J.L. Gonzalez-Compean

FedIDS: a federated cloud storage architecture and satellite image delivery service for building dependable geospatial platforms

ABSTRACT Earth observation satellites produce large amounts of images/data that not only must be processed and preserved in reliable geospatial platforms but also efficiently disseminated among partners/researchers for creating derivative products through collaborative workflows. Organizations can face up this challenge in a cost-effective manner by using cloud services. However, outages and violations of integrity/confidentiality associated to this technology could arise. This article presents FedIDS, a suite of cloud-based components for building dependable geospatial platforms. The Fed component enables organizations to build shared geospatial data infrastructure through federation of independent cloud resources to withstand outages, whereas IDS avoids violations of integrity/confidentiality of images/data in sharing information and collaboration workflows. A FedIDS prototype, deployed in Spain and Mexico, was evaluated through a study case based on a satellite imagery captured by a Mexican antenna and another based on a satellite imagery of a European observation mission. The acquisition, storage and sharing of images among users of the federation, the exchange of images between Mexican and Spanish sites and outage scenarios were evaluated. The evaluation revealed the feasibility, reliability and efficiency of FedIDS, in comparison with available solutions, in terms of performance, storage consume and integrity/confidentiality when sharing images/data in collaborative scenarios.

A pairing-based cryptographic approach for data security in the cloud

This paper presents AES4SeC, a security scheme fully constructed over cryptographic pairings. The main building blocks of AES4SeC are attribute-based encryption (ABE) and short signatures (SSign), with generalized constructions for the Type 3 pairing. AES4SeC was developed as an end-to-end storage service for hybrid cloud models and integrated to a file-sharing application for scenarios where data owners upload content to the cloud and selectively decide who is able to access that content. An experimental evaluation of AES4SeC was conducted by testing different security levels, recommended key sizes, and cryptographic engine constructions. This led to a wide experimental evaluation in terms of the running times of the primitive operations (encrypt, decrypt, sign, verify) and the space complexity of the ciphertexts, private and public keys, and the signatures. The implementation results revealed the feasibility and flexibility of AES4SeC in real scenarios, whereas a fine-tuning evaluation revealed that the best results in terms of performance and memory requirements are obtained using Type 3 pairings over type F elliptic curves. This is a relevant result because most of the ABE and SSign schemes in the literature are provided for the Type 1 pairing (symmetric) over type A curves, which exhibited poorer results.

RS-Pooling: an adaptive data distribution strategy for fault-tolerant and large-scale storage systems

Storage pooling is a virtualization technique used in data centers to build upgradeable storage pools and to face up the explosive growth of information. In this technique, a randomized data distribution strategy (DDS) ensures the load balancing when adding new devices to the pool by using reallocation mechanisms. However, when applying fault-tolerant schemes to the storage pools, the system produces r redundant objects from a common data source and DDS must allocate them in different devices, which increases the complexity of the reallocation operations performed during the upgrade procedures. This paper presents RS-Pooling: an adaptive DDS for fault-tolerant and large-scale storage systems. RS-Pooling builds storage pools by grouping devices into disjointed sub-pools and ensures the effectiveness of fault-tolerant schemes by performing the allocation of redundant objects from a common data source in different sub-pools. In RS-Pooling, the first redundant object is allocated in random manner whereas the rest of them are allocated by using a cyclic list of sub-pools, this procedure minimizes the amount of reallocation operations, and fosters load balancing. We performed an emulation-based evaluation of RS-Pooling and a traditional DDS for storage pooling called RUSHp. The evaluation reveals that RS-Pooling improves the time efficiency of look up operations compared to that obtained from RUSHp. The evaluation also shows that, in upgrade procedures and regardless of the initial settlement, RS-Pooling requires significantly less reallocation operations than that of RUSHp for load balancing of fault-tolerant storage pools.

Sacbe: A building block approach for constructing efficient and flexible end-to-end cloud storage

Abstract End-to-end solutions enable users to protect their data, before sending them to the cloud, from confidentiality violations, service outages and vendor lock-in incidents. These solutions however require the integration and orchestration of multiple applications that affect the end-user service experience. This paper presents Sacbe, an approach for building efficient and flexible end-to-end cloud storage based on building blocks (BB), which are logical representations of independent applications encapsulated into containers. The developers can build structures such as pipelines, stacks and/or clusters of applications by chaining BBs through I/O interfaces. These structures enable users to move/process data/metadata in continuous dataflows from their devices to the cloud and enables organizations to build cloud storage services. We implemented a complete realization of an end-to-end cloud storage solution, which includes pipelines of BBs running on client-side for end-users to ensure in-house the confidentiality and reliability of data as well as stacks and clusters of BBs to build authentication, sharing, and storage services in a private cloud. This prototype was evaluated through controlled experimentation and a case study based on a satellite imagery, which revealed the feasibility of end-to-end solutions built with Sacbe as the end-user service experience was significantly improved in comparison with other solutions.

