Biblio

Cloud-backed file systems provide on-demand, high-availability, scalable storage. Their security may be improved with techniques such as erasure codes and secret sharing to fragment files and encryption keys in several clouds. Attacking the server-side of such systems involves penetrating one or more clouds, which can be extremely difficult. Despite all these benefits, a weak side remains: the client-side. The client devices store user credentials that, if stolen or compromised, may lead to confidentiality, integrity, and availability violations. In this paper we propose RockFS, a cloud-backed file system framework that aims to make the client-side of such systems resilient to attacks. RockFS protects data in the client device and allows undoing unintended file modifications.

We design a Practical and Privacy-Aware Truth Discovery (PPATD) approach in mobile crowd sensing systems, which supports users to go offline at any time while still achieving practical efficiency under working process. More notably, our PPATD is the first solution under single server setting to resolve the problem that users must be online at all times during the truth discovery. Moreover, we design a double-masking with one-time pads protocol to further ensure the strong security of users' privacy even if there is a collusion between the cloud server and multiple users.

The diagnosis of performance issues in cloud environments is a challenging problem, due to the different levels of virtualization, the diversity of applications and their interactions on the same physical host. Moreover, because of privacy, security, ease of deployment and execution overhead, an agent-less method, which limits its data collection to the physical host level, is often the only acceptable solution. In this paper, a precise host-based method, to recover wait state for the processes inside a given Virtual Machine (VM), is proposed. The virtual Process State Detection (vPSD) algorithm computes the state of processes through host kernel tracing. The state of a virtual Process (vProcess) is displayed in an interactive trace viewer (Trace Compass) for further inspection. Our proposed VM trace analysis algorithm has been open-sourced for further enhancements and for the benefit of other developers. Experimental evaluations were conducted using a mix of workload types (CPU, Disk, and Network), with different applications like Hadoop, MySQL, and Apache. vPSD, being based on host hypervisor tracing, brings a lower overhead (around 0.03%) as compared to other approaches.

Now a days, Cloud computing has brought a unbelievable change in companies, organizations, firm and institutions etc. IT industries is advantage with low investment in infrastructure and maintenance with the growth of cloud computing. The Virtualization technique is examine as the big thing in cloud computing. Even though, cloud computing has more benefits; the disadvantage of the cloud computing environment is ensuring security. Security means, the Cloud Service Provider to ensure the basic integrity, availability, privacy, confidentiality, authentication and authorization in data storage, virtual machine security etc. In this paper, we presented a Local outlier factors mechanism, which may be helpful for the detection of Distributed Denial of Service attack in a cloud computing environment. As DDoS attack becomes strong with the passing of time, and then the attack may be reduced, if it is detected at first. So we fully focused on detecting DDoS attack to secure the cloud environment. In addition, our scheme is able to identify their possible sources, giving important clues for cloud computing administrators to spot the outliers. By using WEKA (Waikato Environment for Knowledge Analysis) we have analyzed our scheme with other clustering algorithm on the basis of higher detection rates and lower false alarm rate. DR-LOF would serve as a better DDoS detection tool, which helps to improve security framework in cloud computing.

Data privacy and security is a leading concern for providers and customers of cloud computing, where Virtual Machines (VMs) can co-reside within the same underlying physical machine. Side channel attacks within multi-tenant virtualized cloud environments are an established problem, where attackers are able to monitor and exfiltrate data from co-resident VMs. Virtualization services have attempted to mitigate such attacks by preventing VM-to-VM interference on shared hardware by providing logical resource isolation between co-located VMs via an internal virtual network. However, such approaches are also insecure, with attackers capable of performing network channel attacks which bypass mitigation strategies using vectors such as ARP Spoofing, TCP/IP steganography, and DNS poisoning. In this paper we identify a new vulnerability within the internal cloud virtual network, showing that through a combination of TAP impersonation and mirroring, a malicious VM can successfully redirect and monitor network traffic of VMs co-located within the same physical machine. We demonstrate the feasibility of this attack in a prominent cloud platform - OpenStack - under various security requirements and system conditions, and propose countermeasures for mitigation.

