Dynamic Mobile Cloud Eco System Security - A Review

Mobile cloud computing is the technique of using cloud technology and various rich mobile applications are intended to be able to run on a variety of mobile devices using the technique called mobile cloud computing. In recent years, huge amounts of data are stored by the clients which are much more easily to the integration of cloud platforms into mobile systems. The ways of security used in portable device settings are one of the key challenges in this respect as the number of people using smartphones continues to rise. None of the models that have been developed with confidence and privacy for precaution of data in mobile cloud systems are impervious to destructive attacks, despite countless attempts. While mobile cloud computing has great potential, security, privacy, viability, and accessibility concerns must still be considered by both consumers and businesses. Additionally, it emphasizes the use of Canny Card Web Services (CCWS) competition to enhance mobile cloud computing security with IOT. This paper has been presented with more than one user application: a smart house and a smart parking in an educational institution, in the inclusion of IOT with cloud computing for demonstrating various admittance control and endorsement requirement. A review regarding this paper concentrated on a little model that is intended the security and privacy ensureability of data in mobile clouds. Additionally, to manage mobile cloud security difficulties and challenges, it is important to look at the current situation with regard to cloud security breaches, the weaknesses of mobile cloud devices, and the best ways to address these issues in the near future with regard to mobile device management and mobile data protection

Secure platforms for enforcing contextual access control

Advances in technology and wide scale deployment of networking enabled portable devices such as smartphones has made it possible to provide pervasive access to sensitive data to authorized individuals from any location. While this has certainly made data more accessible, it has also increased the risk of data theft as the data may be accessed from potentially unsafe locations in the presence of untrusted parties. The smartphones come with various embedded sensors that can provide rich contextual information such as sensing the presence of other users in a context. Frequent context profiling can also allow a mobile device to learn its surroundings and infer the familiarity and safety of a context. This can be used to further strengthen the access control policies enforced on a mobile device. Incorporating contextual factors into access control decisions requires that one must be able to trust the information provided by these context sensors. This requires that the underlying operating system and hardware be well protected against attacks from malicious adversaries. ^ In this work, we explore how contextual factors can be leveraged to infer the safety of a context. We use a context profiling technique to gradually learn a context\u27s profile, infer its familiarity and safety and then use this information in the enforcement of contextual access policies. While intuitive security configurations may be suitable for non-critical applications, other security-critical applications require a more rigorous definition and enforcement of contextual policies. We thus propose a formal model for proximity that allows one to define whether two users are in proximity in a given context and then extend the traditional RBAC model by incorporating these proximity constraints. Trusted enforcement of contextual access control requires that the underlying platform be secured against various attacks such as code reuse attacks. To mitigate these attacks, we propose a binary diversification approach that randomizes the target executable with every run. We also propose a defense framework based on control flow analysis that detects, diagnoses and responds to code reuse attacks in real time

Preserving the Quality of Architectural Tactics in Source Code

In any complex software system, strong interdependencies exist between requirements and software architecture. Requirements drive architectural choices while also being constrained by the existing architecture and by what is economically feasible. This makes it advisable to concurrently specify the requirements, to devise and compare alternative architectural design solutions, and ultimately to make a series of design decisions in order to satisfy each of the quality concerns. Unfortunately, anecdotal evidence has shown that architectural knowledge tends to be tacit in nature, stored in the heads of people, and lost over time. Therefore, developers often lack comprehensive knowledge of underlying architectural design decisions and inadvertently degrade the quality of the architecture while performing maintenance activities. In practice, this problem can be addressed through preserving the relationships between the requirements, architectural design decisions and their implementations in the source code, and then using this information to keep developers aware of critical architectural aspects of the code. This dissertation presents a novel approach that utilizes machine learning techniques to recover and preserve the relationships between architecturally significant requirements, architectural decisions and their realizations in the implemented code. Our approach for recovering architectural decisions includes the two primary stages of training and classification. In the first stage, the classifier is trained using code snippets of different architectural decisions collected from various software systems. During this phase, the classifier learns the terms that developers typically use to implement each architectural decision. These ``indicator terms\u27\u27 represent method names, variable names, comments, or the development APIs that developers inevitably use to implement various architectural decisions. A probabilistic weight is then computed for each potential indicator term with respect to each type of architectural decision. The weight estimates how strongly an indicator term represents a specific architectural tactics/decisions. For example, a term such as \emph{pulse} is highly representative of the heartbeat tactic but occurs infrequently in the authentication. After learning the indicator terms, the classifier can compute the likelihood that any given source file implements a specific architectural decision. The classifier was evaluated through several different experiments including classical cross-validation over code snippets of 50 open source projects and on the entire source code of a large scale software system. Results showed that classifier can reliably recognize a wide range of architectural decisions. The technique introduced in this dissertation is used to develop the Archie tool suite. Archie is a plug-in for Eclipse and is designed to detect wide range of architectural design decisions in the code and to protect them from potential degradation during maintenance activities. It has several features for performing change impact analysis of architectural concerns at both the code and design level and proactively keep developers informed of underlying architectural decisions during maintenance activities. Archie is at the stage of technology transfer at the US Department of Homeland Security where it is purely used to detect and monitor security choices. Furthermore, this outcome is integrated into the Department of Homeland Security\u27s Software Assurance Market Place (SWAMP) to advance research and development of secure software systems

