SMEF: An entropy-based security Framework for CloudFramework for Cloud...
Transcript of SMEF: An entropy-based security Framework for CloudFramework for Cloud...
![Page 1: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/1.jpg)
SMEF: An entropy-based securityFramework for Cloud-orientedFramework for Cloud oriented
Service Mashup
Ruixuan Li, Li Nie, Xiaopu Ma, , , p ,Meng Dong and Wei Wang
School of Computer Science and Technology Huazhong University of Science and Technology
![Page 2: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/2.jpg)
What’s Service Mashup Definition
Service mashup is a new technology that aggregates various services to form new applications to provide services according toservices to form new applications to provide services according to user requirements.
Popular service mashup platform Popular service mashup platform
Pipes (Yahoo )
Popfly (Microsoft)QEDWiKi (IBM)
p y ( )FeedBurner (Google)
![Page 3: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/3.jpg)
Service Mashup and Service Composition Service mashup has the following core features,
compared with service composition
End Consumer Centric
Mashup is supposed to support programming for end consumer, not d l ith t l i i tdeveloper, without complex programming environment
Light Weight
More Reusable
Service Mashup is mainly at “application” level instead of Service Mashup is mainly at application level instead of “interface” level
![Page 4: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/4.jpg)
Service Mashup in Cloud Environment
Service mashup will be an important way to aggregates services to form a new application in cloud environment.
Different services have different security policies y p(may cause security strategy conflicts while mashuping services).p g )
![Page 5: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/5.jpg)
Related Work Most work focuses on how to better satisfy functional
and QoS (Quality of Service) requirements.
There is few research focusing on the security There is few research focusing on the security requirements in service mashup.
No method for quantitative security evaluation of q yservice mashup in cloud environment has been proposed.
![Page 6: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/6.jpg)
Contributions Introduce entropy to assess security of service
mashup Security of single service
Security of mashup service chainy p
A secure framework for cloud-oriented service mashup A multi-objective selection method for service mashup
Simultaneously satisfy functional and nonfunctional (security) requirements
![Page 7: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/7.jpg)
liOutline Introduction
Multi-hierarchy Security Entropy Modeling
SMEF Framework for Cloud Service Mashup SMEF Framework for Cloud Service Mashup
Evaluation Evaluation
Conclusion
![Page 8: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/8.jpg)
Three-dimensional Factors Environment factors
Cyber attack, network communication, natural Cyber attack, network communication, natural disaster caused by force majeure, et al.
Service factors Service factors
Interoperability of services, services unavailability, credibility of service providers, et al.
User factors User factors
User privacy protection, user privilege, user credibility, t let al.
![Page 9: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/9.jpg)
Three-dimensional Factors
Environment
A
ServiceUser
Service
![Page 10: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/10.jpg)
Security Quantitation of Single Service S it d A ifi d b bilit f h f t fSecurity degree: A specified probability for each factor of
every service to fulfill security needs. It quantifies possibilities of fulfillment corresponding to security demand
Construct security degree matrix
possibilities of fulfillment corresponding to security demand.
All security factors is divided into 3 levels according to the capability of securityE h l l i l i l f Each level contains multiple factors
Determine entropy weight of every factors Determine entropy weight of every factors
Quantify the security of single service
![Page 11: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/11.jpg)
Mashup Service ChainMashup Service Chain: a collection of services and theirrelationship for fulfilling some specific demand.
Taking into account the interactions of the mashup services, we quantify the entropy of mashup services.q y py p
Mutual entropy ( ) ( ) log ( )yxyn xmH X Y r u u r u u
Conditional entropy( , ) ( , ) log ( , )1 1
yyn xmH X Y r u u r u uij iji ij ijj
( / ) ( / )l ( / )yxyn xmH Y X X,Y: two different services
( / ) ( / )log ( / )1 1yxyn xmH Y X r u u r u uij iji ij ijj
u: the value of security degree matrix in services
![Page 12: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/12.jpg)
An Example of Mashup Service Chain
1W 4W
2WRI
3W2 3
![Page 13: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/13.jpg)
Mashup Structure Patterns Six different structures in a mashup service Six different structures in a mashup service
These six patterns can be divide into three categories:
![Page 14: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/14.jpg)
Mashup Mapping Patterns One-to-one mapping
( ) ( ) ( / )H X Y H X H Y X Many-to-one mapping
( ) ( ) ( )
One-to-many mapping1 1 1(( , , ) ) ( / , , ) ( , , )n n nH X X Y H Y X X H X X
y pp g
1 1 2( ( , , )) max( ( ), ( ), ( ))n nH Y X X H Y X H Y X H Y X
The mashup service chain is made up of the above three mapping patternsabove three mapping patterns.