User Generated Videos (UGV) are the dominating content stored in scattered caches to meet end-user Content Delivery Networks (CDN) requests with quality of service. End-User behaviour leads to a highly variable UGV popularity. This aspect can be exploited to efficiently utilize the limited storage of the caches, and improve the hit ratio of UGVs. In this paper, we propose a new architecture for Data Analytics in Cloud-based CDN to derive UGVs popularity online. This architecture uses RESTful web services to gather CDN logs, store them through generic collections in a NoSQL database, and calculate related popular UGVs in a real time fashion. It uses a dynamic model training and prediction services to provide each CDN with related popular videos to be cached based on the latest trained model. The proposed architecture is implemented with k-means clustering prediction model and the obtained results are 99.8% accurate.

Robotics and the Internet of Things (IoT) are enveloping our society at an exponential rate due to lessening costs and better availability of hardware and software. Additionally, Cloud Robotics and Robot Operating System (ROS) can offset onboard processing power. However, strong and fundamental security practices have not been applied to fully protect these systems., partially negating the benefits of IoT. Researchers are therefore tasked with finding ways of securing communications and systems. Since security and convenience are oftentimes at odds, securing many heterogeneous components without compromising performance can be daunting. Protecting systems from attacks and ensuring that connections and instructions are from approved devices, all while maintaining the performance is imperative. This paper focuses on the development of security best practices and a mesh framework with an open-source, multipoint-to-multipoint virtual private network (VPN) that can tie Linux, Windows, IOS., and Android devices into one secure fabric, with heterogeneous mobile robotic platforms running ROSPY in a secure cloud robotics infrastructure.

To improve customer experience, datacenter operators offer support for simplifying application and resource management. For example, running workloads of workflows on behalf of customers is desirable, but requires increasingly more sophisticated autoscaling policies, that is, policies that dynamically provision resources for the customer. Although selecting and tuning autoscaling policies is a challenging task for datacenter operators, so far relatively few studies investigate the performance of autoscaling for workloads of workflows. Complementing previous knowledge, in this work we propose the first comprehensive performance study in the field. Using trace-based simulation, we compare state-of-the-art autoscaling policies across multiple application domains, workload arrival patterns (e.g., burstiness), and system utilization levels. We further investigate the interplay between autoscaling and regular allocation policies, and the complexity cost of autoscaling. Our quantitative study focuses not only on traditional performance metrics and on state-of-the-art elasticity metrics, but also on time-and memory-related autoscaling-complexity metrics. Our main results give strong and quantitative evidence about previously unreported operational behavior, for example, that autoscaling policies perform differently across application domains and allocation and provisioning policies should be co-designed.

Challenges associated with developing analytics solutions at the edge of large scale Industrial Internet of Things (IIoT) networks close to where data is being generated in most cases involves developing analytics solutions from ground up. However, this approach increases IoT development costs and system complexities, delay time to market, and ultimately lowers competitive advantages associated with delivering next-generation IoT designs. To overcome these challenges, existing, widely available, hardware can be utilized to successfully participate in distributed edge computing for IIoT systems. In this paper, an osmotic computing approach is used to illustrate how distributed osmotic computing and existing low-cost hardware may be utilized to solve complex, compute-intensive Explainable Artificial Intelligence (XAI) deep learning problem from the edge, through the fog, to the network cloud layer of IIoT systems. At the edge layer, the C28x digital signal processor (DSP), an existing low-cost, embedded, real-time DSP that has very wide deployment and integration in several IoT industries is used as a case study for constructing real-time graph-based Coiflet wavelets that could be used for several analytic applications including deep learning pre-processing applications at the edge and fog layers of IIoT networks. Our implementation is the first known application of the fixed-point C28x DSP to construct Coiflet wavelets. Coiflet Wavelets are constructed in the form of an osmotic microservice, using embedded low-level machine language to program the C28x at the network edge. With the graph-based approach, it is shown that an entire Coiflet wavelet distribution could be generated from only one wavelet stored in the C28x based edge device, and this could lead to significant savings in memory at the edge of IoT networks. Pearson correlation coefficient is used to select an edge generated Coiflet wavelet and the selected wavelet is used at the fog layer for pre-processing and denoising IIoT data to improve data quality for fog layer based deep learning application. Parameters for implementing deep learning at the fog layer using LSTM networks have been determined in the cloud. For XAI, communication network noise is shown to have significant impact on results of predictive deep learning at IIoT network fog layer.

