John Zic

Accountability as a Service for the Cloud

Computing resource provisioning through the use of the Cloud computing paradigm has triggered revolutions in modern day computing. It is a new paradigm for deploying services on rented machines. On the other hand, Service Oriented Architecture (SOA) has gained wide adoption among organizations due to the importance of collaborations and outsourcing. Therefore the Cloud’s enormous capacity with comparable low cost makes it an ideal platform for SOA deployment. The overall correctness of the SOA deployed in the Cloud depends on the correctness of all individual participants. As the SOA usually spans multiple administration domains, concluding the faulty service and making the provider responsible become a challenging task. In this paper, we propose a novel design to achieve Trustworthy Service Oriented Architecture (TSOA) in the Cloud through enforcing strong accountability. In such system not only the root of a fault can always be concluded to the guilty participant(s), each conclusion is supported with non-disputable evidence. We also implemented a demonstrative system to show its effectiveness in real practice. Our testing figure indicates the cost of incorporating our design to SOA in the cloud is acceptable.

Secure multi-hop network programming with multiple one-way key chains

Current network programming protocols provide an efficient way to update program images running on sensor nodes without having physical access to them. Securing these updates, however, remains a challenging and important issue, given the open environment where sensor nodes are often deployed. Several approaches addressing these issues have been reported, but their use of cryptographically strong protocols means that their computational costs (and hence, power consumption and communication costs) are relatively high. In this paper, we propose a novel scheme to secure a multihop network programming protocol through the use of multiple one-way hash chains. The scheme is shown to be lower in computational, power consumption, and communication costs yet still able to secure multihop propagation of program images. We demonstrate the use of this scheme and provide some results using the popular network programming protocol, Deluge. In addition, we include a performance evaluation of our scheme, implemented in TinyOS, in terms of latency and energy consumption.

Performance Evaluation and Modeling of Web Services Security

While Web Services Security (WSS) enhances the security of web services, it may also introduce additional performance overheads to standard web services due to additional CPU processing and larger messages transferred. In this paper, we aim at clarifying this concern by conducting a quantitative performance evaluation of WSS overhead. Based on the evaluation, we extend our existing web services performance model by taking the extra WSS overheads into account. The extended performance model is validated on different environments with different messages sizes and WSS security policies.

A confidential and DoS-resistant multi-hop code dissemination protocol for wireless sensor networks

Code dissemination protocols provide a convenient way to update program images via wireless communication. Due to the open environment in which Wireless Sensor Networks (WSNs) are typically deployed, it is important that a code dissemination protocol ensures that a program image update can be authenticated as coming from a trusted source. In some applications it is also required that the data be kept confidential in spite of the possibility of message interception. Authentication and confidentiality are implemented through cryptographic operations which may be expensive in power consumption, making a protocol with these features vulnerable to attack by an adversary who transmits forged data, forcing nodes to waste energy in identifying it as invalid i.e., a signature-based DoS attack). Additionally, in multi-hop dissemination protocols, each sensor node is required to broadcast its program image when requested by its neighbors. An adversary could repeatedly send spurious program image requests to its neighbors, making them exhaust their energy reserves i.e., request-based DoS attack). In this paper, we present a new approach to achieve confidentiality in multi-hop code dissemination. We propose counter-measures against both types of DoS attacks mentioned above. To our knowledge, we are the first to integrate confidentiality and DoS-attack-resistance in a multi-hop code dissemination protocol. Our approach is based on Deluge, an open source, state-of-the-art code dissemination protocol for WSNs. In addition, We provide a performance evaluation in terms of latency and energy consumption in our scheme, compared with the original Deluge and the existing secure Deluge.

