A huge number of cloud users and cloud providers are threatened of security issues by cloud computing adoption. Cloud computing is a hub of virtualization that provides virtualization-based infrastructure over physically connected systems. With the rapid advancement of cloud computing technology, data protection is becoming increasingly necessary. It s important to weigh the advantages and disadvantages of moving to cloud computing when deciding whether to do so. As a result of security and other problems in the cloud, cloud clients need more time to consider transitioning to cloud environments. Cloud computing, like any other technology, faces numerous challenges, especially in terms of cloud security. Many future customers are wary of cloud adoption because of this. Virtualization Technologies facilitates the sharing of recourses among multiple users. Cloud services are protected using various models such as type-I and type-II hypervisors, OS-level, and unikernel virtualization but also offer a variety of security issues. Unfortunately, several attacks have been built in recent years to compromise the hypervisor and take control of all virtual machines running above it. It is extremely difficult to reduce the size of a hypervisor due to the functions it offers. It is not acceptable for a safe device design to include a large hypervisor in the Trusted Computing Base (TCB). Virtualization is used by cloud computing service providers to provide services. However, using these methods entails handing over complete ownership of data to a third party. This paper covers a variety of topics related to virtualization protection, including a summary of various solutions and risk mitigation in VMM (virtual machine monitor). In this paper, we will discuss issues possible with a malicious virtual machine. We will also discuss security precautions that are required to handle malicious behaviors. We notice the issues of investigating malicious behaviors in cloud computing, give the scientific categorization and demonstrate the future headings. We ve identified: i) security specifications for virtualization in Cloud computing, which can be used as a starting point for securing Cloud virtual infrastructure, ii) attacks that can be conducted against Cloud virtual infrastructure, and iii) security solutions to protect the virtualization environment from DDOS attacks.
Authored by Tahir Alyas, Karamath Ateeq, Mohammed Alqahtani, Saigeeta Kukunuru, Nadia Tabassum, Rukshanda Kamran
Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.
Authored by N.B. Kadu, Pramod Jadhav, Santosh Pawar
The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.
Authored by Jeevitha K, Thriveni J
Cloud computing has since been turned into the most transcendental growth. This creative invention provides forms of technology and software assistance to companies. Cloud computing is a crucial concept for the distribution of information on the internet. Virtualization is a focal point for supporting cloud resources sharing. The secrecy of data management is the essential warning for the assurance of computer security such that cloud processing will not have effective privacy safety. All subtleties of information relocation to cloud stay escaped the clients. In this review, the effective mobility techniques for privacy and secured cloud computing have been studied to support the infrastructure as service.
Authored by Betty Samuel, Saahira Ahamed, Padmanayaki Selvarajan
We have seen the tremendous expansion of machine learning (ML) technology in Artificial Intelligence (AI) applications, including computer vision, voice recognition, and many others. The availability of a vast amount of data has spurred the rise of ML technologies, especially Deep Learning (DL). Traditional ML systems consolidate all data into a central location, usually a data center, which may breach privacy and confidentiality rules. The Federated Learning (FL) concept has recently emerged as a promising solution for mitigating data privacy, legality, scalability, and unwanted bandwidth loss problems. This paper outlines a vision for leveraging FL for better traffic steering predictions. Specifically, we propose a hierarchical FL framework that will dynamically update service function chains in a network by predicting future user demand and network state using the FL method.
Authored by Abdullah Bittar, Changcheng Huang
From financial transactions to digital voting systems, identity management, and asset monitoring, blockchain technology is increasingly being developed for use in a wide range of applications. The problem of security and privacy in the blockchain ecosystem, which is now a hot topic in the blockchain community, is discussed in this study. The survey’s goal was to investigate this issue by considering several sorts of assaults on the blockchain network in relation to the algorithms offered. Following a preliminary literature assessment, it appears that some attention has been paid to the first use case; however the second use case, to the best of my knowledge, deserves more attention when blockchain is used to investigate it. However, due to the subsequent government mandated secrecy around the implementation of DES, and the distrust of the academic community because of this, a movement was spawned that put a premium on individual privacy and decentralized control. This movement brought together the top minds in encryption and spawned the technology we know of as blockchain today. This survey paper also explores the genesis of encryption, its early adoption, and the government meddling which eventually spawned a movement which gave birth to the ideas behind blockchain. It also closes with a demonstration of blockchain technology used in a novel way to refactor the traditional design paradigms of databases.
