Cloud Computing Frameworks for Food Recognition from Images

Peddi, Sri Vijay Bharat

January 2015

Distributed cloud computing, when integrated with smartphone capabilities, contribute to building an efficient multimedia e-health application for mobile devices. Unfortunately, mobile devices alone do not possess the ability to run complex machine learning algorithms, which require large amounts of graphic processing and computational power. Therefore, offloading the computationally intensive part to the cloud, reduces the overhead on the mobile device. In this thesis, we introduce two such distributed cloud computing models, which implement machine learning algorithms in the cloud in parallel, thereby achieving higher accuracy. The first model is based on MapReduce SVM, wherein, through the use of Hadoop, the system distributes the data and processes it across resizable Amazon EC2 instances. Hadoop uses a distributed processing architecture called MapReduce, in which a task is mapped to a set of servers for processing and the results are then reduced back to a single set. In the second method, we implement cloud virtualization, wherein we are able to run our mobile application in the cloud using an Android x86 image. We describe a cloud-based virtualization mechanism for multimedia-assisted mobile food recognition, which allow users to control their virtual smartphone operations through a dedicated client application installed on their smartphone. The application continues to be processed on the virtual mobile image even if the user is disconnected for some reason. Using these two distributed cloud computing models, we were able to achieve higher accuracy and reduced timings for the overall execution of machine learning algorithms and calorie measurement methodologies, when implemented on the mobile device.

Cloud Computing

Distributed Cloud Computing

e-health Application

Food Recognition

Cloud Virtualization

MapReduce

Software-defined Security for Distributed Clouds / Sécurité définie par le logiciel pour le Cloud distribué

Compastié, Maxime

18 December 2018

Dans cette thèse, nous proposons une approche pour la sécurité programmable dans le cloud distribué. Plus spécifiquement, nous montrons de quelle façon cette programmabilité peut contribuer à la protection de services cloud distribués, à travers la génération d'images unikernels fortement contraintes. Celles-ci sont instanciées sous forme de machines virtuelles légères, dont la surface d'attaque est réduite et dont la sécurité est pilotée par un orchestrateur de sécurité. Les contributions de cette thèse sont triples. Premièrement, nous présentons une architecture logique supportant la programmabilité des mécanismes de sécurité dans un contexte multi-cloud et multi-tenant. Elle permet l'alignement et le paramétrage de ces mécanismes pour des services cloud dont les ressources sont réparties auprès de différents fournisseurs et tenants. Deuxièmement, nous introduisons une méthode de génération à la volée d'images unikernels sécurisées. Celle-ci permet d'aboutir à des ressources spécifiques et contraintes, qui intègrent les mécanismes de sécurité dès la phase de construction des images. Elles peuvent être élaborées réactivement ou proactivement pour répondre à des besoins d'élasticité. Troisièmement, nous proposons d'étendre le langage d'orchestration TOSCA, afin qu'il soit possible de générer automatiquement des ressources sécurisées, selon différents niveaux de sécurité en phase avec l'orchestration. Enfin, nous détaillons un prototypage et un ensemble d'expérimentations permettant d'évaluer les bénéfices et limites de l'approche proposée / In this thesis, we propose an approach for software-defined security in distributed clouds. More specifically, we show to what extent this programmability can contribute to the protection of distributed cloud services, through the generation of secured unikernel images. These ones are instantiated in the form of lightweight virtual machines, whose attack surface is limited and whose security is driven by a security orchestrator. The contributions of this thesis are threefold. First, we present a logical architecture supporting the programmability of security mechanims in a multi-cloud and multi-tenant context. It permits to align and parameterize these mechanisms for cloud services whose resources are spread over several providers and tenants. Second, we introduce a method for generating secured unikernel images in an on-the-fly manner. This one permits to lead to specific and constrained resources, that integrate security mechanisms as soon as the image generation phase. These ones may be built in a reactive or proactive manner, in order to address elasticity requirements. Third, we propose to extend the TOSCA orchestration language, so that is is possible to generate automatically secured resources, according to different security levels in phase with the orchestration. Finally, we detail a prototyping and extensive series of experiments that are used to evaluate the benefits and limits of the proposed approach

Sécurité

Programmabilité

Cloud distribué

Orchestration

Unikernel

Security

Programmability

Distributed Cloud

Orchestration

Unikernel

005.8

Agile Network Security for Software Defined Edge Clouds

Osman, Amr

07 March 2023

Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement. Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations. However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments Acronyms & Abbreviations 1 Introduction 1.1 Prelude 1.2 Motivation and Challenges 1.3 Aim and objectives 1.4 Contributions 1.5 Thesis structure 2 Background 2.1 A primer on computer networks 2.2 Network security 2.3 Network softwarization 2.4 Cloudification of networks 2.5 Securing cloud networks 2.6 Towards Securing Edge Cloud Networks 2.7 Summary I Adaptive security in consumer edge cloud networks 3 Automatic microsegmentation of smarthome IoT networks 3.1 Introduction 3.2 Related work 3.3 Smart home microsegmentation 3.4 Software-Defined Secure Isolation 3.5 Evaluation 3.6 Summary 4 Smart home microsegmentation with user privacy in mind 4.1 Introduction 4.2 Related Work 4.3 Goals and Assumptions 4.4 Quantifying the security and privacy of SHIoT devices 4.5 Automatic microsegmentation 4.6 Manual microsegmentation 4.7 Experimental setup 4.8 Evaluation 4.9 Summary II Adaptive security in enterprise edge cloud networks 5 Adaptive real-time network deception and isolation 5.1 Introduction 5.2 Related work 5.3 Sandnet’s concept 5.4 Live Cloning and Network Deception 5.5 Evaluation 5.6 Summary 6 Localization of internal stealthy DDoS attacks on Microservices 6.1 Introduction 6.2 Related work 6.3 Assumptions & Threat model 6.4 Mitigating SILVDDoS 6.5 Evaluation 6.6 Summary III Summary of Results 7 Conclusion 7.1 Main outcomes 7.2 Future outlook Listings Bibliography List of Algorithms List of Figures List of Tables Appendix

info:eu-repo/classification/ddc/006

ddc:006