Evaluation and Modeling of Web Services Performance

While Web services have been widely accepted as a platform-independent services-oriented technology, its performance remains a concern due to the verbosity and inefficiency inherent from using text-based XML. This paper presents a study of Web services performance by evaluating the current implementations of Web services and comparing them with a number of alternative technologies. This study gives a picture of the current Web services performance behaviors and develops a simple performance model that can be used to estimate Web services latencies

A Performance Evaluation of Web Services Security

Web services security (WSS) has been approved as a standard by OASIS and widely adopted in the industry as a solution for enhancing the security of Web services. However, the performance of WSS remains a concern due to the additional security contents added to SOAP message and the extra service time for processing these security contents. This paper aims at clarifying this concern by conducting a performance evaluation of WSS. A simple Web service is designed and used for performance testing with a variety of WSS polices and message sizes. The test results are categorized, compared and analyzed to work out the overheads for individual security setting. This work is expected to provide an overview and guidance for WSS performance overhead

Secure Multihop Network Programming with Multiple One-Way Key Chains

Current network programming protocols provide an efficient way to update program images running on sensor nodes without having physical access to them. Securing these updates, however, remains a challenging and important issue, given the open environment where sensor nodes are often deployed. Several approaches addressing these issues have been reported, but their use of cryptographically strong protocols means that their computational costs (and hence, power consumption and communication costs) are relatively high. In this paper, we propose a novel scheme to secure a multihop network programming protocol through the use of multiple one-way hash chains. The scheme is shown to be lower in computational, power consumption, and communication costs yet still able to secure multihop propagation of program images. We demonstrate the use of this scheme and provide some results using the popular network programming protocol, Deluge. In addition, we include a performance evaluation of our scheme, implemented in TinyOS, in terms of latency and energy consumption.

Accountability as a Service for the Cloud: From Concept to Implementation with BPEL

The emergence of computing resource provisioning known as the Cloud has revolutionized the modern day computing. It has provided a cheap and yet reliable alternative computing platform for whoever with huge needs for computing resources. Moreover, its charm has been further reinforced by the concept of Service Oriented Architecture (SOA), which allows your business processes conducted by services to be flexibly integrated with other collaborating services to form new value-added business products. In this sense, the enormous computing capability and transmission bandwidth of the Cloud make it an ideal platform to be a serviceful computing environment. However, the overall correctness of the SOA depends on the correctness of all participants. As systems like this usually span multiple administration domains, concluding the faulty service and making the provider responsible become a challenging task. In this paper, we propose a novel design to enforce strong accountability in the SOA deployed in the Cloud. With this accountability, not only faults can always be bound to their causers, this binding is always provable and undeniable. We have implemented a demonstrative system to show its effectiveness in real practice.

Topology control with Hexagonal Tessellation

Geographic Adaptive Fidelity (GAF) is an important topology control approach in Wireless Sensor Networks. It extends the system lifetime by exploiting node redundancy. However, the properties of the square grid in GAF have not been fully studied. This paper shows that there exists an unreachable corner in the GAF grid architecture. Using an analytical model, we are able to calculate the unreachable probability and analyse its impacts on data delivery. We propose to replace the square grid of GAF with Hexagonal Tessellation (GAF-h). We then proceed to prove that GAF-h is able to achieve zero loss with little extra cost when compared to the original scheme. A node association algorithm is also proposed for efficient implementation. This algorithm is proved to integrate with the original GAF protocol with little computing overhead.

Expressing and Reasoning about Service Contracts in Service-Oriented Computing

The Web services and service-oriented architectures (SOA) vision by Helland, P. (2005) is about building large-scale distributed applications by composing coarse-grained autonomous services in a flexible architecture that can adapt to changing business requirements. These services interact by exchanging one-way messages through standardized message processing and transport protocols. This vision is being driven by economic imperatives for integration and automation across administrative and organizational boundaries. This paper presents a concise yet expressive model for service contracts to describe messaging behavior. The idea is simple: we use Boolean conditions to specify when a message can be sent and received, where the conditions refer only to other messages in the service contract - that is, conditions only refer to a services externalized messaging state and not to internal state