Analysis of a cloud-based system

Ingstorp, Henrik

January 2021

Processing heavy data is a tough job for small devices, such as smartphones, smartwatches and sometimes even computers. Hence the rise of cloud computing, where powerful devices can be set to perform the computing and send the output back to the unit via an internet connection. This approach for solving the problem comes with some downsides, the main two being lack of resources in the cloud and internet connectivity. In order for a cloud-based system to perform well, the response times need to be good enough to create a satisfactory experience for the user. As a developer, it is not always clear how the system performs and it may perform well in some conditions and worse in others. Hence there is a need to monitor the systems' performance and expose the system to different conditions. One example of a condition can be a temporary overflow of users, slow internet connectivity, or simply too long working times for the process in the cloud leading to a queue of users.\newlineThis thesis will mainly be about the development of an analysis tool that is used in order for developers to monitor how their cloud-based system acts under different conditions. Conditions that are close to actual users' normal behavior but also conditions that are not so common, such as flooding the system with users. The solution is only intended to be used on the specific system it was built for, however, it is easy to change the system being tested but the tests may not be as useful for other systems. The final solution is functional but would need further work in order to be used commercially. It is possible to test systems and render graphs that give information on how well the system performs with the solution acquired from this thesis. With the tool, testers can change parameters and test the system in different conditions that are chosen in the settings for the test. It was considered a working solution and the problem can be solved using the code that is available in the GitHub Repository.

Cloud systems

computer science

Computer Systems

Datorsystem

Resource Allocation and Energy Management in Green Network Systems

Liu, Jiashang

29 September 2020

No description available.

Electrical Engineering

Mitigating Distributed Configuration Errors in Cloud Systems

Ma, Sixiang

24 August 2022

No description available.

Computer Science

Distributed Systems

Cloud Systems

System Configuration

Combating Fault Tolerance Bugs in Cloud Systems

Chen, Haicheng

04 October 2021

No description available.

Computer Science

fault tolerance

bug detection

cloud systems

distributed systems

static analysis

fault injection

DevOps: An explorative case study on the challenges and opportunities in implementing Infrastructure as code

Basher, Mohamed

January 2019

Over the last few years, DevOps has gained much attention in the IT development field. It is a new way of thinking of how developers and operators work, which aim to integrate the development, testing, and operation work efficiently. DevOps breaks down communication silos, improve collaboration and productivity by automating infrastructure deployment, workflows, continuously improving the integration and delivery process, and measuring the application performance indicators. Automation is crucial in DevOps, and a key aspect of automation is “Infrastructure as code (IaC)”. IaC allows companies to manage and maintain their infrastructure resources such as virtual machines, load balancers, firewalls, and network devices programmatically in codes instead of manual processes and procedures. As a result, companies will be able to provision and deploy these infrastructure resources consistently, increase the rate of software delivery and improve the time to market, which in turns lead to a substantial competitive advantage. Previous research call for an examination of the gained opportunities and the challenges that can be faced in implementing IaC. Understanding these challenges and opportunities and their implications allow the companies to know why IaC can be interesting for them? And what and how changes should be done to adopt IaC. This paper presents a qualitative study that aims to illustrate the opportunities and challenges in implementing Infrastructure as a code. This paper will also present how infrastructure used to be managed in physical datacenter and cloud systems, and how agile, DevOps and IaC affect the infrastructure management. Our findings show considerable benefits in adopting IaC, and some challenges might be encountered when implementing IaC. Furthermore, the study acknowledges the role of agile, cloud systems, and DevOps in facilitating the implementation of Infrastructure as a code. Keywords: DevOps, Infrastructure as a code, Automation, Infrastructure resources, agile, cloud systems / <p></p><p></p><p></p>

DevOps

Infrastructure as a code

Automation

Infrastructure resources

agile

cloud systems

Information Systems, Social aspects

Ultra-Low Delay in Complex Computing and Networked Systems: Fundamental Limits and Efficient Algorithms

Wu, Fei

11 July 2019

No description available.

