Public Cloud Research Articles

A Robust and Privacy-Preserving Anonymous User Authentication Scheme for Public Cloud Server

Everyone desires to avail online services provided by different service providers securely, efficiently, and effectively. In this regard, security is still a significant concern for them. However, no one guarantees secure communication by browsing different applications remotely. To ensure confidentiality, authorization, availability, nonrepudiation, and removing eavesdropping, without a robust authentication scheme, nothing will go right. Therefore, we attempted to design a robust and privacy-preserving authentication scheme for end-users to securely access public cloud servers’ services remotely without losing performance. Our proposed scheme security has been evaluated formally using the random oracle model (ROM) and ProVerif2.03 and informally using proposition and discussion. At the same time, the performance metric has been analyzed by considering the scheme’s computation and communication costs. Upon comparing the proposed scenario with state-of-the-artwork, it has been demonstrated that the scheme is much better in terms of security and performance, as these are contradicting metrics, and the change in one conversely affects the other.

Secure PAAS environment over hybrid cloud using load-balanced Docker containers

The purpose of this research is to provide cloud service providers (CSP) a secure platform that can be accessed for configuring secure, silent software deployment on the hybrid cloud using load-balanced Docker Containers (LBDC) that are configured with different PAAS software solutions. As many researchers in the past have worked on providing PASS platforms using either a public cloud or private cloud less research is carried out on the hybrid cloud systems and researchers who have worked on the hybrid cloud have followed a different approach to providing PAAS to organizations in need but lack in securing the PAAS platform. This research will provide cloud service providers a secure deployment of the PAAS platform for the developers on the go and will reduce the overhead of CSP to deploy the PAAS services from scratch. Compared to the other researcher’s contribution this research work provides a load-balanced containerized secure PASS platform that can be scaled on-demand and be secure while scaling the resources for peak workloads. The admins of the hybrid cloud can access and deploy the Docker containers based on the requirement laid down by the developers. Once the Admin configures the Docker container with the required PAAS services he can then easily invoke the LBDC in the hybrid cloud and deploy the PAAS platform for the developers to work on in seconds. LBDC’s will help in scalable deployment of Secure PAAS services for different locations and machines simultaneously thus reducing the cost and time required for hybrid virtual machines to get up and running for the development process by the developers of the company. CSP’s can achieve less turnaround time for deployment of secure PAAS environments for organizations.

TFHE-rs: A library for safe and secure remote computing using fully homomorphic encryption and trusted execution environments

Fully Homomorphic Encryption (FHE) and Trusted Execution Environ-ments (TEEs) are complementing approaches that can both secure computa-tions running remotely on a public cloud. Existing FHE schemes are, however, malleable by design and lack integrity protection, making them susceptible to integrity breaches where an adversary could modify the data and corrupt the output. This paper describes how both confidentiality and integrity of remote compu-tations can be assured by combining FHE with hardware based secure enclave technologies. We provide a software library for performing FHE within the Intel SGX TEE, written in the memory-safe programming language Rust to strengthen the internal safety of software and reduce its attack surface. We evaluate a sample application written with our library. We demonstrate that we can feasibly combine these concepts and provide stronger security guar-antees with a minimal development effort.

Security Issues in Cloud Computing

Cloud computing has aided the evolution of IT by improving the ability and flexibility of data storage, as well as providing scalable computation and processing capabilities that match the dynamic data sets. Many corporate application programs have been transferred to public and hybrid clouds due to the multiple benefits of cloud computing. On the other hand, many businesses identify privacy and data security as major concerns that prevent them from adopting cloud computing. The only way to achieve successful cloud implementation is to improve and manage data security and privacy in the cloud. This research paper looks at data privacy and security in cloud computing at all stages of the data lifecycle, providing a general overview of the technology while highlighting important security difficulties and concerns that must be addressed. It also examines a number of existing solutions and gives recommendations for new ones that can improve data privacy and security in the cloud. Finally, future research on data privacy and security in cloud systems is discussed in the study report.

