Cloud providers must detect malicious traffic in and out of their network, virtual or otherwise. The use of Intrusion Detection Systems (IDS) has been hampered by the encryption of network communication. The result is that current signatures cannot match potentially malicious requests. A method to acquire the encryption keys is Virtual Machine Introspection (VMI). VMI is a technique to view the internal, and yet raw, representation of a Virtual Machine (VM). Current methods to find keys are expensive and use sliding windows or entropy. This inevitably requires reading the memory space of the entire process, or worse the OS, in a live environment where performance is paramount. This paper describes a structured walk of memory to find keys, particularly RSA, using as fewer reads from the VM as possible. In doing this we create a scalable mechanism to populate an IDS with keys to analyse traffic.
{"title":"Efficient Retrieval of Key Material for Inspecting Potentially Malicious Traffic in the Cloud","authors":"John T. Saxon, B. Bordbar, K. Harrison","doi":"10.1109/IC2E.2015.26","DOIUrl":"https://doi.org/10.1109/IC2E.2015.26","url":null,"abstract":"Cloud providers must detect malicious traffic in and out of their network, virtual or otherwise. The use of Intrusion Detection Systems (IDS) has been hampered by the encryption of network communication. The result is that current signatures cannot match potentially malicious requests. A method to acquire the encryption keys is Virtual Machine Introspection (VMI). VMI is a technique to view the internal, and yet raw, representation of a Virtual Machine (VM). Current methods to find keys are expensive and use sliding windows or entropy. This inevitably requires reading the memory space of the entire process, or worse the OS, in a live environment where performance is paramount. This paper describes a structured walk of memory to find keys, particularly RSA, using as fewer reads from the VM as possible. In doing this we create a scalable mechanism to populate an IDS with keys to analyse traffic.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114920651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Governments around the world are actively seeking to leverage the many benefits of cloud computing while also ensuring that they manage risks that deployment of the new technologies can raise. While laws and regulations related to the privacy and security of government data may already exist, many were drafted in the "pre-cloud" era and could therefore benefit from an update and revision. This paper explores some of the concepts that should be incorporated into new or amended laws that seek to guide public sector entities as they move their data and workloads to the cloud.
{"title":"National Cloud Computing Principles: Guidance for Public Sector Authorities Moving to the Cloud","authors":"Stephen Mutkoski","doi":"10.1109/IC2E.2015.104","DOIUrl":"https://doi.org/10.1109/IC2E.2015.104","url":null,"abstract":"Governments around the world are actively seeking to leverage the many benefits of cloud computing while also ensuring that they manage risks that deployment of the new technologies can raise. While laws and regulations related to the privacy and security of government data may already exist, many were drafted in the \"pre-cloud\" era and could therefore benefit from an update and revision. This paper explores some of the concepts that should be incorporated into new or amended laws that seek to guide public sector entities as they move their data and workloads to the cloud.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125821526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
B. D. Martino, Giuseppina Cretella, A. Esposito, A. Willner, A. Alloush, D. Bernstein, D. Vij, J. Weinman
The Cloud Computing paradigm has been adopted in countless areas of application and forms the basis of a growing number of business cases. Similar to the situation with service providers in the 1980th, it becomes apparent that different Cloud providers build walled gardens around their offerings. While multiple projects and organizations are working on standards for federating Cloud domains, the scalable exchange of descriptions about heterogeneous resources are often not well considered. Our approach is to adopt both, ideas initially developed for the Internet to define a scalable architecture and concepts from the Semantic Web to define a canonical Intercloud ontology. An initial implementation of the architecture has been developed to form a basis for further refinement of the proposed concepts. As a result, we have defined an initial ontology for Intercloud resources and implemented a catalog for the IEEE Intercloud architecture.
