Performance and Security Provisioning for Mobile Telecom Cloud

Vaezpour, Seyed Yahya

27 August 2015

Mobile Telecom Cloud (MTC) refers to cloud services provided by mobile telecommunication companies. Since mobile network operators support the last-mile Internet access to users, they have advantages over other cloud providers by providing users with better mobile connectivity and required quality of service (QoS). The dilemma in meeting higher QoS demands while saving cost poses a big challenge to MTC providers. We tackle this challenge by strategically placing users' data in distributed switching centres to minimize the total system cost and maximize users' satisfaction. We formulate and solve the optimization problems using linear programming (LP) based branch-and-bound and LP with rounding. Furthermore, we discuss MTC brokerage which allows MTC providers to act as a brokerage to broker third-party cloud providers' (TPC) cloud resources and integrate the resources reserved from TPC with those of their own MTC. We address the technical challenges of optimally allocating users' cloud requests to MTC and TPC data centres to meet users' QoS requirement with minimum cost. We also study the price range that can be profitable to a MTC brokerage. We then investigate the resource reservation problem with dynamic request changes. We evaluate our solution using real Google traces collected over a 29-day period from a Google cluster. We also address security provisioning in MTC. Mobile cloud allows users to offload computational intensive applications to a mobile phone's agent in the cloud, which could be implemented as a thin virtual machine (VM), also termed as phone clone. Due to shared hardware components among co-resident VMs, a VM is subject to covert channel attacks and may potentially leak information to other VMs located in the same physical host. We design SWAP: a security aware provisioning and migration scheme for phone clones. We evaluate our solution using the Reality Mining and the Nodobo dataset. Experimental results indicate that our algorithms are nearly optimal for phone clone allocation and are effective in maintaining low risk and minimizing the number of phone clone migrations. / Graduate / 0984

Mobile Telecom Cloud

Quality of Service

Security

Cloud Brokerage

Spécification et analyse formelles des politiques de sécurité dans un processus de courtage de l'informatique en nuage / Formal specification and analysis of security policies in a cloud brokerage process

Guesmi, Asma

01 July 2016

Les offres de l’informatique en nuage augmentent de plus en plus et les clients ne sont pas capables de lescomparer afin de choisir la plus adaptée à leurs besoins. De plus, les garanties de sécurité proposées parles fournisseurs restent incompréhensibles pour les clients. Cela représente un frein pour l'adoption dessolutions de l’informatique en nuage.Dans cette thèse, nous proposons un mécanisme de courtage des services de l’informatique en nuage quiprend en compte les besoins du client en termes de sécurité.Les besoins exprimés par le client sont de deux natures. Les besoins fonctionnels représentent lesressources et leurs performances. Les besoins non-fonctionnels représentent les propriétés de sécurité etles contraintes de placement des ressources dans le nuage informatique. Nous utilisons le langage Alloypour décrire les offres et les besoins. Nous utilisons l'analyseur Alloy pour l'analyse et la vérification desspécifications du client. Le courtier sélectionne les fournisseurs qui satisfont les besoins fonctionnels et nonfonctionnelsdu client. Il vérifie ensuite, que la configuration du placement des ressources chez lesfournisseurs respecte toutes les propriétés de sécurité exigées par le client.Toutes ces démarches sont effectuées avant le déploiement des ressources dans le nuage informatique.Cela permet de détecter les erreurs et conflits des besoins du client tôt. Ainsi, on réduit les vulnérabilités desressources du client une fois déployées. / The number of cloud offerings increases rapidly. Therefore, it is difficult for clients to select the adequate cloud providers which fit their needs. In this thesis, we introduce a cloud service brokerage mechanism that considers the client security requirements. We consider two types of the client requirements. The amount of resources is represented by the functional requirements. The non-functional requirements consist on security properties and placement constraints. The requirements and the offers are specified using the Alloy language. To eliminate inner conflicts within customers requirements, and to match the cloud providers offers with these customers requirements, we use a formal analysis tool: Alloy. The broker uses a matching algorithm to place the required resources in the adequate cloud providers, in a way that fulfills all customer requirements, including security properties. The broker checks that the placement configuration ensures all the security requirements. All these steps are done before the resources deployment in the cloud computing. This allows to detect the conflicts and errors in the clients requirements, thus resources vulnerabilities can be avoided after the deployment.

Courtage informatique

Nuage informatique

Sécurité

Alloy

Spécification

Méthode formelle

Cloud brokerage

Cloud computing

Security

Alloy

Specification

Formal method

004.678 2