A Dependable Massive Storage Service for Medical Imaging

We present the construction of Babel, a distributed storage system that meets stringent requirements on dependability, availability, and scalability. Together with Babel, we developed an application that uses our system to store medical images. Accordingly, we show the feasibility of our proposal to provide an alternative solution for massive scientific storage and describe the software architecture style that manages the DICOM images life cycle, utilizing Babel like a virtual local storage component for a picture archiving and communication system (PACS-Babel Interface). Furthermore, we describe the communication interface in the Unified Modeling Language (UML) and show how it can be extended to manage the hard work associated with data migration processes on PACS in case of updates or disaster recovery.

CloudChain: A novel distribution model for digital products based on supply chain principles

Abstract Cloud computing is a popular outsourcing solution for organizations to support the information management during the life cycle of digital information goods. However, outsourcing management with a public provider results in a lack of control over digital products, which could produce incidents such as data unavailability during service outages, violations of confidentiality and/or legal issues. This paper presents a novel distribution model of digital products inspired by lean supply chain principles called CloudChain, which has been designed to support the information management during digital product lifecycle. This model enables connected networks of customers, partners and organizations to conduct the stages of digital product lifecycle as value chains. Virtual distribution channels are created over cloud resources for applications of organizations to deliver digital products to applications of partners through a seamless information flow. A configurable packing and logistic service was developed to ensure confidentiality and privacy in the product delivery by using encrypted packs. A chain management architecture enables organizations to keep tighter control over their value chains, distribution channels and digital products. CloudChain software instances were integrated to an information management system of a space agency. In an experimental evaluation CloudChain prototype was evaluated in a private cloud where the feasibility of applying supply chain principles to the delivery of digital products in terms of efficiency, flexibility and security was revealed.

Protecting Data in the Cloud: An Assessment of Practical Digital Envelopes from Attribute based Encryption.

Cloud storage services provide users with an effective and inexpensive mechanism to store and manage big data with anytime and anywhere availability. However, data owners face the risk of losing control over their data, which could be accessed by third non-authorized parties including the provider itself. Although conventional encryption could avoid data snooping, an access control problem arises and the data owner must implement the security mechanisms to store, manage and distribute the decryption keys. This paper presents a qualitative and quantitative evaluation of two Java implementations of security schemes called DET-ABE and AES4SeC. Both are based on the digital envelope technique and attribute based encryption, a non-conventional cryptography that ensures confidentiality and access control security services. The experimental evaluation was performed in a private cloud infrastructure where experiments for both implementations ran using the same platform, settings, underlying libraries, thus providing a more fair comparison. The quantitative evaluation revealed DET-ABE and AES4SeC have similar performance when applying low security levels (128-bit keys), whereas DET-ABE surpasses AES4SeC performance when medium (192-bit keys) and high (256-bit keys) security levels are required. Qualitative evaluation shows that AES4SeC also ensures authentication and integrity services, which are not supported by DET-ABE.

Assessment of Private Cloud Infrastructure Monitoring Tools - A Comparison of Ceilometer and Monasca

Cloud monitoring tools are a popular solution for both cloud users and administrators of private cloud infrastructures. These tools provide information that can be useful for effective and efficient resource consumption management, supporting the decision-making process in scenarios where administrators must react rapidly to saturation and failure events. However, the estimation of the impact on host systems in a private cloud is not a trivial issue for administrators, specially when monitoring measurements are required in reduced periods of times. This paper presents a performance comparison between two free and well supported cloud monitoring tools called Ceilometer and Monasca, deployed on a private cloud infrastructure. This comparison is mainly focused on evaluating these tools ability to obtain monitoring information in short time intervals for early detection of resource constraints. The impact of resource consumption on the performance of host systems produced by both tools was analyzed and the evaluation revealed that Monasca produced a better performance than Ceilometer for evaluated scenarios and that, according to the learned lessons in this comparison, Monasca represents a suitable option for being integrated into an adaptive cloud resource management system.