Global ETD Search

451	Multi-Tenancy Security in Cloud Computing : Edge Computing and Distributed Cloud Shokrollahi Yancheshmeh, Ali January 2019 (has links) With the advent of technology cloud computing has become the next generation of network computing where cloud computing can deliver both software and hardware as on-demand services over the Internet. Cloud computing has enabled small organizations to build web and mobile apps for millions of users by utilizing the concept of “pay-as-you-go” for applications, computing, network and storage resources as on-demand services. These services can be provided to the tenants in different categories: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). In order to decrease the costs for the cloud users and increase resource utilization, cloud providers try to share the resources between different organizations (tenants) through a shared environment which is called Multi-Tenancy. Even though multi-tenancy‟s benefits are tremendous for both cloud providers and users, security and privacy concerns are the primary obstacles to Multi-Tenancy.Since Multi-Tenancy dramatically depends on resource sharing, many experts have suggested different approaches to secure Multi-Tenancy. One of the solutions is resource allocation and isolation techniques. In most cases, resource allocation techniques consider but are not sufficient for security. OpenStack community uses a method to isolate the resources in a Multi-Tenant environment. Even though this method is based on a smart filtering technique to segregate the resources in Compute nodes (the component that the instances are running on it in OpenStack), this method is not flawless. The problem comes up in the Cinder nodes where the resources are not isolated. This failure can be considered as a security concern for a Multi-Tenant environment in OpenStack. In order to solve this problem, this project explores a method to secure MultiTenancy for both sides in the Compute node and for backend where Block Storage devices for the instances can be isolated as well. / Med tillkomsten av teknik har molnberäkning blivit nästa generation nätverksberäkning där molnberäkning kan leverera både mjukvara och hårdvara som on-demand-tjänster över Internet. Cloud computing har gjort det möjligt för små organisationer att bygga webboch mobilappar för miljontals användare genom att använda begreppet ”pay-as-you-go” för applikationer, datoranläggningar, nätverksoch lagringsresurser som on-demand-tjänster. Dessa tjänster kan tillhandahållas hyresgästerna i olika kategorier: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) och Software as a Service (SaaS). För att minska kostnaderna för molnanvändarna och öka resursanvändningen, försöker molnleverantörer att dela resurserna mellan olika organisationer (hyresgäster) genom en delad miljö som kallas Multi-Tenancy. Men fördelarna med flera hyresgäster är enorma för både molnleverantörer och användare, säkerhetsoch integritetsfrågor är de främsta hindren för Multi-Tenancy. Eftersom Multi-Tenancy dramatiskt beror på resursdelning har många experter föreslagit olika metoder för att säkra Multi-Tenancy. En av lösningarna är resursallokering och isoleringstekniker. I de flesta fall beaktar resursallokeringstekniker men är inte tillräckliga för säkerhet. OpenStack community använder en metod för att isolera resurserna i en Multi-Tenant-miljö.Men denna metod är baserad på en smart filtreringsteknik för att separera resurserna i Compute-noder (komponenten som instansen körs på den i OpenStack), den här metoden är inte felfri. Problemet kommer upp i Cinder-noderna där resurserna inte är isolerade. Detta fel kan betraktas som ett säkerhetsproblem för en Multi-Tenant-miljö i OpenStack. För att lösa detta problem försöker detta projekt säkra Multi-Tenancy för båda sidor i Compute-noden och för backend där Block Storage-enheter för instanserna också kan isoleras. Cloud computing OpenStack Multi-Tenancy Security Multi-Tenancy Isolation. Cloud computing OpenStack Multi-Tenancy Security Multi-Tenancy Isolation. Elektroteknik och elektronik
452	A FaaS Instance Management Algorithm for Minimizing Cost subject to Response Time / Algoritm för hantering av FaaS-instanser för att minimera kostnaderna med hänsyn till svarstiden Zhang, Tianyu January 2022 (has links) With the development of cloud computing technologies, the concept of Function as a Service (FaaS) has become increasingly popular over the years. Developers can choose to create applications in the form of functions, and delegate the deployment and management of the infrastructure to the FaaS provider. Before a function can be executed at the infrastructure of the FaaS service provider, an environment to execute a function needs to be initiated; this environment initialization is known as cold start. Loading and maintaining a function is costly for FaaS providers, especially the cold start process which costs more system resources like Central Processing Unit (CPU) and memory than keeping functions alive. Therefore it is essential to prevent a cold start whenever possible because this would lead to an increase in both the response time and the cost. An instance management policy need to be implemented to reduce the probability of cold starts while minimizing costs. This project’s objective is to develop an instance management algorithm to minimize total costs while meeting