System Infrastructure for Mobile-Cloud Convergence

Ha, Kiryong

01 December 2016

The convergence of mobile computing and cloud computing enables new mobile applications that are both resource-intensive and interactive. For these applications, end-to-end network bandwidth and latency matter greatly when cloud resources are used to augment the computational power and battery life of a mobile device. This dissertation designs and implements a new architectural element called a cloudlet, that arises from the convergence of mobile computing and cloud computing. Cloudlets represent the middle tier of a 3-tier hierarchy, mobile device — cloudlet—cloud, to achieve the right balance between cloud consolidation and network responsiveness. We first present quantitative evidence that shows cloud location can affect the performance of mobile applications and cloud consolidation. We then describe an architectural solution using cloudlets that are a seamless extension of todays cloud computing infrastructure. Finally, we define minimal functionalities that cloudlets must offer above/beyond standard cloud computing, and address corresponding technical challenges.

Mobile Computing

Cloud Computing

Cloudlets

Edge Computing

Mobile Edge Computing

Virtual Machines

Impact of DDoS Attack on the Three Common HypervisorS(Xen, KVM, Virtual Box)

Sheinidashtegol, Pezhman

01 July 2016

Cloud computing is a technology of inter-connected servers and resources that use virtualization to utilize the resources, flexibility, and scalability. Cloud computing is accessible through the network. This accessibility and utilization have its own benefit and drawbacks. Utilization and scalability make this technology more economic and affordable for even small businesses. Flexibility drastically reduces the risk of starting businesses. Accessibility allows cloud customers not to be restricted in a specific location until they could have access to the network, and in most cases through the internet. These significant traits, however, have their own disadvantages. Easy accessibility makes it more convenient for the malicious user to have access to servers in the cloud. Virtualizations that come to existence by middleware software called Virtual Machine Managers (VMMs) or hypervisors come with different vulnerabilities. These vulnerabilities are adding to previously existed vulnerability of Networks and Operating systems and Applications. In this research we are trying to distinguish the most resistant Hypervisor between (Xen, KVM and Virtual Box) against Distributed Denial of Service (DDoS) attack, an attempt to saturate victim’s resources making them unavailable to legitimate users, or shutting down the services by using more than one machine as attackers by targeting three different resources (Network, CPU, Memory). This research will show how hypervisors act differently under the same attacks and conditions.

Cloud Computing

Security

DDoS

Performance

Computer Sciences

Computer Security

Databases and Information Systems

Cloud computing adoption by SMEs in Sub-Saharan Africa

Abubakar, Dahiru Abubakar

January 2016

This research contributes to the growing body of research on cloud computing and addresses the paucity of research on cloud computing adoption, as well as information systems (IS) and information communication technologies (ICTs) adoption in sub-Saharan Africa. The research addresses the current state of cloud computing adoption in addition to the issues that can encourage or preclude its use by SMEs in sub-Saharan Africa. Further, the research establishes the extent to which cloud computing adoption stimulates small and medium-sized enterprises (SMEs) in sub-Saharan Africa to contribute to development. A qualitative research methodology with an interpretive viewpoint is adopted for this research comprising of two major phases that involved a total of eighteen small and medium sized enterprises (SMEs) in Nigeria. A pilot exploratory study using grounded theory was conducted in the initial phase and the development and refinement of a conceptual framework for analysis and evaluation was carried out in the second phase. The framework is theoretically grounded in the integration of two distinct theoretical traditions, i.e. institutions theory and the capability approach. This is the first research study that employs such a combination to examine cloud computing adoption. This research examines the expectations of cloud users against their fears together with other related influences to draw conclusions regarding the future of cloud computing usage in sub-Saharan Africa. The research found that SMEs considered issues like security, privacy and trust as playing a role in enabling adoption of cloud computing. This is in contrast with SMEs in the global north where these specific issues are discouraging adoption. The research recommends to policy makers and stakeholders interested in developing the cloud infrastructure in sub-Saharan Africa, that there is the need to be cautious in drafting policies (which are non-existent at present). This is in order not to draft policies and regulations with regard to cloud computing usage that will inhibit adoption. Finally, this research presents an incremental model that is used to analyse how cloud service provision was introduced in sub-Saharan Africa. The novel three-stage maturity model identified the incremental approach to the delivery of cloud services in sub-Saharan Africa which started from (i) no local provision, (ii) cloud brokers promoting foreign cloud service provision and (iii) locally-available cloud service provision over a period of three to four years. This research envisages that, with further development of the cloud infrastructure especially in terms of internet connectivity, and improved awareness, more SMEs will adopt cloud computing as part of their IS/ICT strategy.

