junaid arshad

An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on inter-institutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastructure for e-social science based on the Guanxi Shibboleth. This security infrastructure presents two main features. Firstly, Guanxi Shibboleth is integrated into the user-friendly Sakai collaborative and learning environment which provides an ideal place for users to access a variety of federation resources in line with the Shibboleth authentication model. Secondly, PERMIS technology is used to enhance the authorization mechanisms thus enabling a policy-driven, role-based, fine-grained access control. As a result, the security infrastructure presents the advantages of Guanxi Shibboleth, PERMIS and Sakai, and it has been applied to e-Social Science application. We believe this security infrastructure provides a promising authentication and authorization solution for e-social science applications as well as applications in other domains.

Authentication and authorization for Grids is a challenging security issue. In this paper, key issues for the establishment of Grid authentication and authorization infrastructures are discussed, and an overview of major Grid authentication and authorization technologies is presented. Related to this, recent developments in Grid authentication and authorization infrastructures suggest adoption of the Shibboleth technology which offers advantages in terms of usability, confidentiality, scalability and manageability. When combined with advanced authorization technologies, Shibboleth-based authentication and authorization infrastructures provide role-based, fine-grained authorization. We share our experience in constructing a Shibboleth-based authentication and authorization infrastructure and believe that such infrastructure provides a promising solution for the security of many application domains.

Cloud computing is an emerging paradigm with virtual machine as its enabling technology. As with any other Internet-based technology, security underpins widespread success of Cloud computing. However, Cloud computing introduces new challenges with respect to security mainly due to the unique characteristics inherited via virtual machine technology. In this chapter, we focus on the challenges imposed on intrusion diagnosis for Clouds due to these characteristics. In particular, we identify the importance of intrusion diagnosis problem for Clouds and the novel challenges for intrusion diagnosis for Clouds. Also, we propose a solution to address these challenges and demonstrate the effectiveness of the proposed solution with empirical evaluation.

Cloud computing is a promising technology to facilitate development of large-scale, on-demand, flexible computing infrastructures. However, improving dependability of cloud computing is critical for realization of its potential. In this paper, we describe our efforts to quantify security for Clouds to facilitate provision of assurance for quality of service, one of the factors contributing to dependability. This has profound implications for delivering customized security solutions such as effective intrusion prevention and detection which is the overall objective of our research. In order to demonstrate the applicability of our research, we have incorporated these requirements in the resource acquisition phase for Clouds. We also present experiments to demonstrate the effectiveness of our approach to address the random migration problem for virtualized computing environments.

1. INTRODUCTION Advances in technology have always affected the way research is conducted regardless of the research domain. The case of grid computing is no different in that it has drastically changed research methods by providing easy access to high-performance computing ...

Single sign-on and delegation of privileges are fundamental tenets upon which e-Infrastructures and Grid-based research more generally have been based. The realisation of single sign-on and delegation of privileges in accessing resources such as the UK e-Science National Grid Service is typically facilitated by X.509-based Public Key Infrastructures (PKI) and exploitation of proxy certificates. This model can be categorised by authentication-oriented access and usage of resources. It is the case however that proxy certificates, can potentially be obtained and abused by a malicious third party without the knowledge of the holder. In this paper we describe a novel proxy auditing solution that addresses this issue directly. We describe the design and implementation of this solution and illustrate its application in widely distributed and heterogeneous research environments.

With the increasing prevalence of virtualization and cloud technologies, virtual security appliances have emerged and become a new way for traditional security appliances to be rapidly distributed and deployed in IT infrastructure. However, virtual security appliances are challenged with achieving optimal performance, as the physical resource is shared by several virtual machines, and this issue is aggravated when virtualizing network intrusion detection systems (NIDS). In this paper, we proposed a novel approach named fuzzyVIDS, which enables dynamic resource provision for NIDS virtual appliance. In fuzzyVIDS, we use fuzzy model to characterize the complex relationship between performance and resource demands and we develop an online fuzzy controller to adaptively control the resource allocation for NIDS under varying network traffic. Our approach has been successfully implemented in the iVIC platform. Finally, we evaluate our approach by comprehensive experiments based on Xen hypervisor and Snort NIDS and the results show that the proposed fuzzy control system can precisely allocate resources for NIDS according to its resource demands, while still satisfying the performance requirements of NIDS.