As the cloud computing paradigm evolves, new types of cloud-based services have become available, including security services. Some of the most important and most commonly adopted security services are firewall services. These cannot be easily deployed in a cloud, however, because of a lack of mechanisms preserving firewall policy confidentiality. Even if they were provided, the customer traffic flowing through the Cloud Service Provider infrastructure would still be exposed to eavesdropping and information gaining by performing analysis. To bypass these issues, the following article introduces a novel framework, known as the Ladon Hybrid Cloud, for preserving cloud-based firewall policy confidentiality. It is shown that in this framework, a high level of privacy is provided thanks to leveraging an anonymized firewall approach and a hybrid cloud model. A number of optimization techniques, which help to further improve the Ladon Hybrid Cloud privacy level, are also introduced. Finally, analysis performed on the framework shows that it is possible to find a trade-off between the Ladon Hybrid Cloud privacy level, its congestion probability, and efficiency. This argument has been demonstrated through the results of conducted experiments.
The paper focuses on dynamic resource provisioning which minimizes carbon footprint of data centers interconnected via optical networks. The main contribution of this paper is a schema of fitting energy aware anycast strategies to different types of cloud services in order to reduce greenhouse gases emission. The proposed schema was compared to the cases when all types of cloud services were handled using the same anycast strategy. It is shown that the proposed schema is able to significantly reduce greenhouse gases emission without significant deterioration of network performance.
Traditional intrusion detection systems, managed by organizations themselves, have already evolved towards cloud architectures. While benefitting from all the advantages of the cloud computing paradigm, they are also suffering from one of its main drawbacks-privacy issues. As intrusion detection system security policies expose critical information regarding the organization such as vulnerabilities, sharing this information with cloud service providers raises serious privacy concerns. The following paper proposes and presents three novel solutions as a first step towards preserving the privacy of cloud-based intrusion detection system security policies. All the solutions utilize hybrid cloud architecture, as this is a leading trend in the cloud-based intrusion detection systems market, and share the concept of performing the most computationally expensive operations, which are pattern-matching operations, in the public cloud. By taking the final decision regarding network packets in the private cloud on customer premises, the desired level of privacy is provided. Experimental results, received as an output from the performed simulations, confirm that all the presented solutions are efficient enough for the deployment of cloud-based intrusion detection systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.