Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Building a Framework for Automated Security Testbeds in Cloud Infrastructures
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0001-5458-5241
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0001-8453-447X
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0003-4814-4428
2020 (English)In: Proceedings of SNCNW 2020: 16th Swedish National Computer Networking Workshop, SNCNW, Kristianstad, 2020Conference paper, Published paper (Refereed)
Abstract [en]

When exposed to the network, applications and devices are exposed to constant security risks. This puts pressure on hardware and software vendors to test even more than before how secure applications and devices are before being released to customers.

We have worked towards defining and developing a frame- work for automated security testbeds. Testbeds comprise both the ability to build on-demand virtual isolated networks that emulate corporate networks, as well as the ability to automate security breach scenarios, which accelerates the testing process. In order to accomplish both features of the testbed, we have based the framework on well-established cloud and orchestration technologies e. g. , OpenStack and Ansible. Although many of these technologies are powerful, they are also complex, leading to a steep learning curve for new users. Thus, one of the main goals of the developed framework is to hide the underlying complexities through a template approach and a simplified user interface that shortens the initial training time.

In this paper, we present the full stack of technologies that were used for constructing the testbed framework. The framework allows us to create entire virtual networks and to manipulate network devices started in it, via comprehensive yet simple interfaces. Also, we describe a specific testbed solution, developed as a part of the Test Arena Blekinge project.

Place, publisher, year, edition, pages
2020.
Keywords [en]
Security Testbed, Cloud Infrastructures, Infrastructure as a Service, Infrastructure as Code
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:bth-19621OAI: oai:DiVA.org:bth-19621DiVA, id: diva2:1437554
Conference
16th Swedish National Computer Networking Workshop, SNCNW, Kristianstad
Note

open access

Available from: 2020-06-09 Created: 2020-06-09 Last updated: 2021-10-06Bibliographically approved
In thesis
1. Towards Decentralized Orchestration of Next-generation Cloud Infrastructures
Open this publication in new window or tab >>Towards Decentralized Orchestration of Next-generation Cloud Infrastructures
2021 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Cloud Computing helps to efficiently utilize the abundance of computing resources in large data centers. It enables interested parties to deploy their services in data centers while the hardware infrastructure is maintained by the cloud provider. Cloud computing is interesting in particular as it enables automation of service deployment and management processes. However, the more complex the service structure becomes, the more complex deployment and management automation of all its parts can become. To this end, the concept of service orchestration is introduced to streamline service deployment and management processes. Orchestration enables the definition and execution of complex automation workflows targeted to provision computing infrastructure, deploy needed service features, and provide management support. In particular, the orchestration process enables the deployment and enforcement of security and compliance mechanisms in the context of systems where sensitive data is being processed. 

This thesis investigates the orchestration process as a uniform approach to deploy and manage network services and required security and compliance mechanisms. To this end, we investigate different use-cases where the orchestration process is applied to address specific requirements towards security and compliance. This thesis includes two parts. In the first part, we focus on centralized orchestration mechanisms, where all activities are performed from one trusted server. We explore the use-cases of a security testbed and collaborative AI engineering and investigate the advantages and limitations of orchestration mechanisms application in their context. In the second part, we shift towards the investigation of decentralized orchestration mechanisms. We employ blockchain technology as the main decentralization mechanism, exploring the advantages and limitations of its application in the context of digital marketplaces. We demonstrate that the shift towards blockchain-enabled orchestration enables the deployment and management of decentralized security mechanisms, ensuring compliant behavior of digital marketplace actors. 

Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2021. p. 182
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 5
Keywords
Orchestration mechanisms, Cloud computing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:bth-21345 (URN)978-91-7295-422-9 (ISBN)
Presentation
2021-06-15, Zoom, Karlskrona, 13:00 (English)
Supervisors
Available from: 2021-04-26 Created: 2021-04-22 Last updated: 2021-07-01Bibliographically approved

Open Access in DiVA

SNCNW_2020(1641 kB)376 downloads
File information
File name FULLTEXT01.pdfFile size 1641 kBChecksum SHA-512
bc8d067e6f4cf080699371219143a41417f7366b536e2df8837a90901ad3abb1c1e354eb0776051048068659e7b6b2d092c461884ac856047233c3dfaa4c0c07
Type fulltextMimetype application/pdf

Authority records

Tkachuk, Roman-ValentynIlie, DragosTutschku, Kurt

Search in DiVA

By author/editor
Tkachuk, Roman-ValentynIlie, DragosTutschku, Kurt
By organisation
Department of Computer Science
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 376 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 881 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf