The ongoing collaboration with the Maritime Division of Defence and Science Technology Group (DST) has resulted in another very useful piece of work that we are very glad to share through this blog. We have been conducting a series of Research and Development (R&D) projects with the same group in the Maritime Division of DST for evaluating technological solutions for building secure and scalable private clouds for mission critical systems. Given the increasing adopting of containerised solutions, our collaborators were interested in evaluating Docker for secure and scale private cloud – that means both security and scalability are the key quality attributes for their domain. Ben Ramsey from my team led the efforts of carrying out this work that has resulted in a detailed technical report. We believe that this technical report will be very useful for anyone interested in knowing about the security and scalability aspects of container technologies like Docker when used for building a private cloud infrastructure. Here is the report titled, Evaluating Docker for Secure and Scalable Private Cloud with Container Technologies, and the abstract has been copied from the report below:Read More »Evaluating Docker for Secure and Scalable Private Cloud with Container Technologies
With the increasing trend of adopting containerised solution for cloud-based infrastructures, it is becoming increasingly important to pay appropriate attention to the security risks that usually characterise virtualised solutions using container technologies such as Docker. We have recently finished another successful project with our collaborators from Defence Science and Technology Group (DST). This project was focused on identifing and understanding the isolation mechanisms used for containerised technologies. We are glad to share the technical report on this topic with those who are interested in building and operating containerised security-sensitive private cloud. The title of the report is, Understanding Container Isolation Mechanisms for Building Security-Sensitive Private Cloud, and abstract of the report has been copied from the report below for ease of access. This project has been carried out with Ben Ramsey. Read More »Understanding Container Isolation Mechanisms for Security-Sensitive Private Cloud
Container technologies, particularly Docker Engine, have been gaining significant popularity and adoption for building development and operational virtualised infrastructures. An increasing number of cloud technologies have started integrating container technologies into their platforms. While the performance and scalability advantages of containers are well known, there have been a number of concerns about the security of container-based solutions.
Through our ongoing collaboration with Defence Science and Technology Group we have just completed a project focused on extensively studying and analysing security of container technology, Docker. This project involved several other strategically important evaluative milestones about which I’ll write separately. Here is the report on security analysis of Docker for building private cloud. A few key points of this report are: Read More »Learning from a Detailed Security Analysis of Containerised Technologies
An increasing number of software systems are considered Software Intensive Systems of Systems (SiSoS), which consist of dozens of constituent systems. Systems are interconnected using private or public networks, which can be prime target for security attacks. Hence, securing SiSoS is a huge challenge and an emerging areas of research and development. SoS can have several applications domains that can range from smart cities, to defence systems, and industrial control systems. Modeling of and reasoning of security-sensitive architecture of software intensive systems is a challenging piece of work but several modelling approaches and tooling support have been developed. However, there has been no signifiant effort to develop appropriate modelling approach and associated infrastructure for modeling security-senstive architecture of SoS. Led by our collaboratives in France, we have recently developed an approach and tool support for supporting seccutiry-senstive architecture design and analysis .Read More »Modeling Security-Sensitive Architecture of Systems-of-Systems
Following on the successful completion of our collaborative project on building and evaluating private cloud for defence systems, our second project is on building and evaluating secure and scalable private cloud using container technologies. For our projects, we use Openstack software for private cloud and its related technologies. For evaluating the security and scalability of private cloud infrastructure built using container technologies such as Docker.
This project has been partly motivated by the increasing popularity of contain technologies for virtualization and building private cloud as the container technologies, for example Docker, offer lightweight solutions that can be easily ported to other infrastructures if required, require minimal resources, and instantly spawn a new instance whoever required.Read More »Secure and Scalable Private Cloud for Defence Systems
Defence Science and Technology Group (DSTG), An Australian Defence’s R&D organisation, recognises that Cloud Computing presents new opportunities for more flexible and efficient utilisation of computing resources. We have teamed up with DST’s submarine division’s researchers to build and apply knowledge and competency in designing and experimenting with private cloud infrastructure for combat systems. We are glad to release the report of our first collaborative project. This R&D project aimed at gaining the required knowledge and competency for building and managing a private cloud infrastructure for mission systems in submarine domain. One of the key goals of this project was to explore the technical strengths and limitations of OpenStack cloud software and its related tools for designing and implementing a dynamically reconfigurable Cloud Computing infrastructure. This project has experimentally assessed the strengths and limitations of OpenStack cloud software (such as Rackspace, Mirantis, and DevStack), different virtualisation software (such as KVM and VMware’s ESXi), and baremetal provisioning tools (such as Razor and CloneZilla). Read More »Private Cloud for Defence Systems