Collaboration-based intelligent service composition at runtime by end users

Imtiaz-Ud-Din, K.M

January 2011

In recent years, technologies in the area of ubiquitous computing have experienced a great advancement. This has resulted in a wide-spread use of services in order to improve the quality of our daily life. For example, a person with a mobile device can use the services available in the ubiquitous computing environment to plan and execute his or her travel, to connect to family and friends, to perform his or her researches, even to manage his or her business. However, most of the services are dynamic in nature in terms of their availability, robustness and the mobility of the user. These services also appear impermeable to the end users i.e. the end users do not get to control and configure the services in a way so as to feel like programmers developing services to accomplish certain goals. We envisage that in such a context end users, with no programming knowledge, will have a hard time to find services of their choice and that it will be hard for these end users to derive substantial benefits from these services. Unguided automation is not the answer to this problem as a particular service suggested automatically by a dynamic composition mechanism may not be suitable for a specific user at a certain point of time and in a given context. On the other hand explicit specification of service instances will mean that the user will be bogged down with the problem of runtime optimization in a dynamic environment where several factors as indicated earlier determine the availability of the services having required functionality. In order to address this issue we introduce the notion of intelligent service composition where the end user will have a great degree of flexibility to define his or her own rules or conditions based on which an optimal composition will be made automatically from a set of collaborative services by runtime adaptation in a specific context and point in time. This is a step forward compared to the present dynamic composition mechanisms which do not facilitate end users defining their own conditions dictating the selection of specific service instance at runtime. We have developed this conceptual solution to bring end users towards adaptive use of services. We validated our conceptual solution through a scenario-based evaluation approach with an implementation of a proof-of-concept prototype.

ntnudaim:6310

Securing Information Flow in Loosely-Coupled Systems

Zvirblis, Linas

January 2011

Information-flow control is an important element in computer system security, and there has been significant work done in the field by Denning, Volpano, and others. However, most of the work deals with information-flow control inside a single monolithic application. Wide adoption of the Web service architecture and related technologies effectively solved the problem of universal standard of interconnection of independent systems into larger scale system, but largely ignored the problem of information-flow control. This thesis suggests an approach, which allows for information-flow control techniques of the decentralised label model to be applied to distributed loosely-coupled systems based on Web services. The resulting system design is compatible with existing Web service-based systems, and allows for integration of components that do not natively support information-flow control.

ntnudaim:6373

Security as a Service in Cloud for Smartphones

subramanian, lakshmi

January 2011

Smartphone usage has been continuously growing in recent times. Smartphones offer Personal Computer (PC) functionality to the end user, hence they are vulnerable to the same sorts of security threats as desktop computers. Cloud computing is a new computing paradigm and a breakthrough technology of recent times. Its growing popularity can be attributed to its ability to transform computing to a utility, scalability, and cost effectiveness. More and more services are predicted to be offered in the cloud in the near future.Due to the resource constraints of smartphones, security services in the form of a cloud offering seems to be a natural fit (as the services could be provided in a very scalable form in the cloud while off-loading the smartphone).This project proposes a generic architecture for providing security services in the cloud for smartphones. To enable the design of this architecture, it is essential to analyze and identify possible security solutions that could be provided as a cloud service to the smartphone. Security requirements of smartphones have been analysed considering the various infection channels for smartphones, attacks and threats encountered in a smartphone environment, smartphone usage scenarios and the smartphone‟s limitations. Next, the security functions that must be implemented in the smartphone to overcome these threats are identified. Furthermore, a review of the existing architectures for mobile computing are presented and their security issues are examined.A detailed study of the analysed results has been used to build the architecture for offering security services to smartphones in the cloud, targeted use case scenario being the usage in a corporate environment. The functions to be handled by each of the components of the architecture have been specified. Furthermore, the proposed architecture has been examined to prove its feasibility by analysing it in terms of its security aspects, scalability and flexibility. Additionally, experiments to understand the performance enhancement by offering security services in the cloud for smartphones have been performed. This has been done by measuring the resource consumption of anti-virus software in a smartphone and performing the same measurement in an emulated smartphone in the cloud.

