UC Santa Cruz

Cloud computing is a paradigm that enables the rapid provisioning of shared pools of hardware resources or high-level services. The cloud offers the flexibility to create, configure and cancel resources on demand. Third-party clouds have rich computing/storage resources and charge their tenants for resource usages. Despite its wide adoption, the cloud is not immune to security attacks. This dissertation attempts to enhance the security of the cloud from two different aspects:

1) Fortify network security infrastructure in the cloud.

2) Fortify IoT Data in the cloud.

The first half of this dissertation presents an SDN-based modular NFV orchestration framework called APPLE, aiming for interference-free policy enforcement of security infrastructure in a resource-efficient manner. Several levels of mechanisms are leveraged in APPLE to incorporate traffic dynamics. Both simulation and prototype experiments using real network topologies and traffic traces show that APPLE is resource-efficient and can quickly react to traffic dynamics.

The second half of the dissertation describes two security protocol suits for verifiable data communication and management respectively. Both are specially optimized for IoT applications to fit into resource-constraint IoT devices. Compared to alternative solutions, both protocol suits reduce memory footprint on IoT devices, communication cost between IoT devices and the cloud as well as computing time on generation and verification of verifiable IoT data.