Visible to the public Autonomic Security 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block

 

 
SoS Logo

Autonomic Security 2015

Autonomic computing refers to the self-management of complex distributed computing resources that can adapt to unpredictable changes with transparency to operators and users.  Security is one of the four key elements of autonomic computing and includes proactive identification and protection from arbitrary attacks.  The articles cited here describe research into the security problems associated with a variety of autonomic systems and were published in 2015.  Topics include autonomic security regarding vulnerability assessments, intelligent sensors, encryption, services, and the Internet of Things.


Harshe, O.A.; Teja Chiluvuri, N.; Patterson, C.D.; Baumann, W.T., "Design and Implementation of a Security Framework for Industrial Control Systems," in Industrial Instrumentation and Control (ICIC), 2015 International Conference on, pp. 127-132, 28-30 May 2015. doi: 10.1109/IIC.2015.7150724

Abstract: We address the problems of network and reconfiguration attacks on an industrial control system (ICS) by describing a trustworthy autonomic interface guardian architecture (TAIGA) that provides security against attacks originating from both supervisory and plant control nodes. In contrast to the existing security techniques which attempt to bolster perimeter security at supervisory levels, TAIGA physically isolates trusted defense mechanisms from untrusted components and monitors the physical process to detect an attack. Trusted components in TAIGA are implemented in programmable logic (PL). Our implementation of TAIGA integrates a trusted safety-preserving backup controller, and a mechanism for preemptive switching to a backup controller when an attack is detected. A hardware implementation of our approach on an inverted pendulum system illustrates how TAIGA improves resilience against software reconfiguration and network attacks.

Keywords: control engineering computing; industrial control; nonlinear systems; pendulums; production engineering computing; programmable controllers; software engineering; switching systems (control);trusted computing; ICS; TAIGA; industrial control system; inverted pendulum system; network attack; perimeter security; plant control node; preemptive switching; programmable logic; reconfiguration attack; security framework; security technique; software reconfiguration; supervisory control node; supervisory level; trusted defense mechanism; trusted safety-preserving backup controller; trustworthy autonomic interface guardian architecture; untrusted component; Production; Safety; Security; Sensors; Servomotors; Switches (ID#: 15-8185)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7150724&isnumber=7150576

 

Mulcahy, J.J.; Shihong Huang, "An Autonomic Approach to Extend the Business Value of a Legacy Order Fulfillment System," in Systems Conference (SysCon), 2015 9th Annual IEEE International, pp. 595-600, 13-16 April 2015. doi: 10.1109/SYSCON.2015.7116816

Abstract: In the modern retailing industry, many enterprise resource planning (ERP) systems are considered legacy software systems that have become too expensive to replace and too costly to re-engineer. Countering the need to maintain and extend the business value of these systems is the need to do so in the simplest, cheapest, and least risky manner available. There are a number of approaches used by software engineers to mitigate the negative impact of evolving a legacy systems, including leveraging service-oriented architecture to automate manual tasks previously performed by humans. A relatively recent approach in software engineering focuses upon implementing self-managing attributes, or “autonomic” behavior in software applications and systems of applications in order to reduce or eliminate the need for human monitoring and intervention. Entire systems can be autonomic or they can be hybrid systems that implement one or more autonomic components to communicate with external systems. In this paper, we describe a commercial development project in which a legacy multi-channel commerce enterprise resource planning system was extended with service-oriented architecture an autonomic control loop design to communicate with an external third-party security screening provider. The goal was to reduce the cost of the human labor necessary to screen an ever-increasing volume of orders and to reduce the potential for human error in the screening process. The solution automated what was previously an inefficient, incomplete, and potentially error-prone manual process by inserting a new autonomic software component into the existing order fulfillment workflow.