Securing Access to Cloud Computing for Critical Infrastructure

Cloud computing offers cost effective services on-demand which encourage critical infrastructure providers to consider migrating to the cloud. Critical infrastructures are considered as a backbone of modern societies such as power plants and water. Information in cloud computing is likely to be shared among different entities, which could have various degrees of sensitivity. This requires robust isolation and access control mechanisms. Although various access control models and policies have been developed, they cannot fulfil requirements for a cloud based access control system. The reason is that cloud computing has a diverse sets of security requirements and unique security challenges such as multi-tenant and heterogeneity of security policies, rules and domains. This thesis provides a detailed study of cloud computing security challenges and threats, which were used to identify security requirements for various critical infrastructure providers. We found that an access control system is a crucial security requirement for the surveyed critical infrastructure providers. Furthermore, the requirement analysis was used to propose a new criteria to evaluate access control systems for cloud computing. Moreover, this work presents a new cloud based access control model to meet the identified cloud access control requirements. The model does not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permissions for the same cloud user. Our focused in the proposed model is the lack of data isolation in lower levels (CPU caches), which could lead to bypass access control models to gain some sensitive information by using cache side-channel attacks. Therefore, the thesis investigates various real attack scenarios and the gaps in existing mitigation approaches. It presents a new Prime and Probe cache side-channel attack, which can give detailed information about addresses accessed by a virtual machine with no need for any information about cache sets accessed by the virtual machine. The design, implementation and evaluation of a proposed solution preventing cache side-channel attacks are also presented in the thesis. It is a new lightweight solution, which introduces very low overhead (less than 15,000 CPU cycles). It can be applied in any operating system and prevents cache side-channel attacks in cloud computing. The thesis also presents a new detecting cache side-channel attacks solution. It focuses on the infrastructure used to host cloud computing tenants by counting cache misses caused by a virtual machine. The detection solutions has 0% false negative and 15% false positive

Characterisation of a Human DEAD-Box Protein (DDX3) and Its Interaction With Hepatitis C Virus Core Protein

Hepatitis C Virus (HCV) core protein is believed to form the viral nucleocapsid. However, numerous reports suggest it can also modulate diverse cellular processes. It is possible that at least some of these pleiotropic effects are exerted through the interaction of core protein with a range of host cellular factors, including a putative RNA helicase of the DEAD-box family termed DDX3. The main aims of this study were to i) characterise DDX3, in terms of its basic properties and normal role in cellular metabolism, and ii) investigate the interaction of DDX3 with core protein and determine any influence of this association on HCV replication/pathogenesis. A number of anti-DDX3 immunological reagents were already available for study of the endogenous DDX3 protein, as well as various truncated or mutated forms of the protein that were subsequently cloned and expressed in a variety of systems. Core protein was produced using recombinant vaccinia virus (rVV) due to the lack of an efficient cell culture system for HCV. To allow comparisons with natural infection of permissive cells with this hepatotropic virus, studies were usually limited to human hepatocyte-derived cell lines, while core protein was generally expressed along with the HCV glycoproteins (E1-E2), as it would be in vivo, to ensure proper processing of core. Recombinant baculoviruses (rbacs) carrying the DDX3- and core-coding sequences were generated for further examination of these proteins. Since little was generally known about DDX3, initial studies concentrated on its fundamental characteristics, including investigations into expression of its mRNA transcript and protein in human hepatocytes and other mammalian cell lines. The DDX3 mRNA transcript was also studied in a wide range of human tissues. These analyses strongly suggest that DDX3 is a ubiquitous and highly conserved cellular protein. Consistent with previous reports regarding the DDX3/core interaction, expression of core protein in hepatocytes led to a marked redistribution of endogenous or over-expressed DDX3. This redistribution of DDX3 in the presence of core also occurred in the recently described HCV sub-genomic replicon- expressing cell lines. These observations indicate that core protein aberrantly sequesters a ubiquitous, highly conserved cellular protein, likely disrupting its potentially crucial function. Intriguingly, further studies suggested that core protein directly or indirectly modifies DDX3. An anti-DDX3 polyclonal antibody (PAb) specifically detected DDX3 in insect cell extracts previously infected with rbac expressing the protein, and detected the endogenous DDX3 in human hepatocytes; co-expression of rbacs expressing core (or core-El-E2) and DDX3 in insect cells, or infection of human hepatocytes with rVV expressing core-El-E2 led to the appearance of a higher molecular weight isoform of DDX3. This provides further evidence that the DDX3/core interaction is genuine, and possibly emphasises its significance in terms of HCV pathogenesis. Several insights into DDX3 and its interaction with core protein were given by expression of DDX3 mutants from mammalian expression plasmids. Of particular interest was a mutant containing a single amino acid change within the DEAD-box, a motif that is highly conserved amongst members of the large family of known and putative RNA helicases to which DDX3 belongs. This mutant showed a very distinct subcellular distribution compared with the wild-type protein, although it retained its ability to interact with core. In collaboration with others, it was shown that this DDX3 mutant was enzymatically incapacitated, consistent with the involvement of the DEAD-box in ATP hydrolysis. These data suggest important features regarding DDX3 and its interaction with core: i) the functional capabilities of DDX3 are linked to its subcellular localisation; ii) the normal distribution of DDX3 is irrelevant for its association with core, possibly indicating that their interaction occurs prior to subcellular targeting of DDX3; iii) the enzymatic competence of DDX3 is not essential for its interaction with core. A putative nuclear export signal (NES) was also identified in DDX3 by comparison with its Xenopus laevis homologue. ANES-DDX3, lacking the N-terminal 21 amino acids of the protein, was cloned and expressed by plasmid in hepatocytes as before. However, although this protein appeared to be more concentrated in the nuclear periplasm, accumulation of the protein within the nucleus itself was not detected. This could suggest that the putative NES of DDX3 is not functional in vivo, or that more than one mechanism governs its nucleocytoplasmic transport. Consistent with the latter hypothesis, subcellular fractionation of hepatocyte cell extracts revealed a small quantity of DDX3 protein in the nucleus

