ARCHITECTURAL PRINCIPLES AND OPERATIONAL PRACTICES FOR BUILDING SECURE DIGITAL INFRASTRUCTURE IN CLOUD ENVIRONMENTS

This paper presents the CONTRACT framework to address a fundamental deficiency of the IP network control plane, namely the lack of coordination between an IGP and other control functions involved in achieving a high level objective. For example, an IGP’s default automatic reaction to a network failure may result in an SLA violation, even if the IGP link weights have been carefully chosen. This is because an IGP blindly routes traffic along the shortest paths based on link weights, and it is completely oblivious to the interactions between SLA compliance, load balancing and traffic policing objectives in a network. The CONTRACT framework makes it possible to coordinate these objectives. Under this framework, routers continue to operate autonomously, but they also coordinate their actions with a centralized network controller, which evaluates the impact of routing changes, decides whether the changes are SLA compliant, and performs load rebalancing and/or packet filter reconfiguration as necessary. The key contribution of CONTRACT is a set of coordination algorithms. We show that CONTRACT can effectively coordinate the actions of routing, load balancing and traffic policing to improve a network’s SLA compliance.

This chapter provides an overview of privacy and cybersecurity, classifies, and describes various attack vectors, presents best practices to mitigate potential attacks, discusses relevant standards, and offers concluding remarks. Privacy differs from cybersecurity because individuals control the policy. The dynamic protections apply through user consent, data labeling, and contextual access management. We explore how systems align privacy controls into their cybersecurity plans using the privacy control catalog in NIST 800-53 revision 5 and examine the future of privacy controls in a system security setting.

Mobile Data Loss: Threats and Countermeasures

Cloud data centers play a vital role in modern computing infrastructure, offering scalable resources for diverse applications. However, managing costs and resources efficiently in these centers has become a crucial concern due to the exponential growth of cloud computing. User applications exhibit complex behavior, leading to fluctuations in system performance and increased power usage. To tackle these obstacles, we introduce the Modified Feeding Birds Algorithm (ModAFBA) as an innovative solution for virtual machine (VM) consolidation in cloud environments. The primary objective is to enhance resource management and operational efficiency in cloud data centers. ModAFBA incorporates adaptive position update rules and strategies specifically designed to minimize VM migrations, addressing the unique challenges of VM consolidation. The experimental findings demonstrated substantial improvements in key performance metrics. Specifically, the ModAFBA method exhibited significant enhancements in energy usage, SLA compliance, and the number of VM migrations compared to benchmark algorithms such as TOPSIS, SVMP, and PVMP methods. Notably, the ModAFBA method achieved reductions in energy usage of 49.16%, 55.76%, and 65.13% compared to the TOPSIS, SVMP, and PVMP methods, respectively. Moreover, the ModAFBA method resulted in decreases of around 83.80%, 22.65%, and 89.82% in the quantity of VM migrations in contrast to the aforementioned benchmark techniques. The results demonstrate that ModAFBA outperforms these benchmarks by significantly reducing energy consumption, operational costs, and SLA violations. These findings highlight the effectiveness of ModAFBA in optimizing VM placement and consolidation, offering a robust and scalable approach to improving the performance and sustainability of cloud data centers.

ABSTRACTThe increase in popularity and demand for cloud services has caused a huge growth of cloud data centers, and this has caused the challenge of energy management in data centers. Virtual Machine (VM) consolidation is a critical process aimed at optimizing resource utilization and minimizing energy usage. VM consolidation with the turnoff of underloaded hosts and reducing the load of overloaded hosts establishes a balance between energy consumption and SLA violations. In fact, the consolidation process includes three sub‐problems: determining overloaded and underloaded hosts, VM selection in overloaded hosts, and finding a new destination for VMs that will be migrated (VM placement). This paper introduces an entropy‐based approach to VM selection and placement to improve efficiency in cloud data centers. Entropy is a quantifiable characteristic often linked to disorder, randomness, or unpredictability. By leveraging entropy as a measure of workload distribution and uncertainty, the proposed method effectively predicts future resource demands, enabling informed decisions that enhance energy efficiency and reduce SLA violations. A key advantage of this approach is the significant reduction in the number of VM migrations, which decreases overhead and minimizes potential service disruptions. Experimental results demonstrate that our entropy‐based method outperforms the VM consolidation process in terms of energy consumption, SLA compliance, and system stability. The findings suggest that this approach offers a more sustainable and cost‐effective solution for managing cloud resources, contributing to the development of efficient and reliable cloud computing environments.