Authored by Mohammed Mahmood, Osman Ucan, Abdullahi Ibrahim
With the rapid development of Internet of Things technology, the requirements for edge node data processing capability are increasing, and GPU processors are becoming more widely applied in edge nodes. Current research on GPU virtualization technology mainly focuses on cloud data centers, with little research on embedded GPU virtualization in scenarios with limited edge node resources. In contrast to cloud data centers, embedded GPUs in edge nodes typically do not have access to GPU utilization and video memory usage within each container. As a result, traditional GPU virtualization technologies are ineffective for resource virtualization on embedded devices. This paper presents a method to virtualize embedded GPU resources in an edge computing environment, called sGPU. We integrated edge nodes with embedded GPUs into Kubernetes via the device-plugin mechanism. Users can package GPU applications in containers and deploy them using Kubernetes on edge nodes with embedded GPUs. sGPU allows containers to share embedded GPU computing resources and divides a physical GPU into multiple virtual GPUs that can be allocated to containers on demand. To achieve GPU computing power division, we proposed a multi-container sharing GPU algorithm and implemented it in sGPU, which ensures the most accurate computing power segmentation under the competition of computing resources of a GPU used by multiple containers at the same time. According to the experimental results, the average overhead of sGPU is 3.28\%. The accuracy of computing power segmentation is 92.7\% when a single container uses GPU.
Authored by Xinyu Yang, Xin Wang, Lei Yan, Suzhi Cao
The 5G technology ensures reliable and affordable broadband access worldwide, increases user mobility, and assures reliable and affordable connectivity of a wide range of electronic devices such as the Internet of Things (IoT).SDN (Software Defined Networking), NFV ( Network Function Virtualization), and cloud computing are three technologies that every technology provider or technology enabler tries to incorporate into their products to capitalize on the useability of the 5th generation.The emergence of 5G networks and services expands the range of security threats and leads to many challenges in terms of user privacy and security. The purpose of this research paper is to define the security challenges and threats associated with implementing this technology, particularly those affecting user privacy. This research paper will discuss some solutions related to the challenges that occur when implementing 5G, and also will provide some guidance for further development and implementation of a secure 5G system.
Authored by Aysha Alfaw, Alauddin Al-Omary
The incredible speed with which Information Technology (IT) has evolved in recent decades has brought about a major change in people s daily lives and in practically all areas of knowledge. The diversification of means of access using mobile devices, the evolution of technologies such as virtualization, added to a growing demand from users for new systems and services adapted to these new market trends, were the fuel for the emergence of a new paradigm, Cloud Computing. The general objective of this paper is to enable the offer of privacy preservation system provided by third parties through which Cloud Data Storage Services customers can continuously monitor the integrity of their files.
Authored by Zahraa Lafta, Muhammad Ilyas
In the era of big data, more and more applications of smart devices are computing-intensive, thus raising the strong demand for task offloading to cloud data centers. However, it gives rise to network delay and privacy data leak issues. Edge computing can effectively solve latency, bandwidth occupation and data privacy problems, but the deployment of applications are also limited by hardware architectures and resources, i.e., computing and storage resources. Therefore, the combination of virtualization technology and edge computing become important in order to realize the rapid deployment of intelligent application in an edge server or an edge node by virtualization technology. The traditional virtual machine (VM) is no longer suitable for resource-constrained devices. Container technique including Docker can effectively solve these problems, but it also depends on an operating system. Unikernel is the state-of-art virtualization technology. In this paper, we combine Unikernel with edge computing to explore its application in an edge computing system. An application architecture of edge computing based on Unikernel is proposed. It is suitable for application in edge computing.