response time requirements. By investigating three widely used instance management algorithms we found that none of them utilize the dependency existing between functions. We believe these dependencies can be useful to reduce response time and cold start probability by predicting next invocations. By leveraging this observation, we proposed a novel Dependency Based Algorithm (DBA). By using extensive simulations we showed that proposed algorithm can solve the problem and provide low response time with low costs compare to baselines. / I och med utvecklingen av molntjänster har konceptet FaaS (Function as a Service) blivit alltmer populärt under årens lopp. Utvecklare kan välja att skapa applikationer i form av funktioner och delegera utplaceringen och förvaltningen av infrastrukturen till FaaS-leverantören. Innan en funktion kan exekveras i FaaS-tjänsteleverantörens infrastruktur måste en miljö för att exekvera en funktion initieras; denna miljöinitialisering kallas kallstart. Att ladda och underhålla en funktion är kostsamt för FaaS-leverantörerna, särskilt kallstartsprocessen som kostar mer systemresurser som CPU och minne än att hålla funktionerna vid liv. Därför är det viktigt att förhindra en kallstart när det är möjligt eftersom detta skulle leda till en ökning av både svarstiden och kostnaden. En policy för hantering av instanser måste införas för att minska sannolikheten för kallstarter och samtidigt minimera kostnaderna. Projektets mål är att utveckla en algoritm för hantering av instanser för att minimera de totala kostnaderna samtidigt som kraven på svarstid uppfylls. Genom att undersöka tre allmänt använda algoritmer för hantering av instanser fann vi att ingen av dem utnyttjar det beroende som finns mellan funktioner. Vi tror att dessa beroenden kan vara användbara för att minska svarstiden och sannolikheten för kallstart genom att förutsäga nästa anrop. Genom att utnyttja denna observation föreslog vi en ny beroendebaserad algoritm. Med hjälp av omfattande simuleringar visade vi att den föreslagna algoritmen kan lösa problemet och ge en låg svarstid med låga kostnader jämfört med baslinjerna. Serverless Cloud Computing Function as a Service Kubernetes Instance Management Algorithm Serverless Cloud Computing funktion som tjänst Kubernetes algoritm för instanshantering Elektroteknik och elektronik
453	Trusted Execution Environment deployment through cloud Virtualization : Aproject on scalable deployment of virtual machines / Implementering av Trusted Execution Environment genom Cloud Virtualization : Ett projekt om skalbar distribution av virtuella maskiner Staboli, Luca January 2022 (has links) In the context of cloud computing, Trusted Execution Environments (TEE) are isolated areas of application software that can be executed with better security, building a trusted and secure environment that is detached from the rest of the memory. Trusted Execution Environment is a technology that become available only in the last few years, and it is not widespread yet. This thesis investigates the most popular approaches to build a TEE, namely the process-based and the virtualization-based, and will abstract them as much as possible to design a common infrastructure that can deploy TEEs on an external cloud provider, no matter which technology approach is used. The thesis is relevant and novel because the project will give the possibility to use different technologies for the deployment, such as Intel SGX and AMD SEV, which are the two main solutions, but without being reliant on any particular one. If in the future new technologies or vendors’ solutions will become popular, they can be simply added to the list of options. The same can be said for the cloud provider choice. The results show that it is possible to abstract the common features of different TEE’s technologies and to use a unique Application Programming Interface (API) to deploy different TEE´s technologies. We will also ran a performance and quality evaluation, and the results show that the API is performant and respect the common standard quality. This tool is useful for the problem owner and future works on the topic of cloud security. / I samband med cloud computing är Trusted Execution Environments (TEE) isolerade områden av applikationsprogramvara som kan köras med bättre säkerhet, bygga en pålitlig och säker miljö som är frikopplad från resten av minnet. Trusted Execution Environment är en teknik som blivit tillgänglig först under de senaste åren, och den är inte utbredd ännu. Denna avhandling undersöker de mest populära metoderna för att bygga en TEE, nämligen den processbaserade och den virtualiseringsbaserade, och kommer att abstrahera dem så mycket som möjligt för att designa en gemensam infrastruktur som kan distribuera TEEs på en extern molnleverantör, oavsett vilken teknik tillvägagångssätt används. Avhandlingen är relevant och ny eftersom projektet kommer att ge möjligheten att använda olika teknologier för implementeringen, såsom Intel SGX och AMD SEV, som är de två huvudlösningarna, men utan att vara beroende av någon speciell. Om i framtiden nya teknologier eller leverantörers lösningar kommer att bli populära kan de helt enkelt läggas till i listan över alternativ. Detsamma kan sägas om valet av molnleverantör. Resultaten visar att det är möjligt att abstrahera de gemensamma egenskaperna hos olika TEE:s teknologier och att använda ett unikt Application Programming Interface (API) för att distribuera olika TEE:s teknologier. Vi kommer också att göra en prestanda- och kvalitetsutvärdering, och resultaten visar att API:et är prestanda och respekterar den gemensamma standardkvaliteten. Det här verktyget är användbart för problemägaren och framtida arbeten på ämnet molnsäkerhet. Trusted Execution Environment Cloud Computing Virtual Machine Application Programming Interface Trusted Execution Environment Cloud Computing Virtual Machine Application Programming Interface Computer and Information Sciences Data- och informationsvetenskap
