Leandro Loffi

Federal University of Santa Catarina | UFSC · Departamento de Informática e Estatística

In the “first part” will be considered the authentication of devices with restricted memory that still presents significant problems, since the memory consumption is high in the mutual authentication using cryptographic protocols. According to previous studies, the development of an efficient method to perform mutual authentication, with multifactor, remains a challenge for IoT-Fog-Cloud environments. The present work aims to improve a multifactor mutual authentication method, using a variable and adjustable response time, challenge and nonce response function. With these factors, the method can be improved for Fog and Cloud Computing contexts. Future results will be compared with evaluations carried out in related works and in our previous works, seeking to obtain a satisfactory result in terms of energy consumption and processing and communication costs. We will also use the Proverif tool and do an informal analysis to provide the security assessment. In the “second part”, in Internet of Things (IoT) systems, information of various types is continuously captured, processed and transmitted by systems usually interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, designed to identify attack attempts. The characteristics of IoT devices make it impossible to apply these solutions in this environment. Furthermore, existing anomaly-based methods for multiclass detection do not have acceptable accuracy. An intrusion detection architecture will be proposed that will operate in the fog computing layer (Fog), aiming to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. We will improve a hybrid method of binary classification called DNN-kNN. The approach will be based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm. In the experiments, the public databases NSL-KDD and CICIDS2017 will be used in order to obtain greater precision about classical machine learning approaches and recent advances in intrusion detection for IoT systems. In the “third part” we will improve an Autonomic System to manage energy consumption in Internet of Things (IoT) and Fog Computing devices. The proposal will introduce advanced orchestration mechanisms to manage dynamic duty cycles for extra energy savings. The solution will work by adjusting the cycles as “Home (being at home)” and “Away (being away from home)” change states based on contextual information such as environmental conditions, user behavior, behavior variation, usage regulations energy and network resources, among others. A performance evaluation will be carried out through a proof of concept, considering average energy savings when increasing a scheduling system, and variables of long sleep cycles. We will also aim to promote autonomous management as a solution to develop more efficient buildings for energy use and smart cities, contributing to generate more sustainability.

