Syed Naqvi

A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures

Current cloud infrastructures have opaque service offerings where customers cannot monitor the underlying physical infrastructure. This situation raises concerns for meeting compliance obligations by critical business applications with data location constraints that are deployed in a Cloud. When federated cloud infrastructures span across different countries where data can migrate from one country to another, it should be possible for data owners to monitor the location of their data. This paper shows how an existing federated Cloud monitoring infrastructure can be used for data location monitoring without compromising Cloud isolation. In the proposed approach collaboration is required between the cloud infrastructure provider (IP) and the user of the cloud, the service provider (SP): the IP monitors the virtual machines (VM) on the SPs behalf and makes the infrastructure level monitoring information available to him. With the monitoring information the SP can create the audit logs required for compliance auditing. The proposed logging architecture is validated by an e-Government case study with legal data location constraints.

Threat model for grid security services

The grid computing paradigm involves both the availability of abundant computing resources, and the storage of increased amounts of valuable data. Such information systems heavily rely upon the provision of adequate security. It is imperative that techniques be developed to assure the trustworthiness of these environments. Formal verification provides the tools and techniques to assess whether systems are indeed trustworthy, and is an established approach for security assurance. When using formal verification for security assessment one of the most important concerns should be to be precise about the threat model. A comprehensive threat model is indispensable for the simulations of a grid security model. This article presents a survey of the various threat models and discusses how and when these threat models may be inappropriate for use in the grid computing environments. Then a fine-grained threat model for grid computing is presented.

Management and service-aware networking architectures (MANA) for future Internet — Position paper: System functions, capabilities and requirements

Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI [16], Asia Future Internet [19], Future Internet Forum Korea [18], European Union Future Internet Assembly (FIA) [8]. This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s).

Applying Digital Forensics in the Future Internet Enterprise Systems - European SME's Perspective

Digital forensics techniques are still seen as specialized tools for cyber police. Likewise, until a few decades ago, computer and network security had a perception of defence utility for military establishments. But now computer and network security has become a commodity of every corporate system and home PC. Today’s businesses are feeling the need of efficient monitoring mechanisms to protect them from emerging commercial threats such as competitor analysis and steganalysis. Enterprises in the United States have widely embraced the digital forensics technology; however, European enterprises especially small and medium enterprises (SMEs) have yet to tap the potential of this technology. The European Commission initiative of Future Internet Enterprise Systems (FInES) presents a promising new era for enterprise innovation. However, existing enterprise security solutions and practices generally concentrate on the pre-incidence measures i.e. attack preventions with virtually no considerable approach for the post-accident scenarios. This article presents a framework of digital forensics for SMEs and evaluates the scope of various methodologies and tools for these enterprises. It also presents a detailed analysis of the risks to the competitive-edge of the companies that will not employ the forensics solutions to protect their business interests. This work also provides a high-level roadmap for the adaption of digital forensics in the emerging core business technologies such as cloud computing and virtualization infrastructures.

Grid Security Services Simulator (G3S) - a simulation tool for the design and analysis of grid security solutions

Security services are one of the most desirable characteristics of the computational grids. Nowadays the swelling number of applications and consequent increase in the amount of critical data over the grids have considerably raised the stakes for an efficient security architecture. Establishing security solutions for computational grid remains in its initial stages, as there are a number of impediments in the way of successful implementation of these security designs on a real grid. Absence of suitable mechanism to simulate the various functionalities of grid security models is a major concern for security designers. A reliable simulator for the grid security services is indispensable so that the grid security solutions can be adequately tested before their implementation on a real grid. The available range of grid simulators does not provide any support for the security functions. This vacuity has overwhelmingly motivated us to develop the Grid Security Services Simulator (G3S)

Quantifiable Security Metrics for Large Scale Heterogeneous Systems

The exponential growth of information technology and the prospect of increased public access to the computing, communications, and storage resources have made these systems more vulnerable to attacks. Use of heterogeneous devices and communication links has become a common practice which further exacerbates the management of security services of these systems. A widely accepted management principle is that an activity cannot be managed if it cannot be measured. Security also falls in this rubric. However, the complexity of todays large scale heterogeneous systems makes it impossible to measure its security by simple examination. Moreover, for most users it is hardly possible to conduct more detailed checks, which are necessary for a qualified evaluation, as they can not afford the expenditure this would entail. The need to protect these systems is fueling the need of quantifying security metrics to determine the exact level of security assurances. In this article, we have identified those entities of a large scale heterogeneous system that enforce the security services and also those which are relevant to the security services. We have filtered out the measurable entities to simplify the metrics tree with optimal granularity. These entities serve as probes for the evaluation of the overall security assurance of the system. Based on these probes, topological and dependency graphs of the overall system are evaluated and federated for the system security cockpit that represents the interface for the administrator to perform necessary operations in order to obtain and maintain a particular security assurance level for a specified service. In order to provide a comprehensive and evaluative description of the various functions of our model, we have given a use case example of a telecommunication service

Fine-Grained Continuous Usage Control of Service Based Grids --- The GridTrust Approach

voice over the Internet protocol (VoIP)

Analysing Impact of Scalability and Heterogeneity on the Performance of Federated Cloud Security

Access control techniques designed for single domain infrastructures, where users are known by domain administrators, provide considerable liberty in the usage of resources. This paradigm is not suitable for highly scalable and decentralised systems such as Grids and service oriented architectures (SOA), where resources are shared between domains, and users come from remote domains. One approach is to provide policy-driven autonomic solutions that operate a continuous monitoring of the usage of resources by users. This paper presents the services and tools offered by the GridTrust Security Framework (GSF). GSF addresses three layers of the next generation of grid (NGG) architecture: the Grid application layer, the Grid service middleware layer, and the Grid foundation layer. The framework is composed of security and trust services and tools provided at the middleware and Grid foundation middleware layers. Various business case studies are being developed to validate the GridTrust results.

Security requirements model for grid data management systems

Nowadays, the notion of virtualization infrastructures is making significant headway in the computing landscape. The business-push to these infrastructures stemming from the Cloud computing paradigm resulted in a more sophisticated concept of rent-a-technology that enabled a series of new-networked business models. This emerging digital globalization has not only raised the legal stakes and ownership concerns; but also highlight the need of providing effective security solutions. These security solutions should be able to scale the application requirements without undue performance and quality overheads to ensure security and privacy of data in the federated Cloud deployments. This paper presents a formal way of testing the impact of scalability and heterogeneity on the federated Cloud security services. The work presented in this paper aims to develop a mean of quantifying the impact on security functions under various operating conditions and parameters of federated Cloud deployments. The results of this work will help businesses to identify the best security architecture that will fit their Cloud architectures and performance requirements.

VIPSEC: virtualized and pluggable security services infrastructure for adaptive grid computing

In this paper, we present our ongoing work of a policy-driven approach to security requirements of grid data management systems (GDMS). We analyse the security functionalities of existing GDMS to determine their shortcomings that should be addressed in our work. We identify a comprehensive set of security requirements for GDMS followed by the presentation of our proposed Security Requirements Model. Derivation of security policies from security requirements and their consequent refinement is also presented in this paper. Our approach of addressing modelling issues by providing requirements for expressing security related quality of service is the key step to turn storage systems into knowledge representation systems.