![Page 15: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/15.jpg)
Mashup Services Chain
2S
4S
1S2
S
5S7S
3S6S
![Page 16: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/16.jpg)
liOutline Introduction
Multi-hierarchy Security Entropy Modeling
SMEF Framework for Cloud Service Mashup SMEF Framework for Cloud Service Mashup
Evaluation Evaluation
Conclusion
![Page 17: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/17.jpg)
SMEF Secure Framework The first stage: The functional mashup
Deal with the desired functionality requirements of the mashup services
The second stage: The nonfunctional mashup Involve QoS, constraints of security requirements The entropies of single service and mashup service
![Page 18: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/18.jpg)
SMEF Architecture
![Page 19: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/19.jpg)
Nonfunctional Mashup Algorithm Algorithm: Nonfunctional-Satisfy(S)Input: Service chain (S)Output: True false: S is satisfied or notOutput: True, false: S is satisfied or not1: Rewrite criterion to normal form2: For each (S)3: For each ( )k S3: For each ( )4: If ( ) then5: Return false;6 E d if
k S( )F k range
6: End if7: End for8: If ( )( )e eQ k q9: Return false;10: End if11: End forf12: Return true13: End
![Page 20: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/20.jpg)
liOutline Introduction
Multi-hierarchy Security Entropy Modeling
SMEF Framework for Cloud Service Mashup SMEF Framework for Cloud Service Mashup
Evaluation Evaluation
Conclusion
![Page 21: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/21.jpg)
Performance Metrics Cost Time
TNS: cost time of finishing a mashup service without security entropy constraintsconstraints
TS: cost time of finishing a mashup service with security entropy constraints
ASR (Average success rate) SNS: average success rate for mashup requests without security
entrop constraintsentropy constraints SS: average success rate for mashup requests considering security by
using of SMEF and security entropy
FSR (False selection rate) The percentage of chosen services from all the preset services with low
security degrees.
![Page 22: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/22.jpg)
Simulation settings Service set are simulated data from China Web
Service Cup (CWSC2011) Competition
The security degrees of services are preset at The security degrees of services are preset at initialization The security degrees of one third of services follow a
normal distribution with mean 0.2
The security degrees of the rest services obey the normal distribution with mean 0.5
![Page 23: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/23.jpg)
Three Groups of Experiments We carry out the experiments with:
Different scales of atomic services (NA) Different number of security factors of each service (NS) Security degrees of preset services are adjusted
dynamically (AdjSd)
We have run each experiment for 100 times and take the average as the resultg
![Page 24: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/24.jpg)
Group NA Experiment
NA TNS( )
TS( )
SNS(%)
SS(%)
FRS(%)(ms) (ms) (%) (%) (%)
2000 189.14 220.91 90 37 3.76
4000 363.67 404.73 93 34 4.07
6000 332 35 376 44 96 48 5 306000 332.35 376.44 96 48 5.308000 634.23 672.12 97 56 4.98
10000 632.97 674.32 95 54 6.21
12000 823.32 875.23 96 56 6.32
![Page 25: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/25.jpg)
Group NS Experiment
NS TNS(ms)
TS(ms)
SNS(%)
SS(%)
FRS(%)
3 232.14 300.15 92 46 9.036 232.14 333.32 92 43 10.079 232.14 341.42 92 34 5.3012 232.14 321.53 92 32 8.9812 232.14 321.53 92 32 8.9815 232.14 348.29 92 38 6.2118 232 14 339 53 92 37 6 3218 232.14 339.53 92 37 6.3221 232.14 342.63 92 35 7.2124 232 14 347 34 92 31 5 3224 232.14 347.34 92 31 5.32
![Page 26: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/26.jpg)
Group AdjSd Experiment In the last set of experiment, we investigate frequency that
one service will be selected by security service chains, when its security degree decreases or increases sharply.
By the change of security degree it can be found that if a By the change of security degree it can be found that if a service increases its security degrees, the selected probability of this service will increase correspondinglyprobability of this service will increase correspondingly.
![Page 27: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/27.jpg)
liOutline Introduction
Multi-hierarchy Security Entropy Modeling
SMEF Framework for Cloud Service Mashup SMEF Framework for Cloud Service Mashup
Evaluation Evaluation
Conclusion
![Page 28: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/28.jpg)
Conclusion A secure framework to choose a relatively
optimal mashup service chain meeting both users’ functional and nonfunctional requirements.
The Introduction of entropy to measure the The Introduction of entropy to measure the security of single service and mashup service chainchain.
A multi-objective selection method to aggregate multiple criteria as a single criterion.
![Page 29: SMEF: An entropy-based security Framework for CloudFramework for Cloud …idc.hust.edu.cn/~rxli/slides/2011/TrustCom2001_SMEF.pdf · 2017-10-19 · Service Mashup in Cloud Environment](https://reader034.fdocuments.in/reader034/viewer/2022042622/5f7bb19ccf352c7815675832/html5/thumbnails/29.jpg)
h k f iThanks for your attentionContact information:
Ruixuan Li Ruixuan Li
Huazhong University of Science and Technologyg y gy
http://idc.hust.edu.cn/~rxli/