ntnudaim:6410

Security Issues in OpenStack

Slipetskyy, Rostyslav

January 2011

Security Issues in OpenStack

ntnudaim:6027

Securing Cloud Storage Service

Zapolskas, Vytautas

January 2012

Cloud computing brought flexibility, scalability, and capital cost savings to the IT industry. As more companies turn to cloud solutions, securing cloud based services becomes increasingly important, because for many organizations, the final barrier to adopting cloud computing is whether it is sufficiently secure.More users rely on cloud storage as it is mainly because cloud storage is available to be used by multiple devices (e.g. smart phones, tablets, notebooks, etc.) at the same time. These services often offer adequate protection to user's private data. However, there were cases where user's private data was accessible to other user's, since this data is stored in a multi-tenant environment. These incidents reduce the trust of cloud storage service providers, hence there is a need to securely migrate data from one cloud storage provider to another.This thesis proposes a design of a service for providing Security as a Service for cloud brokers in a federated cloud. This scheme allows customers to securely migrate from one provider to another. To enable the design of this scheme, possible security and privacy risks of a cloud storage service were analysed and identified. Moreover, in order to successfully protect private data, data protection requirements (for data retention, sanitization, and processing) were analysed. The proposed service scheme utilizes various encryption techniques and also includes identity and key management mechanisms, such as "federated identity management".While our proposed design meets most of the defined security and privacy requirements, it is still unknown how to properly handle data sanitization, to meet data protection requirements, and provide users data recovery capabilities (backups, versioning, etc.).

ntnudaim:8297

On Fully Homomorphic Encryption

Fauzi, Prastudy

January 2012

Fully homomorphic encryption is an encryption scheme where a party can receive encrypted data and perform arbitrary operations on this data efficiently.The data remains encrypted throughout, but the operations can be done regardless, without having to know the decryption key.Such a scheme would be very advantageous, for example in ensuring the privacy of data that is sent to a third-party service.This is in contrast with schemes like Paillier where you can not perform a multiplication of encrypted data without decrypting the data first, or ElGamal where you can not perform an addition of encrypted data without decrypting the data first.This thesis acts as a survey of the most recent fully homomorphic encryption schemes. We study some of the latest fully homomorphic encryption schemes, make an analysis of them and make a comparison.These schemes have some elements in common:1. An efficient lattice-based cryptosystem, with security based on the hardness of well-known lattice problems. 2. An evaluation function with definitions for $c_{add}$ and $c_{mult}$, such that the noise does not rapidly increase.3. Techniques to make the scheme fully homomorphic with this evaluation function. Whenever possible, we rewrite the main results of these schemes in a more detailed and readable format.Apart from Gentry's scheme, the schemes that we choose to discuss are very new. The earliest one was published in October 2011, while some are still only available as eprints. We hope this work can help readers be up to date with the field of fully homomorphic encryption, paving way to further advances in the field.

ntnudaim:7507

Web applications - New mobile service paradigm

Ngu, Phuc Huy

January 2012

The explosion of mobile applications both in number and variety raises the need of shedding light on their architecture, composition and quality. Indeed, it is crucial to understand which mobile application paradigm fits better to what type of application and usage. Such understanding has direct consequences on the user experience, the development cost and sale revenues of mobile apps. In this thesis, we identify four main mobile application paradigms and evaluate them from the viewpoints of developers, users and service providers. To ensure objectivity and accuracy we start by defining high level criteria and then breaking down into finer-grained criteria. After a theoretical evaluation an implementation was carried out as a practical verification to ensure that the method adopted in analysis and evaluation is trusted and applicable. The selected application is object recognition app, which is both exciting and challenging to develop.

ntnudaim:7449

Automated Security Compliance Tool for the Cloud

Ullah, Kazi Wali

January 2012

Security, especially security compliance, is a major concern that is slowing down the large scale adoption of cloud computing in the enterprise environment. Business requirements, governmental regulations and trust are among the reasons why the enterprises require certain levels of security compliance from cloud providers. So far, this security compliance or auditing information has been generated by security specialists manually. This process involves manual data collection and assessment which is slow and incurs a high cost. Thus, there is a need for an automated compliance tool to verify and express the compliance level of various cloud providers. Such a tool can reduce the human intervention and eventually reduce the cost and time by verifying the compliance automatically. Also, the tool will enable the cloud providers to share their security compliance information using a common framework. In turn, the common framework allows clients to compare various cloud providers based on their security needs. Having these goals in mind, we have developed an architecture to build an automated security compliance tool for a cloud computing platform. We have also outlined four possible approaches to achieve this automation. These possible four approaches refer to four design patterns to collect data from the cloud system and these are: API, vulnerability scanning, log analysis and manual entry. Finally, we have implemented a proof-of-concept prototype of this automated security compliance tool using the proposed architecture. This prototype implementation is integrated with OpenStack cloud platform, and the results are exposed to the users of the cloud following the CloudAudit API structure defined by Cloud Security Alliance.