443.2

TOWARDS AN INCENTIVE COMPATIBLE FRAMEWORK OF SECURE CLOUD COMPUTING

Zhang, Yulong

02 May 2012

Cloud computing has changed how services are provided and supported through the computing infrastructure. It has the advantages such as flexibility , scalability , compatibility and availability . However, the current architecture design also brings in some troublesome problems, like the balance of cooperation benefits and privacy concerns between the cloud provider and the cloud users, and the balance of cooperation benefits and free-rider concerns between different cloud users. Theses two problems together form the incentive problem in cloud environment. The first conflict lies between the reliance of services and the concerns of secrets of cloud users. To solve it, we proposes a novel architecture, NeuCloud, to enable partially, trusted, transparently, accountably privacy manipulation and revelation. With the help of this architecture, the privacy-sensitive users can be more confident to move to public clouds. A trusted computing base is not enough, in order to stimulate incentive-compatible privacy trading, we present a theoretical framework and provide the guidelines for cloud provider to compensate the cloud user's privacy-risk-aversion. We implement the NeuCloud and evaluate it. Moreover, a improved model of NeuCloud is discussed. The second part of this thesis strives to solve the free-rider problem in cloud environment. For example, the VM-colocation attacks have become serious threats to cloud environment. We propose to construct an incentive-compatible moving-target-defense by periodically migrating VMs, making it much harder for adversaries to locate the target VMs. We developed theories about whether the migration of VMs is worthy and how the optimal migration interval can be determined. To the best of our knowledge, our work is the first effort to develop a formal and quantified model to guide the migration strategy of clouds to improve security. Our analysis shows that our placement based defense can significantly improve the security level of the cloud with acceptable costs. In summary, the main objective of this study is to provide an incentive-compatible to eliminate the cloud user's privacy or cooperative concerns. The proposed methodology can directly be applied in commercial cloud and help this new computing fashion go further in the history. The theoretical part of this work can be extended to other fields where privacy and free-rider concerns exist.

Cloud Computing

Security

Privacy

Incentive Compatible

Computer Sciences

Physical Sciences and Mathematics

Cloud Privacy Audit Framework: A Value-Based Design

Coss, David

01 January 2013

The rapid expansion of cloud technology provides enormous capacity, which allows for the collection, dissemination and re-identification of personal information. It is the cloud’s resource capabilities such as these that fuel the concern for privacy. The impetus of these concerns are not too far removed from those expressed by Mason in 1986, when he identified privacy as one of the biggest ethical issues facing the information age. There seems to be continuous ebb and flow relationship with respect to privacy concerns and the development of new information communication technologies such as cloud computing. Privacy issues are a concern to all types of stakeholders in the cloud. Individuals using the cloud are exposed to privacy threats when they are persuaded to provide personal information unwantedly. An Organization using a cloud service is at risk of non-compliance to internal privacy policies or legislative privacy regulations. The cloud service provider has a privacy risk of legal liability and credibility concerns if sensitive information is exposed. The data subject is at risk of having personal information exposed. In essence everyone who is involved in cloud computing has some level of privacy risk that needs to be evaluated before, during and after they or an organization they interact with adopts a cloud technology solution. This resonates a need for organizations to develop privacy practices that are socially responsible towards the protection of their stakeholders’ information privacy. This research is about understanding the relationship between individual values and their privacy objectives. There is a lack of clarity in organizations as to what individuals consider privacy to be. Therefore, it is essential to understand an individual’s privacy values. Individuals seem to have divergent perspectives on the nature and scope of how their personal information is to be kept private in different modes of technologies. This study is concerned with identifying individual privacy objectives for cloud computing. We argue that privacy is an elusive concept due to the evolving relationship between technology and privacy. Understanding and identifying individuals’ privacy objectives are an influential step in the process of protecting the privacy in cloud computing environments. The aim of this study is to identify individual privacy values and develop cloud privacy objectives, which can be used to design a privacy audit for cloud computing environments. We used Keeney’s (1992) value focused thinking approach to identify individual privacy values with respect to emerging cloud technologies, and to develop an understanding of how cloud privacy objectives are shaped by the individual’s privacy values. We discuss each objective and how they relate to privacy concerns in cloud computing. We also use the cloud privacy objectives in a design science study to design a cloud privacy audit framework. We then discuss the how this research helps privacy managers develop a cloud privacy strategy, evaluate cloud privacy practices and develop a cloud privacy audit to ensure privacy. Lastly, future research directions are proposed.

