Towards federated social infrastructures for plug-based decentralized social networks / Vers des infrastructures sociales fédérées pour des réseaux sociaux décentralisés à base d'ordinateurs contraints

Ariyattu, Resmi

05 July 2017

Dans cette thèse, nous abordons deux problèmes soulevés par les systèmes distribués décentralisés - le placement de réseaux logiques de façon compatible avec le réseau physique sous-jacent et la construction de cohortes d'éditeurs pour dans les systèmes d'édition collaborative. Bien que les réseaux logiques (overlay networks) été largement étudiés, la plupart des systèmes existant ne prennent pas ou prennent mal en compte la topologie du réseau physique sous-jacent, alors que la performance de ces systèmes dépend dans une grande mesure de la manière dont leur topologie logique exploite la localité présente dans le réseau physique sur lequel ils s'exécutent. Pour résoudre ce problème, nous proposons dans cette thèse Fluidify, un mécanisme décentralisé pour le déploiement d'un réseau logique sur une infrastructure physique qui cherche à maximiser la localité du déploiement. Fluidify utilise une stratégie double qui exploite à la fois les liaisons logiques d'un réseau applicatif et la topologie physique de son réseau sous-jacent pour aligner progressivement l'une avec l'autre. Le protocole résultant est générique, efficace, évolutif et peut améliorer considérablement les performances de l'ensemble. La deuxième question que nous abordons traite des plates-formes d'édition collaborative. Ces plates-formes permettent à plusieurs utilisateurs distants de contribuer simultanément au même document. Seuls un nombre limité d'utilisateurs simultanés peuvent être pris en charge par les éditeurs actuellement déployés. Un certain nombre de solutions pair-à-pair ont donc été proposées pour supprimer cette limitation et permettre à un grand nombre d'utilisateurs de collaborer sur un même document sans aucune coordination centrale. Ces plates-formes supposent cependant que tous les utilisateurs d'un système éditent le même jeu de document, ce qui est peu vraisemblable. Pour ouvrir la voie à des systèmes plus flexibles, nous présentons, Filament, un protocole décentralisé de construction de cohorte adapté aux besoins des grands éditeurs collaboratifs. Filament élimine la nécessité de toute table de hachage distribuée (DHT) intermédiaire et permet aux utilisateurs travaillant sur le même document de se retrouver d'une manière rapide, efficace et robuste en générant un champ de routage adaptatif autour d'eux-mêmes. L'architecture de Filament repose sur un ensemble de réseaux logiques auto-organisées qui exploitent les similarités entre jeux de documents édités par les utilisateurs. Le protocole résultant est efficace, évolutif et fournit des propriétés bénéfiques d'équilibrage de charge sur les pairs impliqués. / In this thesis, we address two issues in the area of decentralized distributed systems: network-aware overlays and collaborative editing. Even though network overlays have been extensively studied, most solutions either ignores the underlying physical network topology, or uses mechanisms that are specific to a given platform or applications. This is problematic, as the performance of an overlay network strongly depends on the way its logical topology exploits the underlying physical network. To address this problem, we propose Fluidify, a decentralized mechanism for deploying an overlay network on top of a physical infrastructure while maximizing network locality. Fluidify uses a dual strategy that exploits both the logical links of an overlay and the physical topology of its underlying network to progressively align one with the other. The resulting protocol is generic, efficient, scalable and can substantially improve network overheads and latency in overlay based systems. The second issue that we address focuses on collaborative editing platforms. Distributed collaborative editors allow several remote users to contribute concurrently to the same document. Only a limited number of concurrent users can be supported by the currently deployed editors. A number of peer-to-peer solutions have therefore been proposed to remove this limitation and allow a large number of users to work collaboratively. These decentralized solution assume however that all users are editing the same set of documents, which is unlikely to be the case. To open the path towards more flexible decentralized collaborative editors, we present Filament, a decentralized cohort-construction protocol adapted to the needs of large-scale collaborative editors. Filament eliminates the need for any intermediate DHT, and allows nodes editing the same document to find each other in a rapid, efficient and robust manner by generating an adaptive routing field around themselves. Filament's architecture hinges around a set of collaborating self-organizing overlays that utilizes the semantic relations between peers. The resulting protocol is efficient, scalable and provides beneficial load-balancing properties over the involved peers.

