Tesi etd-05022023-153223 |
Link copiato negli appunti
Tipo di tesi
Tesi di dottorato di ricerca
Autore
BOCCI, ALESSANDRO
URN
etd-05022023-153223
Titolo
Declarative security-aware computation placement
Settore scientifico disciplinare
INF/01
Corso di studi
INFORMATICA
Relatori
tutor Prof. Brogi, Antonio
tutor Prof. Ferrari, Gian Luigi
tutor Dott. Forti, Stefano
tutor Prof. Ferrari, Gian Luigi
tutor Dott. Forti, Stefano
Parole chiave
- declarative methodologies
- Separation Kernels
- Cloud-Edge continuum
- Function-as-a-Service
Data inizio appello
17/05/2023
Consultabilità
Completa
Riassunto
Security is a major concern for developers and operators of applications in the Cloud-Edge continuum.
This thesis aims at leveraging security-by-design approaches to improve applications security by proposing and prototyping suitable declarative methodologies to support the deployment of applications.
On one hand, we propose a methodology for the placement of Function-as-a-Service (FaaS) orchestrations onto heterogeneous infrastructures of the Cloud-Edge continuum, considering hardware and software requirements, latency constraints on function-function and function-service interactions, and exploiting information-flow techniques to prevent information leaks through side channels. On the other hand, we present a methodology to determine safe partitionings of Cloud multi-component applications to allow their placement on Separation Kernel (SK) technologies so as to safely isolate software components in different domains. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains.
Our methodologies exploit information-flow security techniques to protect the data confidentiality of applications, by relying on declarative methods to model applications and their data flow. All proposed solutions are implemented into prototypes and experimentally assessed to estimate the performances.
This thesis aims at leveraging security-by-design approaches to improve applications security by proposing and prototyping suitable declarative methodologies to support the deployment of applications.
On one hand, we propose a methodology for the placement of Function-as-a-Service (FaaS) orchestrations onto heterogeneous infrastructures of the Cloud-Edge continuum, considering hardware and software requirements, latency constraints on function-function and function-service interactions, and exploiting information-flow techniques to prevent information leaks through side channels. On the other hand, we present a methodology to determine safe partitionings of Cloud multi-component applications to allow their placement on Separation Kernel (SK) technologies so as to safely isolate software components in different domains. Through a probabilistic cost model, we enable application operators to select the best trade-off partitioning in terms of future re-partitioning costs and the number of domains.
Our methodologies exploit information-flow security techniques to protect the data confidentiality of applications, by relying on declarative methods to model applications and their data flow. All proposed solutions are implemented into prototypes and experimentally assessed to estimate the performances.
File
| Nome file | Dimensione |
|---|---|
| Bocci_PhD_Thesis.pdf | 5.51 Mb |
Contatta l’autore |
|