Web application security – SQL injection attacks

Electronic Health Records: Promises and Realities: Part III: Information Privacy and Accuracy: Zero and GIGO Won't Do

The spiking landscape of cyber-attacks is reflecting its trend towards invoking vulnerabilities in a web application. The vulnerabilities seem to be over-growing second by second beside being over-coming time to time. The reason behind is, new attack vectors are often being deployed by the threat actors. The global cyber security market alone has brought a turnover of about $350 billion, which shows how wide the attack landscape is and how expensive it is to detect, protect and respond to the cyber issues. Most of the security experts have quoted that, the average cost of a data breach will exceed to $150million by 2020 and about 80 percent of the global demography were nowhere aware of such attacks. From the past few years, SQL injection is acting as a major vector in breaching the sensitive data. Detecting SQL injection through log correlation is the most effective methodology utilized under adaptive environments seeking no tool investigation. This paper exposes a detection methodology of an SQL injection attack without any mere concentration on automated tools. The paper goes with a motto of detection through configuring the available resources like web server,database,and an IDS in a way of creating adaptable environment that can bring the entire attacker information through log analysis. The paper would represent the attacker phases in a finite automata.

Web-based services are common targets for hackers, and the need for ensuring their security keeps on rising. Attackers often take advantage of the vulnerabilities of different web applications using several mechanisms and thus steal and manipulate valuable information. Therefore, the attack vectors are also increasing since there is a wide variety of internet users. Exploitations caused by different types of cyberattacks results in data loss, identity theft, financial loss, and various other adversaries on both humans and infrastructure. Therefore, investigating various attack vectors and countermeasures can facilitate and encourage future research and create awareness among web application users and developers.

Structured query language injection is a top rated vulnerability by open web application security project community. If a web application has structured query language vulnerability in source code, then such application is prone to cyber-attacks, leading to attack on confidentiality, integrity and availability. Attackers are always ready to exploit structured query language injection vulnerabilities by executing various online attack vectors and many times successfully bypass authentication and authorization to gain privilege access on web and database server leading to service interruption, data interception, modification, fabrication and sometime complete deletion of database. The present paper is an attempt to propose an advance component based web application firewall to enhance web application security by mitigating structured query language injection attack vectors by analyzing hypertext transfer protocol request variables through analyzer component and defending injection attack through defender component based on content policy installed on advance web application firewall.

Web Application vulnerabilities are into existence since the beginning of the internet and the world-wide web. In recent years, it has been given more importance considering the rapid expansion of online presence of critical businesses. There have been tremendous contributions by open source projects like Open Web Application Security Project in the area of web application security. Through open source projects, the attack vectors and mitigation specifications are shared to the developer community. There has been tremendous improvement in mitigation specifications and framework level protection for common web application vulnerabilities like Cross Site Scripting (XSS). Automated web application scanners have evolved over a period of time to aid in the detection of vulnerabilities at an early phase. Though there have been mitigation specifications in place and tools to detect vulnerabilities, attackers have always found new methods and payloads to circumvent the protection mechanisms. Analysis of a widely-used web based email service resulted in uncovering a specific methodology using which XSS can be exploited leveraging the working principle of CORS (Cross Origin Resource Sharing) in web browsers. A CVE (Common Vulnerabilities and Exposures) number was assigned for this instance and the same was logged in NVD (National Vulnerability Database). During the analysis, in depth insights on why and where automated security scanners fail was demonstrated.

<p>Security of web applications should include a variety of ways, one of which is concerned about data security. Websites that already have a lot of users it is proper to consider the backup and restore strategy to prevent data loss. Besides the use of backup and restore is done on a scheduled basis should also be done at any time, so it is necessary to do the planning and use of the right tools so that the implementation is easier. Journal of Information Systems (SIJALU) University of Semarang contains data of scientific publications from researchers at tire University of Semarang and other campuses. Currently SIJALU not yet have a strategy for the prevention of data loss, this study intends to design and produce a data security benefits of using remote backup and restore. This research is expected with the data stored in SIJALU can be maintained.</p>