{"title":"Towards an Ontology-Based Intercloud Resource Catalogue -- The IEEE P2302 Intercloud Approach for a Semantic Resource Exchange","authors":"B. D. Martino, Giuseppina Cretella, A. Esposito, A. Willner, A. Alloush, D. Bernstein, D. Vij, J. Weinman","doi":"10.1109/IC2E.2015.76","DOIUrl":"https://doi.org/10.1109/IC2E.2015.76","url":null,"abstract":"The Cloud Computing paradigm has been adopted in countless areas of application and forms the basis of a growing number of business cases. Similar to the situation with service providers in the 1980th, it becomes apparent that different Cloud providers build walled gardens around their offerings. While multiple projects and organizations are working on standards for federating Cloud domains, the scalable exchange of descriptions about heterogeneous resources are often not well considered. Our approach is to adopt both, ideas initially developed for the Internet to define a scalable architecture and concepts from the Semantic Web to define a canonical Intercloud ontology. An initial implementation of the architecture has been developed to form a basis for further refinement of the proposed concepts. As a result, we have defined an initial ontology for Intercloud resources and implemented a catalog for the IEEE Intercloud architecture.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126719578","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Summary form only given. Cloud storage systems invariably replicate data for high availability and low latency access. Application designers, as well as cloud providers, must deal with trade-offs between consistency, performance, and availability. Some cloud services provide strong data consistency to their clients while others have chosen eventual consistency. Increasingly, systems are offering a choice of consistency when reading shared data. This talk examines the implications of such a choice and explores a broader class of consistency guarantees that can, and perhaps should, be provided within the cloud.
{"title":"Cloud Storage Services: A Model of (In)Consistency","authors":"D. Terry","doi":"10.1109/IC2E.2015.82","DOIUrl":"https://doi.org/10.1109/IC2E.2015.82","url":null,"abstract":"Summary form only given. Cloud storage systems invariably replicate data for high availability and low latency access. Application designers, as well as cloud providers, must deal with trade-offs between consistency, performance, and availability. Some cloud services provide strong data consistency to their clients while others have chosen eventual consistency. Increasingly, systems are offering a choice of consistency when reading shared data. This talk examines the implications of such a choice and explores a broader class of consistency guarantees that can, and perhaps should, be provided within the cloud.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130342827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Khaleel W. Mershad, Q. Malluhi, M. Ouzzani, Mingjie Tang, Walid G. Aref
Data curation activities in collaborative databases mandate that collaborators interact until they converge and agree on the content of their data. Typically, updates by a member of the collaboration are made visible to all collaborators for comments but at the same time are pending the approval or rejection of the data custodian, e.g., the principal scientist or investigator (PI). In current database technologies, approval and authorization of updates is based solely on the identity of the user, e.g., via the SQL GRANT and REVOKE commands. However, in collaborative environments, the updated data is open for collaborators for discussion and further editing and is finally approved or rejected by the PI based on the content of the data and not on the identity of the updater. In this paper, we introduce a cloud-based collaborative database system that promotes and enables collaboration and data curation scenarios. We realize content-based update approval and history tracking of updates inside HBase, a distributed and scalable open-source cluster-based database. The design and implementation as well as a detailed performance study of several approaches for update approval are presented and contrasted in the paper.
{"title":"Approving Updates in Collaborative Databases","authors":"Khaleel W. Mershad, Q. Malluhi, M. Ouzzani, Mingjie Tang, Walid G. Aref","doi":"10.1109/IC2E.2015.31","DOIUrl":"https://doi.org/10.1109/IC2E.2015.31","url":null,"abstract":"Data curation activities in collaborative databases mandate that collaborators interact until they converge and agree on the content of their data. Typically, updates by a member of the collaboration are made visible to all collaborators for comments but at the same time are pending the approval or rejection of the data custodian, e.g., the principal scientist or investigator (PI). In current database technologies, approval and authorization of updates is based solely on the identity of the user, e.g., via the SQL GRANT and REVOKE commands. However, in collaborative environments, the updated data is open for collaborators for discussion and further editing and is finally approved or rejected by the PI based on the content of the data and not on the identity of the updater. In this paper, we introduce a cloud-based collaborative database system that promotes and enables collaboration and data curation scenarios. We realize content-based update approval and history tracking of updates inside HBase, a distributed and scalable open-source cluster-based database. The design and implementation as well as a detailed performance study of several approaches for update approval are presented and contrasted in the paper.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132970622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The complexity of cloud-based analytics environments threatens to undermine their otherwise tremendous values. In particular, configuring such environments presents a great challenge. We propose to alleviate this issue with an engine that recommends configurations for a newly submitted analytics job in an intelligent and timely manner. The engine is rooted in a modified k-nearest neighbor algorithm, which finds desirable configurations from similar past jobs that have performed well. We apply the method to configuring an important class of analytics environments: Hadoop on container-driven clouds. Preliminary evaluation suggests up to 28% performance gain could result from our method.