Chaos as a Software Product Line—A platform for improving open hybrid‐cloud systems resiliency

AbstractNowadays, cloud‐native software architectures have a significant relevance due to the speed and agility they provide. These properties lead relevant organizations in different industries, like video streaming (Netflix), car‐sharing (Uber, Cabify), banking (BBVA, HSBC), and governmental agencies (NASA, FBI, CERN, ESA) to heavily rely on cloud‐native software to run their business‐critical applications. Additionally, including fault injection actions in the production infrastructure allows companies to have consistent environments, to improve applications dependability against unexpected failures, to provide better user experience, and to improve the overall system quality. Thus, cloud computing technologies allow development teams to rapidly create complex systems and to continuously deploy them, at a global scale. This work describes Pystol, a novel fault injection platform—represented as a Software Product Line—to analyze the effects caused by a wide spectrum of adverse conditions. Pystol is designed to be executed on top of cloud‐native environments, either in private or public clouds. The proposed architecture shows a way for representing feature models based on Unified Model Language (in short, UML) component diagrams. Furthermore, we present a thorough empirical study carried out in real‐world environments, providing promising results.

Democratizing data-independent acquisition proteomics analysis on public cloud infrastructures via the Galaxy framework.

BackgroundData-independent acquisition (DIA) has become an important approach in global, mass spectrometric proteomic studies because it provides in-depth insights into the molecular variety of biological systems. However, DIA data analysis remains challenging owing to the high complexity and large data and sample size, which require specialized software and vast computing infrastructures. Most available open-source DIA software necessitates basic programming skills and covers only a fraction of a complete DIA data analysis. In consequence, DIA data analysis often requires usage of multiple software tools and compatibility thereof, severely limiting the usability and reproducibility.FindingsTo overcome this hurdle, we have integrated a suite of open-source DIA tools in the Galaxy framework for reproducible and version-controlled data processing. The DIA suite includes OpenSwath, PyProphet, diapysef, and swath2stats. We have compiled functional Galaxy pipelines for DIA processing, which provide a web-based graphical user interface to these pre-installed and pre-configured tools for their use on freely accessible, powerful computational resources of the Galaxy framework. This approach also enables seamless sharing workflows with full configuration in addition to sharing raw data and results. We demonstrate the usability of an all-in-one DIA pipeline in Galaxy by the analysis of a spike-in case study dataset. Additionally, extensive training material is provided to further increase access for the proteomics community.ConclusionThe integration of an open-source DIA analysis suite in the web-based and user-friendly Galaxy framework in combination with extensive training material empowers a broad community of researches to perform reproducible and transparent DIA data analysis.

Effect of Hyper-Threading in Latency-Critical Multithreaded Cloud Applications and Utilization Analysis of the Major System Resources

Multithreaded latency-critical applications represent an important subset of workloads running on public cloud systems. Most of these systems deploy powerful computing servers including Intel Hyper-Threading processors. Understanding how performance is affected by the consumption of the main system resources is a major concern for cloud providers in order to devise virtualization strategies that improve the system efficiency. With this aim, this paper first characterizes the impact of QPS on tail latency, analyzing different scenarios varying the number of threads and the thread-to-core allocation (single-task and multi-task execution) policy. The characterization study reveals that the performance of some applications does not scale with the number of threads, and the performance of some others is insensitive to the Hyper-Threading technology, so they can be allocated in less physical cores and improve system utilization. Identifying these applications, however, at run-time is challenging. Despite identifying these applications at run-time is challenging, this paper shows that they can be successfully detected at run-time by analyzing the utilization trend of the major system resources. In addition to CPU, we have also studied how assigning the share of each application of other major shared system resources impacts on performance. We outline considerations cloud providers should take into account to improve performance and resource utilization.

An efficient and robust parallel scheduler for bioinformatics applications in a public cloud: A bigdata approach

<p>In bioinformatics, genomic sequence alignment is a simple method for handling and analysing data, and it is one of the most important applications in determining the structure and function of protein sequences and nucleic acids. The basic local alignment search tool (BLAST) algorithm, which is one of the most frequently used local sequence alignment algorithms, is covered in detail here. Currently, the NCBI's BLAST algorithm (standalone) is unable to handle biological data in the terabytes. To address this problem, a variety of schedulers have been proposed. Existing sequencing approaches are based on the Hadoop MapReduce (MR) framework, which enables a diverse set of applications and employs a serial execution strategy that takes a long time and consumes a lot of computing resources. The author, improves the BLAST algorithm based on the BLAST-BSPMR algorithm to achieve the BLAST algorithm. To address the issue with Hadoop's MapReduce framework, a customised MapReduce framework is developed on the Azure cloud platform. The experiment findings indicate that the suggested bulk synchronous parallel MapReduce-basic local alignment search tool (BSPMR-BLAST) algorithm matches bioinformatics genomic sequences more quickly than the existing Hadoop-BLAST method, and that the proposed customised scheduler is extremely stable and scalable.</p>

