, has lead Internet Service Providers (ISPs) to establish more efficient mechanisms for content delivery, such as caching. Mechanisms such as content-aware-networks and in-network caching reduce network load, server load, and user response time, thus, manage the network. However, caching of content also raises major implications in terms of legal acts and bills (e.g., data privacy, copyright), dealing with access control, validation scheme, and regulations (e.g., contractual obligation, legal restrictions). In general, user-generated content is linked with sensitive information, such as geographical information, medical and financial information, personal identifiable data, photos, videos, and contact information. Therefore, it is essential to secure data and regulate access. The latter, is gained by including access control mechanisms in the data exchange process, where a user requesting data must prove his access rights. Therefore, a user has to show an access ticket, which includes his rights based on legal and regulative implications. In order to secure any kind of data exchange, authentication of each participating communication entity (e.g., content owner, server, and end-user) is essential, which is part of the proposed two-way authentication handshake in this paper that is performed to generate a secure communication channel. The main contribution of this paper is to show that transmission, storage, and usage of user-generated data in caches within the network is manageable within the legal laws on sensitivity, copyright, and privacy. The scope of studying these laws, acts, and policies is restricted to Switzerland (CH), the European Union (EU), and the United States of America (USA). Finally, a solution is presented including access ticketing and two-way authentication mechanisms based oncommonstandards from IP network

IoT-Based Access Management Supported by AI and Blockchains

Internet-of-Things (IoT), Artificial Intelligence (AI), and Blockchains (BCs) are essential techniques that are heavily researched and investigated today. This work here specifies, implements, and evaluates an IoT architecture with integrated BC and AI functionality to manage access control based on facial detection and recognition by incorporating the most recent state-of-the-art techniques. The system developed uses IoT devices for video surveillance, AI for face recognition, and BCs for immutable permanent storage to provide excellent properties in terms of image quality, end-to-end delay, and energy efficiency

KYoT: Self-sovereign IoT Identification with a Physically Unclonable Function

The integration of Internet-of-Things (IoT) and Blockchains (BC) for trusted and decentralized approaches enabled modern use cases, such as supply chain tracing, smart cities, and IoT data marketplaces. For these it is essential to identify reliably IoT devices, since the producer-consumer trust is not guaranteed by a Trusted Third Party (TTP). Therefore, this work proposes a Know Your IoT device platform (KYoT), which enables the self-sovereign identification of IoT devices on the Ethereum BC. KYoT permits manufacturers and device owners to register and verify IoT devices in a self-sovereign fashion, while data storage security is ensured. KYoT deploys an SRAM-based (Static Random Access Memory) Physically Unclonable Function (PUF), which takes advantage of the manufacturing variability of devices’ SRAM chips to derive a unique identifying key for each IoT device. The self-sovereign identification mechanism introduced is based on the ERC 734 and ERC 735 Ethereum identity standards

A Framework for the Planning and Management of Cybersecurity Projects in Small and Medium-sized Enterprises

Cybersecurity remains one of the key investments for companies that want to protect their business in a digital era. Therefore, it is essential to understand the different steps required to implement an adequate cybersecurity strategy, which can be viewed as a cybersecurity project to be developed, implemented, and operated. This article proposes SECProject, a practical framework that defines and organizes the technical and economics steps required for the planning and implementation of a cost-effective cybersecurity strategy in Small and Medium-sized Enterprises (SME). As novelty, the SECProject framework allows for a guided and organized cybersecurity planning that considers both technical and economical elements needed for an adequate protection. This helps even companies without technical expertise to optimize their cybersecurity investments while reducing their business risks due to cyberattacks. In order to show the feasibility of the proposed framework, a case study was conducted within a Swiss SME from the pharma sector, highlighting the information and artifacts required for the planning and deployment of cybersecurity strategies. The results show the benefits and effectiveness of risk and cost management as a key element during the planning of cybersecurity projects using the SECProject as a guideline