{"title":"Finding the Big Data Sweet Spot: Towards Automatically Recommending Configurations for Hadoop Clusters on Docker Containers","authors":"Rui Zhang, Min Li, Dean Hildebrand","doi":"10.1109/IC2E.2015.101","DOIUrl":"https://doi.org/10.1109/IC2E.2015.101","url":null,"abstract":"The complexity of cloud-based analytics environments threatens to undermine their otherwise tremendous values. In particular, configuring such environments presents a great challenge. We propose to alleviate this issue with an engine that recommends configurations for a newly submitted analytics job in an intelligent and timely manner. The engine is rooted in a modified k-nearest neighbor algorithm, which finds desirable configurations from similar past jobs that have performed well. We apply the method to configuring an important class of analytics environments: Hadoop on container-driven clouds. Preliminary evaluation suggests up to 28% performance gain could result from our method.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"125 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133199381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
H. Salameh, Mohammed F. Dhainat, Ali Al-Hajji, Raed Aqeli, Mohammad Fathi
In this paper, we present an integrated hardware design and software implementation for a cognitive-radio wireless sensor network (CR-WSN). The implemented CR-WSN is an event-driven cluster-based network, where the sensor nodes in the network are organized into a two-level hierarchy of clusters, each with its own cognitive-enabled cluster-head (CR-CH). According to CR-WSN, the sensed data by a sensor node is reported to the associated CR-CH. The CR-CH opportunistically transmits the collected information over one of the idle primary radio channels to the data collecting node (sink). Specifically, we first describe the hardware design and implementation of the CRWSN. Then, we propose a novel hybrid MAC design for the CR-WSN that ensures reliable and timely data delivery. The proposed protocol divides the MAC-layer operation into two domains: single-channel intra-cluster and cognitive inter-cluster domains. Experimental results are provided, which verify the effectiveness of the proposed MAC protocol and demonstrate a reliable, robust and scalable performance of the proposed system.
{"title":"A Two-Level Cluster-Based Cognitive Radio Sensor Network: System Architecture, Hardware Design, and Distributed Protocols","authors":"H. Salameh, Mohammed F. Dhainat, Ali Al-Hajji, Raed Aqeli, Mohammad Fathi","doi":"10.1109/IC2E.2015.46","DOIUrl":"https://doi.org/10.1109/IC2E.2015.46","url":null,"abstract":"In this paper, we present an integrated hardware design and software implementation for a cognitive-radio wireless sensor network (CR-WSN). The implemented CR-WSN is an event-driven cluster-based network, where the sensor nodes in the network are organized into a two-level hierarchy of clusters, each with its own cognitive-enabled cluster-head (CR-CH). According to CR-WSN, the sensed data by a sensor node is reported to the associated CR-CH. The CR-CH opportunistically transmits the collected information over one of the idle primary radio channels to the data collecting node (sink). Specifically, we first describe the hardware design and implementation of the CRWSN. Then, we propose a novel hybrid MAC design for the CR-WSN that ensures reliable and timely data delivery. The proposed protocol divides the MAC-layer operation into two domains: single-channel intra-cluster and cognitive inter-cluster domains. Experimental results are provided, which verify the effectiveness of the proposed MAC protocol and demonstrate a reliable, robust and scalable performance of the proposed system.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130746496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the expanding 'Internet of Things' (IoT), 'Machine-to-Machine' (M2M) applications exist with large homogeneous populations of devices that utilize general-purpose communications infrastructures, and in particular, cellular wireless networks. Understanding the behavior of these applications at large scale can be challenging since they often operate within an environment with various layers of abstraction and where system activity at one layer may lead to unanticipated consequences at other layers. This paper investigates several commercial M2M applications at the cellular wireless "signaling layer," and looks specifically at how the linguistic characteristics, in the form of n-grams, of device interactions with cellular carrier network elements help provide insights into the systems' behavior.
{"title":"Understanding the Linguistic Characteristics of Network Signaling for the 'Internet of Things' Using n-Grams","authors":"S. P. Emmons, F. Kamangar","doi":"10.1109/IC2E.2015.22","DOIUrl":"https://doi.org/10.1109/IC2E.2015.22","url":null,"abstract":"In the expanding 'Internet of Things' (IoT), 'Machine-to-Machine' (M2M) applications exist with large homogeneous populations of devices that utilize general-purpose communications infrastructures, and in particular, cellular wireless networks. Understanding the behavior of these applications at large scale can be challenging since they often operate within an environment with various layers of abstraction and where system activity at one layer may lead to unanticipated consequences at other layers. This paper investigates several commercial M2M applications at the cellular wireless \"signaling layer,\" and looks specifically at how the linguistic characteristics, in the form of n-grams, of device interactions with cellular carrier network elements help provide insights into the systems' behavior.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130826075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper introduces a cloud-federation agent which enables a horizontal network federation between different cloud providers, based on Software Defined Networking (SDN). Furthermore, tenants, using the cloud's Infrastructureas a Service (IaaS) model, have a fine grained access to the resources via an exposed Open Flow interface, deployed on top of the SDN router's virtualized control plane. This provides complete management and control capabilities of a virtual SDN (vSDN) substrate and gives tenants the freedom to deploy virtual network-appliances or services using Network Function Virtualization (NFV) on top of the allocated vSDN.