Authored by Shichao Chen, Ruijie Xu, Wenqiao Sun
In the present situation, storing digital health records in the cloud for the immediate usage of patients and treatment providers is the most convenient and economical way for patients. Cloud based Electronic Health Records contain information about the patients and also provide updates to the treatment providers. From the treatment providers’ perspective, it is easy for them to see the previous health records of their patients. As a result, the duplication of health records is eliminated. However, the major issue in this system is storing health records and protecting the privacy of patient’s details in the cloud. Currently, there are many research scholars who are working constantly to maintain and update the existing electronic health records in the cloud. The aim of this paper is to create virtual storage to secure electronic health records and to provide privacy and backups to customers.
Authored by Ramana B, Indiramma M
The digital transformation brought on by 5G is redefining current models of end-to-end (E2E) connectivity and service reliability to include security-by-design principles necessary to enable 5G to achieve its promise. 5G trustworthiness highlights the importance of embedding security capabilities from the very beginning while the 5G architecture is being defined and standardized. Security requirements need to overlay and permeate through the different layers of 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture within a risk-management framework that takes into account the evolving security-threats landscape. 5G presents a typical use-case of wireless communication and computer networking convergence, where 5G fundamental building blocks include components such as Software Defined Networks (SDN), Network Functions Virtualization (NFV) and the edge cloud. This convergence extends many of the security challenges and opportunities applicable to SDN/NFV and cloud to 5G networks. Thus, 5G security needs to consider additional security requirements (compared to previous generations) such as SDN controller security, hypervisor security, orchestrator security, cloud security, edge security, etc. At the same time, 5G networks offer security improvement opportunities that should be considered. Here, 5G architectural flexibility, programmability and complexity can be harnessed to improve resilience and reliability. The working group scope fundamentally addresses the following: •5G security considerations need to overlay and permeate through h the different layers of the 5G systems (physical, network, and application) as well as different parts of an E2E 5G architecture including a risk management framework that takes into account the evolving security threats landscape. •5G exemplifies a use-case of heterogeneous access and computer networking convergence, which extends a unique set of security challenges and opportunities (e.g., related to SDN/NFV and edge cloud, etc.) to 5G networks. Similarly, 5G networks by design offer potential security benefits and opportunities through harnessing the architecture flexibility, programmability and complexity to improve its resilience and reliability. •The IEEE FNI security WG s roadmap framework follows a taxonomic structure, differentiating the 5G functional pillars and corresponding cybersecurity risks. As part of cross collaboration, the security working group will also look into the security issues associated with other roadmap working groups within the IEEE Future Network Initiative.
Authored by Ashutosh Dutta, Eman Hammad, Michael Enright, Fawzi Behmann, Arsenia Chorti, Ahmad Cheema, Kassi Kadio, Julia Urbina-Pineda, Khaled Alam, Ahmed Limam, Fred Chu, John Lester, Jong-Geun Park, Joseph Bio-Ukeme, Sanjay Pawar, Roslyn Layton, Prakash Ramchandran, Kingsley Okonkwo, Lyndon Ong, Marc Emmelmann, Omneya Issa, Rajakumar Arul, Sireen Malik, Sivarama Krishnan, Suresh Sugumar, Tk Lala, Matthew Borst, Brad Kloza, Gunes Kurt
In this fast growing technology and tight integration of physical devices in conventional networks, the resource management and adaptive scalability is a problematic undertaking particularly when it comes to network security measures. Current work focuses on software defined network (SDN) and network function virtualization (NFV) based security solution to address problems in network and security management. However, deployment, configuration and implementation of SDN/NFVbased security solution remains a real challenge. To overcome this research challenge, this paper presents the implementation of SDN-NFVs based network security solution. The proposed methodology is based on using open network operating system (ONOS) SDN Controller with Zodiac FX Openflow switches and virtual network functions (VNF). VNF comprises of virtual security functions (VSF) which includes firewall, intrusion prevention system (IPS) and intrusion detection system (IDS). One of the main contributions of this research is the implementation of security solution of an enterprise, utilizing SDN-NFV platform and commodity hardware. We demonstrate the successful implementation, configuration and deployment of the proposed NFVbased network security solution for an enterprise.
Authored by Rizwan Saeed, Safwan Qureshi, Muhammad Farooq, Muhammad Zeeshan
Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.
Authored by N.B. Kadu, Pramod Jadhav, Santosh Pawar
5G core network introduces service based architecture, software defined network, network function virtualization and other new technologies, showing the characteristics of IT and Internet. The new architecture and new technologies not only bring convenience to 5G but also introduce new security threats, especially the unknown security threats caused by unknown vulnerabilities or backdoors. This paper mainly introduces the security threats after the application of software defined network, network function virtualization and other technologies to 5G, summarizes the security solutions proposed by standardization organizations and academia, and puts forward a new idea of building a high-level secure 5G core network based on the endogenous safety and security.
Authored by Wei You, Mingyan Xu, Deqiang Zhou
By analyzing the design requirements of a secure desktop virtualization information system, this paper proposes the security virtualization technology of "whitelist" security mechanism, the virtualization layer security technology of optimized design, and the virtual machine security technology of resource and network layer isolation. On this basis, this paper constructs the overall architecture of the secure desktop virtualization information system. This paper studies the desktop virtualization technology research based on VMware using VMware server virtualization solution to transform and upgrade the traditional intelligent desktop virtualization system, improve server resource utilization rate, and reduce operation and maintenance costs.
Authored by Honglei Xia
This paper is an in-depth analysis of Virtualization Software, specifically – Oracle VM VirtualBox. Here, we analyze the existing system and determine the first two phases of the Secure Software Development Process. Here we go over the requirements elicitation, the architecture, and design phases of the secure software development lifecycle. We selected SQUARE methodology to identify the security requirements. Also, we used the Microsoft Threat Modeler tool for threat modeling. Finally, we identified major secure design patterns.
Authored by Rida Khan, Nouf AlHarbi, Ghadi AlGhamdi, Lamia Berriche
The experimental results demonstrated that, With the development of cloud computing, more and more people use cloud computing to do all kinds of things. However, for cloud computing, the most important thing is to ensure the stability of user data and improve security at the same time. From an analysis of the experimental results, it can be found that Cloud computing makes extensive use of technical means such as computing virtualization, storage system virtualization and network system virtualization, abstracts the underlying physical facilities into external unified interfaces, maps several virtual networks with different topologies to the underlying infrastructure, and provides differentiated services for external users. By comparing and analyzing the experimental results, it is clear that virtualization technology will be the main way to solve cloud computing security. Virtualization technology introduces a virtual layer between software and hardware, provides an independent running environment for applications, shields the dynamics, distribution and differences of hardware platforms, supports the sharing and reuse of hardware resources, provides each user with an independent and isolated computer environment, and facilitates the efficient and dynamic management and maintenance of software and hardware resources of the whole system. Applying virtualization technology to cloud security reduces the hardware cost and management cost of "cloud security" enterprises to a certain extent, and improves the security of "cloud security" technology to a certain extent. This paper will outline the basic cloud computing security methods, and focus on the analysis of virtualization cloud security technology.
Authored by Jiaxing Zhang
To improve the quality of network security service, the physical device service mode in traditional security service is improved, and the NFV network security service system is constructed by combining software defined networking (SDN) and network function virtualization technology (NFV). Where, network service is provided in the form of security service chain, and Web security scan service is taken as the task, finally the implementation and verification of the system are carried out. The test result shows that the security service system based on NFV can balance the load between the security network service devices in the Web security scan, which proves that the network security system based on software defined security and NFV technology can meet certain service requirements, and lays the research foundation for the improvement of the subsequent user network security service.
Authored by Lei Wang, SiJiang Xie, Can Cao, Chen Li
Cloud computing is a cutting-edge innovation that will improve the design of applications in terms of elasticity, functionality, and collaborative execution. It is a computer system that mainly depends on the Internet. The most important feature of cloud computing is virtualization, which enables on-site dynamic allocation of academic computing resources or industrial resources. Virtualization can be defined as "forming a virtual version of something, such as a server, desktop, storage device, operating system, or network resource," according to Wikipedia. The goal of this study is to demonstrate how virtualization can contribute to the improvement of cloud computing services. This study also takes a deeper look at source virtualization strategies, as well as emerging security challenges and future research goals.