Systèmes distribués

Édition collaborative

Informatique en nuage

Réseaux logiques

Distributed systems

Overlay networks

Collaborative editing

Cloud computing

Sécurité de la gestion dynamique des ressources basée sur la prise en compte des profils de consommation en ressources des machines virtuelles, dans un cloud IaaS / Resource consumption profile-based attack detection in IaaS clouds

Lazri, Kahina

16 December 2014

La virtualisation matérielle telle que mise en oeuvre dans le cloud computing, permet le partage de ressources matérielles entre plusieurs machines virtuelles pouvant appartenir à différents utilisateurs. Ce partage des ressources constitue l’atout majeur de ces infrastructures,qui permet aux fournisseurs d’exploiter plus efficacement les ressources des centres de données, notamment à travers l’allocation dynamique des ressources. Cependant, le partage des ressources introduit de nouvelles contraintes de sécurité. Plusieurs travaux de l’état de l’art ont démontré l’apparition de nouvelles stratégies d’attaques propres aux infrastructures cloud computing, exploitant le partage des ressources. Néanmoins, il a aussi été démontré qu’il est possible de tirer avantage de la position privilégiée de la couche de virtualisation pour offrir une meilleure sécurité que celle assurée dans les plate-formes traditionnelles d’hébergement en silo. Cette thèse poursuit deux axes de recherche complémentaires. Le premier axe traite des nouvelles vulnérabilités liées aux infrastructures cloud computing. Nous avons démontré une attaque que nous appelons attaque par "migrations intempestives de machines virtuelles", dans laquelle un attaquant parvient à amener le système de gestion dynamique de ressources à migrer de façon abusive des machines virtuelles, par simple manipulation des quantités de ressources consommées par des machines virtuelles qui sont sous son contrôle. Nous avons démontré cette attaque sur une plate-forme constituée de cinq serveurs et analysé les conditions nécessaires à son succès ainsi que l’exposition des clusters vis-à-vis de la vulnérabilité qu’elle exploite. Le second axe propose de tirer avantage de la position privilégiée de l’opérateur qui dispose à la fois d’une vue multi-couches plus riche de l’utilisation des ressources et d’une vue plus globale des contextes d’exécution des machines virtuelles, comparativement à la vue limitée de l’utilisateur, pour offrir une meilleure sécurité. Nous avons proposé AMAD (Abusive VM Migration Attack Detection), un système de supervision, chargé de détecter l’occurrence des attaques par migrations intempestives de machines virtuelles et d’identifier de façon automatique celles à l’origine de l’attaque. AMAD est implémenté sur notre plate-forme d’expérimentation et évalué à l’aide de traces de consommation de machines virtuelles collectées sur des clouds réels. Les résultats d’évaluation montrent qu’AMAD opère avec une bonne précision de détection. / Hardware virtualisation is the core technology which enables resource sharing among multiple virtual machines possibly belonging to different tenants within cloud infrastructures. Resources haring is the main feature that enables cost effectiveness of cloud platforms, achieved through dynamic resource management. However, resource sharing brings several new security concerns. Several proofs of concepts have demontrated new attack strategies brought by the resource sharing paradigm, known as cross-virtual machine attacks. Even so, it is also showed that the priviligied position of the virtualisation layer can be leveraged to offer better security protection mecanisms than the ones offered in non virtualized platfoms.This thesis follows two main objectives. The first one is related to the domain of cloud-specific vulnerabilities. We have demonstrated a new attack, called the abusive virtual machine migration attack, in which an attacker can leverage the sharing of resources, through the manipulation of the amounts of resources consumed by virtual machines under his control, to abusively enforce the dynamic resource management system to trigger virtual machine migrations. We have demonstrated this attack on a virtualized platform composed of five physical machines, the necessary conditions for the attack to succeed and the vulnerability exposure of clusters against this kind of attack is also analyzed. The second main contribution of this thesis aims at leveraging the privilged position of the cloud provider who has both a more reliable view of the ressource utilisation and a more complete view of the virtual machine execution contexts compared to the limited view of cloud users, to provide better security. We propose AMAD (Abusive Virtual Machine Migration Attack Detection), a system designed for detecting an abusive use of the dynamic virtual machine migration, in the case of the abusive virtual machine migration attack. AMAD identifies the virtual machines possibly at the origin of the attack by analyzing their resource consumption profiles which show fluctuation and correlation in the usage of resources. We have implemented AMAD on top of our laboratory platform and evaluated it with the help of virtual machine resource consumption traces collected from real cloud. Our evaluation results show that AMAD identifes the attacking virtual machines with high detection accuracy.