454	azureLang: Cyber Threat Modelling in Microsoft Azure cloud computing environment Geng, Ningyao January 2020 (has links) When assessing network systems, security has always been one of the priorities.Cyber threat modelling is one of the most suitable methods. From a startingpoint to each valuable asset, the simulation can enable the users to explore certainsecurity weaknesses alongside the attack path. In the end, the time to compromiseshows the security level of the whole system.In principle, most cyber threat models can be built and simulated by attack graphswhere each point in the graph can stand for a certain asset in the network system.However, different systems have different infrastructures and implementations.As a result, it will be more suitable if engineers can develop a domain specificlanguage (DSL) which can be associated with a specific attack graph in order toimprove accuracy and efficiency.In this master thesis work, the final outcome is azureLang, a cyber threat modelinglanguage based on Meta Attack Language (MAL) for Microsoft Azure cloudcomputing environment. Compatible with securiCAD®, a CAD tool developedby Foreseeti AB, a threat model can be built and then be simulated. / Vid bedömning av nätverkssystem har säkerhet alltid varit en av prioriteringarna.Bland tusentals metoder är cyberhotsmodellering en av de mest lämpliga. Frånen startpunkt till varje värdefull tillgång kan simuleringen göra det möjligt föranvändare att utforska vissa säkerhetssvagheter längs attackvägen. I slutändanvisar tiden för kompromiss säkerhetsnivån för hela systemet.I princip kan de flesta cyberhotsmodeller byggas och simuleras med attackgraferdär varje punkt i diagrammet kan stå för en viss tillgång i nätverkssystemet. Menolika system har olika infrastrukturer och implementationer. Som ett resultatkommer det att vara mer lämpligt om ingenjörer kan utveckla ett domänspecifiktspråk (DSL) som kan associeras med en specifik attackgrafik för att förbättranoggrannhet och effektivitet.I det här examensarbetet är slutresultatet azureLang, ett språk för modelleringav hothot baserat på Meta Attack Language (MAL) för Microsoft Azure cloudcomputing-miljö. Kompatibel med securiCAD ®, ett CAD-verktyg utvecklat avForeseeti AB, en hotmodell kan byggas och sedan simuleras. Threat modelling Microsoft Azure MAL Cloud computing azureLang Hotmodellering Microsoft Azure MAL Cloud computing azureLang Elektroteknik och elektronik
455	Adaptive Power Management for Autonomic Resource Configuration in Large-scale Computer Systems Zhang, Ziming (Software engineer) 08 1900 (has links) In order to run and manage resource-intensive high-performance applications, large-scale computing and storage platforms have been evolving rapidly in various domains in both academia and industry. The energy expenditure consumed to operate and maintain these cloud computing infrastructures is a major factor to influence the overall profit and efficiency for most cloud service providers. Moreover, considering the mitigation of environmental damage from excessive carbon dioxide emission, the amount of power consumed by enterprise-scale data centers should be constrained for protection of the environment.Generally speaking, there exists a trade-off between power consumption and application performance in large-scale computing systems and how to balance these two factors has become an important topic for researchers and engineers in cloud and HPC communities. Therefore, minimizing the power usage while satisfying the Service Level Agreements have become one of the most desirable objectives in cloud computing research and implementation. Since the fundamental feature of the cloud computing platform is hosting workloads with a variety of characteristics in a consolidated and on-demand manner, it is demanding to explore the inherent relationship between power usage and machine configurations. Subsequently, with an understanding of these inherent relationships, researchers are able to develop effective power management policies to optimize productivity by balancing power usage and system performance. In this dissertation, we develop an autonomic power-aware system management framework for large-scale computer systems. We propose a series of techniques including coarse-grain power profiling, VM power modelling, power-aware resource auto-configuration and full-system power usage simulator. These techniques help us to understand the characteristics of power consumption of various system components. Based on these techniques, we are able to test various job scheduling strategies and develop resource management approaches to enhance the systems' power efficiency. cloud computing high performance computing power management Computer systems -- Power supply. Cloud computing. High performance computing.
