Adnan Akhunzada

Securing software defined networks: taxonomy, requirements, and open issues

The emergence of SDNs promises to dramatically simplify network management and enable innovation through network programmability. Despite all the hype surrounding SDNs, exploiting its full potential is demanding. Security is still the key concern and is an equally striking challenge that reduces the growth of SDNs. Moreover, the deployment of novel entities and the introduction of several architectural components of SDNs pose new security threats and vulnerabilities. Besides, the landscape of digital threats and cyber-attacks is evolving tremendously, considering SDNs as a potential target to have even more devastating effects than using simple networks. Security is not considered as part of the initial SDN design; therefore, it must be raised on the agenda. This article discusses the state-of-the-art security solutions proposed to secure SDNs. We classify the security solutions in the literature by presenting a thematic taxonomy based on SDN layers/interfaces, security measures, simulation environments, and security objectives. Moreover, the article points out the possible attacks and threat vectors targeting different layers/interfaces of SDNs. The potential requirements and their key enablers for securing SDNs are also identified and presented. Also, the article gives great guidance for secure and dependable SDNs. Finally, we discuss open issues and challenges of SDN security that may be deemed appropriate to be tackled by researchers and professionals in the future.

Network-centric Performance Analysis of Runtime Application Migration in Mobile Cloud Computing

Abstract Mobile cloud computing alleviates the limitations of resource-constrained mobile devices by leveraging the cloud resources. Currently, software-level solutions, also known as computational offloading, migrate the cloud-based mobile applications at runtime to the cloud datacenter to optimize the application execution time. However, the application execution frameworks mainly focus on migrating the application without considering the various critical network-centric parameters, such as traffic load and mobility speed, in application migration decision. In this paper, we analyze the effect of network-centric parameters on the application migration process. The performance of the migration process is analyzed by simulating the migration process in OMNeT++. The effects of various parameters, such as number of users in a WLAN, size of a file containing the application and its running states, traffic load on the wireless access point, message length, number of hops to the cloud, and mobility speed, are studied on the application performance metrics such as application migration time and packet drop ratio. Our analysis shows that the application and its running states migration time is affected by the changes in the network conditions. Based on our research findings, we recommend application execution framework designers to incorporate the network-centric parameters along with other parameters in the decision process of the application migration.

Remote Data Auditing in Cloud Computing Environments: A Survey, Taxonomy, and Open Issues

Cloud computing has emerged as a long-dreamt vision of the utility computing paradigm that provides reliable and resilient infrastructure for users to remotely store data and use on-demand applications and services. Currently, many individuals and organizations mitigate the burden of local data storage and reduce the maintenance cost by outsourcing data to the cloud. However, the outsourced data is not always trustworthy due to the loss of physical control and possession over the data. As a result, many scholars have concentrated on relieving the security threats of the outsourced data by designing the Remote Data Auditing (RDA) technique as a new concept to enable public auditability for the stored data in the cloud. The RDA is a useful technique to check the reliability and integrity of data outsourced to a single or distributed servers. This is because all of the RDA techniques for single cloud servers are unable to support data recovery; such techniques are complemented with redundant storage mechanisms. The article also reviews techniques of remote data auditing more comprehensively in the domain of the distributed clouds in conjunction with the presentation of classifying ongoing developments within this specified area. The thematic taxonomy of the distributed storage auditing is presented based on significant parameters, such as scheme nature, security pattern, objective functions, auditing mode, update mode, cryptography model, and dynamic data structure. The more recent remote auditing approaches, which have not gained considerable attention in distributed cloud environments, are also critically analyzed and further categorized into three different classes, namely, replication based, erasure coding based, and network coding based, to present a taxonomy. This survey also aims to investigate similarities and differences of such a framework on the basis of the thematic taxonomy to diagnose significant and explore major outstanding issues.

Secure and dependable software defined networks

The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and well-managed next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwarding plane, and enabling innovation through network programmability. Despite the promising architecture of SDNs, security was not considered as part of the initial design. Moreover, security concerns are potentially augmented considering the logical centralization of network intelligence. Furthermore, the security and dependability of the SDN has largely been a neglected topic and remains an open issue. The paper presents a broad overview of the security implications of each SDN layer/interface. This paper contributes further by devising a contemporary layered/interface taxonomy of the reported security vulnerabilities, attacks, and challenges of SDN. We also highlight and analyze the possible threats on each layer/interface of SDN to help design secure SDNs. Moreover, the ensuing paper contributes by presenting the state-of-the-art SDNs security solutions. The categorization of solutions is followed by a critical analysis and discussion to devise a comprehensive thematic taxonomy. We advocate the production of secure and dependable SDNs by presenting potential requirements and key enablers. Finally, in an effort to anticipate secure and dependable SDNs, we present the ongoing open security issues, challenges and future research directions.