Cloud Computing

Design Science

Privacy

Privacy Audit

Privacy Objectives

Value Focused Thinking

Business

Technology and Innovation

Cumulon: Simplified Matrix-Based Data Analytics in the Cloud

Huang, Botong

January 2016

<p>Cumulon is a system aimed at simplifying the development and deployment of statistical analysis of big data in public clouds. Cumulon allows users to program in their familiar language of matrices and linear algebra, without worrying about how to map data and computation to specific hardware and cloud software platforms. Given user-specified requirements in terms of time, monetary cost, and risk tolerance, Cumulon automatically makes intelligent decisions on implementation alternatives, execution parameters, as well as hardware provisioning and configuration settings -- such as what type of machines and how many of them to acquire. Cumulon also supports clouds with auction-based markets: it effectively utilizes computing resources whose availability varies according to market conditions, and suggests best bidding strategies for them. Cumulon explores two alternative approaches toward supporting such markets, with different trade-offs between system and optimization complexity. Experimental study is conducted to show the efficiency of Cumulon's execution engine, as well as the optimizer's effectiveness in finding the optimal plan in the vast plan space.</p> / Dissertation

Computer science

Computer engineering

cloud computing

matrix data analytics

optimization

parallel execution

spot instance

Analysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment

Javaid, Salman

13 August 2014

Malware detection and analysis is a major part of computer security. There is an arm race between security experts and malware developers to develop various techniques to secure computer systems and to find ways to circumvent these security methods. In recent years process heap-based attacks have increased significantly. These attacks exploit the system under attack via the heap, typically by using a heap spraying attack. The main drawback with existing techniques is that they either consume too many resources or are complicated to implement. Our work in this thesis focuses on new methods which offloads process heap analysis for guest Virtual Machines (VM) to the privileged domain using Virtual Machine Introspection (VMI) in a Cloud environment. VMI provides us with a seamless, non-intrusive and invisible (to malwares) way of observing the memory and state of VMs without raising red flags for the malwares.

Computer and Systems Architecture

An Investigation of the Impact of the Slow HTTP DOS and DDOS attacks on the Cloud environment

Helalat, Seyed Milad

January 2017

Cloud computing has brought many benefits to the IT industry, and could reduce the cost and facilitate the growth of businesses specially the startup companies which don’t have enough financial resources to build their own IT infrastructure. One of the main reason that companies hesitate to use cloud services is the security issues that the cloud computing technology has. This thesis at the beginning has an overview on the cloud computing concept and then reviews the cloud security vulnerabilities according to the cloud security alliance, then it describes the cloud denial of service and will focus on analyzing the Slow HTTP DOS attack and then will analyze the direct and indirect impact of these attacks on virtual machines. We decided to analyze the HTTP slow rate attacks because of the craftiness and covered characteristic also the catastrophic impact of the Slow HTTP attack whether it’s lunched on the cloud component or lunched from the cloud. There are some researches on the different way that a web server or web service can be protected against slow HTTP attacks, but there is a research gap about the impact of the attack on virtual environment or whether this attack has cross VM impact or not. This thesis investigates the impact of Slow HTTP attack on virtualization environment and will analyze the direct and indirect impact of these attack. For analyzing the Slow HTTP attacks, Slow headers, Slow body and Slow read are implemented using Slowhttptest and OWASP Switchblade software, and Wireshark is used to capture the traffic. For analyzing the impact of the attack, attacks are lunched on VirtualBox and the impact of the attack on the victim VM and neighbor VM is measured.