456	Ontology Based Security Threat Assessment and Mitigation for Cloud Systems Kamongi, Patrick 12 1900 (has links) A malicious actor often relies on security vulnerabilities of IT systems to launch a cyber attack. Most cloud services are supported by an orchestration of large and complex systems which are prone to vulnerabilities, making threat assessment very challenging. In this research, I developed formal and practical ontology-based techniques that enable automated evaluation of a cloud system's security threats. I use an architecture for threat assessment of cloud systems that leverages a dynamically generated ontology knowledge base. I created an ontology model and represented the components of a cloud system. These ontologies are designed for a set of domains that covers some cloud's aspects and information technology products' cyber threat data. The inputs to our architecture are the configurations of cloud assets and components specification (which encompass the desired assessment procedures) and the outputs are actionable threat assessment results. The focus of this work is on ways of enumerating, assessing, and mitigating emerging cyber security threats. A research toolkit system has been developed to evaluate our architecture. We expect our techniques to be leveraged by any cloud provider or consumer in closing the gap of identifying and remediating known or impending security threats facing their cloud's assets. Ontology Cybersecurity Cloud Computing Vulnerability Ranking Threat Risk Prediction Assessment Mitigation Systems Computer networks -- Security measures. Computer security. Cloud computing -- Security measures. Ontologies (Information retrieval)
457	An Explorative Parameter Sweep: Spatial-temporal Data Mining in Stochastic Reaction-diffusion Simulations Wrede, Fredrik January 2016 (has links) Stochastic reaction-diffusion simulations has become an efficient approach for modelling spatial aspects of intracellular biochemical reaction networks. By accounting for intrinsic noise due to low copy number of chemical species, stochastic reaction-diffusion simulations have the ability to more accurately predict and model biological systems. As with many simulations software, exploration of the parameters associated with the model can be needed to yield new knowledge about the underlying system. The exploration can be conducted by executing parameter sweeps for a model. However, with little or no prior knowledge about the modelled system, the effort for practitioners to explore the parameter space can get overwhelming. To account for this problem we perform a feasibility study on an explorative behavioural analysis of stochastic reaction-diffusion simulations by applying spatial-temporal data mining to large parameter sweeps. By reducing individual simulation outputs into a feature space involving simple time series and distribution analytics, we were able to find similar behaving simulations after performing an agglomerative hierarchical clustering. Big data feature extraction clustering stochastic reaction-diffusion simulation spatial-temporal data mining cloud computing
458	Scalable framework for turn-key honeynet deployment Brzeczko, Albert Walter 22 May 2014 (has links) Enterprise networks present very high value targets in the eyes of malicious actors who seek to exfiltrate sensitive proprietary data, disrupt the operations of a particular organization, or leverage considerable computational and network resources to further their own illicit goals. For this reason, enterprise networks typically attract the most determined of attackers. These attackers are prone to using the most novel and difficult-to-detect approaches so that they may have a high probability of success and continue operating undetected. Many existing network security approaches that fall under the category of intrusion detection systems (IDS) and intrusion prevention systems (IPS) are able to detect classes of attacks that are well-known. While these approaches are effective for filtering out routine attacks in automated fashion, they are ill-suited for detecting the types of novel tactics and zero-day exploits that are increasingly used against the enterprise. In this thesis, a solution is presented that augments existing security measures to provide enhanced coverage of novel attacks in conjunction with what is already provided by traditional IDS and IPS. The approach enables honeypots, a class of tech- nique that observes novel attacks by luring an attacker to perform malicious activity on a system having no production value, to be deployed in a turn-key fashion and at large scale on enterprise networks. In spite of the honeypot’s efficacy against tar- geted attacks, organizations can seldom afford to devote capital and IT manpower to integrating them into their security posture. Furthermore, misconfigured honeypots can actually weaken an organization’s security posture by giving the attacker a stag- ing ground on which to perform further attacks. A turn-key approach is needed for organizations to use honeypots to trap, observe, and mitigate novel targeted attacks. Honeynet Cloud computing Information security Computer networks Security measures