Integrating wireless body area networks (WBANs) with cloudlet introduces an edge-of-things computing environment for pervasive applications. The variation in the number of active WBANs nodes and its data transmission rate requires optimal computing resources to avoid performance degradation and data loss. We argue the research gap in terms of optimal resource provisioning that predicts and automatically adjusts the computing resources on the basis of sensory data volume and application’s type. In this paper, we propose a hybrid autonomic resource provisioning framework, which is the combination of autonomic computing, fuzzy logic control and linear regression model. The proposed framework is built over CloudSim toolkit with autonomic resource provisioning framework inspired by the cloud layer model. The effectiveness of the proposed approach is evaluated under a real workload trace. The experimental results show that the proposed approach minimizes the cost by at least 27% and SLA violations by at least 78% as compared to other approaches.

As part of the international Open Science movement, this project deals with the structuration, sharing and opening of research data in the context of a network of thirteen CNRS-INEE observatories (OHMs): the Interdisciplinary Research Facility on Human-Environment Interactions supported by the ANR (LabEx DRIIHM 2012-2025). This network involves nearly 1000 scientists. Large amounts of heterogeneous data are produced or collected, covering research in Natural and Life Sciences, and Human and Social Sciences. Several initiatives have been carried out within the LabEx DRIIHM to increase visibility and data sharing to connect scientific teams that are not always linked, promote the re-use of data and potentially lead to the emergence of new research topics. A range of tools has been developed over the years: metadata geo-catalogs, web GIS platforms, photo libraries, HAL collections, etc. However, there are significant contrasts in the contribution to these tools and their use between OHMs, and two surveys conducted in 2017 and 2018 showed that researchers remain poorly informed about Open Science practices. The DRIIHM community is globally motivated by data sharing, but does not know how to proceed and identifies obstacles such as fear of hacking, misuse, security or loss of data ownership.The objective of this project is to optimize the appropriation of Open Science by the DRIIHM community through: i) the organization of awareness campaigns showing the benefits of data sharing and openness; ii) the co-construction of a more ergonomic and interoperable e-infrastructure, integrating existing tools and accompanying researchers to find, share and (re-)use data through the concrete and gradual implementation of the FAIR principles. This project is part of international initiatives such as the Research Data Alliance and GO FAIR.This Flash call offers the opportunity to strengthen the collaboration recently initiated with ergonomists and web development specialists to respond more closely to the community health needs and highly improve the existing infrastructure. The methodology is based on an iterative and incremental AGILE software development: the e-infrastructure will be enhanced with new features after each iteration. The originality of this project lies in the co-construction, researchers being involved at the early stages of the project. Challenges are to identify the current practices in data management and data access, and then to manage change with the integration of Open Science practices into the data lifecycle. Training workshops will enable the DRIIHM community to learn how to use and evaluate the new e-infrastructure efficiently. Indicators will be developed to measure the evolution of practices, the usability of the e-infrastructure and the level of data FAIRness.The impacts of this project will be the directly quantifiable use of the e-infrastructure by the community of data producers and users. As a result, researchers will acquire a better knowledge of Open Science and their datasets will gain in visibility. They will be aware of data management using a Data Management Plan model and will have the opportunity to generate a data paper draft. The e-infrastructure source codes will be freely accessible and maintained on a dedicated repository platform. The scientific production will be open access and referenced in HAL. The methodological solutions developed and tested in this is project can be exploited beyond the LabEx DRIIHM. Finally, through the implementation of interoperability, research data will be visible in major national and international data infrastructures including the future European Open Science Cloud (EOSC) portal.

Existing anti-tamper designs protect against limited forms of attacks and have deterministic tamper responses, which can undermine the availability of systems. Advancements in physical inspection techniques have enabled stealthier attacks. Therefore, there is a pressing need for more intelligent defenses that ensure a longer operational time while keeping up with the expected increase in the capabilities of adversaries. This study proposes to enhance existing physical protection methods by developing an intelligent anti-tamper using machine learning algorithms. It uses an analytic system capable of detecting and classifying multiple types of behaviors (e.g., normal operation conditions, known attack vectors, and anomalous behavior). A prototype of the proposed system has been implemented and its functionality has been successfully verified for two types of normal operating conditions and further four forms of physical attacks. In addition, a systematic threat modelling analysis and security validation was carried out, which indicated the proposed solution provides better protection against including information leakage, loss of data, and disruption of operation.