MRMondrian: Scalable Multidimensional Anonymisation for Big Data Privacy Preservation

Scalable data processing platforms built on cloud computing becomes increasingly attractive as infrastructure for supporting big data applications. But privacy concerns are one of the major obstacles to making use of public cloud platforms. Multidimensional anonymisation, a global-recoding generalisation scheme for privacy-preserving data publishing, has been a recent focus due to its capability of balancing data obfuscation and usability. Existing multidimensional anonymisation methods suffer from scalability problems when handling big data due to the impractical serial I/O cost. Given the recursive feature of multidimensional anonymisation, parallelisation is an ideal solution to scalability issues. However, it is still a challenge to use existing distributed and parallel paradigms directly for recursive computation. In this paper, we propose a scalable approach for big data multidimensional anonymisation based on MapReduce, a state-of-the-art data processing paradigm. Our basic idea is to partition a data set recursively into smaller partitions using MapReduce until all partitions can fit in the memory of a computing node. A tree indexing structure is proposed to achieve recursive computation. Moreover, we show the applicability of our approach to differential privacy. Experimental results on real-life data demonstrate that our approach can significantly improve the scalability of multidimensional anonymisation over existing methods.

A Review Paper on Secure Virtualization for Cloud Computing

Cloud technology acceptability and development are being endangered by unresolved cybersecurity issues that impact both the cloud operator and the cloud consumer. In this article, researchers show how virtualized may help secure public cloud by ensuring the integrity of the both guest virtual machines and cloud network equipment.. In specifically, we present the Advanced-Cloud-Protection-System (ACPS), a new construction targeted at ensuring improved security for cloud resources. ACPS may be used on a variety of cloud systems to efficiently while being anonymous to virtualization and cloud users, verify the validity of guest and network resources. Security breaches may be responded to nearby by ACPS, as well as notified to a higher security-management-layer. Two existing open source systems, Eucalyptus and Open ECP, have completely implemented a prototype of our ACPS concept. The prototype is put to the test in terms of efficiency and performance. In specifically, (a) the efficacy of our prototype is shown by testing it against known assaults in the nonfiction; (b) the ACPS prototype's performance is evaluated under various kinds of workload. The results indicate that our approach is resistant to assaults and that the upstairs imposed is minimal when associated to the landscapes available.

A Review on Cloud Computing Technology, Cloud Deployment and Service Delivery Models

Abstract: With the advent of Cloud Computing technology, organizations are rapidly shifting their IT systems from traditional client/server to cloud computing model where everything is offered as a service whether it’s a software, hardware or storage capacity. Cloud computing uses the concept of pay as per use basis where users do not need to pay for infrastructure, installation and its maintenance. Anyone can access the desired service from the cloud anytime, anywhere in the world on demand basis. The utilization of this innovative technology makes collaboration easier among companies or organizations and has the potential to create financial and operational benefits. This study helps organizations and individuals understand how cloud computing can provide them with reliable, personalized and cost-efficient services in a wide variety of applications. Keywords: Cloud Computing; Public Cloud; Private Cloud; Hy

Privacy and security-aware workflow scheduling in a hybrid cloud

Increasing numbers of workflow applications are being deployed on cloud platforms. When deploying workflows in a hybrid cloud environment, additional concerns emerge: 1. privacy-sensitive data and tasks cannot be exposed to a public cloud platform; 2. security and bandwidth of data transmission across cloud platforms should be guaranteed as it goes through the ‘unpredictable’ Internet. This paper investigates how to effectively reduce monetary cost when deploying a workflow in a hybrid cloud under the deadline and privacy constraints. A three-level data privacy and security model integrating hybrid encryption is devised to guarantee privacy and security of workflow applications. Two scheduling heuristics are then proposed to tackle the considered constrained optimization problem: privacy and security-aware list scheduling (PSLS) and simulated annealing (PSSA). PSLS distributes the user-defined deadline to each task and allocates each task to a resource in the hybrid cloud that meets constraints and incurs a minimum cost. PSSA permutes task lists for iterative improvement based on simulated annealing and PSLS. Simulation experiments are conducted and experimental results demonstrate that PSLS generally performs better than four existing algorithms to optimize monetary costs and PSSA achieves an even higher performance at the expense of runtime.