Sécurité informatique

Gestion élastique des ressources

Détection d'anomalies

Attaques

Vulnérabilité

Cloud computing

Delay-Sensitive Service Request Scheduling for Cloud Computing

Liu, Shuo

10 November 2014

Cloud computing realizes the long-held dream of converting computing capability into a type of utility. It has the potential to fundamentally change the landscape of the IT industry and our way of life. However, as cloud computing expanding substantially in both scale and scope, ensuring its sustainable growth is a critical problem. Service providers have long been suffering from high operational costs. Especially the costs associated with the skyrocketing power consumption of large data centers. In the meantime, while efficient power/energy utilization is indispensable for the sustainable growth of cloud computing, service providers must also satisfy a user's quality of service (QoS) requirements. This problem becomes even more challenging considering the increasingly stringent power/energy and QoS constraints, as well as other factors such as the highly dynamic, heterogeneous, and distributed nature of the computing infrastructures, etc. In this dissertation, we study the problem of delay-sensitive cloud service scheduling for the sustainable development of cloud computing. We first focus our research on the development of scheduling methods for delay-sensitive cloud services on a single server with the goal of maximizing a service provider's profit. We then extend our study to scheduling cloud services in distributed environments. In particular, we develop a queue-based model and derive efficient request dispatching and processing decisions in a multi-electricity-market environment to improve the profits for service providers. We next study a problem of multi-tier service scheduling. By carefully assigning sub deadlines to the service tiers, our approach can significantly improve resource usage efficiencies with statistically guaranteed QoS. Finally, we study the power conscious resource provision problem for service requests with different QoS requirements. By properly sharing computing resources among different requests, our method statistically guarantees all QoS requirements with a minimized number of powered-on servers and thus the power consumptions. The significance of our research is that it is one part of the integrated effort from both industry and academia to ensure the sustainable growth of cloud computing as it continues to evolve and change our society profoundly.

Cloud Computing

Quality of Service

Profit and Penalty

Power Minimization

Sub Deadlines

Electrical and Computer Engineering

A framework for assuring conformance of cloud-based email at higher education institutions

Willett, Melanie

January 2013

Cloud computing is a relatively immature computing paradigm that could significantly benefit users. Cloud computing solutions are often associated with potential benefits such as cost reduction, less administrative hassle, flexibility and scalability. For organisations to realize such potential benefits, cloud computing solutions need to be chosen, implemented, managed and governed in a way that is secure, compliant with internal and external requirements and indicative of due diligence. This can be a challenge, given the many concerns and risks commonly associated with cloud computing solutions. One cloud computing solution that is being widely adopted around the world is cloud-based email. One of the foremost adopters of this cloud computing solution is higher education institutions. These higher education institutions stand to benefit greatly from using such services. Cloud-based email can be provisioned to staff and students at these institutions for free. Additionally, cloud service providers (CSPs) are able to provide a better email service than some higher education institutions would be able to provide if they were required to do so in-house. CSPs often provide larger inboxes and many extra services with cloud-based email. Cloud-based email is, therefore, clearly an example of a cloud computing solution that has the potential to benefit organisations. There are however, risks and challenges associated with the use of this cloud computing solution. Two of these challenges relate to ensuring conformance to internal and external (legal, regulatory and contractual obligations) requirements and to providing a mechanism of assuring that cloud-based email related activities are sound. The lack of structured guidelines for assuring the conformance of cloud-based email is putting this service at risk at higher education institutions in South Africa. This work addresses this problem by promoting a best practice based approach to assuring the conformance of cloud-based email at higher education institutions. To accomplish this, components of applicable standards and best practice guidelines for IT governance, IT assurance and IT conformance are used to construct a framework for assuring the conformance of cloud-based email. The framework is designed and verified using sound design science principles. The utility and value of the framework has been demonstrated at a higher education institution in South Africa. This framework can be used to assist higher education institutions to demonstrate due diligence in assuring that they conform to legal and best practice requirements for the management and governance of cloud-based email. This is a significant contribution in the relatively new field of cloud computing governance.

Cloud computing -- Security measures

Computer networks -- Security measures

Web services

Policy Merger System for P3P in a Cloud Aggregation Platform

Olurin, Olumuyiwa

January 2013

The need for aggregating privacy policies is present in a variety of application areas today. In traditional client/server models, websites host services along with their policies in different private domains. However, in a cloud-computing platform where aggregators can merge multiple services, users often face complex decisions in terms of choosing the right services from service providers. In this computing paradigm, the ability to aggregate policies as well as services will be useful and more effective for users that are privacy conscious regarding their sensitive or personal information. This thesis studies the problems associated with the Platform for Privacy Preference (P3P) language, and the present issues with communicating and understanding the P3P language. Furthermore, it discusses some efficient strategies and algorithms for the matching and the merging processes, and then elaborates on some privacy policy conflicts that may occur after merging policies. Lastly, the thesis presents a tool for matching and merging P3P policies. If successful, the merge produces an aggregate policy that is consistent with the policies of all participating service providers.

P3P

Cloud Computing

XML Merger

Policy Languages

Privacy

XML

Privacy Policy

Aggregation Platform

Three-way Merge

A Policy-Based Management Framework for Cloud Computing Security

Runsewe, Olubisi Atinuke

January 2014

Cloud Computing has changed how computing is done as applications and services are being consumed from the cloud. It has attracted a lot of attention in recent times due to the opportunities it offers. While Cloud Computing is economical, the security challenges it poses are quite significant and this has affected the adoption rate of the technology. With the potential vulnerabilities being introduced by moving data to the cloud, it has become imperative for cloud service providers to guarantee the security of information, leaving cloud service consumers (e.g., enterprises) with the task of negotiating the terms and conditions of services provided by the cloud service providers as well as trusting them with their data. Although various security solutions used for addressing the security of data within the enterprises are now being applied to the cloud, these security solutions are challenged due to the dynamic, distributed and complex nature of the cloud technology. This thesis proposes a novel Policy-Based Management (PBM) framework capable of achieving cross-tenant authorization, handling dynamic and anonymous users while reducing the security management task to address cloud security. The framework includes an access control model adapted to the cloud environment that adopts features from role-based, task-based and attribute-based access control frameworks for a fine-grained access control. We demonstrate how this framework can be applied to develop an access control system for an enterprise using cloud services. The framework verifies the correctness of access control policies for cloud security through reasoning technique.

Policy-Based Management

Cloud Computing Security

Access Control

Enterprise Information Security

An SDN Assisted Framework for Mobile Ad-hoc Clouds

Balasubramanian, Venkatraman

January 2017

Over a period of time, it has been studied that a mobile “edge-cloud” formed by hand-held devices could be a productive resource entity for providing a service in the mobile cloud landscape. The ease of access to a pool of devices is much more arbitrary and based purely on the needs of the user. This pool can act as a provider of an infrastructure for various services that can be processed with volunteer node participation, where the node in the vicinity is itself a service provider. This representation of cloud formation to engender a constellation of devices in turn providing a service is the basis for the concept of Mobile Ad-hoc Cloud Computing. In this thesis, an architecture is designed for providing an Infrastructure as a service in Mobile Ad-hoc Cloud Computing. The performance evaluation reveals the gain in execution time while offloading to the mobile ad-hoc cloud. Further, this novel architecture enables discovering a dedicated pool of volunteer devices for computation. An optimized task scheduling algorithm is proposed that provides a coordinated resource allocation. However, failure to maintain the service between heterogeneous networks shows the inability of the present day networks to adapt to frequent changes in a network. Thus, owing to the heavy dependence on the centralized mobile network, the service related issues in a mobile ad-hoc cloud needs to be addressed. As a result, using the principles of Software Defined Networking (SDN), a disruption tolerant Mobile Ad-hoc Cloud framework is proposed. To evaluate this framework a comprehensive case study is provided in this work that shows a round trip time improvement using an SDN controller.

