Welcome to the Globethics.net Library!


  • Enforcing End-to-End Application Security in the Cloud

    University of Cambridge [UK] (CAM); Imperial College London ; Imperial College London; CBCU/ECRIC ; National Health Serivice; Indranil Gupta; Cecilia Mascolo; Bacon, Jean; Evans, David; Eyers, David M.; Migliavacca, Matteo; Pietzuch, Peter; Shand, Brian (HAL CCSDSpringer, 2010-11-29)
    International audience
  • Collaborative Policy-Based Autonomic Management in IaaS Clouds

    Mola, Omid (Scholarship@Western, 2013-09-05)
    With the increasing number of "machines" (either virtual or physical) in a computing environment, it is becoming harder to monitor and manage these resources. Relying on human administrators, even with tools, is expensive and the growing complexity makes management even harder. The alternative is to look for automated approaches that can monitor and manage computing resources in real time with no human intervention. One of the approaches to this problem is policy-based autonomic management. However, in large systems having one single autonomic manager to manage everything is almost impossible. Therefore, multiple autonomic managers will be needed and these will need to cooperate in the overall management. We propose a management model using multiple autonomic managers organized in a hierarchical fashion to monitor and manage the resources in a computing environment based on provided policies. We develop a communication protocol to facilitate collaboration between different autonomic managers, define the core operations of these managers and introduce algorithms to deal with their deployment and operation. We also introduce an approach for the inference of the communication messages from policies and develop several algorithms for joining and maintaining the management hierarchy. We propose a deployment system that can discover relevant resources in a computing environment automatically to facilitate the deployment of autonomic managers at different levels of a physical system. We then test our approach by implementing it in a small private Infrastructure-as-a-Service (IaaS) cloud and show how this collaboration of autonomic managers in a hierarchical way can help to adopt to high stress situations automatically and reduce the SLA violation rate without adding any new resource to the environment.

    University of Luxembourg - UL [sponsor]; Le Traon, Yves [superviser]; Bouvry, Pascal [president of the jury]; Baudry, benoit [member of the jury]; Bertolino, Antonia [member of the jury]; Mouelhi, Tejeddine [member of the jury]; Fouquet, François [member of the jury]; SnT - Interdisciplinary Centre for Security, Reliability and Trust [research center]; El Kateb, Donia (University of Luxembourg, ​Luxembourg, ​​Luxembourg, 2015-01-22)
    Beyond its functional requirements, architectural design, the quality of a software system is also defined by the degree to which it meets its non-functional requirements. The complexity of managing these non-functional requirements is exacerbated by the fact that they are potentially conflicting with one another. For cloud-based software, i.e., software whose service is delivered through a cloud infrastructure, other constraints related to the features of the hosting data center, such as cost, security and performance, have to be considered by system and software designers. For instance, the evaluation of requests to access sensitive resources results in performance overhead introduced by policy rules evaluation and message exchange between the different geographically distributed components of the authorization system. Duplicating policy rule evaluation engines traditionally solves such performance issues, however such a decision has an impact on security since it introduces additional potential private data leakage points. Taking into account all the aforementioned features is a key factor to enhance the perceived quality of service (QoS) of the cloud as a whole. Maximizing users and software developers satisfaction with cloud-based software is a challenging task since trade-off decisions have to be dynamically taken between these conflicting quality attributes to adapt to system requirements evolution. In this thesis, we tackle the challenges of building a decision support method to optimize software deployment in a cloud environment. Our proposed holistic method operates both at the level of 1) Platform as a service (PaaS) by handling software components deployment to achieve an efficient runtime optimization to satisfy cloud providers and customers objectives 2) Guest applications by making inroads into the design of applications to enable the design of secure systems that also meet flexibility, performance and cost requirements. To thoroughly investigate these challenges, we identify three main objectives that we address as follows: The first objective is to achieve a runtime optimization of cloud-based software deployment at the Platform as a service (PaaS) layer, by considering both cloud customers and providers constraints. To fulfill this objective, we leverage the models@run.time paradigm to build an abstraction layer to model a cloud infrastructure. In a second step, we model the software placement problem as a multi-objective optimization problem and we use multi-objective evolutionary algorithms (MOEAs) to identify a set of possible cloud optimal configurations that exhibit best trade-offs between conflicting objectives. The approach is validated through a case study that we defined with EBRC1, a cloud provider in Luxembourg, as a representative of a software component placement problem in heterogeneous distributed cloud nodes. The second objective is to ameliorate the convergence speed of MOEAs that we have used to achieve a run-time optimization of cloud-based software. To cope with elasticity requirements of cloud-based applications, we improve the way the search strategy operates by proposing a hyper-heuristic that operates on top of MOEAs. Our hyper-heuristic uses the history of mutation effect on fitness functions to select the most relevant mutation operators. Our evaluation shows that MOEAs in conjunction with our hyper-heuristic has a significant performance improvement in terms of resolution time over the original MOEAs. The third objective aims at optimizing cloud-based software trade-offs by exploring applications design as a complementary step to the optimization at the level of the cloud infrastructure, tackled in the first and second objectives. We aimed at achieving security trade-offs at the level of guest applications by revisiting current practices in software methods. We focus on access control as a main security concern and we opt for guest applications that manage resources regulated by access control policies specified in XACML2. This focus is mainly motivated by two key factors: 1) Access control is the pillar of computer security as it allows to protect sensitive resources in a given system from unauthorized accesses 2) XACML is the de facto standard language to specify access control policies and proposes an access control architectural model that supports several advanced access requirements such as interoperability and portability. To attain this objective, we advocate the design of applications based on XACML architectural model to achieve a trade-off between security and flexibility and we adopt a three-step approach: First, we identify a lack in the literature in XACML with obligation handling support. Obligations enable to specify user actions that have to be performed before/during/after the access to resources. We propose an extension of the XACML reference model and language to use the history of obligations states at the decision making time. In this step, we extend XACML access control architecture to support a wider range of usage control scenarios. Second, in order to avoid degrading performance while using a secure architecture based on XACML, we propose a refactoring technique applied on access control policies to enhance request evaluation time. Our approach, evaluated on three Java policy-based systems, enables to substantially reduce request evaluation time. Finally, to achieve a trade-off between a safe security policy evolution and regression testing costs, we develop a regression-test-selection approach for selecting test cases that reveal faults caused by policy changes. To sum up, in all aforementioned objectives, we pursue the goal of analysing and improving the current landscape in the development of cloud-based software. Our focus on security quality attributes is driven by its crucial role in widening the adoption of cloud computing. Our approach brings to light a security-aware design of guest applications that is based on XACML architecture. We provide useful guidelines, methods with underlying algorithms and tools for developers and cloud solution designers to enhance tomorrow’s cloud-based software design. Keywords: XACML-policy based systems, Cloud Computing, Trade-offs, Multi-Objective Optimization
  • Synergia badań społecznych, analiz statystycznych i nowych technologii – nowe możliwości i zastosowania