A Systematic Literature Review on Security Challenges In A Hybrid Cloud Database

Cloud computing paved the way to many technical facilities for companies to develop their business needs in more effective and efficient manner. Combining private and public cloud into so called Hybrid cloud has made a positive leap in business by allowing applications and data to be shared among enterprises. However, many challenges and issues have arisen when adopting the hybrid cloud to manage, store and process data. The most critical one of these challenges is the security of the adopted Hybrid cloud. This research presented a comprehensive study about the security challenges in the Hybrid cloud computing as well as the suggested solutions. The study used a Systematic Literature Review (SLR) process to collect, review and summarize published articles from IEEE and Springer Nature databases and between 2020 and 2021. As a result, there were 7 eligible articles selected according to the search criteria and fully reviewed. The findings have revealed that there are four main challenges which are Data Security, Access Control, Privacy, Data Leakage and Cy- ber Attacks. Future studies should be conducted using different databases to have further investigation regarding the security in Hybrid clouds.

Analysis on Cloud Computing Architectures

Cloud computing is an evolving technique and emerged the entire IT industry in recent years. It transformed the IT landscape and brought the world in the hands of public. One can access the resources available on cloud on pay-as-you-use basis, like applications and infrastructure provided by cloud providers in the form of applications already deployed by cloud providers for use by the cloud users. These services are developed, tested and deployed before they brought into use. Another feature of cloud computing is its massive storage infrastructure made available for database and data supplied by the user. The cloud has several unique architectures and many more are still evolving. The services like SaaS, PaaS and the IaaS are deployed on private, public, community and hybrid clouds. In this paper we discuss the present developments in the cloud computing architecture and also try to present feasible guidance for further processing. Papers published in journals, conferences, white papers are analyzed. We attempt to identify, examine and explain the current trends and development in cloud computing architecture. However, only 13% of the papers examined discussed Others-as-a-Service, while only 26% of the papers reviewed considered issues relating to the major actors involved in cloud computing. This will beneficial to cloud providers, users, and researchers alike

Enhanced Data Security in Cloud Computing: Survey

-The next era in the advent of the internet is internet based computing also known as cloud computing. It has been the emphasis in recent years, but security concerns are one among the most important impediments to the rise of cloud computing.. It essentially sends user data and application programs to massive data centers, i.e. a distant cloud, where consumers have little control and data management may be insecure. However, numerous security issues raised by the cloud's unique nature must be addressed and fully acknowledged.. Amongst the most critical concerns which must be tackled is the security issue. Issues with data security created by user data and software in the provider's jurisdiction. Cloud users search for cloud resources with secure data management. When sharing their personal data over public clouds, some cloud users may prefer to manage their data with more privacy. This document focuses on improving privacy-related data security in the cloud and related works that have been done to enhance data security in cloud computing. This research review work analyzes and discusses several of the security and privacy improvements evaluated in related existing systems.

Privacy-preserving Motion Detection for HEVC-compressed Surveillance Video

In the cloud era, a large amount of data is uploaded to and processed by public clouds. The risk of privacy leakage has become a major concern for cloud users. Cloud-based video surveillance requires motion detection, which may reveal the privacy of people in a surveillance video. Privacy-preserving video surveillance allows motion detection while protecting privacy. The existing scheme [ 25 ], designed to detect motion on encrypted and H.264-compressed surveillance videos, does not work well on more advanced video compression schemes such as HEVC. In this article, we propose the first motion detection method on encrypted and HEVC-compressed videos. It adopts a novel approach that exploits inter-prediction reference relationships among coding blocks to detect motion regions. The partition pattern and the number of coding bits of each detection block used in prior art are also used to help detect motion regions. Spatial and temporal consistency of a moving object and Kalman filtering are applied to segment connected/merged motion regions, remove noise and background motions, and refine trajectories and shapes of detected moving objects. Experimental results indicate that our detection method achieves high detection recall, precision, and F1-score for surveillance videos of both high and low resolutions with various scenes. It has a similarly high detection accuracy on encrypted and HEVC-compressed videos as that of the existing motion detection method [ 25 ] on encrypted and H.264-compressed videos. Our proposed method incurs no bit-rate overhead and has a very low computational complexity for both motion detection and encryption of HEVC videos.