459	Nonlinear Prediction in Credit Forecasting and Cloud Computing Deployment Optimization Jarrett, Nicholas Walton Daniel January 2015 (has links) <p>This thesis presents data analysis and methodology for two prediction problems. The first problem is forecasting midlife credit ratings from personality information collected during early adulthood. The second problem is analysis of matrix multiplication in cloud computing.</p><p>The goal of the credit forecasting problem is to determine if there is a link between personality assessments of young adults with their propensity to develop credit in middle age. The data we use is from a long term longitudinal study of over 40 years. We do find an association between credit risk and personality in this cohort Such a link has obvious implications for lenders but also can be used to improve social utility via more efficient resource allocation</p><p>We analyze matrix multiplication in the cloud and model I/O and local computation for individual tasks. We established conditions for which the distribution of job completion times can be explicitly obtained. We further generalize these results to cases where analytic derivations are intractable.</p><p>We develop models that emulate the multiplication procedure, allowing job times for different deployment parameter settings to be emulated after only witnessing a subset of tasks, or subsets of tasks for nearby deployment parameter settings. </p><p>The modeling framework developed sheds new light on the problem of determining expected job completion time for sparse matrix multiplication.</p> / Dissertation Statistics Computer science Psychology Cloud computing Deployment optimization Gaussian process Matrix multiplication Nonlinear prediction Optimization
460	Tactical HPC: Scheduling high performance computers in a geographical region KhoshgoftarMonfared, Alireza 27 May 2016 (has links) Mobile devices are often expected to perform computational tasks that may be beyond their processing or battery capability. Cloud computing techniques have been proposed as a means to offload a mobile device's computation to more powerful resources. In this thesis, we consider the case where powerful computing resources are made available by utilizing vehicles. These vehicles can be repositioned in real time to receive computational tasks from user-carried devices. They can be either equipped with rugged high-performance computers to provide both computation and communication service, or they can be simple message ferries that facilitate communication with a more powerful computing resource. These scenarios find application in challenged environments and may be used in a military or disaster relief settings. It is further enabled by increasing feasibility of (i) constructing a Mobile High Performance Computer (MHPC) using rugged computer hardware with form factors that can be deployed in vehicles and (ii) Message Ferries (MF) that provide communication service in disruption tolerant networks. By analogy to prior work on message ferries and data mules, one can refer to the use of our first schema, MHPCs, as computational ferrying. After illustrating and motivating the computational ferrying concept, we turn our attention into the challenges facing such a deployment. These include the well known challenges of operating an opportunistic and intermittently connected network using message ferries -- such as devising an efficient mobility plan for MHPCs and developing techniques for proximity awareness. In this thesis, first we propose an architecture for the system components to be deployed on the mobile devices and the MHPCs. We then focus on defining and solving the MHPC movement scheduling problem with sufficient generality to describe a number of plausible deployment scenarios. After thorough examination of the MHPC concepts, we propose a scheme in which MHPCs are downgraded to be simple MFs that instead provide communication to a stationary HPC with powerful computing resources. Similar to the MPHCs, we provide a framework for this problem and then describe heuristics to solve it. We conduct a number of experiments that provide an understanding of how the performance of the system using MHPCs or MFs is affected by various parameters. We also provide a thorough comparison of the system in the dimensions of Computation on the Move and Controlling the Mobility. Opportunistic networks Delay tolerant networks Mobile computing systems Mobile cloud computing High performance computers Shceduling

Search results