Massimo Ficco

Smart Cloud Storage Service Selection Based on Fuzzy Logic, Theory of Evidence and Game Theory

Cloud platforms encompass a large number of storage services that can be used to manage the needs of customers. Each of these services, offered by a different provider, is characterized by specific features, limitations and prices. In presence of multiple options, it is crucial to select the best solution fitting the customer requirements in terms of quality of service and costs. Most of the available approaches are not able to handle uncertainty in the expression of subjective preferences from customers, and can result in wrong (or sub-optimal) service selections in presence of rational/selfish providers, exposing untrustworthy indications concerning the quality of service levels and prices associated to their offers. In addition, due to its multi-objective nature, the optimal service selection process results in a very complex task to be managed, when possible, in a distributed way, for well-known scalability reasons. In this work, we aim at facing the above challenges by proposing three novel contributions. The fuzzy sets theory is used to express vagueness in the subjective preferences of the customers. The service selection is resolved with the distributed application of fuzzy inference or Dempster-Shafer theory of evidence. The selection strategy is also complemented by the adoption of a game theoretic approach for promoting truth-telling ones among service providers. We present empirical evidence of the proposed solution effectiveness through properly crafted simulation experiments.

Interconnecting Federated Clouds by Using Publish-Subscribe Service

Cloud Federation is an emerging computing model where multiple resources from independent Cloud providers are leveraged to create large-scale distributed virtual computing clusters, operating as into a single Cloud organization. This model enables the implementation of environmental diversity for Cloud applications, and overcomes the provisioning and scalability limits of a single Cloud, by introducing minimal additional cost for the Cloud consumer. In such a scenario, it is necessary to leverage on specific networking technologies that enable the effective support of inter-Cloud communication services between Cloud providers. This paper proposes an interconnection solution for Cloud federations based on publish/subscribe services. Moreover, we discuss some fundamental concerns needed to satisfy the inter-Cloud communication requirements in terms of reliability and availability. Finally, we present some experimental results that highlight some key reliability and denial of service vulnerability concerns in this domain.

Indoor and outdoor location based services for portable wireless devices

Designing and developing location-aware portable software applications is challenging, since most location-estimation methods i) require non-standard features either in the mobile terminal or in the network infrastructure, and ii) they are specifically designed for either indoor or outdoor. Moreover, installing and tuning systems that rely on such location methods may be quite a complex operation. In this paper we propose a software architecture that makes a combined use of indoor and outdoor location-sensing technologies. On top of the architecture there is a generic API, aimed at supporting the development of hybrid (indoor/outdoor) applications at a high level of abstraction, independent of the location technology. The API is meant to support applications for which the exact position of a mobile terminal is not a primary requirement, but it suffices to identify the terminal position in a known set of zones (e.g., rooms indoor, or pre-defined outdoor areas). The software architecture is designed: i) to ensure compliance with emerging positioning standards and commercial devices, in order to leverage the interoperability with third-party developed services, and ii) to be based on low-cost and easily deployable and tunable indoor positioning infrastructures. An implementation of the architecture is described, based on Bluetooth and GPS technologies, so as to outline the major implementation issues.

A knowledge-based platform for Big Data analytics based on publish/subscribe services and stream processing

Knowledge-based solution for automatic schema mapping to manage data heterogeneity.Automatic ontology extraction and semantic inference for novel Big Data analytics.Integration with publish/subscribe services for large-scale analytics infrastructures. Big Data analytics is considered an imperative aspect to be further improved in order to increase the operating margin of both public and private enterprises, and represents the next frontier for their innovation, competition, and productivity. Big Data are typically produced in different sectors of the above organizations, often geographically distributed throughout the world, and are characterized by a large size and variety. Therefore, there is a strong need for platforms handling larger and larger amounts of data in contexts characterized by complex event processing systems and multiple heterogeneous sources, dealing with the various issues related to efficiently disseminating, collecting and analyzing them in a fully distributed way.In such a scenario, this work proposes a way to overcome two fundamental issues: data heterogeneity and advanced processing capabilities. We present a knowledge-based solution for Big Data analytics, which consists in applying automatic schema mapping to face with data heterogeneity, as well as ontology extraction and semantic inference to support innovative processing. Such a solution, based on the publish/subscribe paradigm, has been evaluated within the context of a simple experimental proof-of-concept in order to determine its performance and effectiveness.

Security event correlation approach for cloud computing

Cloud computing is a new business model, which represents an opportunity for users, companies, and public organisations to reduce costs and increase efficiency, as well as an alternative way for providing services and resources. In this pay-by-use model, security plays a key role. Cyber attacks are a serious danger, which can compromise the quality of the service delivered to the customers, as well as the costs of the provided cloud resources and services. In this paper, a hybrid and hierarchical event correlation approach for intrusion detection in cloud computing is presented. It consists of detecting intrusion symptoms by collecting diverse information at several cloud architectural levels, using distributed security probes, as well as performing complex event analysis based on a complex event processing engine. The escalation process from intrusion symptoms to the identified cause and target of the intrusion is driven by a knowledge-base represented by an ontology. A prototype implementation of the proposed intrusion detection solution is also presented.

