Browsing by Author "Abwnawar, Nasser"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Open Access A Policy-Based Management Approach to Security in Cloud Systems(De Montfort University, 2020-02) Abwnawar, NasserIn the era of service-oriented computing, ICT systems exponentially grow in their size and complexity, becoming more and more dynamic and distributed, often spanning across different geographical locations, as well as multiple ownerships and administrative domains. At the same time, complex software systems are serving an increasing number of users accessing digital resources from various locations. In these circumstances, enabling efficient and reliable access control is becoming an inherently challenging task. A representative example here is a hybrid cloud environment, where various parts of a distributed software system may be deployed locally, within a private data centre, or on a remote public cloud. Accordingly, valuable business information is expected to be transferred across these different locations, and yet to be protected from unauthorised/malicious access at all times. Even though existing access control approaches seem to provide a sufficient level of protection, they are often implemented in a rather coarse-grained and inflexible manner, such that access control policies are evaluated without taking into consideration the current locations of requested resources and requesting users. This results in a situation, when in a relatively ‘safe’ environment (e.g., a private enterprise network) unnecessarily complex and resource-consuming access control policies are put in place, and vice versa in external, potentially ‘hostile’ network locations access control enforcement is not sufficient. In these circumstances, it becomes desirable for an access control mechanism to distinguish between various network locations so as to enable differentiated, fine grained, and flexible approach to defining and enforcing access control policies for heterogeneous environments. For example, in its simplest form, more stringent and protective policies need to be in place as long as remote locations are concerned, whereas some constraints may be released as soon as data is moved back to a local secure network. Accordingly, this PhD research efforts aims to address the following research question – How to enable heterogeneous computing systems, spanning across multiple physical and logical network locations, as well as different administrative domains and ownerships, with support for location-aware access control policy enforcement, and implement a differentiated fine-grained access control depending on the current location of users and requested resources? To address this question, the presented thesis introduces the notions of ‘location’ and ‘location-awareness’ that underpin the design and implementation of a novel access control framework, which applies and enforces different access control policies, depending on the current (physical and logical) network locations of policy subjects and objects. To achieve, this the approach takes the existing access control policy language SANTA, which is based on the Interval Temporal Logic, and combines it with the Topological Logic, thereby creating a holistic solution covering both the temporal and the spatial dimensions. As demonstrated by a hypothetical case study, based on a distributed cloud-based file sharing and storage system, the proposed approach has the potential to address the outlined research challenges and advance the state of the art in the field of access control in distributed heterogeneous ICT environments.Item Open Access Towards Monitoring Security Aspects in Mobile Grid Computing Systems: a Survey(DMU Doctoral Student Conference 2016, 2016-05) Suwan, Abdulghani; Siewe, Francois; Abwnawar, Nasser— In recent years, the proliferation of mobile devices has led to the emergence of mobile grid computing, that is extending the reach of grid computing by enabling mobile devices both to contribute to and utilise grid resources. Thus, the pool of available computational and storage resources can be significantly enriched by leveraging idle capacities of mobile devices. Nevertheless, the emergence of the mobile grid gives rise to challenges, which have not hitherto been addressed thoroughly. Among those is the security threat, which arises from the multitude of mobile devices accessing grid resources and associated network connections, spanning across the globe. Accordingly, the aim of this paper is two-fold. First, it surveys prominent grid monitoring systems and attempts to identify any potential limitations with respect to the security aspect. The results of the survey indicate that existing solutions fail to address the security concerns, which arises from enabling the mobile devices interacting with the grid. To this end the second aim of the paper is to propose a monitoring system which continuously tracks the geo-location of the mobile devices accessing the grid and thereby ascertains that the location-based security policies are not violated.Item Open Access Towards Monitoring Security Policies in Grid Computing: a Survey(IEEE Technically Sponsored SAI Computing Conference 2016, 2016) Suwan, Abdulghani; Siewe, Francois; Abwnawar, NasserGrid computing systems are complex and dynamic environments and therefore require appropriate automated management, which would enable stable and reliable operation of the whole grid environment. The research community has addressed this requirement with a number of monitoring frameworks, which serve to collect data at various levels to support decision taking and management activities within grids. However, these existing solutions seem to implement little support for collecting security-related data and enforcing appropriate security policies and constraints in this respect. With an increasing role of network connections and users remotely accessing computational resources from various locations, grid systems are no longer seen as localised and isolated ecosystems, but are coming to be more open and distributed. In this light, it is becoming more and more important to enable monitoring framework with capabilities to collect security-related data and check whether these observations comply with certain security constraints. Accordingly, in this paper we present a survey of existing grid monitoring systems with a goal to identify an existing gap of insufficient support for handling the security dimension in grids. Our survey suggests that available grid monitoring frameworks are incapable of collecting security-related data metrics and evaluating them against a set of security policies. As a first step towards addressing this issue, we outline several groups of security policies, which we envisage to be further incorporated in our own research work, and by the wider community.