Mobile Cloud Computing

Ad-hoc Cloud

Software Defined Networks

Mobile Ad-hoc Networks

Composition

Composition Score

Cloud Computing v českém prostředí / Cloud Computing in Czech enviroment

Margaris, Nikos

January 2011

Focus of this diploma thesis is on Cloud Computing -- a new delivery model of IS/ICT services for companies. Cloud Computing services are IT resources available to users via internet on pay-as-you-use basis. The aim of the thesis is define underlying Cloud Computing concepts and evaluate the current state of Cloud Computing adoption in the Czech Republic. We discuss the framework for definition of Cloud Computing concepts in the theoretical part of the thesis drawing on resources available in the literature. Cloud Computing survey is conducted using an online questionnaire and followsthe principles established in theoretical part. The main contribution of this thesis is creating working definition of Cloud Computing and identifying reasons that affect adoption rate in the Czech Republic.

Market-based autonomous and elastic application execution on clouds / Gestion autonome des ressources et des applications dans un nuage informatique selon une approche fondée sur un marché

Costache, Stefania

03 July 2013

Les organisations possédant des infrastructures pour le calcul à haute performance rencontrent des difficultés dans la gestion de leurs ressources. Ces difficultés sont dues au fait que des applications de différents types doivent pouvoir accéder concurremment aux ressources tandis que les utilisateurs peuvent avoir des objectifs de performance variés pour leurs applications. Les nuages informatiques apportent plus de flexibilité et un meilleur contrôle des ressources qui laissent espérer une amélioration de la satisfaction des utilisateurs en terme de qualité de service perçue. Cependant, les solutions de nuage informatique actuelles fournissent un support limité aux utilisateurs pour l'expression ou l'utilisation de politiques de gestion de ressources et elles n'offrent aucun support pour atteindre les objectifs de performance des applications. Dans cette thèse, nous présentons une approche qui aborde ce défi d'une manière unique. Notre approche offre un contrôle des ressources complètement décentralisé en allouant des ressources à travers un marché à pourcentage proportionnel tandis que les applications s'exécutent dans des environnements virtuels autonomes capable d'ajuster la demande de l'application selon les objectifs de performance définis par l'utilisateur. La combinaison de la politique de distribution de la monnaie et de la variation dynamique du prix des ressources assure une utilisation des ressources équitable. Nous avons évalué notre approche en simulation et expérimentalement sur la plate-forme Grid'5000. Nos résultats montrent que notre approche peut permettre la cohabitation des différentes politiques d'utilisation des ressources sur l'infrastructure, tout en améliorant l'utilisation des ressources. / Organizations owning HPC infrastructures are facing difficulties in managing their resources. These difficulties come from the need to provide concurrent resource access to different application types while considering that users might have different performance objectives for their applications. Cloud computing brings more flexibility and better resource control, promising to improve the user’s satisfaction in terms of perceived Quality of Service. Nevertheless, current cloud solutions provide limited support for users to express or use various resource management policies and they don't provide any support for application performance objectives.In this thesis, we present an approach that addresses this challenge in an unique way. Our approach provides a fully decentralized resource control by allocating resources through a proportional-share market, while applications run in autonomous virtual environments capable of scaling the application demand according to user performance objectives.The combination of currency distribution and dynamic resource pricing ensures fair resource utilization.We evaluated our approach in simulation and on the Grid'5000 testbed. Our results show that our approach can enable the co-habitation of different resource usage policies on the infrastructure, improving resource utilisation.

Gestion des ressources

Nuage (informatique)

Système autonome

Cloud computing

Resource management

Autonomous systems

Market-based management

Nasazení Google Apps for Work v malé firmě / Implementation of Google Apps for Work in a small business

Hrubý, Jakub

January 2014

This diploma thesis deals with a product Google Apps for Work as a cloud-based tool for businesses. The main idea of this work is to describe the offered service and to deploy it to a real company on the Czech market, belonging to the sector of small and medium-sized companies. The theoretical part is based on a literature review of technical books, articles, and other electronic sources. The subsequent description and evaluation of the implementation is based on real-world knowledge in deploying the product to an existing company. The main contribution of this work is the introduction of service and submission of infor-mation to leaders of small and medium-sized enterprises and their IT specialists for decisi-ons regarding the implementation of cloud services in the field of communication and cooperation.