A software architecture for electro-mobility services: a milestone for sustainable remote vehicle capabilities

To face the tough competition, changing markets and technologies in automotive industry, automakers have to be highly innovative. In the previous decades, innovations were electronics and IT-driven, which increased exponentially the complexity of vehicle’s internal network. Furthermore, the growing expectations and preferences of customers oblige these manufacturers to adapt their business models and to also propose mobility-based services. One other hand, there is also an increasing pressure from regulators to significantly reduce the environmental footprint in transportation and mobility, down to zero in the foreseeable future. This dissertation investigates an architecture for communication and data exchange within a complex and heterogeneous ecosystem. This communication takes place between various third-party entities on one side, and between these entities and the infrastructure on the other. The proposed solution reduces considerably the complexity of vehicle communication and within the parties involved in the ODX life cycle. In such an heterogeneous environment, a particular attention is paid to the protection of confidential and private data. Confidential data here refers to the OEM’s know-how which is enclosed in vehicle projects. The data delivered by a car during a vehicle communication session might contain private data from customers. Our solution ensures that every entity of this ecosystem has access only to data it has the right to. We designed our solution to be non-technological-coupling so that it can be implemented in any platform to benefit from the best environment suited for each task. We also proposed a data model for vehicle projects, which improves query time during a vehicle diagnostic session. The scalability and the backwards compatibility were also taken into account during the design phase of our solution. We proposed the necessary algorithms and the workflow to perform an efficient vehicle diagnostic with considerably lower latency and substantially better complexity time and space than current solutions. To prove the practicality of our design, we presented a prototypical implementation of our design. Then, we analyzed the results of a series of tests we performed on several vehicle models and projects. We also evaluated the prototype against quality attributes in software engineering

A Formal Approach to Specification, Analysis and Implementation of Policy-Based Systems

The design of modern computing systems largely exploits structured sets of declarative rules called policies. Their principled use permits controlling a wide variety of system aspects and achieving separation of concerns between the managing and functional parts of systems. These so-called policy-based systems are utilised within different application domains, from network management and autonomic computing to access control and emergency handling. The various policy-based proposals from the literature lack however a comprehensive methodology supporting the whole life-cycle of system development: specification, analysis and implementation. In this thesis we propose formally-defined tool-assisted methodologies for supporting the development of policy-based access control and autonomic computing systems. We first present FACPL, a formal language that defines a core, yet expressive syntax for the specification of attribute-based access control policies. On the base of its denotational semantics, we devise a constraint-based analysis approach that enables the automatic verification of different properties of interest on policies. We then present PSCEL, a FACPL-based formal language for the specification of autonomic computing systems. FACPL policies are employed to enforce authorisation controls and context-dependent adaptation strategies. To statically point out the effects of policies on system behaviours, we rely again on a constraint-based analysis approach and reason on progress properties of PSCEL systems. The implementation of the languages and their analyses provides us some practical software tools. The effectiveness of the proposed solutions is illustrated through real-world case studies from the e-Health and autonomic computing domains

Cyber Security and Critical Infrastructures

This book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles: an editorial explaining current challenges, innovative solutions, real-world experiences including critical infrastructure, 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems, and a review of cloud, edge computing, and fog's security and privacy issues