Cloud nowaday has become the backbone of the IT infrastructure. Whole of the infrastructure is now being shifted to the clouds, and as the cloud involves all of the networking schemes and the OS images, it inherits all of the vulnerabilities too. And hence securing them is one of our very prior concerns. Malwares are one of the many other problems that have ever growing and hence need to be eradicated from the system. The history of mal wares go long back in time since the advent of computers and hence a lot of techniques has also been already devised to tackle with the problem in some or other way. But most of them fall short in some or other way or are just too heavy to execute on a simple user machine. Our approach devises a 3 - phase exhaustive technique which confirms the detection of any kind of malwares from the host. It also works for the zero-day attacks that are really difficult to cover most times and can be of really high-risk at times. We have thought of a solution to keep the things light weight for the user.

Edge computing can potentially play a crucial role in enabling user authentication and monitoring through context-aware biometrics in military/battlefield applications. For example, in Internet of Military Things (IoMT) or Internet of Battlefield Things (IoBT),an increasing number of ubiquitous sensing and computing devices worn by military personnel and embedded within military equipment (combat suit, instrumented helmets, weapon systems, etc.) are capable of acquiring a variety of static and dynamic biometrics (e.g., face, iris, periocular, fingerprints, heart-rate, gait, gestures, and facial expressions). Such devices may also be capable of collecting operational context data. These data collectively can be used to perform context-adaptive authentication in-the-wild and continuous monitoring of soldier's psychophysical condition in a dedicated edge computing architecture.

Recently, the armed forces want to bring the Internet of Things technology to improve the effectiveness of military operations in battlefield. So the Internet of Battlefield Things (IoBT) has entered our view. And due to the high processing latency and low reliability of the “combat cloud” network for IoBT in the battlefield environment, in this paper , a novel “combat cloud-fog” network architecture for IoBT is proposed. The novel architecture adds a fog computing layer which consists of edge network equipment close to the users in the “combat-cloud” network to reduce latency and enhance reliability. Meanwhile, since the computing capability of the fog equipment are weak, it is necessary to implement distributed computing in the “combat cloud-fog” architecture. Therefore, the distributed computing load balancing problem of the fog computing layer is researched. Moreover, a distributed generalized diffusion strategy is proposed to decrease latency and enhance the stability and survivability of the “combat cloud-fog” network system. The simulation result indicates that the load balancing strategy based on generalized diffusion algorithm could decrease the task response latency and support the efficient processing of battlefield information effectively, which is suitable for the “combat cloud- fog” network architecture.

Cloud computing is a wide architecture based on diverse models for providing different services of software and hardware. Cloud computing paradigm attracts different users because of its several benefits such as high resource elasticity, expense reduction, scalability and simplicity which provide significant preserving in terms of investment and work force. However, the new approaches introduced by the cloud, related to computation outsourcing, distributed resources, multi-tenancy concept, high dynamism of the model, data warehousing and the nontransparent style of cloud increase the security and privacy concerns and makes building and handling trust among cloud service providers and consumers a critical security challenge. This paper proposes a new approach to improve security of data in cloud computing. It suggests a classification model to categorize data before being introduced into a suitable encryption system according to the category. Since data in cloud has not the same sensitivity level, encrypting it with the same algorithms can lead to a lack of security or of resources. By this method we try to optimize the resources consumption and the computation cost while ensuring data confidentiality.

The present study's primary objective is to try to determine whether gender, combined with the educational background of the Internet users, have an effect on the way online privacy is perceived and practiced within the cloud services and specifically in social networking, e-commerce, and online banking. An online questionnaire was distributed through e-mail and the social media (Facebook, LinkedIn, and Google+). Our primary hypothesis is that an interrelationship may exist among a user's gender, educational background, and the way an online user perceives and acts regarding online privacy. An analysis of a representative sample of Greek Internet users revealed that there is an effect by gender on the online users' awareness regarding online privacy, as well as on the way they act upon it. Furthermore, we found that a correlation exists, as well regarding the Educational Background of the users and the issue of online privacy.

The use of cloud computing and cloud federations has been the focus of studies in the last years. Many of these infrastructures delegate user authentication to Identity Providers. Once these services are available through the Internet, concerns about the confidentiality of user credentials and attributes are high. The main focus of this work is the security of the credentials and user attributes in authentication infrastructures, exploring secret sharing techniques and using cloud federations as a base for storing this information.

The growth in cloud-based services tailored for users means more and more personal data is being exploited, and with this comes the need to better handle user privacy. Software technologies concentrating on privacy preservation typically present a one-size fits all solution. However, users have different viewpoints of what privacy means to them and therefore, configurable and dynamic privacy preserving solutions have the potential to create useful and tailored services without breaching any user's privacy. In this paper, we present a model of user-centered privacy that can be used to analyse a service's behaviour against user preferences, such that a user can be informed of the privacy implications of that service and what fine-grained actions they can take to maintain their privacy. We show through study that the user-based privacy model can: i) provide customizable privacy aligned with user needs; and ii) identify potential privacy breaches.

Video analytics systems based on deep learning approaches are becoming the basis of many widespread applications including smart cities to aid people and traffic monitoring. These systems necessitate massive amounts of labeled data and training time to perform fine tuning of hyper-parameters for object classification. We propose a cloud based video analytics system built upon an optimally tuned deep learning model to classify objects from video streams. The tuning of the hyper-parameters including learning rate, momentum, activation function and optimization algorithm is optimized through a mathematical model for efficient analysis of video streams. The system is capable of enhancing its own training data by performing transformations including rotation, flip and skew on the input dataset making it more robust and self-adaptive. The use of in-memory distributed training mechanism rapidly incorporates large number of distinguishing features from the training dataset - enabling the system to perform object classification with least human assistance and external support. The validation of the system is performed by means of an object classification case-study using a dataset of 100GB in size comprising of 88,432 video frames on an 8 node cloud. The extensive experimentation reveals an accuracy and precision of 0.97 and 0.96 respectively after a training of 6.8 hours. The system is scalable, robust to classification errors and can be customized for any real-life situation.

The evolution of cloud gaming systems is substantially the security requirements for computer games. Although online game development often utilizes artificial intelligence and human computer interaction, game developers and providers often do not pay much attention to security techniques. In cloud gaming, location-based games are augmented reality games which take the original principals of the game and applies them to the real world. In other terms, it uses the real world to impact the game experience. Because the execution of such games is distributed in cloud computing, users cannot be certain where their input and output data are managed. This introduces the possibility to input incorrect data in the exchange between the gamer's terminal and the gaming platform. In this context, we propose a new gaming concept for augmented reality and location-based games in order to solve the aforementioned cheating scenario problem. The merit of our approach is to establish an accurate and verifiable proof that the gamer reached the goal or found the target. The major novelty in our method is that it allows the gamer to submit an authenticated proof related to the game result without altering the privacy of positioning data.

With the extensive application of cloud computing technology developing, security is of paramount importance in Cloud Computing. In the cloud computing environment, surveys have been provided on several intrusion detection techniques for detecting intrusions. We will summarize some literature surveys of various attack taxonomy, which might cause various threats in cloud environment. Such as attacks in virtual machines, attacks on virtual machine monitor, and attacks in tenant network. Besides, we review massive existing solutions proposed in the literature, such as misuse detection techniques, behavior analysis of network traffic, behavior analysis of programs, virtual machine introspection (VMI) techniques, etc. In addition, we have summarized some innovations in the field of cloud security, such as CloudVMI, data mining techniques, artificial intelligence, and block chain technology, etc. At the same time, our team designed and implemented the prototype system of CloudI (Cloud Introspection). CloudI has characteristics of high security, high performance, high expandability and multiple functions.

Audit logs are widely used in information systems nowadays. In cloud computing and cloud storage environment, audit logs are required to be encrypted and outsourced on remote servers to protect the confidentiality of data and the privacy of users. The searchable encrypted audit logs support a search on the encrypted audit logs. In this paper, we propose a privacy-preserving and unforgeable searchable encrypted audit log scheme based on PEKS. Only the trusted data owner can generate encrypted audit logs containing access permissions for users. The semi-honest server verifies the audit logs in a searchable encryption way before granting the operation rights to users and storing the audit logs. The data owner can perform a fine-grained conjunctive query on the stored audit logs, and accept only the valid audit logs. The scheme is immune to the collusion tamper or fabrication conducted by server and user. Concrete implementations of the scheme is put forward in detail. The correct of the scheme is proved, and the security properties, such as privacy-preserving, searchability, verifiability and unforgeability are analyzed. Further evaluation of computation load shows that the design is of considerable efficiency.

