Detecting and mitigating HX-DoS attacks against cloud web services

Cyber-Physical Systems allow for the interaction of the cyber world and physical worlds using as a central service called Cloud Web Services. Cloud Web Services can sit well within three models of Cyber- Physical Systems, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a- Service (IaaS). With any Cyber-Physical system use Cloud Web Services it inherits a security problem, the HX-DoS attack. HX-DoS attack is a combination of HTTP and XML messages that are intentionally sent to flood and destroy the communication channel of the cloud service provider. The relevance of this research is that TCP/IP flood attacks are a common problem and a lot of research to mitigate them has previously been discussed. But HTTP denial of service and XML denial of service problem has only been addressed in a few papers. In this paper, we get closer to closing this gap on this problem with our new defence system called Pre- Decision, Advance Decision, Learning System (ENDER). In our previous experiments using our Cloud Protector, we were successful at detecting and mitigate 91% with a 9% false positive of HX-DoS attack traffic. In this paper, ENDER was able to improve upon this result by being trained and tested on the same data, but with a greater result of 99% detection and 1% false positive.

A layered security approach for cloud computing infrastructure

This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system development life cycle focusing on the plan-built-run scope.

Offering clusters from clouds using WSDL and stateful web services

This paper presents cloud’s higher layer abstraction and support for users in the form of Cluster as a Service.

Attributed publication and selection for web service-based distributed systems

With the emergence of cloud computing, the need for flexible and detailed publication and selection of services that expose cloud resources is greatly stressed. While dynamic attributes have improved the publication and selection of resources in distributed systems, the use of dynamic attributes is yet to be tried in Web services: a key element that makes cloud computing possible. We propose a new approach to Web service publication and selection using dynamic attributes shown in Web service WSDL documents, the most commonly accessed and used elements of Web services.

Enhancing clouds, internet-scale distributed systems, using attributed web services

This thesis presents a new framework allowing cloud services to be stateful, cloud resource state and characteristics to be published, and brokering for easy cloud resource discovery and selection to be offered. Using the framework, new technology developed significantly simplifies the discovery, selection and use of clusters on the Internet.

A technology to expose a cluster as a service in a cloud

Clouds refer to computational resources (in particular, clusters) that are accessible as scalable, on demand, pay-as- you-go services provided in the Internet. However, clouds are in their infancy and lack a high level abstraction. Specifically, there is no effective discovery and selection service for clusters and offer little to no ease of use for clients. Here we show a technology that exposes clusters as Web services in the form of a Cluster as a Service for publishing via WSDL, discovering, selecting and using clusters.

Toward higher level abstractions for cloud computing

The general idea of cloud computing is offering computational resources as scalable, on demand services accessible over the internet. However, this new realisation of on demand computing is hindered by the amount of user involvement. Currently, high level abstractions in cloud computing only exist in the form of services. In particular, there is no effective means to publish, discover and finally use required services in clouds. In response, we propose a user level abstraction on top of already available cloud abstraction layers, present its concept using the resources via web services (RVWS) framework and demonstrate its feasibility by simplifying the exposure and use of clusters, a commonly used resource in cloud computing.

Enhancing cloud computing environments using a cluster as a service

The emergence of cloud computing has caused a significant change in how IT infrastructures are provided to research and business organizations. Instead of paying for expensive hardware and incur excessive maintenance costs, it is now possible to rent the IT infrastructure of other organizations for a minimal fee. While the existence of cloud computing is new. The elements used to create clouds have been around for some time. Cloud computing systems have been made possible through the use of large-scale clusters, service-oriented architecture (SOA), Web services, and virtualization. While the idea of offering resources via Web services is commonplace in cloud computing, little attention has been paid to the clients themselves specifically, human operators. Despite that clouds host a variety of resources which in turn are accessible to a variety of clients, support for human users is minimal.

EST-PAC HPC - a web portal for high-throughput EST annotation and protein sequence prediction

Expressed Sequence Tags (ESTs) are short DNA sequences generated by sequencing the transcribed cDNAs coming from a gene expression. They can provide significant functional, structural and evolutionary information and thus are a primary resource for gene discovery. EST annotation basically refers to the analysis of unknown ESTs that can be performed by database similarity search for possible identities and database search for functional prediction of translation products. Such kind of annotation typically consists of a series of repetitive tasks which should be automated, and be customizable and amenable to using distributed computing resources. Furthermore, processing of EST data should be done efficiently using a high performance computing platform. In this paper, we describe an EST annotator, EST-PACHPC, which has been developed for harnessing HPC resources potentially from Grid and Cloud systems for high throughput EST annotations. The performance analysis of EST-PACHPC has shown that it provides substantial performance gain in EST annotation.