Keywords: enterprise resource planning; service-oriented architecture; software maintenance; ERP systems; autonomic approach; autonomic behavior; autonomic control loop design; autonomic software component; business value; error-prone manual process; human error; human monitoring; hybrid systems; legacy multichannel commerce enterprise resource planning system; legacy order fulfillment system; legacy software systems; order fulfillment workflow; retailing industry; service-oriented architecture; software applications; software engineering; third party security screening provider; Business; Complexity theory; Databases; Manuals; Monitoring; Software systems; autonomic computing; legacy software systems; self-adaptive systems; self-managing systems; service-oriented architecture; software evolution; software maintenance ;systems interoperability; systems of systems (ID#: 15-8186)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7116816&isnumber=7116715

 

Boussard, M.; Dinh Thai Bui; Ciavaglia, L.; Douville, R.; Le Pallec, M.; Le Sauze, N.; Noirie, L.; Papillon, S.; Peloso, P.; Santoro, F., "Software-Defined LANs for Interconnected Smart Environment," in Teletraffic Congress (ITC 27), 2015 27th International, pp. 219-227, 8-10 Sept. 2015. doi: 10.1109/ITC.2015.33

Abstract: In this paper, we propose a solution to delegate the control and the management of the network connecting the many devices of a smart environment to a software entity, while keeping end-users in control of what is happening in their networks. For this, we rely on the logical manipulation of all connected devices through device abstraction and network programmability. Applying Software Defined Networking (SDN) principles, we propose a software-based solution that we call Software-Defined LANs in order to interconnect devices of smart environments according to the services the users are requesting or expecting.  We define the adequate virtualization framework based on Virtual Objects and Communities of Virtual Objects. Using these virtual entities, we apply the SDN architectural principles to define a generic architecture that can be applied to any smart environment. Then we describe a prototype implementing these concepts in the home networking context, through a scenario in which users of two different homes can easily interconnect two private but shareable DLNA devices in a dedicated video-delivery SD-LAN. Finally we provide a discussion of the benefits and challenges of our approach regarding the generalization of SDN principles, autonomic features, Internet of Things scalability, security and privacy aspects enabled by SD-LANs intrinsic properties.

Keywords: Internet of Things; computer network management; computer network security; data privacy; home networks; local area networks; software defined networking; virtualisation; DLNA devices; Internet-of-things scalability aspect; SDN architectural principles; autonomic features; device abstraction; home networking context; interconnected smart environment; network control; network management; network programmability; privacy aspect; security aspect; software defined networking principles; software entity; software-based solution; software-defined LAN; virtual objects; virtualization framework; Avatars; Computer architecture; Context; Home automation; Security; Software; Virtualization (ID#: 15-8187)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7277446&isnumber=7277413

 

Tunc, C.; Hariri, S.; De La Peña Montero, F.; Fargo, F.; Satam, P., "CLaaS: Cybersecurity Lab as a Service -- Design, Analysis, and Evaluation," in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, pp. 224-227, 21-25 Sept. 2015. doi: 10.1109/ICCAC.2015.34

Abstract: The explosive growth of IT infrastructures, cloud systems, and Internet of Things (IoT) have resulted in complex systems that are extremely difficult to secure and protect against cyberattacks that are growing exponentially in the complexity and also in the number. Overcoming the cybersecurity challenges require cybersecurity environments supporting the development of innovative cybersecurity algorithms and evaluation of the experiments. In this paper, we present the design, analysis, and evaluation of the Cybersecurity Lab as a Service (CLaaS) which offers virtual cybersecurity experiments as a cloud service that can be accessed from anywhere and from any device (desktop, laptop, tablet, smart mobile device, etc.) with Internet connectivity. We exploit cloud computing systems and virtualization technologies to provide isolated and virtual cybersecurity experiments for vulnerability exploitation, launching cyberattacks, how cyber resources and services can be hardened, etc. We also present our performance evaluation and effectiveness of CLaaS experiments used by students.

Keywords: cloud computing; security of data; virtualisation; CLaaS; cloud computing system; cybersecurity lab as a service; virtual cybersecurity; virtualization technology; Cloud computing; Computer crime; IP networks; Servers; Virtualization; CLaaS; cybersecurity; education; virtual lab; virtualization (ID#: 15-8188)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312161&isnumber=7312127

 

Stephen, J.J.; Gmach, D.; Block, R.; Madan, A.; AuYoung, A., "Distributed Real-Time Event Analysis," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 11-20, 7-10 July 2015. doi: 10.1109/ICAC.2015.12

Abstract: Security Information and Event Management (SIEM) systems perform complex event processing over a large number of event streams at high rate. As event streams increase in volume and event processing becomes more complex, traditional approaches such as scaling up to more powerful systems quickly become ineffective. This paper describes the design and implementation of DRES, a distributed, rule-based event evaluation system that can easily scale to process a large volume of non-trivial events. DRES intelligently forwards events across a cluster of nodes to evaluate complex correlation and aggregation rules. This approach enables DRES to work with any rules engine implementation. Our evaluation shows DRES scales linearly to more than 16 nodes. At this size it successfully processed more than half a million events per second.

