Trusted cloud computing modelling with distributed end-user attestable multilayer security

Sule, Mary-Jane

January 2016

As cloud computing continues to gain popularity and its economies of scale continue to improve, stakeholders want to minimise the security risk, protect their data and other resources while maximising the gains of using any cloud resources and its application. It is predicted that by the end of 2017, bulk of spending on any IT infrastructure would be on cloud infrastructure and services as many critical applications – power, medical, finance among others continue to be migrated onto cloud platforms. For these sectors, the security challenges of cloud adoption continue to be of a great concern even with its benefits. The ability to trust and measure security levels of any cloud platform is paramount in the complete adoption and use of cloud computing in many mission critical sectors. In-depth study and analysis of the trustworthiness of various cloud based platforms/systems are often limited by the complex and dynamic nature of cloud and often do not correctly foresee or practically determine the varying trust relationship between and across the cloud layers, components (schedulers), algorithms and applications especially at a large scale. Tradition security and privacy controls continue to be implemented on cloud but due to its fluid and dynamic nature, research work in the area of end-user attestable trust evaluation of the cloud platform is limited. Most of the current simulation tools do not cater for modelling of Trust on scalable multi-layer cloud deployments (including workflow and infrastructure).Even as these tools continue to be implemented none has been used to cater for all the layers of the cloud platform. This research presents a deployment of trusted computing applied in cloud computing suited for mission critical applications. It attempts to simplify the integration of trusted platform module based integrity measurement into cloud infrastructure. Using Eucalyptus cloud software on server-grade hardware, a trusted community cloud platform was deployed on the Brunel Network as presented in Chapter 3. Security is enhanced by the integration of an end-user accessible TPM integrity measurement and verification process; this guarantees trusted ownership and integrity of the uploaded data and provides additional level of trust for the cloud platform. This research further presents a technique which allows data owners to first secure their data offline by inserting colour drops into the data using steganography. The colour drops are used to detect unauthorised modifications, verify data owner in the event the copyright of the data is in dispute and identify the path through which it was tampered with. This process ensures integrity and confidentiality of the resources. This thesis also presents a trust model using fuzzy logic which was simulated using Simulink in Matlab and subsequently evaluated on an experimental platform deployed on the Brunel network. Using this model, end-users can determine the trust values for a cloud platform or service, as well as, classify and compare various cloud platforms. The results obtained suggest that the outputs of this research work can improve end-user confidence when selecting or consuming cloud resources with enhanced data integrity and protection.

004.67

A distributed, compact routing protocol for the Internet

Jakma, Paul

January 2016

The Internet has grown in size at rapid rates since BGP records began, and continues to do so. This has raised concerns about the scalability of the current BGP routing system, as the routing state at each router in a shortest-path routing protocol will grow at a supra-linearly rate as the network grows. The concerns are that the memory capacity of routers will not be able to keep up with demands, and that the growth of the Internet will become ever more cramped as more and more of the world seeks the benefits of being connected. Compact routing schemes, where the routing state grows only sub-linearly relative to the growth of the network, could solve this problem and ensure that router memory would not be a bottleneck to Internet growth. These schemes trade away shortest-path routing for scalable memory state, by allowing some paths to have a certain amount of bounded “stretch”. The most promising such scheme is Cowen Routing, which can provide scalable, compact routing state for Internet routing, while still providing shortest-path routing to nearly all other nodes, with only slightly stretched paths to a very small subset of the network. Currently, there is no fully distributed form of Cowen Routing that would be practical for the Internet. This dissertation describes a fully distributed and compact protocol for Cowen routing, using the k-core graph decomposition. Previous compact routing work showed the k-core graph decomposition is useful for Cowen Routing on the Internet, but no distributed form existed. This dissertation gives a distributed k-core algorithm optimised to be efficient on dynamic graphs, along with with proofs of its correctness. The performance and efficiency of this distributed k-core algorithm is evaluated on large, Internet AS graphs, with excellent results. This dissertation then goes on to describe a fully distributed and compact Cowen Routing protocol. This protocol being comprised of a landmark selection process for Cowen Routing using the k-core algorithm, with mechanisms to ensure compact state at all times, including at bootstrap; a local cluster routing process, with mechanisms for policy application and control of cluster sizes, ensuring again that state can remain compact at all times; and a landmark routing process is described with a prioritisation mechanism for announcements that ensures compact state at all times.

004.67

Performance-oriented service management in clouds

Chen, Chao

January 2016

Cloud computing has provided the convenience for many IT-related and traditional industries to use feature-rich services to process complex requests. Various services are deployed in the cloud and they interact with each other to deliver the required results. How to effectively manage these services, the number of which is ever increasing, within the cloud has unavoidably become a critical issue for both tenants and service providers of the cloud. In this thesis, we develop the novel resource provision frameworks to determine resources provision for interactive services. Next, we propose the algorithms for mapping Virtual Machines (VMs) to Physical Machines (PMs) under different constraints, aiming to achieve the desired Quality-of-Services (QoS) while optimizing the provisions in both computing resources and communication bandwidth. Finally, job scheduling may become a performance bottleneck itself in such a large scale cloud. In order to address this issue, the distributed job scheduling framework has been proposed in the literature. However, such distributed job scheduling may cause resource conflict among distributed job schedulers due to the fact that individual job schedulers make their job scheduling decisions independently. In this thesis, we investigate the methods for reducing resource conflict. We apply the game theoretical methodology to capture the behaviour of the distributed schedulers in the cloud. The frameworks and methods developed in this thesis have been evaluated with a simulated workload, a large-scale workload trace and a real cloud testbed.

004.67

How geek kids get geek jobs : a cross-generational inquiry into digital play and young adults' careers in IT

Baxter-Webb, Joe

January 2015

From programming 'home-brew' games, to modifying the content of existing commercial titles, digital gaming can be regarded as a potential gateway into more serious uses of computers; welcoming some while repelling others. The socio-demographic makeup of computer science, games development and related areas of work are of interest to feminist scholars of culture. In light of skills shortages, industry is also interested in increasing women and ethnic minorities' participation in STEM fields. Representational inequalities within tech are regarded as a social issue not just because this area of employment can be highly lucrative, but also because control over tech can provide other forms of empowerment - including being able to influence and shape everyday communication technologies. However, the route into these industries has historically been shaped by a number of factors including formal computing education, the rise of hobbyist computing and a surrounding masculine 'geek' culture - and a sort of reciprocal relationship between hobbyist computing and digital games. This thesis interrogates the idea of games as a form of 'technological enculturation'; the notion of a causal link between gaming and careers in computing. I take the biographies of those working in the IT sector in southeast England and explore the role of gaming in the personal histories of what appears to be a predominantly white and male group. The thesis pays great attention to salient differences between technological platforms - something relatively underdeveloped in the existing literature on player cultures and in game studies more generally. Finally, I take a cross-generational perspective by comparing the experiences of adult IT workers with a cohort of teenage ICT students. Using a theoretical framework adapted from leisure studies and the sociology of Pierre Bourdieu, I explore how certain types of game-related activity - but not all gaming - are particularly conducive to producing young people who are a good 'cultural fit' for this particular set of professions. This has implications for how we think and talk about increasing participation in STEM, as well as the somewhat under-developed role of games and game-making in UK schools.

004.67

Cloud enabled data analytics and visualization framework for health-shock prediction

Mahmud, S.

January 2016

Health-shock can be defined as a health event that causes severe hardship to the household because of the financial burden for healthcare payments and the income loss due to inability to work. It is one of the most prevalent shocks faced by the people of underdeveloped and developing countries. In Pakistan especially, policy makers and healthcare sector face an uphill battle in dealing with health-shock due to the lack of a publicly available dataset and an effective data analytics approach. In order to address this problem, this thesis presents a data analytics and visualization framework for health-shock prediction based on a large-scale health informatics dataset. The framework is developed using cloud computing services based on Amazon web services integrated with Geographical Information Systems (GIS) to facilitate the capture, storage, indexing and visualization of big data for different stakeholders using smart devices. The data was collected through offline questionnaires and an online mobile based system through Begum Memhooda Welfare Trust (BMWT). All data was coded in the online system for the purpose of analysis and visualization. In order to develop a predictive model for health-shock, a user study was conducted to collect a multidimensional dataset from 1000 households in rural and remotely accessible regions of Pakistan, focusing on their health, access to health care facilities and social welfare, as well as economic and environmental factors. The collected data was used to generate a predictive model using a fuzzy rule summarization technique, which can provide stakeholders with interpretable linguistic rules to explain the causal factors affecting health-shock. The evaluation of the proposed system in terms of the interpretability and accuracy of the generated data models for classifying health-shock shows promising results. The prediction accuracy of the fuzzy model based on a k-fold crossvalidation of the data samples shows above 89% performance in predicting health-shock based on the given factors. Such a framework will not only help the government and policy makers to manage and mitigate health-shock effectively and timely, but will also provide a low-cost, flexible, scalable, and secure architecture for data analytics and visualization. Future work includes extending this study to form Pakistan’s first publicly available health informatics tool to help government and healthcare professionals to form policies and healthcare reforms. This study has implications at a national and international level to facilitate large-scale health data analytics through cloud computing in order to minimize the resource commitments needed to predict and manage health-shock.

004.67

Developing energy-aware workload offloading frameworks in mobile cloud computing

Gao, Bo

January 2015

Mobile cloud computing is an emerging field of research that aims to provide a platform on which intelligent and feature-rich applications are delivered to the user at any time and at anywhere. Computation offload between mobile and cloud plays a key role in this vision and ensures that the integration between mobile and cloud is both seamless and energy-efficient. In this thesis, we develop a suite of energy-aware workload offloading frameworks to accommodate the efficient execution of mobile workflows on a mobile cloud platform. We start by looking at two energy objectives of a mobile cloud platform. While the first objective aims at minimising the overall energy cost of the platform, the second objective aims at the longevity of the platform taking into account the residual battery power of each device. We construct optimisation models for both objectives and develop two efficient algorithms to approximate the optimal solution. According to simulation results, our greedy autonomous offload (GAO) algorithm is able to efficiently produce allocation schemes that are close to optimal. Next, we look at the task allocation problem from a workflow's perspective and develop energy-aware offloading strategies for time-constrained mobile workflows. We demonstrate the effect of software and hardware characteristics have over the offload-efficiency of mobile workflows with a workflow-oriented greedy autonomous offload (WGAO) algorithm, an extension to the GAO algorithm. Thirdly, we propose a novel network I-O model to describe the bandwidth dependencies and allocation problem in mobile networks. This model lays the foundation for further objective developments such as the cost-based and adaptive bandwidth allocation schemes which we also present in this thesis. Lastly, we apply a game theoretical approach to model the non-cooperative behaviour of mobile cloud applications that reside on the same device. Mixed-strategy Nash equilibrium is derived for the offload game which further quantifies the price of anarchy of the system.

004.67

Banking theory based distributed resource management and scheduling for hybrid cloud computing

Li, Hao

January 2013

Cloud computing is a computing model in which the network offers a dynamically scalable service based on virtualized resources. The resources in the cloud environment are heterogeneous and geographically distributed. The user does not need to know how to manage those who support the cloud computing infrastructure. From the view of cloud computing, all hardware, software and networks are resources. All of the resources are dynamically scalable on demand. It can offer a complete service for the user even when these service resources are geographically distributed. The user pays for only what they use (pay-per-use). Meanwhile, the transaction environment will decide how to manage resource usage and cost, because all of the transactions have to follow the rule of the market. How to manage and schedule resources effectively becomes a very important part of cloud computing, and how to setup a new framework to offer a reliable, safe and executable service are very important issues. The approach herein is a new contribution to cloud computing. It not only proposes a hybrid cloud computing model based on banking theory to manage transactions among all participants in the hybrid cloud computing environment, but also proposes a "Cloud Bank" framework to support all the related issues. There are some of technology and theory been used to offer contributions as below: 1. This thesis presents an Optimal Deposit-loan Ratio Theory to adjust the pricing between the resource provider and resource consumer to realize both benefit maximization and cloud service optimization for all participants. 2. It also offers a new pricing schema using Centralized Synchronous Algorithm and Distributed Price Adjustment Algorithm to control all lifecycles and dynamically price all resources. 3. Normally, commercial banks apply four factors mitigation and to predict the risk: Probability of Default, Loss Given Default, Exposure at Default and Maturity. This thesis applies Probability of Default model of credit risk to forecast the safety supply of the resource. The Logistic Regression Model been used to control some factors in resource allocation. At the same time, the thesis uses Multivariate Statistical analysis to predict risk. 4. The Cloud Bank model applies an improved Pareto Optimality Algorithm to build its own scheduling system. 5. In order to archive the above purpose, this thesis proposes a new QoS-based SLA-CBSAL to describe all the physical resource and the processing of thread. In order to support all the related algorithms and theories, the thesis uses the CloudSim simulation tools give a test result to support some of the Cloud Bank management strategies and algorithms. The experiment shows us that the Cloud Bank Model is a new possible solution for hybrid cloud computing. For future research direction, the author will focus on building real hybrid cloud computing and simulate actual user behaviour in a real environment, and continue to modify and improve the feasibility and effectiveness of the project. For the risk mitigation and prediction, the risks can be divided into the four categories: credit risk, liquidity risk, operational risk, and other risks. Although this thesis uses credit risk and liquidity risk research, in a real trading environment operational risks and other risks exist. Only through improvements to the designation of all risk types of analysis and strategy can our Cloud Bank be considered relatively complete.

004.67

The impact of modes of mediation on the web retrieval process

Pannu, M.