Microsoft and Amazon : a comparison of approaches to cloud security

Research has shown that data security has always been an important aspect of quality of service for data service providers; but cloud computing poses new and challenging security threats. The most common security concerns for users of cloud storage are data confidentiality, integrity and availability. Microsoft has considered these concerns and responded with the Azure virtual private storage based on Searchable Encryption. Amazon has also responded to these security issues with its Amazon Web Services. In this paper, we investigate and compare in depth the features of Microsoft Azure and Amazon Web Services deemed to provide security with a particular focus on confidentiality, integrity and availability of data.

PGSW-OS: a novel approach for resource management in a semantic web operating system based on a P2P grid architecture

A web operating system is an operating system that users can access from any hardware at any location. A peer-to-peer (P2P) grid uses P2P communication for resource management and communication between nodes in a grid and manages resources locally in each cluster, and this provides a proper architecture for a web operating system. Use of semantic technology in web operating systems is an emerging field that improves the management and discovery of resources and services. In this paper, we propose PGSW-OS (P2P grid semantic Web OS), a model based on a P2P grid architecture and semantic technology to improve resource management in a web operating system through resource discovery with the aid of semantic features. Our approach integrates distributed hash tables (DHTs) and semantic overlay networks to enable semantic-based resource management by advertising resources in the DHT based upon their annotations to enable semantic-based resource matchmaking. Our model includes ontologies and virtual organizations. Our technique decreases the computational complexity of searching in a web operating system environment. We perform a simulation study using the Gridsim simulator, and our experiments show that our model provides enhanced utilization of resources, better search expressiveness, scalability, and precision. © 2014 Springer Science+Business Media New York.

Remote monitoring system enabling cloud technology upon smart phones and inertial sensors for human kinematics

Stroke is a common neurological condition which is becoming increasingly common as the population ages. This entails healthcare monitoring systems suitable for home use, with remote access for medical professionals and emergency responders. The mobile phone is becoming the easy access tool for self-evaluation of health, but it is hindered by inherent problems including computational power and storage capacity. This research proposes a novel cloud based architecture of a biomedical system for a wearable motion kinematic analysis system which mitigates the above mentioned deficiencies of mobile devices. The system contains three subsystems: 1. Bio Kin WMS for measuring the acceleration and rotation of movement 2. Bio Kin Mobi for Mobile phone based data gathering and visualization 3. Bio Kin Cloud for data intensive computations and storage. The system is implemented as a web system and an android based mobile application. The web system communicates with the mobile application using an encrypted data structure containing sensor data and identifiable headings. The raw data, according to identifiable headings, is stored in the Amazon Relational Database Service which is automatically backed up daily. The system was deployed and tested in Amazon Web Services.

Exposing HPC and sequential applications as services through the development and deployment of a SaaS cloud

Cloud and service computing has started to change the way research in science, in particular biology and medicine, is being carried out. Researchers that have taken advantage of this technology (making use of public and private cloud compute resources) can process large amounts of data (big data) and speed up discovery. However, this requires researchers to acquire a solid knowledge and skills in the development of sequential and high performance computing (HPC), and cloud development and deployment background. In response a technology exposing HPC applications as services through the development and deployment of a SaaS cloud, and its proof of concept in the form of implementation of a cloud environment, Uncinus, has been developed and implemented to allow researchers easy access to cloud computing resources. The new technology offers and Uncinus supports the development of applications as services and the sharing of compute resources to speed up applications' execution. Users access these cloud resources and services through web interfaces. Using the Uncinus platform, a bio-informatics workflow was executed on a private (HPC) cloud, server and public cloud (Amazon EC2) resources, performance results showing a 3 fold improvement compared to local resources' performance. Biology and medicine specialists with no programming and application deployment on clouds background could run the case study applications with ease.

Dynamic cloud service selection using an adaptive learning mechanism in multi-cloud computing

Cloud service selection in a multi-cloud computing environment is receiving more and more attentions. There is an abundance of emerging cloud service resources that makes it hard for users to select the better services for their applications in a changing multi-cloud environment, especially for online real time applications. To assist users to efficiently select their preferred cloud services, a cloud service selection model adopting the cloud service brokers is given, and based on this model, a dynamic cloud service selection strategy named DCS is put forward. In the process of selecting services, each cloud service broker manages some clustered cloud services, and performs the DCS strategy whose core is an adaptive learning mechanism that comprises the incentive, forgetting and degenerate functions. The mechanism is devised to dynamically optimize the cloud service selection and to return the best service result to the user. Correspondingly, a set of dynamic cloud service selection algorithms are presented in this paper to implement our mechanism. The results of the simulation experiments show that our strategy has better overall performance and efficiency in acquiring high quality service solutions at a lower computing cost than existing relevant approaches.

Adaptable, model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants - i.e. multi-tenancy - increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.