(Goals and some results): Goal 1: Cloud identity management: A survey on privacy strategies https://www.researchgate.net/publication/316116828_Cloud_identity_management_A_survey_on_privacy_strategies With the rise of cloud computing, thousands of users and multiple applications have sought to communicate with each other, exchanging sensitive data. Thus, for effectively managing applications and resources, the use of models and tools is essential for the secure management of identities and to avoid compromising data privacy. There are models and tools that address federated identity management, and it is important that they use privacy mechanisms to assist in compliance with current legislation. Therefore, this article aims to present a survey of privacy in cloud identity management, presenting and comparing main features and challenges described in the literature. At the end of this work there is a discussion of the use of privacy and future research directions. Goal 2: Improving cloud computing virtual machines balancing through hosts and virtual machines similarities https://www.researchgate.net/publication/318445528_Improving_cloud_computing_virtual_machines_balancing_through_hosts_and_virtual_machines_similarities Quality of service is one of the major concerns in cloud computing. Virtual machines (VMs) balancing techniques can help reduce service degradation in cloud computing environments. Several works have presented cloud computing balance techniques; however, only a few used the similarity between VMs and physical hosts to map VMs migrations. In addition, most proposals do not consider the size, dynamism, and heterogeneity of the cloud when developing a management technique. We present a cloud computing VMs balancing algorithm that uses the similarity between VMs and physical hosts to create the map of migrations. Furthermore, the proposal takes into account the size, dynamism, and heterogeneity of the cloud when mapping VMs migrations; thus the proposal is developed in a distributed fashion, enabling the processing of each cluster at a time. To evaluate the proposal, we used the Google cluster data set. Experiments demonstrate that the proposed technique can improve the balance of allocated resources; thus helping reduce service degradation. Moreover, the runtime of the algorithm indicates that it is feasible to be used in a real cloud computing environment with hundreds of physical servers and virtual machines. Goal 3: Preserving Privacy with Fine-grained Authorization in an Identity Management System https://www.researchgate.net/publication/315816577_Preserving_Privacy_with_Fine-grained_Authorization_in_an_Identity_Management_System In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), could represent a privacy breach. This paper proposes an architecture that allows an individual to obtain services without the need of releasing all personal attributes. The architecture achieves that outcome evaluating the targeted policy in the domain of the identity provider, that is, policies are sent from service providers to identity providers to be evaluated, without the need of releasing some PIIs to the service provider side. We also present an implementation of a prototype using XACML 3.0 for fine-grained authorization and OpenID Connect for identity management. The prototype was evaluated through an use case representing an hypothetical scenario of a bookstore. The project demonstrated that for certain situations an user can restrict the release of PII data and still gain access to services. Goal 4: A Framework and Risk Assessment Approaches for Risk-based Access Control in the Cloud https://www.researchgate.net/publication/306107497_A_Framework_and_Risk_Assessment_Approaches_for_Risk-based_Access_Control_in_the_Cloud Cloud computing is advantageous for customers and service providers. However, it has specific security requirements that are not captured by traditional access control models, e.g., secure information sharing in dynamic and collaborative environments. Risk-based access control models try to overcome these limitations, but while there are well-known enforcement mechanisms for traditional access control, this is not the case for risk-based policies. In this paper, we motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies that is based on an extension of XACML. We also instantiate this framework using a new ontology-based risk assessment approach, as well as other models from related work, and present experimental results of the implementation of our work. Goal 5: Order@Cloud: A VM Organisation Framework Based on Multi-Objectives Placement Ranking https://www.researchgate.net/publication/296695902_OrderCloud_A_VM_Organisation_Framework_Based_on_Multi-Objectives_Placement_Ranking This paper presents the implementation and tests of a flexible and extensible framework, named Order@Cloud, that improves the Virtual Machine placements of a Cloud. It receives new VMs on the Cloud and organises them by relocating their placements based on the Multiple-Objectives of the environment. These Objectives are represented by Rules, Qualifiers and Costs, which can be easily added, extended and prioritised. Based on Evolutionary and Greedy Searches, Order@Cloud theoretically guarantees the adoption of a better set of Placements. More specifically, it seeks the non-dominated solutions (Pareto Set) and compares them considering the implementation cost of the scenario and its benefits. In contrast to existing solutions, that address specific objectives, our framework was devised to be objective-agnostic and easily extensible, which enables the implementation of new and generic prioritised elements. To understand the applicability and performance of our solution we conducted experiments using a real Cloud environment and discuss its performance, flexibility and optimality. Goal 6: A Distributed Autonomic Management Framework for Cloud Computing Orchestration https://www.researchgate.net/publication/305904642_A_Distributed_Autonomic_Management_Framework_for_Cloud_Computing_Orchestration Due to constant workload growth, the infrastructure used to support cloud computing (CC) environments increases in size and complexity. As a consequence of that, human administrators are not able to monitor, analyze, plan and execute actions upon the environment, seeking goals such as the environment optimization and service level agreements fulfillment. This proposal provides an autonomic framework to create virtual machines migrations and heuristics to select hosts to be activated or deactivated when needed. Moreover, the framework proposed in this paper works in a distributed way using multi-agent systems concepts. We provide an architecture to deal with the size, heterogeneity and dynamism of CC environments. Further, our proposal was added to the CloudStack platform as a plug-in for validation and experimentation. Keywords-Cloud computing orchestration; autonomic management framework. Goal 7: A Model for Managed Elements under Autonomic Cloud Computing Management https://www.researchgate.net/publication/308527496_A_Model_for_Managed_Elements_under_Autonomic_Cloud_Computing_Management Autonomic Cloud Computing management requires a model to represent the elements into the managed computing process. This paper proposes an approach to model the load flow through abstract and concrete cloud components using double weighted Directed Acyclic Multigraphs. Such model enables the comparison, analysis and simulation of clouds, which assist the cloud management with the evaluation of modifications in the cloud structure and configuration. The existing solutions either do not have mathematical background, which hinders the comparison and production of structural variations in cloud models, or have the mathematical background, but are limited to a specific area (e.g. energy-efficiency), which does not provide support to the dynamic nature of clouds and to the different needs of the managers. For this reason, we present a formalisation and algorithms that support the load propagation and the states of services, systems, third-parties providers and resources, such as: computing, storage and networking. Our model has a formal mathematical background and is generic, in contrast with other proposals. To demonstrate the applicability of our solution, we have implemented a software framework for modelling Infrastructure as a Service, and conducted numerical experiments with hypothetical loads. Goal 8: RACLOUDS - Model for Clouds Risk Analysis in the Information Assets Context https://www.researchgate.net/publication/303720639_RACLOUDS_-_Model_for_Clouds_Risk_Analysis_in_the_Information_Assets_Context Cloud computing offers benefits in terms of availability and cost, but transfers the responsibility of information security management for the cloud service provider. Thus the consumer loses control over the security of their information and services. This factor has prevented the migration to cloud computing in many businesses. This paper proposes a model where the cloud consumer can perform risk analysis on providers before and after contracting the service. The proposed model establishes the responsibilities of three actors: Consumer, Provider and Security Labs. The inclusion of actor Security Labs provides more credibility to risk analysis making the results more consistent for the consumer.