Authored by Rahul Rastogi, Nikhil Aggarwal
In this paper, the reader s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.
Authored by Anastasiya Veremey, Vladimir Kustov, Renjith Ravi V
System is used independently, for sudden emergencies, the traditional security protection system can t inform the staff relevant situations comprehensively and automatically. It is not conductive for the staff to catch early warning and handle emergency events. Meanwhile, the management of independent subsystems is complicated. So, establishment of a unified management and control platform is proposed to integrate sorts of information. The paper elaborates information integration architecture based on video surveillance, supporting technologies and linkage application functions. By establishing logical relationship, all subsystems are integrated into a united and interactive security protection system which has the ability of automatic identification, automatic forecasting and processing. It reflects the economic philosophy that equipment utilization maximization.
Authored by Lijun Pei
In the field operation, crossing the fence is a common illegal behavior, which needs to be paid attention to. Especially, the live part of the power station site is mixed with the power outage part, and some construction workers cross the fence to enter the live area, which can easily cause safety problems. The power station has a wide range of operations, and the manual monitoring method is inefficient. With the popularization of video monitoring devices in power stations, this paper proposes a detection and identification method for fence crossing violations based on video monitoring. The method extracts video frames as input, uses convolution to extract temporal and spatial features, and classifies and regresses the features fused in time and space, which can effectively identify fence crossing behaviors. Finally, a video processing platform is built to process alarms for illegal operations. Engineering practice shows that the method shown in the article can effectively predict the illegal crossing of the fence in the power station and improve the intelligent monitoring level of the power station.
Authored by Fei Suo, Guohe Li, Chuanfang Zhu, Guoqing Gao, Fan Jiang
Video anomaly detection in the surveillance video is one of the essential components of the intelligent video surveillance system. However, anomaly detection remains an ill-defined problem, despite the diverse applications due to its rareness and equivocal nature. A Long Short Term Memory - Variational Autoencoder (LSTM-VAE) model is proposed to detect video anomalies. The model consists of a spatial encoder comprised of convolutional layers, a temporal encoder as well as a decoder comprised of Convolutional LSTM (ConvLSTM), and a spatial decoder consisting of transposed convolution layers. The generative model is trained only on normal video clips with the objective of minimizing the reconstruction error. Then, the trained model is tested on the test video sequences comprised of both normal and abnormal incidents. The reconstruction error corresponding to the test frame sequences having video anomalies will be very high as the model is not trained to reconstruct them. Subsequently, the corresponding frames will have a low regularity score. An appropriate threshold regularity score is set to segregate the anomaly frames from the normal ones. Frames having a regularity score less than the set threshold value are considered as anomalous frames. The model is developed by using one of the publicly available bench-marked video anomaly datasets, i.e., UCSD Ped2. The performance metrics of the proposed model are promising.
Authored by Chinmaya Meher, Rashmiranjan Nayak, Umesh Pati
A smart university is supposed to be a safe university. At this moment we observe multiple cameras in different locations in the Hall University and rooms to detect suspicious behavior such as violation, larceny or persons in a state of alcohol or drug intoxication. Samples of the video footage is monitored 24/7 by operators in control rooms. Currently the recorded videos are visual assessed after a suspicious event has occurred. There is a requirement for realtime surveillance with smart cameras which can detect, track and analyze suspicious behavior over place and time. The expanding number of cameras requires an enormous measure of observing operators. This paper proposes a distributed intelligent surveillance system based on smart cameras. We seek to improve the Quality of Experience QoE operator side or QoEvideo surveillance expressed in function of i- resource availability constraints, ii- false detection of suspicious behavior, iii- define an optimal perimeter for intrusion detection (subset of cameras, network parameters required . . . ).
Authored by Tasnim Abar, Asma Ben Letaifa, Sadok Asmi