    Wais, Kamil (Adam Mickiewicz University Poznan, 2013-01-01)
    Nowe technologie w konsekwentny i nieunikniony sposób zmieniają otaczającą nas rzeczywistość. Następuje to również dzięki coraz większym ilościom generowanych danych i ich nowym rodzajom. Duża część z tych danych jest wartościowym produktem, nadającym się do wykorzystania w projektach analitycznych i badawczych. Ogromnym potencjałem sprzyjającym rozwojowi badań społecznych dysponują zwłaszcza technologie internetowe. Rozwijają się również szeroko dostępne narzędzia analityczno-statystyczne. Problemem pozostaje jednak brak wysoko wykwalifikowanych, interdyscyplinarnie wykształconych analityków i badaczy. Dotyczy to szczególnie takich, którzy swobodnie łączą kompetencje informatyczno-programistyczne z umiejętnościami analityczno-statystycznymi i głębokim, humanistycznym rozumieniem problemów społecznych. Można jednak wskazać już przykłady udanego połączenia nowych technologii i metod statystycznych w służbie badań społecznych, które niosą ze sobą ogromny potencjał w dostarczeniu danych kluczowych z punktu widzenia potrzeb prowadzenia innowacyjnych badań naukowych i tworzenia polityk publicznych opartych na danych.
  • Pravno uređenje nametljivog ponašanja u hrvatskom i stranom zakonodavstvu

    Gudelj, Gloria (law student association "Pravnik", 2019)
    Autorica rada analizira pravno uređenje kaznenog djela nametljivog ponašanja u hrvatskom i stranim zakonodavstvima. Nametljivo ponašanje uvedeno je 2013. u Kaznenom zakonu u Glavi „Kaznena djela protiv osobne slobode“. Iako je relativno novo kazneno djelo, hrvatska je sudska praksa uspjela izgraditi neka stajališta koja se tiču trajanja uhođenja i uznemiravanja, ustrajnosti počinitelja te pretrpljenog straha žrtve. Sjedinjene Američke države pionir su kriminalizacije stalkinga, a na području Europe to je Ujedinjeno Kraljevstvo. U radu je obrađeno i njemačko te talijansko rješenje. Sva uređenja pokazuju određene sličnosti u definiraju kaznenog djela, a razlike se najviše odnose na raspon kazne, odnos s ostalim srodnim kaznenim djelima te standarde koje je razvila sudska praksa. Zbog svoje prirode i dostupnosti interneta, cyberstalking predstavlja veliki izazov modernim zakonodavstvima pa će države morati ojačati međunarodnu suradnju kako bi spriječile da cyberstalking eskalira u teška kaznena djela s međunarodnim obilježjem.

عرض المزيد