January 2011

This research is an integral part of the effort aimed at overcoming the limitations of the classic search engines. This thesis is concerned with the investigation of the impact of different modes of mediation on the web search process. Conceptually, it is divided into three main parts. The first part details the investigation of methods and mechanisms in user profile generation and in filtering search results. The second part deals with the presentation of an approach and its application in the development of a mediation framework between the user and the classic Web Search engines. This involved the integration of the explicit, implicit and hybrid modes of mediation within a content-based method, and was facilitated by the adoption of the Vector Space Model. The third part presents an extensive comparative evaluation of the impact of the different types of mediation systems on web search, in terms of precision, recall and F-measure. The thesis concludes by identifying the contribution of the research programme and the satisfaction of the stated objectives.

004.67

Multi-dimensional-personalization in mobile contexts

Schilke, Steffen Walter

January 2013

During the dot com era the word 'personalisation' was a hot buzzword. With the fall of the dot com companies the topic has lost momentum. As the killer application for UMTS or the mobile internet has yet to be identified, the concept of Multi-Dimensional-Personalisation (MDP) could be a candidate. Using this approach, a recommendation of mobile advertisement or marketing (i.e., recommendations or notifications), online content, as well as offline events, can be offered to the user based on their known interests and current location. Instead of having to request or pull this information, the new service concept would proactively provide the information and services – with the consequence that the right information or service could therefore be offered at the right place, at the right time. The growing availability of "Location-based Services“ for mobile phones is a new target for the use of personalisation. "Location-based Services“ are information, for example, about restaurants, hotels or shopping malls with offers which are in close range/short distance to the user. The lack of acceptance for such services in the past is based on the fact that early implementations required the user to pull the information from the service provider. A more promising approach is to actively push information to the user. This information must be from interest to the user and has to reach the user at the right time and at the right place. This raises new requirements on personalisation which will go far beyond present requirements. It will reach out from personalisation based only on the interest of the user. Besides the interest, the enhanced personalisation has to cover the location and movement patterns, the usage and the past, present and future schedule of the user. This new personalisation paradigm has to protect the user's privacy so that an approach supporting anonymous recommendations through an extended 'Chinese Wall' will be described.

004.67

Connected citizens or digital isolation? : online disability activism in times of crisis

Trevisan, Filippo

January 2013

This thesis asks whether the internet can at all re-configure political participation into a more inclusive experience for disabled users, enhancing their stakes in citizenship. This issue assumes particular relevance at a time in which, amidst the worst economic crisis in decades, the rights of those traditionally excluded from civic life are at risk of being compromised even further. In an effort to transcend the restrictive access/accessibility framework applied so far in disability and new media research, this project focused on the “digitalisation” of disability activism in the wake of the radical welfare reform introduced by the UK government between 2010 and 2012. A combination of emerging digital methods and established social science techniques were employed to map and analyse the groups involved in opposing proposed changes to disability welfare online. These included: hyperlink network analysis; an “inventory” of online media; content analysis of Facebook conversations; and semi-structured interviews with key figures from a variety of campaigning groups. Overall, this work exposed an evolution in the ecology of British disability activism involving both changes in the way in which existing organisations operate as well as the emergence of new, online-based players. In particular, three main group types were identified. These included: formal disability organisations (both “professionalised” charities and member-led groups); experienced disabled activists who experimented with e-campaigning for the first time; and a network of young disabled bloggers-turned-activists who operated exclusively online and rapidly gained visibility on both the internet and traditional mass media (i.e. print and broadcast). Each of these phenomena was explored in detail through the analysis of three emblematic case studies (The Hardest Hit; Disabled People Against Cuts; The Broken of Britain). Several findings emerged that invited reflections on both the changing nature of disability activism in the digital age and the significance of the internet as a civic resource for disadvantaged groups more broadly. To assess the influence of contextual factors on these trends, the online experience of British formal disability organisations was compared to that of their American counterparts, which in the same period were opposing proposals for drastic cuts to federal Medicaid funding. In Britain, established players were found to be blending traditional repertoires with participatory online tools in a bid to “survive” the pressure of changing user-expectations and the fast pace of contemporary politics. Meanwhile, a new generation of self-appointed disabled “leaders” used online media to construct a radically different form of disability activism. This was focused more on issues than ideology, aspiring to redesigning protest in a less contentious and arguably more effective fashion. Nevertheless, the high centralisation and rigid leadership style adopted by these very same campaigners also cast doubts on their ability to promote a more inclusive campaigning experience for online supporters, whose involvement ultimately constituted a form of “peer-mediated” citizenship rather than direct empowerment. At the same time, the comparative part of this study captured a counter-intuitive picture for which British formal disability organisations were ahead of their American counterparts in terms of online innovation. This generated some important reflections on the very nature of “context” in online politics with particular reference to the relationship between systemic and circumstantial factors, as well as the importance of acute crisis moments as triggers of progress in e-activism.

004.67