Srijith K. Nair

Towards Secure Cloud Bursting, Brokerage and Aggregation

The cloud based delivery model for IT resources is revolutionizing the IT industry. Despite the marketing hype around “the cloud”, the paradigm itself is in a critical transition state from the laboratories to mass market. Many technical and business aspects of cloud computing need to mature before it is widely adopted for corporate use. For example, the inability to seamlessly burst between internal cloud and external cloud platforms, termed cloud bursting, is a significant shortcoming of current cloud solutions. Furthermore, the absence of a capability that would allow to broker between multiple cloud providers or to aggregate them into a composite service inhibits the free and open competition that would help the market mature. This paper describes the concepts of cloud bursting and cloud brokerage and discusses the open management and security issues associated with the two models. It also presents a possible architectural framework capable of powering the brokerage based cloud services that is currently being developed in the scope of OPTIMIS, an EU FP7 project.

Self Managed Security Cell, a Security Model for the Internet of Things and Services

The Internet of Things and Services is a rapidly growing concept that illustrates that the ever increasing amount of physical items of our daily life which become addressable through a network could be made more easily manageable and usable through the use of Services. This surge of exposed resources along with the level of privacy and value of the information they hold, together with the increase of their usage make for an augmentation in the number of the security threats and violation attempts that existing security systems do not appear robust enough to address. In this paper, the authors underline this increase in risk and identify the requirements for resources to be more resilient in this type of environment while keeping an important level of flexibility. In addition, the authors propose an architectural model of Self Managed Security Cell, which leverages on current knowledge in large scale security systems, information management and autonomous systems.

Privacy preserving collaborative filtering for SaaS enabling PaaS clouds

AbstractRecommender systems use, amongst others, a mechanism called collaborative filtering (CF) to predict the rating that a user will give to an item given the ratings of other items provided by other users. While reasonably accurate CF can be achieved with various well-known techniques, preserving the privacy of rating data from individual users poses a significant challenge. Several privacy preserving schemes have, so far, been proposed in prior work. However, while these schemes are theoretically feasible, there are many practical implementation difficulties on real world public cloud computing platforms. In this paper, we present our implementation experience and experimental results on two public Software-as-a-Service (SaaS) enabling Platform-as-a-Service (PaaS) clouds: the Google App Engine for Java (GAE/J) and the Amazon Web Services Elastic Beanstalk (AWS EBS).a

Towards a Contextualization Solution for Cloud Platform Services

We propose a cloud contextualization mechanism which operates in two stages, contextualization of VM images prior to service deployment (PaaS level) and self-contextualization of VM instances created from the image (IaaS level). The contextualization tools are implemented as part of the OPTIMIS Toolkit, a set of software components for simplified management of cloud services and infrastructures. We present the architecture of our contextualization tools and the feasibility of our contextualization mechanism is demonstrated in a three-tier web application scenario. Preliminary performance results suggest acceptable performance and scalability

An Efficient Secure Shared Storage Service with Fault and Investigative Disruption Tolerance

In this work we focus on solutions to an emerging threat to cloud-based services – namely that of data seizures within a shared multiple customer architecture. We focus on the problem of securing distributed data storage in a cloud computing environment by designing a specialized multi-tenant data-storage architecture. The architecture we present not only provides high degrees of availability and confidentiality of customer data but is also able to offer these properties even after seizures of various parts of the infrastructure have been carried out through a judicial process. Our solution uses a novel way of storing customer data ??? combining the cryptographic scheme of secret sharing and combinatorial design theory, to ensure that the requirements of the architecture are met. Furthermore, we show that our proposed solution is efficient with respect to the amount of hardware infrastructure required, thus making the implementation and use of our proposed architecture cost-efficient for adoption by IT enterprises.

Demonstration of the OPTIMIS toolkit for cloud service provisioning

We demonstrate the OPTIMIS toolkit for scalable and dependable service platforms and architectures that enable flexible and dynamic provisioning of Cloud services. The innovations demonstrated are aimed at optimizing Cloud services and infrastructures based on aspects such as trust, risk, eco-efficiency, cost, performance and legal constraints. Adaptive self-preservation is part of the toolkit to meet predicted and unforeseen changes in resource requirements. By taking into account the whole service life cycle, the multitude of future Cloud architectures, and a by taking a holistic approach to sustainable service provisioning, the toolkit provides a foundation for a reliable, sustainable, and trustful Cloud computing industry.

Secure communication using dynamic VPN provisioning in an Inter-Cloud environment

Most of the current cloud computing platforms offer Infrastructure as a Service (IaaS) model, which aims to provision basic virtualised computing resources as on-demand and dynamic services. Nevertheless, a single cloud does not have limitless resources to offer to its users, hence the notion of an Inter-Cloud enviroment where a cloud can use the infrastructure resources of other clouds. However, there is no common framework in existence that allows the service owners to seamlessly provision even some basic services across multiple cloud service providers, albeit not due to any inherent incompatibility or proprietary nature of the foundation technologies on which these cloud platforms are built. In this paper we present a novel solution which aims to cover a gap in a subsection of this problem domain. Our solution offers a security architecture that enables service owners to provision a dynamic and service-oriented secure virtual private network on top of multiple cloud IaaS providers. It does this by leveraging the scalability, robustness and flexibility of peer-to-peer overlay techniques to eliminate the manual configuration, key management and peer churn problems encountered in setting up the secure communication channels dynamically, between different components of a typical service that is deployed on multiple clouds. We present the implementation details of our solution as well as experimental results carried out on two commercial clouds.

Regulatory Impact of Data Protection and Privacy in the Cloud

Abstract. The use of cloud computing services has developed into a new method for deploying software and services and hosting data. The model has provided enormous social and economic benefits but at the same time it has also created potential privacy and security challenges for businesses, individuals and the governments. For example, the use of shared compute environment, data storage and access via internet has made information vulnerable to misuse, and thus, has made privacy a major concern for organisations adopting cloud services for storage and computation purpose. Generally, each country maintains their own laws and regulations to prevent frauds and protect their citizens from harm, including the potential dangers of data privacy, essential when internet and related technologies are involved. The European Union, for example, follows the overarching governmental regulations while the United States prefers the Sectoral Approach to Data Protection legislation, which relies on the combination of legislation, regulation and self regulation. This report discusses data protection issues related to cloud computing and identifies privacy laws enforced in the EU that can be applied to this model. Moreover, it also provides recommendations that cloud service providers can consider to implement in order to provide enhancements to their services and to demonstrate that they have taken all necessary measures to comply with the data protection principals in place.

Opinion Model Based Security Reputation Enabling Cloud Broker Architecture

Security and trust in service providers is a major concern in the use of cloud services and the associated process of selecting a cloud service provider that meets the expectations and needs of one’s security requirements is not easy. As a solution, we propose a broker architecture model that enables us to build a security reputation framework for cloud service providers, capturing comprehensive evidence of security information to build its trust and security reputation.

Security of Service Networks

The way enterprises conduct business today is changing greatly. The enterprise has become more pervasive with a mobile workforce, outsourced data centers, different engagements with customers and distributed sites [19.1, 2]. In addition, companies seeking to optimize their processes across their supply chains are implementing integration strategies that include their customers and suppliers rather than looking inward. This increases the need for securing end-to-end transactions between business partners and the customer [19.3].