ntnudaim:7219

An automatic protocol composition checker

Kojovic, Ivana

January 2012

Formal analysis is widely used to prove security properties of the protocols. There are tools to check protocols in isolation, but in fact we use many protocols in parallel or even vertically stacked, e.g. running an application protocol (like login) over a secure channel (like TLS) and in general it is unclear if that is safe. There are several works that give sufficient conditions for parallel and vertical composition, but there exists no program to check whether these conditions are actually met by a given suite of protocols.The aim of the master thesis project is to implement a protocol composition checker and present it as a service for registering protocols and checking compatibility of the protocols among each other. In order to establish the checker, it is necessary to collect and integrate different conditions defined through the literature. Also, we will define a framework based on Alice and Bob notation, so the checker can examine protocols in an unambiguous manner.Further we will develop a library of widely-used protocols like TLS that are provenly compatible with each other and define a set of negative example proto- cols to test the checker.We want to implement the checker as an extension of the existing Open-Source Fixed-Point Model-Checker OFMC to easily integrate our composition checker with a existing verification procedure that support Alice and Bob notation.

ntnudaim:7257

Fallen and Changed: Tracing the Biblical-Mythological Origins of Mikhail Bulgakov's Azazello and Korov'ev

Mason, Elliot

January 2010

In his analysis of Mikhail Bulgakov’s The Master and Margarita, Elliot Mason explores the biblical and mythological ancestry of two of the novel’s most under-studied demonic characters: Azazello and Korov′ev-Fagot. Both characters, it is argued, serve important thematic roles within The Master and Margarita, acting as symbols of the oppressed artist, creativity and judgement. Azazello and Korov′ev-Fagot are integral to an eschatological reading of the text, with Korov′ev in particular suggesting new areas of Faustian influence within The Master and Margarita. Azazello’s relevance to the novel is discussed in terms of his relationship with another of Bulgakov’s characters: the demon Abaddon. Through an examination of the biblical, literary and mythological development of the myth of the Azazel-figure throughout history, Mason argues a thematic, and perhaps even more tangible, connection between the two characters. In the context of Bulgakov’s novel, it is argued, Azazello and Abaddon are interrelated, and it is this relationship that sheds new light on the thematic importance of either character to The Master and Margarita. An examination of older, non-canonical biblical texts allows the connection between Azazel and Abaddon to be explored and applied to Bulgakov’s novel. It is argued that Bulgakov himself, upon reading the texts studied, came to many of the same conclusions, and that these conclusions resulted in the connectedness of Azazello and Abaddon within The Master and Margarita. The second chapter of Mason’s study is devoted to tracing the heritage of the character, Kovo′ev-Fagot. A number of references and clues within The Master and Margarita are suggestive of the fact that Bulgakov had a particular literary, mythological or contemporary figure in mind when he created the character. Despite these references, Bulgakovian scholars have so far been unable to identify precisely whom Bulgakov was drawing on as inspiration for Korov′ev. Using the information provided by The Master and Margarita, Mason argues for a reading of Korov′ev-Fagot as the biblical, mythological sea-beast, Leviathan. He further links the character with Mephistopheles, finding a connection between Leviathan and Mephistopheles in a lesser-known version of the Faust legend, which replaces the name of one with the other. An overview of Leviathan’s eschatological and thematic functions, as well as his relationship with Egyptian and Norse chaos serpents, is used in order to provide the demonological background of the figure to a potentially non-specialist audience. The themes explored in this section of the argument are then applied to The Master and Margarita itself, in order to better understand the intended role of Korov′ev-Fagot to Bulgakov’s work. The identification of Korov′ev-Fagot with Leviathan and Mephistopheles, as well as that of Azazello with Abaddon, serves as a foundation of information, compiled in order that future interpretations may hopefully draw from it.

mikhail bulgakov

russian literature

master and margarita

Russian