Keywords: distributed processing; security of data; SIEM system; aggregation rule; complex event processing; correlation rule; distributed realtime event analysis; distributed rule-based event evaluation system; security information and event management system; Connectors; Correlation; Data structures; Engines; Real-time systems; Servers; Throughput; Distributed event analysis; enterprise security (ID#: 15-8189)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266930&isnumber=7266915

 

Tunc, C.; Hariri, S.; De La Pena Montero, F.; Fargo, F.; Satam, P.; Al-Nashif, Y., "Teaching and Training Cybersecurity as a Cloud Service," in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, pp. 302-308, 21-25 Sept. 2015. doi: 10.1109/ICCAC.2015.47

Abstract: The explosive growth of IT infrastructures, cloud systems, and Internet of Things (IoT) have resulted in complex systems that are extremely difficult to secure and protect against cyberattacks which are growing exponentially in complexity and in number. Overcoming the cybersecurity challenges is even more complicated due to the lack of training and widely available cybersecurity environments to experiment with and evaluate new cybersecurity methods. The goal of our research is to address these challenges by exploiting cloud services. In this paper, we present the design, analysis, and evaluation of a cloud service that we refer to as Cybersecurity Lab as a Service (CLaaS) which offers virtual cybersecurity experiments that can be accessed from anywhere and from any device (desktop, laptop, tablet, smart mobile device, etc.) with Internet connectivity. In CLaaS, we exploit cloud computing systems and virtualization technologies to provide virtual cybersecurity experiments and hands-on experiences on how vulnerabilities are exploited to launch cyberattacks, how they can be removed, and how cyber resources and services can be hardened or better protected. We also present our experimental results and evaluation of CLaaS virtual cybersecurity experiments that have been used by graduate students taking our cybersecurity class as well as by high school students participating in GenCyber camps.

Keywords: Internet of Things; cloud computing; computer aided instruction; computer science education; educational courses; security of data; virtualisation; CLaaS; GenCyber camps; IT infrastructures; Internet connectivity; Internet of things; IoT; cloud computing systems; cloud service; cyber resources; cybersecurity lab as a service; cybersecurity teaching; cybersecurity training; graduate students; virtual cybersecurity experiments; virtualization technologies; Cloud computing; Computer crime; Network interfaces; Protocols; Servers; CLaaS and cloud computing; cybersecurity experiments; education; virtual cloud services; virtualization (ID#: 15-8190)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312173&isnumber=7312127

 

Ahad, R.; Chan, E.; Santos, A., "Toward Autonomic Cloud: Automatic Anomaly Detection and Resolution," in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, pp. 200-203, 21-25 Sept. 2015. doi: 10.1109/ICCAC.2015.32

Abstract: In this paper we describe an approach to implement an autonomic cloud. Our approach is based on our belief that if a computing system can automatically detect and correct anomalies - including response time anomalies, load anomalies, resource usage anomalies, and outages - then it can go a long way in reducing human involvement in keeping the system up, and that can lead to an autonomic system. We focus on a class of anomalies that are defined by normal values expected of key metrics. We describe a hierarchical rule-based anomaly detection and resolution framework for such a class of metrics.

Keywords: cloud computing; security of data; automatic anomaly detection; automatic anomaly resolution; autonomic cloud; load anomalies; outages; resource usage anomalies; response time anomalies; Assembly; Cloud computing; Computer architecture; Containers; Measurement; Monitoring; Quality of service; Anomaly; Autonomic Systems; Cloud; Rule-Based (ID#: 15-8191)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312155&isnumber=7312127

 

Tawalbeh, L.; Al-Qassas, R.S.; Darwazeh, N.S.; Jararweh, Y.; AlDosari, F., "Secure and Efficient Cloud Computing Framework," in Cloud and Autonomic Computing (ICCAC), 2015 International Conference on, pp. 291-295, 21-25 Sept. 2015. doi: 10.1109/ICCAC.2015.45

Abstract: Cloud computing is a very useful solution to many individual users and organizations. It can provide many services based on different needs and requirements. However, there are many issues related to the user data that need to be addressed when using cloud computing. Among the most important issues are: data ownership, data privacy, and storage. The users might be satisfied by the services provided by the cloud computing service providers, since they need not worry about the maintenance and storage of their data. On the other hand, they might be worried about unauthorized access to their private data. Some solutions to these issues were proposed in the literature, but they mainly increase the cost and processing time since they depend on encrypting the whole data. In this paper, we are introducing a cloud computing framework that classifies the data based on their importance. In other words, more important data will be encrypted with more secure encryption algorithm and larger key sizes, while less important data might even not be encrypted. This approach is very helpful in reducing the processing cost and complexity of data storage and manipulation since we do not need to apply the same sophisticated encryption techniques to the entire users data. The results of applying the proposed framework show improvement and efficiency over other existing frameworks.

