Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Decentralized Orchestration of Next-generation Cloud Infrastructures
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0001-5458-5241
2021 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Cloud Computing helps to efficiently utilize the abundance of computing resources in large data centers. It enables interested parties to deploy their services in data centers while the hardware infrastructure is maintained by the cloud provider. Cloud computing is interesting in particular as it enables automation of service deployment and management processes. However, the more complex the service structure becomes, the more complex deployment and management automation of all its parts can become. To this end, the concept of service orchestration is introduced to streamline service deployment and management processes. Orchestration enables the definition and execution of complex automation workflows targeted to provision computing infrastructure, deploy needed service features, and provide management support. In particular, the orchestration process enables the deployment and enforcement of security and compliance mechanisms in the context of systems where sensitive data is being processed. 

This thesis investigates the orchestration process as a uniform approach to deploy and manage network services and required security and compliance mechanisms. To this end, we investigate different use-cases where the orchestration process is applied to address specific requirements towards security and compliance. This thesis includes two parts. In the first part, we focus on centralized orchestration mechanisms, where all activities are performed from one trusted server. We explore the use-cases of a security testbed and collaborative AI engineering and investigate the advantages and limitations of orchestration mechanisms application in their context. In the second part, we shift towards the investigation of decentralized orchestration mechanisms. We employ blockchain technology as the main decentralization mechanism, exploring the advantages and limitations of its application in the context of digital marketplaces. We demonstrate that the shift towards blockchain-enabled orchestration enables the deployment and management of decentralized security mechanisms, ensuring compliant behavior of digital marketplace actors. 

Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2021. , p. 182
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 5
Keywords [en]
Orchestration mechanisms, Cloud computing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:bth-21345ISBN: 978-91-7295-422-9 (print)OAI: oai:DiVA.org:bth-21345DiVA, id: diva2:1546665
Presentation
2021-06-15, Zoom, Karlskrona, 13:00 (English)
Supervisors
Available from: 2021-04-26 Created: 2021-04-22 Last updated: 2021-07-01Bibliographically approved
List of papers
1. Towards a Secure Proxy-based Architecture for Collaborative AI Engineering
Open this publication in new window or tab >>Towards a Secure Proxy-based Architecture for Collaborative AI Engineering
2020 (English)In: CANDAR 2020: International Symposium on Computing and Networking, IEEE, 2020, p. 373-379, article id 9355887Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we investigate how to design a security architecture of a Platform-as-a-Service (PaaS) solution, denoted as Secure Virtual Premise (SVP), for collaborative and distributed AI engineering using AI artifacts and Machine Learning (ML) pipelines. Artifacts are re-usable software objects which are a) tradeable in marketplaces, b) implemented by containers, c) offer AI functions as microservices, and, d) can form service chains, denoted as AI pipelines. Collaborative engineering is facilitated by the trading and (re-)using artifacts and, thus, accelerating the AI application design.

The security architecture of the SVP is built around the security needs of collaborative AI engineering and uses a proxy concept for microservices. The proxy shields the AI artifact and pipelines from outside adversaries as well as from misbehaving users, thus building trust among the collaborating parties. We identify the security needs of collaborative AI engineering, derive the security challenges, outline the SVP’s architecture, and describe its security capabilities and its implementation, which is currently in use with several AI developer communities. Furthermore, we evaluate the SVP’s Technology Readiness Level (TRL) with regard to collaborative AI engineering and data security.

Place, publisher, year, edition, pages
IEEE, 2020
Keywords
Security Architecture, Trusted and Collaborative AI engineering, Proxy-based Architecture
National Category
Computer Systems
Identifiers
urn:nbn:se:bth-20769 (URN)10.1109/CANDARW51189.2020.00077 (DOI)2-s2.0-85102170354 (Scopus ID)9781728199191 (ISBN)
Conference
th International Symposium on Computing and Networking Workshops, CANDARW 2020; Virtual, Naha, Japan, 24 November 2020 through 27 November 2020
Note

open access

Available from: 2020-11-24 Created: 2020-11-24 Last updated: 2023-06-08Bibliographically approved
2. Building a Framework for Automated Security Testbeds in Cloud Infrastructures
Open this publication in new window or tab >>Building a Framework for Automated Security Testbeds in Cloud Infrastructures
2020 (English)In: Proceedings of SNCNW 2020: 16th Swedish National Computer Networking Workshop, SNCNW, Kristianstad, 2020Conference paper, Published paper (Refereed)
Abstract [en]

When exposed to the network, applications and devices are exposed to constant security risks. This puts pressure on hardware and software vendors to test even more than before how secure applications and devices are before being released to customers.