Computer Science

Computer Engineering

Agile Network Security for Software Defined Edge Clouds

Osman, Amr

07 March 2023

Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement. Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations. However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments Acronyms & Abbreviations 1 Introduction 1.1 Prelude 1.2 Motivation and Challenges 1.3 Aim and objectives 1.4 Contributions 1.5 Thesis structure 2 Background 2.1 A primer on computer networks 2.2 Network security 2.3 Network softwarization 2.4 Cloudification of networks 2.5 Securing cloud networks 2.6 Towards Securing Edge Cloud Networks 2.7 Summary I Adaptive security in consumer edge cloud networks 3 Automatic microsegmentation of smarthome IoT networks 3.1 Introduction 3.2 Related work 3.3 Smart home microsegmentation 3.4 Software-Defined Secure Isolation 3.5 Evaluation 3.6 Summary 4 Smart home microsegmentation with user privacy in mind 4.1 Introduction 4.2 Related Work 4.3 Goals and Assumptions 4.4 Quantifying the security and privacy of SHIoT devices 4.5 Automatic microsegmentation 4.6 Manual microsegmentation 4.7 Experimental setup 4.8 Evaluation 4.9 Summary II Adaptive security in enterprise edge cloud networks 5 Adaptive real-time network deception and isolation 5.1 Introduction 5.2 Related work 5.3 Sandnet’s concept 5.4 Live Cloning and Network Deception 5.5 Evaluation 5.6 Summary 6 Localization of internal stealthy DDoS attacks on Microservices 6.1 Introduction 6.2 Related work 6.3 Assumptions & Threat model 6.4 Mitigating SILVDDoS 6.5 Evaluation 6.6 Summary III Summary of Results 7 Conclusion 7.1 Main outcomes 7.2 Future outlook Listings Bibliography List of Algorithms List of Figures List of Tables Appendix

info:eu-repo/classification/ddc/006

ddc:006

Towards privacy preserving cooperative cloud based intrusion detection systems

Kothapalli, Anirudh Mitreya

08 1900

Les systèmes infonuagiques deviennent de plus en plus complexes, dynamiques et vulnérables aux attaques. Par conséquent, il est de plus en plus difficile pour qu'un seul système de détection d'intrusion (IDS) basé sur le cloud puisse repérer toutes les menaces, en raison des lacunes de connaissances sur les attaques et leurs conséquences. Les études récentes dans le domaine de la cybersécurité ont démontré qu'une coopération entre les IDS d'un nuage pouvait apporter une plus grande efficacité de détection dans des systèmes informatiques aussi complexes. Grâce à cette coopération, les IDS d'un nuage peuvent se connecter et partager leurs connaissances afin d'améliorer l'exactitude de la détection et obtenir des bénéfices communs. L'anonymat des données échangées par les IDS constitue un élément crucial de l'IDS coopérative. Un IDS malveillant pourrait obtenir des informations confidentielles d'autres IDS en faisant des conclusions à partir des données observées. Pour résoudre ce problème, nous proposons un nouveau système de protection de la vie privée pour les IDS en nuage. Plus particulièrement, nous concevons un système uniforme qui intègre des techniques de protection de la vie privée dans des IDS basés sur l'apprentissage automatique pour obtenir des IDS qui respectent les informations personnelles. Ainsi, l'IDS permet de cacher des informations possédant des données confidentielles et sensibles dans les données partagées tout en améliorant ou en conservant la précision de la détection. Nous avons mis en œuvre un système basé sur plusieurs techniques d'apprentissage automatique et de protection de la vie privée. Les résultats indiquent que les IDS qui ont été étudiés peuvent détecter les intrusions sans utiliser nécessairement les données initiales. Les résultats (c'est-à-dire qu'aucune diminution significative de la précision n'a été enregistrée) peuvent être obtenus en se servant des nouvelles données générées, analogues aux données de départ sur le plan sémantique, mais pas sur le plan synthétique. / Cloud systems are becoming more sophisticated, dynamic, and vulnerable to attacks. Therefore, it's becoming increasingly difficult for a single cloud-based Intrusion Detection System (IDS) to detect all attacks, because of limited and incomplete knowledge about attacks and their implications. The recent works on cybersecurity have shown that a co-operation among cloud-based IDSs can bring higher detection accuracy in such complex computer systems. Through collaboration, cloud-based IDSs can consult and share knowledge with other IDSs to enhance detection accuracy and achieve mutual benefits. One fundamental barrier within cooperative IDS is the anonymity of the data the IDS exchanges. Malicious IDS can obtain sensitive information from other IDSs by inferring from the observed data. To address this problem, we propose a new framework for achieving a privacy-preserving cooperative cloud-based IDS. Specifically, we design a unified framework that integrates privacy-preserving techniques into machine learning-based IDSs to obtain privacy-aware cooperative IDS. Therefore, this allows IDS to hide private and sensitive information in the shared data while improving or maintaining detection accuracy. The proposed framework has been implemented by considering several machine learning and privacy-preserving techniques. The results suggest that the consulted IDSs can detect intrusions without the need to use the original data. The results (i.e., no records of significant degradation in accuracy) can be achieved using the newly generated data, similar to the original data semantically but not synthetically.

Cloud Systems

Cyber Attacks

Privacy

Intrusion Detection System

Cooperative IDS

Systèmes infonuagiques

Cyber-attaques

Intimité

Système de détection d’intrusion

IDS coopératif