Keywords: cloud computing; data privacy; security of data; cloud computing service providers; data encryption algorithm; data maintenance; data ownership; data privacy; data storage complexity; secure cloud computing framework; Cloud computing; Encryption; Mobile communication; Servers; Yttrium; Cloud Computing; Cryptography; Efficient framework; Information Security (ID#: 15-8192)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312171&isnumber=7312127

 

Zhimin Gao; Desalvo, N.; Pham Dang Khoa; Seung Hun Kim; Lei Xu; Won Woo Ro; Verma, R.M.; Weidong Shi, "Integrity Protection for Big Data Processing with Dynamic Redundancy Computation," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 159-160, 7-10 July 2015. doi: 10.1109/ICAC.2015.34

Abstract: Big data is a hot topic and has found various applications in different areas such as scientific research, financial analysis, and market studies. The development of cloud computing technology provides an adequate platform for big data applications. No matter public or private, the outsourcing and sharing characteristics of the computation model make security a big concern for big data processing in the cloud. Most existing works focus on protection of data privacy but integrity protection of the processing procedure receives little attention, which may lead the big data application user to wrong conclusions and cause serious consequences. To address this challenge, we design an integrity protection solution for big data processing in cloud environments using reputation based redundancy computation. The implementation and experiment results show that the solution only adds limited cost to achieve integrity protection and is practical for real world applications.

Keywords: Big Data; cloud computing; data integrity; data privacy; Big Data processing; cloud computing technology; dynamic redundancy computation; integrity protection solution; reputation based redundancy computation; Conferences; MapReduce; cloud computing; integrity protection (ID#: 15-8193)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266957&isnumber=7266915

 

Sicari, S.; Rizzardi, A.; Coen-Porisini, A.; Grieco, L.A.; Monteil, T., "Secure OM2M Service Platform," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 313-318, 7-10 July 2015. doi: 10.1109/ICAC.2015.59

Abstract: Machine-to-Machine (M2M) paradigm is one of the main concern of Internet of Things (IoT). Its scope is to interconnect billions of heterogeneous devices able to interact in various application domains. Since M2M suffers from a high vertical fragmentation of current M2M markets and lacks of standards, the European Telecommunications Standards Institute (ETSI) released a set of specifications for a common M2M service platform. An ETSI-compliant M2M service platform has been proposed in the context of the open source OM2M project. However such a platform currently only marginally addresses security and privacy issues, which are fundamental requirements for its large-scale adoption. Therefore, an extension of the OM2M platform is proposed, defining a new policy enforcement plug in, which aims to manage the access to the resources provided by the platform itself and to handle any violation attempts of the policies.

Keywords: Internet of Things; computer network security; data privacy; ETSI-compliant M2M service platform; European Telecommunications Standards Institute; Internet of Things; IoT; M2M markets;M2M paradigm; heterogeneous devices; machine-to-machine paradigm; open source OM2M project; policy enforcement plug; privacy issues; secure OM2M service platform; security issues; violation attempts; Global Positioning System; Interoperability; Logic gates; Privacy; Protocols; Security; Standards; Internet of Things; OM2M; Security Enforcement (ID#: 15-8194)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266986&isnumber=7266915

 

Zhimin Gao; Desalvo, N.; Pham Dang Khoa; Seung Hun Kim; Lei Xu; Won Woo Ro; Verma, R.M.; Weidong Shi, "Integrity Protection for Big Data Processing with Dynamic Redundancy Computation," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 159-160, 7-10 July 2015. doi: 10.1109/ICAC.2015.34

Abstract: Big data is a hot topic and has found various applications in different areas such as scientific research, financial analysis, and market studies. The development of cloud computing technology provides an adequate platform for big data applications. No matter public or private, the outsourcing and sharing characteristics of the computation model make security a big concern for big data processing in the cloud. Most existing works focus on protection of data privacy but integrity protection of the processing procedure receives little attention, which may lead the big data application user to wrong conclusions and cause serious consequences. To address this challenge, we design an integrity protection solution for big data processing in cloud environments using reputation based redundancy computation. The implementation and experiment results show that the solution only adds limited cost to achieve integrity protection and is practical for real world applications.

Keywords: Big Data; cloud computing; data integrity; data privacy; Big Data processing; cloud computing technology; dynamic redundancy computation; integrity protection solution; reputation based redundancy computation; Conferences; MapReduce; cloud computing; integrity protection (ID#: 15-8195)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266957&isnumber=7266915

 

Kantert, J.; Spiegelberg, H.; Tomforde, S.; Hahner, J.; Muller-Schloer, C., "Distributed Rendering in an Open Self-Organised Trusted Desktop Grid," in Autonomic Computing (ICAC), 2015 IEEE International Conference on,  pp. 267-272, 7-10 July 2015. doi: 10.1109/ICAC.2015.66

Abstract: Grid systems are an ideal basis to parallelise computationally intensive tasks that efficiently can be split into parts. One possible application domain for such systems is rendering of films. Since small companies and underground film producers do not have the possibility to maintain appropriate computing environments for their own films, grid-based approaches can be used to build a self-organised and autonomic computing infrastructure. In order to avoid such systems from being exploited by malicious agents, we present a novel approach introducing technical trust which results in the Trusted Desktop Grid. In this paper, we demonstrate that the system is able to automatically isolate malicious agents and support an efficient utilisation for benevolent agents -- resulting in a self-protecting and self-healing system.

Keywords: distributed processing; grid computing; rendering (computer graphics);security of data; trusted computing; autonomic computing infrastructure; benevolent agents; distributed rendering; grid systems; malicious agents; open self-organised trusted desktop grid; Bandwidth; Computational modeling; Law; Mathematical model; Rendering (computer graphics); Security; autonomous computing; distributed rendering; multi-agent systems; organic computing; trust; trusted desktop grid (ID#: 15-8196)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266978&isnumber=7266915

 

Schlatow, J.; Moestl, M.; Ernst, R., "An Extensible Autonomous Reconfiguration Framework for Complex Component-Based Embedded Systems," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 239-242, 7-10 July 2015. doi: 10.1109/ICAC.2015.18

Abstract: We present a framework based on constraint satisfaction that adds self-integration capabilities to component-based embedded systems by identifying correct compositions of the desired components and their dependencies. This not only allows autonomous integration of additional functionality but can also be extended to ensure that the new configuration does not violate any extra-functional requirements, such as safety or security, imposed by the application domain.

Keywords: embedded systems; object-oriented programming; application domain; complex component-based embedded systems; extensible autonomous reconfiguration framework; self-integration capabilities; Adaptation models; Component architectures; Computer architecture; Contracts; Embedded systems; Encoding; Modeling; based; constraint satisfaction; embedded systems; incremental self-integration; software deployment (ID#: 15-8197)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266973&isnumber=7266915

Bowu Zhang; Jinho Hwang; Ma, L.; Wood, T., "Towards Security-Aware Virtual Server Migration Optimization to the Cloud," in Autonomic Computing (ICAC), 2015 IEEE International Conference on, pp. 71-80, 7-10 July 2015. doi: 10.1109/ICAC.2015.45

Abstract: Cloud computing, featured by shared servers and location independent services, has been widely adopted by various businesses to increase computing efficiency, and reduce operational costs. Despite significant benefits and interests, enterprises have a hard time to decide whether or not to migrate thousands of servers into the cloud because of various reasons such as lack of holistic migration (planning) tools, concerns on data security and cloud vendor lock-in. In particular, cloud security has become the major concern for decision makers, due to the nature weakness of virtualization -- the fact that the cloud allows multiple users to share resources through Internet-facing interfaces can be easily taken advantage of by hackers. Therefore, setting up a secure environment for resource migration becomes the top priority for both enterprises and cloud providers. To achieve the goal of security, security policies such as firewalls and access control have been widely adopted, leading to significant cost as additional resources need to employed. In this paper, we address the challenge of the security-aware virtual server migration, and propose a migration strategy that minimizes the migration cost while promising the security needs of enterprises. We prove that the proposed security-aware cost minimization problem is NP hard and our solution can achieve an approximate factor of 2. We perform an extensive simulation study to evaluate the performance of the proposed solution under various settings. Our simulation results demonstrate that our approach can save 53%moving cost for a single enterprise case, and 66% for multiple enterprises case comparing to a random migration strategy.