We have worked towards defining and developing a frame- work for automated security testbeds. Testbeds comprise both the ability to build on-demand virtual isolated networks that emulate corporate networks, as well as the ability to automate security breach scenarios, which accelerates the testing process. In order to accomplish both features of the testbed, we have based the framework on well-established cloud and orchestration technologies e. g. , OpenStack and Ansible. Although many of these technologies are powerful, they are also complex, leading to a steep learning curve for new users. Thus, one of the main goals of the developed framework is to hide the underlying complexities through a template approach and a simplified user interface that shortens the initial training time.

In this paper, we present the full stack of technologies that were used for constructing the testbed framework. The framework allows us to create entire virtual networks and to manipulate network devices started in it, via comprehensive yet simple interfaces. Also, we describe a specific testbed solution, developed as a part of the Test Arena Blekinge project.

Keywords
Security Testbed, Cloud Infrastructures, Infrastructure as a Service, Infrastructure as Code
National Category
Computer Systems
Identifiers
urn:nbn:se:bth-19621 (URN)
Conference
16th Swedish National Computer Networking Workshop, SNCNW, Kristianstad
Note

open access

Available from: 2020-06-09 Created: 2020-06-09 Last updated: 2021-10-06Bibliographically approved
3. Orchestrating Future Service Chains in the Next Generation of Clouds
Open this publication in new window or tab >>Orchestrating Future Service Chains in the Next Generation of Clouds
2019 (English)In: Proceedings of SNCNW 2019: The 15th Swedish National Computer Networking Workshop, Luleå, 2019, p. 18-22Conference paper, Published paper (Refereed)
Abstract [en]

Service Chains have developed into an important concept in service provisioning in today’s and future Clouds. Cloud systems, e.g., Amazon Web Services (AWS), permit the implementation and deployment of new applications, services and service chains rapidly and flexibly. They employ the idea of Infrastructure as Code (IaC), which is the process of managing and provisioning computing infrastructure and its configuration through machine-processable definition files.

In this paper, we first detail future service chains with particular focus on Network Function Virtualization (NFV) and machine learning in AI. Afterwards, we analyze and summarize the capabilities of today’s IaC tools for orchestrating Cloud infrastructures and service chains. We compare the functionality of the major five IaC tools: Puppet, Chef, SaltStack, Ansible, and Terraform. In addition, we demonstrate how to analyze the functional capabilities of one of the tools. Finally, we give an outlook on future research issues on using IaC tools across multiple operators, data center domains, and different stockholders that collaborate on service chains.

Place, publisher, year, edition, pages
Luleå: , 2019
Keywords
Cloud Infrastructures, Infrastructure as Code, Network Function Virtualization, Network Service Chains
National Category
Computer Systems
Identifiers
urn:nbn:se:bth-18785 (URN)
Conference
SNCNW 2019
Note

open access

Available from: 2019-10-25 Created: 2019-10-25 Last updated: 2022-04-05Bibliographically approved

Open Access in DiVA

fulltext(15724 kB)1325 downloads
File information
File name FULLTEXT02.pdfFile size 15724 kBChecksum SHA-512
d8944a5fbaf29634a498d2c98d8d9d6e0f81e6ca4585926259a650b6c23f7db4ce9487d3f0f6e8392e9218c75fe4dc606a0c4821d34c9e26695833b5f823b5b5
Type fulltextMimetype application/pdf

Authority records

Tkachuk, Roman-Valentyn

Search in DiVA

By author/editor
Tkachuk, Roman-Valentyn
By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1329 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 972 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf