SlideShare ist ein Scribd-Unternehmen logo

Software Defined Networking in the ATMOSPHERE project

ATMOSPHERE .
ATMOSPHERE .

ATMOSPHERE presentation at "Eusomii 2019" in November 2019

Technologie
1 von 40
Downloaden Sie, um offline zu lesen
Co-funded by the European Commission Horizon 2020 - Grant #777154 Software Defined Networking in the ATMOSPHERE project Giacomo Verticale Politecnico di Milano
• ATMOSPHERE is a 24-month H2020 project aiming at the design and development of a framework and a platform to implement trustworthy cloud services on a federated intercontinental cloud. • Expected Results • A federated cloud platform. • A development framework • Trustworthy evaluation and monitoring • Trustworthy Distributed Data Management • Trustworthy Distributed Data Processing • A pilot use case on Medical Imaging Processing. The Project Trustworthy Data Processing Services (TDPS) Application Trustworthy Data Management Services (TDMS) Infrastructure Management Services (IMS) Federated Infrastructure Trustworthiness Monit.&Assessment (TMA)
The problem I do not want to care for the infrastructure, resource management, job scheduling, secure access and similar burdens. Moreover, I want to guarantee that no sensitive data is exposed outside of the country where it was produced. I need to build up an Image Processing Tool that uses sensitive data that requires a high computing demand. Once developed, I want to exploit it as a service securely and with a Quality of Service.
Target: Diagnosis of RHD
• PROVAR study – the first large-scale RHD screening program in Brazil. • RHD Screening: public schools, private schools and primary health units in the cities of Belo Horizonte, Montes Claros and Bocaiúva, Minas Gerais, Brazil. The Data
• The characterization of Echo-cardio images obtained in public schools • 5,600 exams, with an average of 14 videos per exams (total of 75,836 videos) • 5,330 exams are classified as normal (with a total of 71,686 videos) - 95% • 238 exams are classified as borderline RHD (with a total of 3,649 videos) - 4%. • 32 exams are classified as definite RHD (with a total of 501 videos) - 1%. • Additionally, there is another databank with 3.5 millions electrocardiograms from the same population area and age. Image Biobank Requirements Mean age: 13 ± 3 y.o. Female sex: 55%.
• Sensitive data must not be accessible out of the boundaries of the hosting country • Sensitive data is protected by the Brazilian LGPD and must be processed under high access-protection means, robust even in a potentially vulnerable cloud offering. • Anonymous data, though, can be released but should be kept accessible only in a secured environment. • Medical Imaging processing and Machine Learning model building requires intensive computing resources • The capabilities for processing may not be accessible in the boundaries where the data is located and therefore such processing algorithms must run elsewhere. • The access should be coherent and secure, and image processing should be efficient. • Experiments should be reproducible and stable • The model building, image processing and classification should run on well-defined environments that could be reproduced for further analysis. Image Biobank Requirements
• Trust is a choice that is based on past experience. Trust takes time to build, but it can disappear in a second. • Trusting cloud services is as complicated as trusting people. You need a way to measure it and pieces of evidence to build trust. • Trust in a cloud environment is considered as the reliance of a customer on a cloud service and, consequently, on its provider. • Trust bases on a broad spectrum of properties such as Security, Privacy, Coherence, Isolation, Stability, Fairness, Transparency and Dependability. • Nowadays, few approaches deal with the quantification of trust in cloud computing. What is trust?
• Trustworthiness is considered in its multiple dimensions • Security, as the capability to defence from attacks. • Privacy, as the inherent risk of a dataset to contain re-identifiable data. • Coherence, as the capability of providing a coherent behaviour from any point of the federation. • Isolation, as the difference when a service runs isolated or not. • Stability, as the idempotency and stability of the services. • Fairness, as the inexistence of undesirable or hidden biases. • Transparency, as the capability of understand the output of a system. • Dependability, mainly focusing on availability and reliability. • Measuring the trustworthiness properties • A priori and a posteriori evaluation of vulnerability, performance, re-identification risks, data loss rate, integrity, robustness, scalability, resource consumption, classification bias and isolation. Trustworthiness life-cycle
• Along with these requirements, we explore other requirements: • Measurement of the Fairness of the models to evaluate the bias of the model with respect to sensitive categories, such as gender or race. • Evaluation of the Explainability of the model. • Evaluation of the privacy loss risk to determine the quality of the anonymisation and the potential leakage of personal data inside the models. Image Biobank Requirements ... successfully reidentified the demographic data of 4478 adults (94.9%) & 2120 children (87.4%) … (P < .001)
11 The Previous situation Application Developers - Who develop the tools for processing the data. - They require the infrastructure to provide some types of services and resources, such as computing, secure storage, high-availability, data persistence. - They will deliver the applications to others to operate. Application Manager - An Application Developer may not be in charge of deploying the application on the production infrast. - The deployment implies the monitoring and management of the resources, services, user accounts and data. - The Application Manager will have access credentials to the infrastructure and will decide the optimal allocation of the resource. End-Users - Data providers and Data scientists exploring and processing data. - Need for secure data transfer and data access tracing, as well as simplified processing tools. - No need to worry about achieving ICT skills.
Building Trust with The ATMOSPHERE Platform
13 Service classes
14 TDPS Layer
● Lemonade* is a web-based system for designing and running analytics applications. ● Users, who are not necessarily programmers, describe applications as workflows; Lemonade generates code and controls their execution. ● Workflows consist of operations (boxes) and data flows (arrows) among them, performing: ⁃ Data preparation and engineering ⁃ Machine learning methods (MLib) ⁃ Visualization metaphors 15 LEMONADE
16 Supported Trustworthiness properties Property Developers Data Scientists Stability Stability strategies (e.g., cross- validation) Quality assurance of model outcome (e.g., calibrate cross validation and evaluate accuracy variance) Privacy Privacy-preserving algorithms and techniques (e.g., k-anonymity) Assess the impact of preserving privacy on the outcome utility and effectiveness Transparency Transparency methods to be combined with different data analytic flows (e.g., LIME/SHAP methods) Execute ML models and, based on explanations, calibrate the model or enhance the input Fairness Fairness-enhancing mechanisms and strategies (e.g., Aequitas toolkit). Generate report as to evaluate fairness and decide on features to include on models
• PAF assists organizations owning and processing datasets to understand how the processing of data can affect their conformance with regulations related to privacy (GDPR and LGPD) • These assessments may be used to generate appropriate security/ privacy policies and checks used by other services 17 Privacy assessment forms (PAF)
18 TDMS Layer
• Typical best practices • Data in transit and at rest can be encrypted • Some processing can even be done over encrypted data • Keys and certificates not included in repositories • But this is not enough... • If attacker has access to the machine (VM escapes, internal attacker, cold boots), code can be changed, memory can be dumped • Keys or data can be stolen 19 Data access challenges
Data Protection Layer (Vallum) The Vallum Framework Colunar DBMS (e.g., Cassandra) Relational DBMS (e.g., MySQL)Proxying Authentication Authorization Privacy Auditing Document Store (e.g., MongoDB) File System (e.g. IPFS) Query Compliant Results Query Compliant Results Query Compliant Results Modified Query Result Modified Query Result Modified Query Result Modified Query Result trusted execution environment (TEE) raw data encrypted at rest data encrypted in transit
21 TMA Layer
22 TMA: Design and interfaces Measures and enforces the multiple dimensions of trustworthiness: • Security • Privacy • Coherence • Isolation • Stability • Fairness • Transparency. • Dependability
23 IMS Layer
An orchestration platform to manage a federated set of hybrid resources, to provide measures, adaptive mechanisms and policies to improve trustworthiness ● orchestration platform ➔ Automatic configuration via TOSCA blueprints ● federated ➔ multiple clouds independently owned and managed, multi- tenancy ● hybrid resources ➔ CPUs, SGX, GPUs ● measures ➔ metrics and tools to evaluate the trustworthiness of cloud resources (availability, performance, etc) ● adaptive mechanisms ➔ to scale o reallocate cloud and network resources 24 Trustworthy Infrastructure Management
25 Infrastructure Management Services Federated Infrastructure Resource Provider Resource Provider Resource Provider ATMOSPHERE Platform Federation middleware Fogbow Fogbow Fogbow Federation-wide monitoring services probes running at each site monitoring service Automated deployment service Performance prediction & assessment serviceEC3 TOSCA-IM Model training Profiling
26 Site A DMZInternal XMPP OVS FNS RAS DMZ Internal FNS RAS Cloud A (OpenStack) Site B Cloud B (OpenNebula) Network federation Fogbow Dashboard Fogbow Dashboard ONOS XMPP OVS ONOS IPSec • Fogbow middleware can deploy multiple VMs over a single VLAN spanning multiple heterogeneous clouds • Each federated site holds: • a Federated Network Service (FNS) • a Resource Allocation Service (RAS) • an XMPP service • one or more instances of OpenVSwitch (OVS) • Selected sites hold • an instance of ONOS • an instance of the Intent Monitoring and Rerouting (IMR) application control IMR IMR control
27 Creation of a Network Federation Site A DMZInternal XMPP OVS FNS RAS DMZ Internal FNS RAS Cloud A (OpenStack) Site B Cloud B (OpenNebula) ONOS XMPP OVS ONOS 1. The Infrastructure Manager (IM) requests a new federated network and specifies the private IP range and the VLAN ID 2. The IM requests a new local VM in the federation 3. The FNS chooses an IP address, prepares the cloud-init script and forwards the request to the RAS 4. The RAS sets up OVS to accept the incoming tunnel 5. The RAS interacts with the cloud to create the VM. 6. The VM executes the cloud-init script and establishes a tunnel with OVS. 7. Other VMs are attached to the federated network in a similar way, with requests for VMs in remote sites being forwarded by the RAS accordingly. 8. ONOS sets up routing intents between pairs of VMs 9. Intents are monitored and re-routed to guarantee availability (and latency) 1 2 3 4 5 VM 6 VM 7 7 7 7 7 8 9
DEMO: 1. Configuration of each datacenter: • one gateway VM (OVS) • one instance of ONOS • one or more VMs belonging to two federations 2. The IMS monitors link availability and assigns each link an «availability» score 3. Two VMs in the same federation exchange traffic along the shortest path 4. When an IPSec tunnel fails traffic is immediately rerouted along a live path 5. When the faulty IPSec tunnel is available again, traffic remains in the backup path until the availability score recovers 6. When the availability score is high, traffic is rerouted 28 T4.4, D4.2Distributed Implementation of Federated Networks
The Intercontinental Use Case
• The underlying infrastructure is a federated cloud • Using fogbow (www.fogbowcloud.org) on OpenStack and OpenNebula. • With a Federated Network to provide a coherent network space among nodes. • Heterogeneous resources: SGX-enabled and GPU nodes. • Using EC3(1) and Infrastructure Manager(2) to deploy a virtual infrastructure. 30 Intercontinental infrastructure Cloud Resources @EU Cloud Resources @ Brazil SGX-Enabled Resources container Encrypted PROVAR Study Cloud Manager Cloud Manager Federation Layer Secure overlay network Central TMA TOSCA-IM GPU-Enabled Resources container (1) https://marketplace.eosc-portal.eu/services/elastic-cloud-compute-cluster-ec3 (2) https://marketplace.eosc-portal.eu/services/infrastructure-manager-im EC3
• The virtual infrastructure is managed by an elastic Kubernetes cluster spawn over the federated network • Containers and services are accessible from both sites but only through the federated network. • Resources are properly tagged (SGX and GPU capabilities and Brazil / Europe) so K8s applications are placed in the correct resource. • Infrastructure is described as code(3). • K8s Front-end is deployed and nodes are being powered on as the applications are deployed, creating the request for specific resources. 31 Deployment of the virtual infrastructure (3) https://github.com/grycap/ec3/tree/atmosphere
• A secure storage is deployed at the Brazilian side • It uses Vallum(4), a service that provides on-the-fly annonymisation based on policies. • It masks (or blurs) the fields that are marked as sensitive to different profiles of users. • It relies on an HDFS filesystem for the files and on SQL databases for the structured data. • It runs the data anonymisation and sensitive data access on enclaves running on SGX-enabled containers, so they securely run even in untrusted clouds • Data remains encrypted in disk. 32 Secure storage at Brazilian side Cloud Resources @ Brazil SGX-Enabled Resources VALLUM Encrypted PROVAR Study Cloud Manager (4) https://www.atmosphere-eubrazil.eu/vallum-framework-access-privacy-protection
• Data is requested to Vallum from external users, but they will only access to partially anonymised data • Anonymised data (~1TB) is copied where the computing accelerators are placed. 33 Anonymised Data Cloud Resources @EUCloud Resources @ Brazil SGX-Enabled Resources VALLUM Encrypted PROVAR Study Plain & Anonymised data Application TMA Cloud Manager Cloud Manager Federation Layer Secure overlay network Central TMA GPU-Enabled Resources TOSCA-IM storage service
• Videos are split into frames and classified by color inspection • A color-based segmentation using k-means clustering extracts the color pixels from the Doppler images. • Images are classified according their acquisition view using a CNN • Parasternal long axis view has proven to be relevant to obtain an accurate classification. • First & second order texture analyses characterize the images by the spatial variation of pixel intensities. • Besides texture features, blood velocity information is also obtained. • Finally, all the extracted features are classified through machine learning techniques in order to differentiate between RHD positive and healthy 34 Building the models for the Estimation pipeline. Image Classification Frame Splitting Preparation of images for classifier Color-Based Segment. Doppler Data Preparation View Classification Texture Analysis & Velocity Extraction Features Classification Parasternal Long Axis Data Analysis
• The pipeline is developed using LEMONADE(5) • LEMONADE provides a GUI and a Machine Learning librarie to develop data analytics pipelines. • Pipelines can be run interactively or transformed into executable code. • Code can be interactively run or further embed into services to be exposed for production. • A model building pipeline and an estimation pipeline are developed. 35 Coding the pipeline: LEMONADE (5) https://www.atmosphere-eubrazil.eu/lemonade-live-exploration-and-mining-non-trivial-amount-data-everywhere
Fairness ● Algorithms, in ML and IA, learn by identifying patterns in data collected over many years. Why may algorithms become “unfair”? ○ By using unbalanced data sets, biased to certain population. ○ By using data sets that are perpetuating historical biases. ○ By inappropriate data handling. ○ As result of inappropriate model selection, uncorrect algorithm design or application. ● Algorithms Fairness components: ○ Aequitas Bias and Fairness Audit Toolkit, proposed by the DSSG group from University of Chicago (http://aequitas.dssg.io/) ○ Properties: ■ Equal Parity & Proportional Parity. ■ False Positive Rate and False Discovery Rate Parity. ■ False Negative Rate and False Omission Rate Parity. Fairness Tree Equal Parity Proport. Parity Represent. Fairness Error Fairness FNRP FPRP FDRP FORP
● Model Complexity increase typically reduces Interpretability ○ Complex multilayer Convolutional Neural Networks are far more difficult to explain than Decision Trees or Linear Regression. ● Effort is invested in characterizing explainability and providing information to explain how the algorithm reached such results ○ 𝛿-Interprepetability (https://arxiv.org/pdf/1707.03886.pdf). ○ LIME (https://github.com/marcotcr/lime) ■ The output of LIME is a list of explanations, reflecting the contribution of each feature to the prediction of a data sample. Interpretability Retinopathy prediction using a 48 layers deep net) https://www.kaggle.com/kmader/inceptionv3-for-retinopathy-gpu-hr Severe Retinopathy
Privacy Assessment Forms for GDPR and LGPD ● The International context requires dealing with multiple legal frameworks ○ Brazilian LGPD and GDPR in our case. ● Integrated a tool for tagging and following up sensitive fields ○ To provide a list of Personally Identifiable Information (PII) and Sensitive Information ■ PIIs: Fullname, Ethnicity, Medical Record id, Gender,.. ■ Sensitive Info: Medical Information, Genetics,.. ○ Traces the use of sensitive data within a processing workflow to guide on the annotation of sensitive derived information.
Re-identification Risk ● Anonymisation defined by policies ○ Define actions (Removal, Blurring, Reduction, Substitution) and fields. ○ The system starts with the less restrictive policy, applies anonymisation and computes the Metric. ● Data Privacy Model ○ Anonymisation Process. ○ K-anonymity Model Computation. ○ Threshold Checker. ○ Linkage Attack for Validation. ○ Increase Anonymity.
40 Conclusions • Need to manually configure the environment. • Lack of reproducibility. • Qualitative appraisal of the trustworthiness. Before After • Self-assessment of GDPR/LGDP. • Trustable storage environment even on an untrusted provider. • Quantitative anonymisation level. • Manual analysis of GDPR/LGDP risks • Need to trust on the storage provider. • Anonymisation level is qualitative. • Applications templates for complex & distributed applications. • Provide a repeatable way to deploy the whole application. • Quantitative measure of trustworthiness

Empfohlen

Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...ATMOSPHERE .
 
Dstca
DstcaDstca
Dstcaajay vj
 
Security models
Security models Security models
Security models LJ PROJECTS
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
access-control-week-2
access-control-week-2access-control-week-2
access-control-week-2jemtallon
 

Empfohlen

Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...ATMOSPHERE .
 
Dstca
DstcaDstca
Dstcaajay vj
 
Security models
Security models Security models
Security models LJ PROJECTS
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Distributed database security with discretionary access control
Distributed database security with discretionary access controlDistributed database security with discretionary access control
Distributed database security with discretionary access controlJyotishkar Dey
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22jemtallon
 
access-control-week-2
access-control-week-2access-control-week-2
access-control-week-2jemtallon
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outlineAhmet E
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016Carestream
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionUlf Mattsson
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
Information security
Information security Information security
Information security razendar79
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Database Security
Database SecurityDatabase Security
Database SecurityFerdous Pathan
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 
Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityPyingkodi Maran
 

Weitere ähnliche Inhalte

Was ist angesagt?

IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outlineAhmet E
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016Carestream
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionUlf Mattsson
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9jemtallon
 
Information security
Information security Information security
Information security razendar79
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsjayussuryawan
 

Was ist angesagt? (20)

IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Security
 
Information Security
Information SecurityInformation Security
Information Security
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Cissp exam-outline
Cissp exam-outlineCissp exam-outline
Cissp exam-outline
 
Database security
Database securityDatabase security
Database security
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016Carestream white paper_cloud-security 2016
Carestream white paper_cloud-security 2016
 
Database security
Database securityDatabase security
Database security
 
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data ProtectionISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
ISSA Boston - PCI and Beyond: A Cost Effective Approach to Data Protection
 
DB security
DB security DB security
DB security
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
CISSP Week 9
CISSP Week 9CISSP Week 9
CISSP Week 9
 
Information security
Information security Information security
Information security
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
Database Security
Database SecurityDatabase Security
Database Security
 
Chapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systemsChapter 4 security part ii auditing database systems
Chapter 4 security part ii auditing database systems
 

Ähnlich wie Software Defined Networking in the ATMOSPHERE project

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think Uni Systems S.M.S.A.
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNithin Raj
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaAchSulav
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Tudor Damian
 
Myths of validation
Myths of validationMyths of validation
Myths of validationJeff Thomas
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 

Ähnlich wie Software Defined Networking in the ATMOSPHERE project (20)

Guide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azureGuide to security patterns for cloud systems and data security in aws and azure
Guide to security patterns for cloud systems and data security in aws and azure
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Data Domain-Driven Design
Data Domain-Driven DesignData Domain-Driven Design
Data Domain-Driven Design
 
The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think The most trusted, proven enterprise-class Cloud:Closer than you think
The most trusted, proven enterprise-class Cloud:Closer than you think
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
 
Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]Security & Compliance in the Cloud [2019]
Security & Compliance in the Cloud [2019]
 
Myths of validation
Myths of validationMyths of validation
Myths of validation
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 

Mehr von ATMOSPHERE .

On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...
On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...
On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...ATMOSPHERE .
 
Control Plane Data Characterisation for an 5G NFV Environment
Control Plane Data Characterisation for an 5G NFV EnvironmentControl Plane Data Characterisation for an 5G NFV Environment
Control Plane Data Characterisation for an 5G NFV EnvironmentATMOSPHERE .
 
Designing an Open IoT Ecosystem
Designing an Open IoT EcosystemDesigning an Open IoT Ecosystem
Designing an Open IoT EcosystemATMOSPHERE .
 
Cloud Robotics: Cognitive Augmentation for Robots via the Cloud
Cloud Robotics: Cognitive Augmentation for Robots via the CloudCloud Robotics: Cognitive Augmentation for Robots via the Cloud
Cloud Robotics: Cognitive Augmentation for Robots via the CloudATMOSPHERE .
 
Artificial Neural Networks for Resource Allocation in 5G Remote Areas
Artificial Neural Networks for Resource Allocation in 5G Remote AreasArtificial Neural Networks for Resource Allocation in 5G Remote Areas
Artificial Neural Networks for Resource Allocation in 5G Remote AreasATMOSPHERE .
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextATMOSPHERE .
 
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...ATMOSPHERE .
 
Optimization Models for on-demand GPUs in the Cloud
Optimization Models for on-demand GPUs in the CloudOptimization Models for on-demand GPUs in the Cloud
Optimization Models for on-demand GPUs in the CloudATMOSPHERE .
 
SBC Thematic Groups Organisation
SBC Thematic Groups OrganisationSBC Thematic Groups Organisation
SBC Thematic Groups OrganisationATMOSPHERE .
 
Cloud Computing Interest Group
Cloud Computing Interest GroupCloud Computing Interest Group
Cloud Computing Interest GroupATMOSPHERE .
 
5G-Range - 5G networks for remote areas
5G-Range - 5G networks for remote areas5G-Range - 5G networks for remote areas
5G-Range - 5G networks for remote areasATMOSPHERE .
 
NECOS Project: Lightweight Slicing of CloudFederated Infrastructures
NECOS Project: Lightweight Slicing of CloudFederated InfrastructuresNECOS Project: Lightweight Slicing of CloudFederated Infrastructures
NECOS Project: Lightweight Slicing of CloudFederated InfrastructuresATMOSPHERE .
 
SWAMP: Smart Water Management Platform
SWAMP: Smart Water Management PlatformSWAMP: Smart Water Management Platform
SWAMP: Smart Water Management PlatformATMOSPHERE .
 
OCARIoT - Smart Childhood Obesity Caring Solution using IoT Potential
OCARIoT - Smart Childhood Obesity Caring Solution using IoT PotentialOCARIoT - Smart Childhood Obesity Caring Solution using IoT Potential
OCARIoT - Smart Childhood Obesity Caring Solution using IoT PotentialATMOSPHERE .
 
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...ATMOSPHERE .
 
Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunitiesATMOSPHERE .
 
Integration of the Trustworthiness Assessment with Industry Systems
Integration of the Trustworthiness Assessment with Industry SystemsIntegration of the Trustworthiness Assessment with Industry Systems
Integration of the Trustworthiness Assessment with Industry SystemsATMOSPHERE .
 
Trustworthy cloud services for Medical Imaging Biomarkers
Trustworthy cloud services for Medical Imaging BiomarkersTrustworthy cloud services for Medical Imaging Biomarkers
Trustworthy cloud services for Medical Imaging BiomarkersATMOSPHERE .
 
ATMOSPHERE: An architecture for trustworthy cloud services
ATMOSPHERE: An architecture for trustworthy cloud servicesATMOSPHERE: An architecture for trustworthy cloud services
ATMOSPHERE: An architecture for trustworthy cloud servicesATMOSPHERE .
 
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...Connecting Robots to the Connected World of Modern Technology via Cloud Compu...
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...ATMOSPHERE .
 

Mehr von ATMOSPHERE . (20)

On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...
On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...
On the development of a Visual-Temporal-awareness Rheumatic Heart Disease cla...
 
Control Plane Data Characterisation for an 5G NFV Environment
Control Plane Data Characterisation for an 5G NFV EnvironmentControl Plane Data Characterisation for an 5G NFV Environment
Control Plane Data Characterisation for an 5G NFV Environment
 
Designing an Open IoT Ecosystem
Designing an Open IoT EcosystemDesigning an Open IoT Ecosystem
Designing an Open IoT Ecosystem
 
Cloud Robotics: Cognitive Augmentation for Robots via the Cloud
Cloud Robotics: Cognitive Augmentation for Robots via the CloudCloud Robotics: Cognitive Augmentation for Robots via the Cloud
Cloud Robotics: Cognitive Augmentation for Robots via the Cloud
 
Artificial Neural Networks for Resource Allocation in 5G Remote Areas
Artificial Neural Networks for Resource Allocation in 5G Remote AreasArtificial Neural Networks for Resource Allocation in 5G Remote Areas
Artificial Neural Networks for Resource Allocation in 5G Remote Areas
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil context
 
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...
Using Computational Back-ends for Artificial Intelligence in Childhood Cancer...
 
Optimization Models for on-demand GPUs in the Cloud
Optimization Models for on-demand GPUs in the CloudOptimization Models for on-demand GPUs in the Cloud
Optimization Models for on-demand GPUs in the Cloud
 
SBC Thematic Groups Organisation
SBC Thematic Groups OrganisationSBC Thematic Groups Organisation
SBC Thematic Groups Organisation
 
Cloud Computing Interest Group
Cloud Computing Interest GroupCloud Computing Interest Group
Cloud Computing Interest Group
 
5G-Range - 5G networks for remote areas
5G-Range - 5G networks for remote areas5G-Range - 5G networks for remote areas
5G-Range - 5G networks for remote areas
 
NECOS Project: Lightweight Slicing of CloudFederated Infrastructures
NECOS Project: Lightweight Slicing of CloudFederated InfrastructuresNECOS Project: Lightweight Slicing of CloudFederated Infrastructures
NECOS Project: Lightweight Slicing of CloudFederated Infrastructures
 
SWAMP: Smart Water Management Platform
SWAMP: Smart Water Management PlatformSWAMP: Smart Water Management Platform
SWAMP: Smart Water Management Platform
 
OCARIoT - Smart Childhood Obesity Caring Solution using IoT Potential
OCARIoT - Smart Childhood Obesity Caring Solution using IoT PotentialOCARIoT - Smart Childhood Obesity Caring Solution using IoT Potential
OCARIoT - Smart Childhood Obesity Caring Solution using IoT Potential
 
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...
ATMOSPHERE - Adaptive, Trustworthy, Manageable, Orchestrated, Secure Privacy-...
 
Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities
 
Integration of the Trustworthiness Assessment with Industry Systems
Integration of the Trustworthiness Assessment with Industry SystemsIntegration of the Trustworthiness Assessment with Industry Systems
Integration of the Trustworthiness Assessment with Industry Systems
 
Trustworthy cloud services for Medical Imaging Biomarkers
Trustworthy cloud services for Medical Imaging BiomarkersTrustworthy cloud services for Medical Imaging Biomarkers
Trustworthy cloud services for Medical Imaging Biomarkers
 
ATMOSPHERE: An architecture for trustworthy cloud services
ATMOSPHERE: An architecture for trustworthy cloud servicesATMOSPHERE: An architecture for trustworthy cloud services
ATMOSPHERE: An architecture for trustworthy cloud services
 
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...Connecting Robots to the Connected World of Modern Technology via Cloud Compu...
Connecting Robots to the Connected World of Modern Technology via Cloud Compu...
 

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Software Defined Networking in the ATMOSPHERE project

  • 1. Co-funded by the European Commission Horizon 2020 - Grant #777154 Software Defined Networking in the ATMOSPHERE project Giacomo Verticale Politecnico di Milano
  • 2. • ATMOSPHERE is a 24-month H2020 project aiming at the design and development of a framework and a platform to implement trustworthy cloud services on a federated intercontinental cloud. • Expected Results • A federated cloud platform. • A development framework • Trustworthy evaluation and monitoring • Trustworthy Distributed Data Management • Trustworthy Distributed Data Processing • A pilot use case on Medical Imaging Processing. The Project Trustworthy Data Processing Services (TDPS) Application Trustworthy Data Management Services (TDMS) Infrastructure Management Services (IMS) Federated Infrastructure Trustworthiness Monit.&Assessment (TMA)
  • 3. The problem I do not want to care for the infrastructure, resource management, job scheduling, secure access and similar burdens. Moreover, I want to guarantee that no sensitive data is exposed outside of the country where it was produced. I need to build up an Image Processing Tool that uses sensitive data that requires a high computing demand. Once developed, I want to exploit it as a service securely and with a Quality of Service.
  • 5. • PROVAR study – the first large-scale RHD screening program in Brazil. • RHD Screening: public schools, private schools and primary health units in the cities of Belo Horizonte, Montes Claros and Bocaiúva, Minas Gerais, Brazil. The Data
  • 6. • The characterization of Echo-cardio images obtained in public schools • 5,600 exams, with an average of 14 videos per exams (total of 75,836 videos) • 5,330 exams are classified as normal (with a total of 71,686 videos) - 95% • 238 exams are classified as borderline RHD (with a total of 3,649 videos) - 4%. • 32 exams are classified as definite RHD (with a total of 501 videos) - 1%. • Additionally, there is another databank with 3.5 millions electrocardiograms from the same population area and age. Image Biobank Requirements Mean age: 13 ± 3 y.o. Female sex: 55%.
  • 7. • Sensitive data must not be accessible out of the boundaries of the hosting country • Sensitive data is protected by the Brazilian LGPD and must be processed under high access-protection means, robust even in a potentially vulnerable cloud offering. • Anonymous data, though, can be released but should be kept accessible only in a secured environment. • Medical Imaging processing and Machine Learning model building requires intensive computing resources • The capabilities for processing may not be accessible in the boundaries where the data is located and therefore such processing algorithms must run elsewhere. • The access should be coherent and secure, and image processing should be efficient. • Experiments should be reproducible and stable • The model building, image processing and classification should run on well-defined environments that could be reproduced for further analysis. Image Biobank Requirements
  • 8. • Trust is a choice that is based on past experience. Trust takes time to build, but it can disappear in a second. • Trusting cloud services is as complicated as trusting people. You need a way to measure it and pieces of evidence to build trust. • Trust in a cloud environment is considered as the reliance of a customer on a cloud service and, consequently, on its provider. • Trust bases on a broad spectrum of properties such as Security, Privacy, Coherence, Isolation, Stability, Fairness, Transparency and Dependability. • Nowadays, few approaches deal with the quantification of trust in cloud computing. What is trust?
  • 9. • Trustworthiness is considered in its multiple dimensions • Security, as the capability to defence from attacks. • Privacy, as the inherent risk of a dataset to contain re-identifiable data. • Coherence, as the capability of providing a coherent behaviour from any point of the federation. • Isolation, as the difference when a service runs isolated or not. • Stability, as the idempotency and stability of the services. • Fairness, as the inexistence of undesirable or hidden biases. • Transparency, as the capability of understand the output of a system. • Dependability, mainly focusing on availability and reliability. • Measuring the trustworthiness properties • A priori and a posteriori evaluation of vulnerability, performance, re-identification risks, data loss rate, integrity, robustness, scalability, resource consumption, classification bias and isolation. Trustworthiness life-cycle
  • 10. • Along with these requirements, we explore other requirements: • Measurement of the Fairness of the models to evaluate the bias of the model with respect to sensitive categories, such as gender or race. • Evaluation of the Explainability of the model. • Evaluation of the privacy loss risk to determine the quality of the anonymisation and the potential leakage of personal data inside the models. Image Biobank Requirements ... successfully reidentified the demographic data of 4478 adults (94.9%) & 2120 children (87.4%) … (P < .001)
  • 11. 11 The Previous situation Application Developers - Who develop the tools for processing the data. - They require the infrastructure to provide some types of services and resources, such as computing, secure storage, high-availability, data persistence. - They will deliver the applications to others to operate. Application Manager - An Application Developer may not be in charge of deploying the application on the production infrast. - The deployment implies the monitoring and management of the resources, services, user accounts and data. - The Application Manager will have access credentials to the infrastructure and will decide the optimal allocation of the resource. End-Users - Data providers and Data scientists exploring and processing data. - Need for secure data transfer and data access tracing, as well as simplified processing tools. - No need to worry about achieving ICT skills.
  • 12. Building Trust with The ATMOSPHERE Platform
  • 15. ● Lemonade* is a web-based system for designing and running analytics applications. ● Users, who are not necessarily programmers, describe applications as workflows; Lemonade generates code and controls their execution. ● Workflows consist of operations (boxes) and data flows (arrows) among them, performing: ⁃ Data preparation and engineering ⁃ Machine learning methods (MLib) ⁃ Visualization metaphors 15 LEMONADE
  • 16. 16 Supported Trustworthiness properties Property Developers Data Scientists Stability Stability strategies (e.g., cross- validation) Quality assurance of model outcome (e.g., calibrate cross validation and evaluate accuracy variance) Privacy Privacy-preserving algorithms and techniques (e.g., k-anonymity) Assess the impact of preserving privacy on the outcome utility and effectiveness Transparency Transparency methods to be combined with different data analytic flows (e.g., LIME/SHAP methods) Execute ML models and, based on explanations, calibrate the model or enhance the input Fairness Fairness-enhancing mechanisms and strategies (e.g., Aequitas toolkit). Generate report as to evaluate fairness and decide on features to include on models
  • 17. • PAF assists organizations owning and processing datasets to understand how the processing of data can affect their conformance with regulations related to privacy (GDPR and LGPD) • These assessments may be used to generate appropriate security/ privacy policies and checks used by other services 17 Privacy assessment forms (PAF)
  • 19. • Typical best practices • Data in transit and at rest can be encrypted • Some processing can even be done over encrypted data • Keys and certificates not included in repositories • But this is not enough... • If attacker has access to the machine (VM escapes, internal attacker, cold boots), code can be changed, memory can be dumped • Keys or data can be stolen 19 Data access challenges
  • 20. Data Protection Layer (Vallum) The Vallum Framework Colunar DBMS (e.g., Cassandra) Relational DBMS (e.g., MySQL)Proxying Authentication Authorization Privacy Auditing Document Store (e.g., MongoDB) File System (e.g. IPFS) Query Compliant Results Query Compliant Results Query Compliant Results Modified Query Result Modified Query Result Modified Query Result Modified Query Result trusted execution environment (TEE) raw data encrypted at rest data encrypted in transit
  • 22. 22 TMA: Design and interfaces Measures and enforces the multiple dimensions of trustworthiness: • Security • Privacy • Coherence • Isolation • Stability • Fairness • Transparency. • Dependability
  • 24. An orchestration platform to manage a federated set of hybrid resources, to provide measures, adaptive mechanisms and policies to improve trustworthiness ● orchestration platform ➔ Automatic configuration via TOSCA blueprints ● federated ➔ multiple clouds independently owned and managed, multi- tenancy ● hybrid resources ➔ CPUs, SGX, GPUs ● measures ➔ metrics and tools to evaluate the trustworthiness of cloud resources (availability, performance, etc) ● adaptive mechanisms ➔ to scale o reallocate cloud and network resources 24 Trustworthy Infrastructure Management
  • 25. 25 Infrastructure Management Services Federated Infrastructure Resource Provider Resource Provider Resource Provider ATMOSPHERE Platform Federation middleware Fogbow Fogbow Fogbow Federation-wide monitoring services probes running at each site monitoring service Automated deployment service Performance prediction & assessment serviceEC3 TOSCA-IM Model training Profiling
  • 26. 26 Site A DMZInternal XMPP OVS FNS RAS DMZ Internal FNS RAS Cloud A (OpenStack) Site B Cloud B (OpenNebula) Network federation Fogbow Dashboard Fogbow Dashboard ONOS XMPP OVS ONOS IPSec • Fogbow middleware can deploy multiple VMs over a single VLAN spanning multiple heterogeneous clouds • Each federated site holds: • a Federated Network Service (FNS) • a Resource Allocation Service (RAS) • an XMPP service • one or more instances of OpenVSwitch (OVS) • Selected sites hold • an instance of ONOS • an instance of the Intent Monitoring and Rerouting (IMR) application control IMR IMR control
  • 27. 27 Creation of a Network Federation Site A DMZInternal XMPP OVS FNS RAS DMZ Internal FNS RAS Cloud A (OpenStack) Site B Cloud B (OpenNebula) ONOS XMPP OVS ONOS 1. The Infrastructure Manager (IM) requests a new federated network and specifies the private IP range and the VLAN ID 2. The IM requests a new local VM in the federation 3. The FNS chooses an IP address, prepares the cloud-init script and forwards the request to the RAS 4. The RAS sets up OVS to accept the incoming tunnel 5. The RAS interacts with the cloud to create the VM. 6. The VM executes the cloud-init script and establishes a tunnel with OVS. 7. Other VMs are attached to the federated network in a similar way, with requests for VMs in remote sites being forwarded by the RAS accordingly. 8. ONOS sets up routing intents between pairs of VMs 9. Intents are monitored and re-routed to guarantee availability (and latency) 1 2 3 4 5 VM 6 VM 7 7 7 7 7 8 9
  • 28. DEMO: 1. Configuration of each datacenter: • one gateway VM (OVS) • one instance of ONOS • one or more VMs belonging to two federations 2. The IMS monitors link availability and assigns each link an «availability» score 3. Two VMs in the same federation exchange traffic along the shortest path 4. When an IPSec tunnel fails traffic is immediately rerouted along a live path 5. When the faulty IPSec tunnel is available again, traffic remains in the backup path until the availability score recovers 6. When the availability score is high, traffic is rerouted 28 T4.4, D4.2Distributed Implementation of Federated Networks
  • 30. • The underlying infrastructure is a federated cloud • Using fogbow (www.fogbowcloud.org) on OpenStack and OpenNebula. • With a Federated Network to provide a coherent network space among nodes. • Heterogeneous resources: SGX-enabled and GPU nodes. • Using EC3(1) and Infrastructure Manager(2) to deploy a virtual infrastructure. 30 Intercontinental infrastructure Cloud Resources @EU Cloud Resources @ Brazil SGX-Enabled Resources container Encrypted PROVAR Study Cloud Manager Cloud Manager Federation Layer Secure overlay network Central TMA TOSCA-IM GPU-Enabled Resources container (1) https://marketplace.eosc-portal.eu/services/elastic-cloud-compute-cluster-ec3 (2) https://marketplace.eosc-portal.eu/services/infrastructure-manager-im EC3
  • 31. • The virtual infrastructure is managed by an elastic Kubernetes cluster spawn over the federated network • Containers and services are accessible from both sites but only through the federated network. • Resources are properly tagged (SGX and GPU capabilities and Brazil / Europe) so K8s applications are placed in the correct resource. • Infrastructure is described as code(3). • K8s Front-end is deployed and nodes are being powered on as the applications are deployed, creating the request for specific resources. 31 Deployment of the virtual infrastructure (3) https://github.com/grycap/ec3/tree/atmosphere
  • 32. • A secure storage is deployed at the Brazilian side • It uses Vallum(4), a service that provides on-the-fly annonymisation based on policies. • It masks (or blurs) the fields that are marked as sensitive to different profiles of users. • It relies on an HDFS filesystem for the files and on SQL databases for the structured data. • It runs the data anonymisation and sensitive data access on enclaves running on SGX-enabled containers, so they securely run even in untrusted clouds • Data remains encrypted in disk. 32 Secure storage at Brazilian side Cloud Resources @ Brazil SGX-Enabled Resources VALLUM Encrypted PROVAR Study Cloud Manager (4) https://www.atmosphere-eubrazil.eu/vallum-framework-access-privacy-protection
  • 33. • Data is requested to Vallum from external users, but they will only access to partially anonymised data • Anonymised data (~1TB) is copied where the computing accelerators are placed. 33 Anonymised Data Cloud Resources @EUCloud Resources @ Brazil SGX-Enabled Resources VALLUM Encrypted PROVAR Study Plain & Anonymised data Application TMA Cloud Manager Cloud Manager Federation Layer Secure overlay network Central TMA GPU-Enabled Resources TOSCA-IM storage service
  • 34. • Videos are split into frames and classified by color inspection • A color-based segmentation using k-means clustering extracts the color pixels from the Doppler images. • Images are classified according their acquisition view using a CNN • Parasternal long axis view has proven to be relevant to obtain an accurate classification. • First & second order texture analyses characterize the images by the spatial variation of pixel intensities. • Besides texture features, blood velocity information is also obtained. • Finally, all the extracted features are classified through machine learning techniques in order to differentiate between RHD positive and healthy 34 Building the models for the Estimation pipeline. Image Classification Frame Splitting Preparation of images for classifier Color-Based Segment. Doppler Data Preparation View Classification Texture Analysis & Velocity Extraction Features Classification Parasternal Long Axis Data Analysis
  • 35. • The pipeline is developed using LEMONADE(5) • LEMONADE provides a GUI and a Machine Learning librarie to develop data analytics pipelines. • Pipelines can be run interactively or transformed into executable code. • Code can be interactively run or further embed into services to be exposed for production. • A model building pipeline and an estimation pipeline are developed. 35 Coding the pipeline: LEMONADE (5) https://www.atmosphere-eubrazil.eu/lemonade-live-exploration-and-mining-non-trivial-amount-data-everywhere
  • 36. Fairness ● Algorithms, in ML and IA, learn by identifying patterns in data collected over many years. Why may algorithms become “unfair”? ○ By using unbalanced data sets, biased to certain population. ○ By using data sets that are perpetuating historical biases. ○ By inappropriate data handling. ○ As result of inappropriate model selection, uncorrect algorithm design or application. ● Algorithms Fairness components: ○ Aequitas Bias and Fairness Audit Toolkit, proposed by the DSSG group from University of Chicago (http://aequitas.dssg.io/) ○ Properties: ■ Equal Parity & Proportional Parity. ■ False Positive Rate and False Discovery Rate Parity. ■ False Negative Rate and False Omission Rate Parity. Fairness Tree Equal Parity Proport. Parity Represent. Fairness Error Fairness FNRP FPRP FDRP FORP
  • 37. ● Model Complexity increase typically reduces Interpretability ○ Complex multilayer Convolutional Neural Networks are far more difficult to explain than Decision Trees or Linear Regression. ● Effort is invested in characterizing explainability and providing information to explain how the algorithm reached such results ○ 𝛿-Interprepetability (https://arxiv.org/pdf/1707.03886.pdf). ○ LIME (https://github.com/marcotcr/lime) ■ The output of LIME is a list of explanations, reflecting the contribution of each feature to the prediction of a data sample. Interpretability Retinopathy prediction using a 48 layers deep net) https://www.kaggle.com/kmader/inceptionv3-for-retinopathy-gpu-hr Severe Retinopathy
  • 38. Privacy Assessment Forms for GDPR and LGPD ● The International context requires dealing with multiple legal frameworks ○ Brazilian LGPD and GDPR in our case. ● Integrated a tool for tagging and following up sensitive fields ○ To provide a list of Personally Identifiable Information (PII) and Sensitive Information ■ PIIs: Fullname, Ethnicity, Medical Record id, Gender,.. ■ Sensitive Info: Medical Information, Genetics,.. ○ Traces the use of sensitive data within a processing workflow to guide on the annotation of sensitive derived information.
  • 39. Re-identification Risk ● Anonymisation defined by policies ○ Define actions (Removal, Blurring, Reduction, Substitution) and fields. ○ The system starts with the less restrictive policy, applies anonymisation and computes the Metric. ● Data Privacy Model ○ Anonymisation Process. ○ K-anonymity Model Computation. ○ Threshold Checker. ○ Linkage Attack for Validation. ○ Increase Anonymity.
  • 40. 40 Conclusions • Need to manually configure the environment. • Lack of reproducibility. • Qualitative appraisal of the trustworthiness. Before After • Self-assessment of GDPR/LGDP. • Trustable storage environment even on an untrusted provider. • Quantitative anonymisation level. • Manual analysis of GDPR/LGDP risks • Need to trust on the storage provider. • Anonymisation level is qualitative. • Applications templates for complex & distributed applications. • Provide a repeatable way to deploy the whole application. • Quantitative measure of trustworthiness