In a Semi-autonomic cloud auditing architecture we weaved in privacy enhancing mechanisms [15] by applying the public key version of the Somewhat homomorphic encryption (SHE) scheme from [4]. It turns out that the performance of the SHE can be significantly improved by carefully deriving relevant crypto parameters from the concrete cloud auditing use cases for which the scheme serves as a privacy enhancing approach. We provide a generic algorithm for finding good SHE parameters with respect to a given use case scenario by analyzing and taking into consideration security, correctness and performance of the scheme. Also, to show the relevance of our proposed algorithms we apply it to two predominant cloud auditing use cases.

With all data services of cloud, it's not only stored the data, although shared the data among the multiple users or clients, which make doubt in its integrity due to the existence of software/hardware error along with human error too. There is an existence of several mechanisms to allow data holders and public verifiers to precisely, efficiently and effectively audit integrity of cloud data without accessing the whole data from server. After all, public auditing on the integrity of shared data with pervious extant mechanisms will somehow affirm the confidential information and its identity privacy to the public verifiers. In this paper, to achieve the privacy preserving public for auditing, we intended an explanation for TPA using three way handshaking protocol through the Extensible Authentication Protocol (EAP) with liberated encryption standard. Appropriately, from the cloud, we use the VerifyProof execute by TPA to audit to certify. In addition to this mechanism, the identity of each segment in the shared data is kept private from the public verifiers. Moreover, rather than verifying the auditing task one by one, this will capable to perform, the various auditing tasks simultaneously.

Cloud federations allow Cloud Service Providers (CSPs) to deliver more efficient service performance by interconnecting their Cloud environments and sharing their resources. However, the security of the federated Cloud service could be compromised if the resources are shared with relatively insecure and unreliable CSPs. In this paper, we propose a Cloud federation formation model that considers the security risk levels of CSPs. We start by quantifying the security risk of CSPs according to well defined evaluation criteria related to security risk avoidance and mitigation, then we model the Cloud federation formation process as a hedonic coalitional game with a preference relation that is based on the security risk levels and reputations of CSPs. We propose a federation formation algorithm that enables CSPs to cooperate while considering the security risk introduced to their infrastructures, and refrain from cooperating with undesirable CSPs. According to the stability-based solution concepts that we use to evaluate the game, the model shows that CSPs will be able to form acceptable federations on the fly to service incoming resource provisioning requests whenever required.

In the past decade, the revolution in miniaturization (microprocessors, batteries, cameras etc.) and manufacturing of new type of sensors resulted in a new regime of applications based on smart objects called IoT. Majority of such applications or services are to ease human life and/or to setup efficient processes in automated environments. However, this convenience is coming up with new challenges related to data security and human privacy. The objects in IoT are resource constrained devices and cannot implement a fool-proof security framework. These end devices work like eyes and ears to interact with the physical world and collect data for analytics to make expedient decisions. The storage and analysis of the collected data is done remotely using cloud computing. The transfer of data from IoT to the computing clouds can introduce privacy issues and network delays. Some applications need a real-time decision and cannot tolerate the delays and jitters in the network. Here, edge computing or fog computing plays its role to settle down the mentioned issues by providing cloud-like facilities near the end devices. In this paper, we discuss IoT, fog computing, the relationship between IoT and fog computing, their security issues and solutions by different researchers. We summarize attack surface related to each layer of this paradigm which will help to propose new security solutions to escalate it acceptability among end users. We also propose a risk-based trust management model for smart healthcare environment to cope with security and privacy-related issues in this highly un-predictable heterogeneous ecosystem.

Cloud computing is a long-established technique which deals with storage and processing of information. In cloud computing, any user is liable to pay and demand according to its particular needs. Due to various limitations of cloud computing like higher latency and more bandwidth consumptions for transmitted information, the origination of Fog computing was essential. Fog computing inherits all the advantages of cloud computing, and also brings computing at the network's edge. In addition, security is a very serious concern for cloud computing. In this paper, fog computing is used as a defensive approach from the day-to-day increasing security threats particularly DDoS attacks in cloud computing. Here an architecture has been proposed to obstruct the malicious traffic generated by the DDoS attack from user to the cloud by utilizing the benefits of fog computing. Fog functions as a filtering layer for the traffic generated and is placed between user and cloud. This paper primarily works to improve the overall performance of the network and enhances reduction in the traffic forwarded to the cloud.