本文介绍了一种基于软件定义网络(SDN)的云联合代理,它可以实现不同云提供商之间的横向网络联合。此外,租户使用云的基础设施即服务(IaaS)模型,可以通过公开的Open Flow接口(部署在SDN路由器的虚拟化控制平面之上)对资源进行细粒度访问。这为虚拟SDN (virtual SDN)提供了完整的管理和控制功能,并允许租户在已分配的vSDN之上使用网络功能虚拟化(Network Function Virtualization, NFV)自由部署虚拟网络设备或服务。
{"title":"Design and Implementation of a Cloud-Federation Agent for Software Defined Networking","authors":"Constantin Gaul, Marc Körner, O. Kao","doi":"10.1109/IC2E.2015.58","DOIUrl":"https://doi.org/10.1109/IC2E.2015.58","url":null,"abstract":"This paper introduces a cloud-federation agent which enables a horizontal network federation between different cloud providers, based on Software Defined Networking (SDN). Furthermore, tenants, using the cloud's Infrastructureas a Service (IaaS) model, have a fine grained access to the resources via an exposed Open Flow interface, deployed on top of the SDN router's virtualized control plane. This provides complete management and control capabilities of a virtual SDN (vSDN) substrate and gives tenants the freedom to deploy virtual network-appliances or services using Network Function Virtualization (NFV) on top of the allocated vSDN.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132223786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hidayet Aksu, Mustafa Canim, Yuan-Chi Chang, I. Korpeoglu, Ö. Ulusoy
Graph stores are becoming increasingly popular among NOSQL applications seeking flexibility and heterogeneity in managing linked data. Conceptually and in practice, applications ranging from social networks, knowledge representations to Internet of things benefit from graph data stores built on a combination of relational and non-relational technologies aimed at desired performance characteristics. The most common data access pattern in querying graph stores is to traverse from a node to its neighboring nodes. This paper studies the impact of such traversal pattern to common data caching policies in a partitioned data environment where a big graph is distributed across servers in a cluster. We propose and evaluate a new graph aware caching policy designed to keep and evict nodes, edges and their metadata optimized for query traversal pattern. The algorithm distinguishes the topology of the graph as well as the latency of access to the graph nodes and neighbors. We implemented graph aware caching on a distributed data store Apache HBase in the Hadoop family. Performance evaluations showed up to 15x speedup on the benchmark datasets preferring our new graph aware policy over non-aware policies. We also show how to improve the performance of existing caching algorithms for distributed graphs by exploiting the topology information.
{"title":"Graph Aware Caching Policy for Distributed Graph Stores","authors":"Hidayet Aksu, Mustafa Canim, Yuan-Chi Chang, I. Korpeoglu, Ö. Ulusoy","doi":"10.1109/IC2E.2015.39","DOIUrl":"https://doi.org/10.1109/IC2E.2015.39","url":null,"abstract":"Graph stores are becoming increasingly popular among NOSQL applications seeking flexibility and heterogeneity in managing linked data. Conceptually and in practice, applications ranging from social networks, knowledge representations to Internet of things benefit from graph data stores built on a combination of relational and non-relational technologies aimed at desired performance characteristics. The most common data access pattern in querying graph stores is to traverse from a node to its neighboring nodes. This paper studies the impact of such traversal pattern to common data caching policies in a partitioned data environment where a big graph is distributed across servers in a cluster. We propose and evaluate a new graph aware caching policy designed to keep and evict nodes, edges and their metadata optimized for query traversal pattern. The algorithm distinguishes the topology of the graph as well as the latency of access to the graph nodes and neighbors. We implemented graph aware caching on a distributed data store Apache HBase in the Hadoop family. Performance evaluations showed up to 15x speedup on the benchmark datasets preferring our new graph aware policy over non-aware policies. We also show how to improve the performance of existing caching algorithms for distributed graphs by exploiting the topology information.","PeriodicalId":395715,"journal":{"name":"2015 IEEE International Conference on Cloud Engineering","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133417086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: