On a Monday a triple of decades ago, I came into this world weighting a little more than what a normal baby would weight. Paradoxically, I grew up in Dakar the capital of Senegal as a very thin boy, so thin that people would call me in Wolof “kilo bopp libaramou yaram” which literary means of 1kg of head and ½ kg of body. To that thinness, I added a layer of timidity which I do not know if it was the result of some genes I inherited from my parents or just a byproduct that comes with being thin.
Fast forward… After I graduated from high school, I enrolled in the Physics and Chemistry department of the Faculty of Science and Techniques of the University Cheikh Anta Diop of Dakar. I remember my old brother being extremely puzzled by my choice as I was always burning his eardrums about my natural business acumen and how I would grow up and become a great businessman. It was clear in his mind that I was going to study business and management. But in my head I was like I have a plan that, besides me, nobody else can understand. The reality is that I might just have succumbed to pride as I was like I wouldn’t work so hard in high school to attend university with people who have not spent as much blood, sweat and tears in science as I did.
I went to the Physics and Chemistry department where I obtained a bachelor degree in Physics. There is a saying at the university Cheikh Anta Diop as: “the rule is to fail the exam; the exception is to pass at your first try.” In a department as the Physics and Chemistry, that saying was closer to reality than in any other departments. But I had no intentions to waste my time in the university and as a result, those years have arguably been my most difficult years in terms of wanting to succeed and the amount of work I put into my studies. I did not regret it because I graduated with high marks which have opened new opportunities for me.
After my bachelor in physics, I had heard of a new master program that fascinated me. The master was about cryptography and information security and was unique at that time in Senegal in particular and in west Africa in general. Fortunately, they were offering a scholarship to which I postulated and successfully secured it. It was fun for me to study new things and after a year in the program, I was enjoying all the new things I was studying but I was also missing the challenges that I was having studying physics. Those days where I would spend hours trying to understanding an equation and the gratification that comes after figuring it out. During the second year of the master program, one of my classmates told me about the MEXT scholarship and recommended me to apply. I was not very excited to do so as the processes of selection of most scholarships in my country are not very transparent, not to say that they are very opaque. But this one was different as the personnel of the embassy of japan in Senegal was taking care of the selection. Still, I wasn’t very convinced but as I had an appointment near the office where they were receiving the applications therefore I decided to give it a try.
I asked my friend to meet there and to my surprise, after so much effort in convincing me, he couldn’t come due to some other matters he had to take care of. So I went to the office with an incomplete application folder and applied. A couple of days later, I received a phone call from the then head of the culture department at the Japanese embassy in Dakar. He urged me to complete my application by sending the files that were missing. I saw the phone call as a huge boost of my confidence and decided to be more diligent into that application process. So I completed my application and did all the tests that were required. After that, I just had to wait to hear back from them whether I was retained or rejected.
Growing up, I never really fantasized about going to Japan. Things I knew about the country were stereotypical things I learned from movies and urban legends. But Japan has always been mysterious, I always wondered how a country that has gone through so much pain is part of the top 3 most developed countries in the world. I saw Senegal as a younger brother of Japan as we are similarly devoid of any natural resources and count on the ingenuity of the denizens to develop the country. Tough I never dreamed of going to japan, I knew very well the level of advancement of the country of the rising sun and understood that this was a good opportunity for me to learn from the best in order to later help my country level up with the best countries in the world.
Nearly 4 to 5 months after I concluded the scholarship application process, I received an email from a member of the International Division, informing that professor Suguru Yamaguchi has accepted me in his laboratory, Internet Engineering, located in Nara Institute of Science and Technology (NAIST). I could not express how happy and excited I was to join Japan. But I was equally puzzled by learning the school that was going to host me: NAIST. When I googled universities in japan, I always found the universities of Tokyo, Osaka, Kyoto or again Waseda and Keio but never NAIST. But a quick google search, with the right keywords, showed that NAIST was actually one of the top ranked national universities. That was enough to dissipate my doubts.
I arrived in Japan on April 5th, 2010. At first, I was residing in Osaka because I had to take a six months’ Japanese language training course. Afterwards, I joined NAIST and started as a research student. During that period, I learnt how to conduct high level research by reading and summarizing world class papers. It was not easy because it was novel to me but I could succeed through perseverance. I passed the master exam and started my journey as master student. In terms of research I wanted to work on something that was the most interesting topic in my field. At that time, cloud computing was the darling in computer science. More precisely, the adoption of cloud computing heavily depended on its security issues so I decided to focus on researching security mechanisms for cloud computing. For the master thesis, I developed a security quantification mechanism that allows administrators to quantification the security of their Infrastructure as a Service (IaaS) cloud environment.
Fig 1: Master’s degree graduation ceremony
I graduated from the master course in September 2012 and started the PhD course in October of the same year. I pursued the same research topic by fine tuning my master thesis topic and proposing an authorization mechanism for cloud computing that challenge the common knowledge in terms of practices in information technology. I successfully defended my Ph.D. and graduated in September 2015.
Fig 2: Ph.D. degree graduation ceremony
Since October 2015, I am an Assistant Professor in the Internet Engineering Laboratory (IPLab), Graduate School of Information Science, Nara Institute of Science and Technology.
I will conclude this entry with the abstracts of two of my publications.
Security Risk Quantification Mechanism for Infrastructure as a Service Cloud Computing Platforms
Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users’ data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud computing administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously mentioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers.
Risk Adaptive Authorization Mechanism (RAdAM) for Cloud Computing
Cloud computing provides many advantages for both the cloud service provider and the clients. It is also infamous for being highly dynamic and for having numerous security issues. The dynamicity of cloud computing implies that dynamic security mechanisms are being employed to enforce its security, especially in regards to access decisions. However, this is surprisingly not the case. Static traditional authorization mechanisms are being used in cloud environments, leading to legitimate doubts on their ability to fulfill the security needs of the cloud. I proposed a Risk-Adaptive Authorization Mechanism (RAdAM) for a simple cloud deployment, collaboration in cloud computing and federation in cloud computing. I used a fuzzy inference system to demonstrate the practicability of RAdAM. I complemented RAdAM with a Vulnerability Based Authorization Mechanism (VBAM) which is a real-time authorization model based on the average vulnerability scores of the objects present in the cloud.