Man-At-The-End attacks

Man-At-The-End (MATE) attacks and fortifications are difficult to analyze, model, and evaluate predominantly for three reasons: firstly, the attacker is human and, therefore, utilizes motivation, creativity, and ingenuity. Secondly, the attacker has limitless and authorized access to the target. Thirdly, all major protections stand up to a determined attacker till a certain period of time. Digital assets range from business to personal use, from consumer devices to home networks, the public Internet, the cloud, and the Internet of Things - where traditional computer and network security are inadequate to address MATE attacks. MATE is fundamentally a hard problem. Much of the extant focus to deal with MATE attacks is purely technical; though security is more than just a technical issue. The main objective of the paper is to mitigate the consequences of MATE attacks through the human element of security and highlight the need for this element to form a part of a holistic security strategy alongside the necessary techniques and technologies. This paper contributes by taking software protection (SP) research to a new realm of challenges. Moreover, the paper elaborates the concept of MATE attacks, the different forms, and the analysis of MATE versus insider threats to present a thematic taxonomy of a MATE attack. The ensuing paper also highlights the fundamental concept of digital assets, and the core protection mechanisms and their qualitative comparison against MATE attacks. Finally, we present state-of-the-art trends and cutting-edge future research directions by taking into account only the human aspects for young researchers and professionals.

Impact analysis and change propagation in service-oriented enterprises

ContextThe adoption of Service-oriented Architecture (SOA) and Business Process Management (BPM) is fairly recent. The major concern is now shifting towards the maintenance and evolution of service-based business information systems. Moreover, these systems are highly dynamic and frequent changes are anticipated across multiple levels of abstraction. Impact analysis and change propagation are identified as potential research areas in this regard. ObjectiveThe aim of this study is to systematically review extant research on impact analysis and propagation in the BPM and SOA domains. Identifying, categorizing and synthesizing relevant solutions are the main study objectives. MethodThrough careful review and screening, we identified 60 studies relevant to 4 research questions. Two classification schemes served to comprehend and analyze the anatomy of existing solutions. BPM is considered at the business level for business operations and processes, while SOA is considered at the service level as deployment architecture. We focused on both horizontal and vertical impacts of changes across multiple abstraction layers. ResultsImpact analysis solutions were mainly divided into dependency analysis, traceability analysis and history mining. Dependency analysis is the most frequently adopted technique followed by traceability analysis. Further categorization of dependency analysis indicates that graph-based techniques are extensively used, followed by formal dependency modeling. While considering hierarchical coverage, inter-process and inter-service change analyses have received considerable attention from the research community, whereas bottom-up analysis has been the most neglected research area. The majority of change propagation solutions are top-down and semi-automated. ConclusionsThis study concludes with new insight suggestions for future research. Although, the evolution of service-based systems is becoming of grave concern, existing solutions in this field are less mature. Studies on hierarchical change impact are scarce. Complex relationships of services with business processes and semantic dependencies are poorly understood and require more attention from the research community.

Towards Dynamic Remote Data Auditing in Computational Clouds

Cloud computing is a significant shift of computational paradigm where computing as a utility and storing data remotely have a great potential. Enterprise and businesses are now more interested in outsourcing their data to the cloud to lessen the burden of local data storage and maintenance. However, the outsourced data and the computation outcomes are not continuously trustworthy due to the lack of control and physical possession of the data owners. To better streamline this issue, researchers have now focused on designing remote data auditing (RDA) techniques. The majority of these techniques, however, are only applicable for static archive data and are not subject to audit the dynamically updated outsourced data. We propose an effectual RDA technique based on algebraic signature properties for cloud storage system and also present a new data structure capable of efficiently supporting dynamic data operations like append, insert, modify, and delete. Moreover, this data structure empowers our method to be applicable for large-scale data with minimum computation cost. The comparative analysis with the state-of-the-art RDA schemes shows that the proposed scheme is secure and highly efficient in terms of the computation and communication overhead on the auditor and server.

A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specification and Verification

Sharing of resources on the cloud can be achieved on a large scale, since it is cost effective and location independent. Despite the hype surrounding cloud computing, organizations are still reluctant to deploy their businesses in the cloud computing environment due to concerns in secure resource sharing. In this paper, we propose a cloud resource mediation service offered by cloud service providers, which plays the role of trusted third party among its different tenants. This paper formally specifies the resource sharing mechanism between two different tenants in the presence of our proposed cloud resource mediation service. The correctness of permission activation and delegation mechanism among different tenants using four distinct algorithms (activation, delegation, forward revocation, and backward revocation) is also demonstrated using formal verification. The performance analysis suggests that the sharing of resources can be performed securely and efficiently across different tenants of the cloud.

Distance-Based and Low Energy Adaptive Clustering Protocol for Wireless Sensor Networks

A wireless sensor network (WSN) comprises small sensor nodes with limited energy capabilities. The power constraints of WSNs necessitate efficient energy utilization to extend the overall network lifetime of these networks. We propose a distance-based and low-energy adaptive clustering (DISCPLN) protocol to streamline the green issue of efficient energy utilization in WSNs. We also enhance our proposed protocol into the multi-hop-DISCPLN protocol to increase the lifetime of the network in terms of high throughput with minimum delay time and packet loss. We also propose the mobile-DISCPLN protocol to maintain the stability of the network. The modelling and comparison of these protocols with their corresponding benchmarks exhibit promising results.

Survey on network virtualization using openflow : Taxonomy, opportunities, and open issues

The popularity of network virtualization has recently regained considerable momentum because of the emergence of OpenFlow technology. It is essentially decouples a data plane from a control plane a ...