Stealthy Denial of Service Strategy in Cloud Computing

The success of the cloud computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection delay is, the higher the costs to be incurred. Therefore, a particular attention has to be paid for stealthy DoS attacks. They aim at minimizing their visibility, and at the same time, they can be as harmful as the brute-force attacks. They are sophisticated attacks tailored to leverage the worst-case performance of the target system through specific periodic, pulsing, and low-rate traffic patterns. In this paper, we propose a strategy to orchestrate stealthy attack patterns, which exhibit a slowly-increasing-intensity trend designed to inflict the maximum financial cost to the cloud customer, while respecting the job size and the service arrival rate imposed by the detection mechanisms. We describe both how to apply the proposed strategy, and its effects on the target system deployed in the cloud.

Calibrating Indoor Positioning Systemswith Low Efforts

Recently, the positioning techniques based on the IEEE 802.11 signal strength are becoming the dominant solutions in the mobile device localization within indoor scenarios. Such solutions are characterized by two main pitfalls that compromise their effective usage in real application environments. First, during the calibration, a large amount of manual effort is required for acquiring a massive collection of training samples. Second, the positioning accuracy is directly related to the deployment of the wireless access points into the workspace, which is extremely time-consuming and requires human intervention. This paper presents an approach to reduce the manual calibration and to optimize the positioning accuracy, by selecting the best deployment schema of the wireless access points. The approach has been implemented in a tool, which uses an analytical signal propagation model to build the radio map of a given workspace, and exploits a multi-objective genetic algorithm to identify the best access points placement pattern that fits the required accuracy. A detailed experimental campaign is presented in order to show the benefits achievable by the proposed approach.

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

This work analyzes a new and very subtle kind of security threat that can affect large-scale cloud-based IT service infrastructures, by exploiting the computational resources of their component data center to waste as much energy as possible. The consequence of these threats ranges from increased costs in the energy bill, to penalization for exceeding the agreed quantity of greenhouse gases (GHG) emissions, up to complete denial of service caused by electrical outages due to power budget exhaustion. We analyzed different types of such attacks with their potential impacts on the energy consumption, modeled their behavior and quantified how current energy-proportional technologies may provide attackers with great opportunities for raising the target facility emissions and costs. These efforts resulted in a simple model with some parametric reference values that can be used to estimate the impact of such attacks also in presence of very large infrastructures containing thousands or millions of servers.

Intrusion Tolerant Approach for Denial of Service Attacks to Web Services

Intrusion Detection Systems are the major technology used for protecting information systems. However, they do not directly detect intrusion, but they only monitor the attack symptoms. Therefore, no assumption can be made on the outcome of the attack, no assurance can be assumed once the system is compromised. The intrusion tolerance techniques focus on providing minimal level of services, even when the system has been partially compromised. This paper presents an intrusion tolerant approach for Denial of Service attacks to Web Services. It focuses on the detection of attack symptoms as well as the diagnosis of intrusion effects in order to perform a proper reaction only if the attack succeeds. In particular, this work focuses on a specific Denial of Service attack, called Deeply-Nested XML. Preliminary experimental results show that the proposed approach results in a better performance of the Intrusion Detection Systems, in terms of increasing diagnosis capacity as well as reducing the service unavailability during an intrusion.

Hybrid indoor and outdoor location services for new generation mobile terminals

In the last years, an increasing interest in location services characterized the market of mobile ubiquitous devices (smartphones, handhelds, etc.). Several technologies and solutions have been developed to determine the position of mobile devices in their operating space, each with its specific degree of precision and accuracy. In this scenario, the ideal location service should be able of tracking the mobile terminal in any place it moves to, both indoors and outdoors. However, while outdoor location services have already achieved a satisfactory degree of technological maturity and effectiveness, a really ubiquitous location service that works satisfactorily in both indoor and outdoor scenarios is not yet available. In order to cope with the above challenge, this work proposes a hybrid location approach designed to choose and switch among multiple positioning technologies supported by the mobile device and available in the surrounding environment, in a dynamic and transparent way during the user movement. It combines signal strength–based fingerprinting techniques for indoor positioning together with traditional GPS-based positioning for the outdoor localization and performs opportunistic technology switching according to a count-and-threshold mechanism. The resulting solution is able to leverage the different features of the wireless networks and of the global positioning technologies, in order to provide ubiquitous location services across indoor and outdoor scenarios, as well as to minimize power consumption of the mobile device.