Slow HTTP DOS

Cloud computing Vulnerabilities

DOS on cloud

DOS on Virtual machines

Telecommunications

Telekommunikation

Využití databázových systémů v sw balících typu ERP/ERP II / Usage of database systems in robust ERP/ERP II sw packages

Vašek, Martin

January 2010

This thesis is concerning with problems of using database systems in ERP / ERP II software packages. The goal is to define position of ERP / ERP II systems in the Information System market. With this topic are also connected characteristics of database systems and definition of their specific position towards ERP / ERP II solutions. Except classical solutions, when the whole Information System is situated "inside" a company, there are also analyzed new attitudes, which respect external provider of ERP / ERP II and database services, particularly SaaS and Cloud Computing technology. This thesis also deals with evaluation of contributions and threats of these new business models, respecting different size of ERP / ERP II solutions. After introductory theoretical chapters, we choose respondents from groups of producers and distributors of ERP / ERP II products and we implemented a survey through questionnaire research. The goal is to clarify main reasons of choice of specific database platforms, used with different types of ERP / ERP II solutions. Afterward, with the aid of defined hypothesis, I'm trying to explain a degree of platform independence of robust ERP / ERP II software packages, towards database platforms. In closing parts of the thesis, there are compared individual database platforms among each other, respecting their suitability of usage in ERP / ERP II systems. Database systems are closely analyzed from several points of view. On the basis of ascertained theoretical and empirical frequency of particular database solutions we determine dominant market players and with the aid of multicriterial comparison we clear up reasons of their success among other competitors. Finally, we outline an anticipated trend, where the database systems market destined for ERP / ERP II products should grow in.

[en] DISTRIBUTED RDF GRAPH KEYWORD SEARCH / [pt] BUSCA DISTRIBUÍDA EM GRAFO RDF POR PALAVRA-CHAVE

DANILO MORET RODRIGUES

26 December 2014

[pt] O objetivo desta dissertação é melhorar a busca por palavra-chave em formato RDF. Propomos uma abordagem escalável, baseada numa representação tensorial, que permite o armazenamento distribuído e, como consequência, o uso de técnicas de paralelismo para agilizar a busca sobre grandes bases de RDF, em particular, as publicadas como Linked Data. Um volume sem precedentes de informação está sendo disponibilizado seguindo os princípios de Linked Data, formando o que chamamos de Web of Data. Esta informação, tipicamente codificada como triplas RDF, costuma ser representada como um grafo, onde sujeitos e objetos são vértices, e predicados são arestas ligando os vértices. Em consequência da ampla adoção de mecanismos de busca na World Wide Web, usuários estão familiarizados com a busca por palavra-chave. No caso de grafos RDF, no entanto, a extração de uma partição coerente de grafos para enriquecer os resultados da busca é uma tarefa cara, demorada, e cuja expectativa do usuário é de que seja executada em tempo real. Este trabalho tem como objetivo o tratamento deste problema. Parte de uma solução proposta recentemente prega a indexação do grafo RDF como uma matriz esparsa, que contém um conjunto de informações pré-computadas para agilizar a extração de seções do grafo, e o uso de consultas baseadas em tensores sobre a matriz esparsa. Esta abordagem baseada em tensores permite que se tome vantagem de técnicas modernas de programação distribuída, e.g., a utilização de bases de dados não-relacionais fracionadas e o modelo de MapReduce. Nesta dissertação, propomos o desenho e exploramos a viabilidade da abordagem baseada em tensores, com o objetivo de construir um depósito de dados distribuído e agilizar a busca por palavras-chave com uma abordagem paralela. / [en] The goal of this dissertation is to improve RDF keyword search. We propose a scalable approach, based on a tensor representation that allows for distributed storage, and thus the use of parallel techniques to speed up the search over large linked data sets, in particular those published as Linked Data. An unprecedented amount of information is becoming available following the principles of Linked Data, forming what is called the Web of Data. This information, typically codified as RDF subject-predicate-object triples, is commonly abstracted as a graph which subjects and objects are nodes, and predicates are edges connecting them. As a consequence of the widespread adoption of search engines on the World Wide Web, users are familiar with keyword search. For RDF graphs, however, extracting a coherent subset of data graphs to enrich search results is a time consuming and expensive task, and it is expected to be executed on-the-fly at user prompt. The dissertation s goal is to handle this problem. A recent proposal has been made to index RDF graphs as a sparse matrix with the pre-computed information necessary for faster retrieval of sub-graphs, and the use of tensor-based queries over the sparse matrix. The tensor approach can leverage modern distributed computing techniques, e.g., nonrelational database sharding and the MapReduce model. In this dissertation, we propose a design and explore the viability of the tensor-based approach to build a distributed datastore and speed up keyword search with a parallel approach.

[pt] LINKED DATA

[en] LINKED DATA

[pt] MAPREDUCE

[pt] CLOUD COMPUTING

[pt] KEYWORD SEARCH