Keywords: cloud computing; cost reduction; resource allocation; security of data; virtualisation; Internet-facing interfaces; NP hard problem; cloud computing; cloud security; cloud vendor lock-in; data security; moving cost savings; resource migration; resource sharing; security policy; security-aware cost minimization problem; security-aware virtual server migration optimization; virtualization; Approximation algorithms; Approximation methods; Cloud computing; Clustering algorithms; Home appliances; Security; Servers; Cloud Computing; Cloud Migration; Cloud Security; Cost Minimization (ID#: 15-8198)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266936&isnumber=7266915

 

da Silva Machado, Roger; Borges Almeida, Ricardo; Correa Yamin, Adenauer; Marilza Pernas, Ana, "LogA-DM: An Approach of Dynamic Log Analysis," in Latin America Transactions, IEEE (Revista IEEE America Latina) , vol. 13, no. 9, pp. 3096-3102, Sept. 2015. doi: 10.1109/TLA.2015.7350064

Abstract: In ubiquitous computing high levels of connectivity are needed. Considering that, preoccupations related with security aspects are indispensable. One strategy that can be applied for improve security is the log analysis. Such strategies can be used to promote systems' understanding, in particular, the detection of intrusion attempts. The operation of modern computing systems, as the ones used in ubiquitous computing, tend to generate a large number of log records, which require the use of automatic tools to an easier analysis. Tools that employ data mining techniques to log analysis have been used in order to detect attempted attacks on computer systems, assisting security management. Thus, this paper proposes an approach to perform log analysis with intuit to prevent attack situations. The proposed solution explores two fronts: (i) log records of applications, and (ii) log records from the network and transport layers. To evaluate the proposed approach was designed a prototype that employs modules for collection and normalization of data. The normalization module also adds contextual information in order to assist the analysis of critical security situations. To conserve the system's autonomic operation, the records of the network and transport layers are collected and evaluated from connections in progress. Tests were developed in the proposed solution, showing good result for typical categories of attack.

Keywords: Data mining; Middleware; Monitoring; Security; Ubiquitous computing; Visualization; Context-awareness; Data Mining; Log Analysis; Ubiquitous Computing (ID#: 15-8199)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7350064&isnumber=7350023

 

Beach, T.; Rana, O.; Rezgui, Y.; Parashar, M., "Governance Model for Cloud Computing in Building Information Management," in Services Computing, IEEE Transactions on, vol. 8, no. 2, pp. 314-327, March-April 2015. doi: 10.1109/TSC.2013.50

Abstract: The AEC (Architecture Engineering and Construction) sector is a highly fragmented, data intensive, project based industry, involving a number or very different professions and organisations. The industry's strong data sharing and processing requirements means that the management of building data is complex and challenging. We present a data sharing capability utilising Cloud Computing, with two key contributions: 1) a governance model for building data, based on extensive research Pand industry consultation. This governance model describes how individual data artefacts within a building information model relate to each other and how access to this data is controlled; 2) a prototype implementation of this governance model, utilising the CometCloud autonomic cloud computing engine, using the Master/Work paradigm. This prototype is able to successfully store and manage building data, provide security based on a defined policy language and demonstrate scale-out in case of increasing demand or node failure. Our prototype is evaluated both qualitatively and quantitatively. To enable this evaluation we have integrated our prototype with the 3D modelling software-Google Sketchup. We also evaluate the prototype's performance when scaling to utilise additional nodes in the Cloud and to determine its performance in case of node failures.

Keywords: architecture; buildings (structures); civil engineering computing; cloud computing; fault tolerant computing; information management; solid modelling;3D modelling software; AEC sector; CometCloud autonomic cloud computing engine; Google Sketchup; architecture engineering and construction sector; building data management; building information management; cloud computing; governance model; industry data processing requirements; industry data sharing requirement; master-work paradigm; policy language; project based industry; Buildings; Cloud computing; Collaboration; Computational modeling; Data models; Solid modeling; Cloud computing; building information modelling; data management; distributed tuple space (ID#: 15-8200)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6654157&isnumber=7080963


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.