Performance Evaluation of Information Gathering from Edge Devices in a Complex of Smart Buildings.

The use of monitoring systems based on cloud computing has become common for smart buildings. However, the dilemma of centralization versus decentralization, in terms of gathering information and making the right decisions based on it, remains. Performance, dependent on the system design, does matter for emergency detection, where response time and loading behavior become very important. We studied several design options based on edge computing and containers for a smart building monitoring system that sends alerts to the responsible personnel when necessary. The study evaluated performance, including a qualitative analysis and load testing, for our experimental settings. From 700+ edge nodes, we obtained response times that were 30% lower for the public cloud versus the local solution. For up to 100 edge nodes, the values were better for the latter, and in between, they were rather similar. Based on an interpretation of the results, we developed recommendations for five real-world configurations, and we present the design choices adopted in our development for a complex of smart buildings.

Cloud Computing Models for Business

The idea of cloud computing is not a new one, it has been developed and discussed for many years. Cloud computing is a model which allows to get access to the network upon request from the set of adjustable computing services, such as infrastructure, applications and storages. Cloud services and data storage products allow their users to store and share any type of document and file from any device connected to Internet. There are several types of cloud services, which can be subdivided into: SaaS (Software as a Service), PaaS (Platform as a Service), IaaS (Infrastructure as a Service). Besides, there are several deployment models, such as public, residential, hybrid or community cloud. Cloud computing models are based on modern process paradigm, which offers new alternatives to the companies of various ranges for implementation of innovative business models. With the help of these new business models small companies will be able to use cloud computing platforms and to increase gradually their computation capacities and data storage capacities depending on the requirements in real time mode, which creates a unique opportunity for market competition. Keywords— cloud computing, IaaS, OpenStack, PaaS, SaaS.

Performance prediction of deep learning applications training in GPU as a service systems

Data analysts predict that the GPU as a service (GPUaaS) market will grow to support 3D models, animated video processing, gaming, and deep learning model training. The main cloud providers already offer in their catalogs VMs with different type and number of GPUs. Because of the significant difference in terms of performance and cost of this type of VMs, correctly selecting the most appropriate one to execute the required job is mandatory to minimize the training cost. Motivated by these considerations, this paper proposes performance models to predict GPU-deployed neural networks (NNs) training. The proposed approach is based on machine learning and exploits two main sets of features, thus capturing both NNs properties and hardware characteristics. Such data enable the learning of multiple linear regression models that, coupled with an established feature selection technique, become accurate prediction tools, with errors below 12% on average. An extensive experimental campaign, performed both on public and in-house private cloud deployments, considers popular deep NNs used for image classification and speech transcription. The results show that prediction errors remain small even when extrapolating outside the range spanned by the input data, with important implications for the models’ applicability.

LS-RQ: A Lightweight and Forward-Secure Range Query on Geographically Encrypted Data

In the era of cloud computing, to achieve convenient location-based service (LBS), consumers such as users, companies, and organizations prefer subcontracting massive geographical data to public clouds after encryption for privacy and security. However, numerous harmful cyber-attacks happen on those public clouds in an unpredicted and hourly manner. To alleviate those concerns, various secure query schemes on the encrypted data have been proposed in the literature. As a fundamental query of LBSs, forward-secure range query has not been well investigated. To address this issue, we propose a lightweight and forward-secure range query (LS-RQ) on geographically encrypted data, which soundly balances between security and efficiency. Promisingly, we design an index mechanism to manage geographical data on the public clouds, while not compromising the privacy of data. Moreover, our LS-RQ schemes provide a convenient approach to range query on geographically encrypted data on-the-fly. We also rigorously prove that LS-RQ is forward-secure. Finally, extensive experimental studies are performed on both real and synthetic datasets. By observation, our LS-RQ schemes are highly efficient in realistic environments. Particularly, on encrypted datasets with about 1000000 geographical data, our solution to secure range query takes strictly less than a second.