3,623 research outputs found
Enhanced Obfuscation for Software Protection in Autonomous Vehicular Cloud Computing Platforms
Nowadays, sensors, communications connections, and more powerful computing capabilities are added to automobiles, making them more intelligent. The primary goal was to eliminate the need for human control, making them Autonomous Vehicles (AVs). Consequently, researchers thought to put all that newly added computational power to use for other endeavors. Hence, Autonomous Vehicular Cloud Computing (AVCC) models were introduced. Nevertheless, this goal is not an easy undertaking, the dynamic nature of autonomous vehicles introduces a critical challenge in the development of such a distributed computing platform. Furthermore, it presents far complicated issues as far as security and protection of services associated with this framework. In this paper, we center around securing programs running on AVCC. Here, we focus on timing side-channel attacks which aim to leak information about running code, which can be utilized to reverse engineer the program itself. We propose to mitigate these attacks via obfuscated compilation. In particular, we change the control flow of an input program at the compiler level, thereby changing the program’s apparent behavior and accompanying physical manifestations to hinder these attacks. We improve our previous ARM-based implementation to address its limitations and provide more comprehensive coverage for different programs. Our solution is software-based and generically portable - fitting different hardware platforms and numerous input program languages at the source level. Our findings prove a considerable improvement over our previous technique, which may provide more defense against timing side-channels
Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing
Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.
In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication.
For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels.
For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable
Systematic support for accountability in the cloud
PhD ThesisCloud computing offers computational resources such as processing,
networking, and storage to customers. Infrastructure as a Service
(IaaS) consists of a cloud-based infrastructure to offer consumers raw
computation resources such as storage and networking. These resources
are billed using a pay-per-use cost model. However, IaaS is
far from being a secure cloud infrastructure as the seven main security
threats defined by the Cloud Security Alliance (CSA) indicate. Use
of logging systems can provide evidence to support accountability for
an IaaS cloud.
An accountability helps when mitigating known threats. However,
previous accountability with logging systems solutions are provided
without systematic approaches. These solutions are usually either for
the cloud customer side or for the cloud provider side, not for both
of them. Moreover, the solutions also lack descriptions of logging
systems in the context of a design pattern of the systems' components.
This design pattern facilitates analysis of logging systems in terms of
their quality.
Additionally, there is a number of benefits of this pattern. They could
be: to promote the reusability of design and development of logging
systems; that designers can access this pattern more easily; to assist
a designer adopts design approaches which make a logging system
reusable and not to choose approaches which do not concern reusability
concepts; and to enhance the documentation and maintenance of
existing logging systems.
Thus, the aim of this thesis is to provide support for accountability in
the cloud with systematic approaches to assist in mitigating the risks
associated with real world CSA threats, to benefit both customers and
providers. We research the extent to which such logging systems help
us to mitigate risks associated with the threats identified by the CSA.
The thesis also presents a way of identifying the reference components
of logging systems and how they may be arranged to satisfy logging
requirements. 'Generic logging components' for logging systems are
proposed.
These components encompass all possible instantiations of logging solutions
for IaaS cloud. The generic logging components can be used to
map existing logging systems for the purposes of analysis of the systems'
security. Based on the generic components, the thesis identifies
design patterns in the context of logging in IaaS cloud. We believe
that these identified patterns facilitate analysis of logging systems in
terms of their quality.
We also argue that: these identified patterns could increase reusability
of the design and development of logging systems; designers should
access these patterns more easily; the patterns could assist a designer
adopts design approaches which make a logging system reusable and
not to choose approaches which do not concern reusability concepts;
and they can enhance the documentation and maintenance of existing
logging systems.
We identify a logging solution which is based on the generic logging
components to mitigate the risks associated with CSA threat number
one. An example of the threat is malicious activities, for example
spamming, which are performed in consumers' virtual machines or
VMs. We argue that the generic logging components we suggest could
be used to perform a systematic analysis of logging systems in terms
of security before deploying them in production systems.
To assist in mitigating the risks associated with this threat to benefit
both customers and providers, we investigate how CSA threat number
one can affect the security of both consumers and providers. Then we
propose logging solutions based on the generic logging components
and the identified patterns. We systematically design and implement
a prototype system of the proposed logging solutions in an IaaS to
record history of customer's files.
This prototype system can be also modified in order to record VMs'
process behaviour log files. This system can record the log files while
having a smaller trusted computing base, compared to previous work.
Additionally, the system can be seen as possible solutions that could
tackle the dificult problem of logging file and process activities in the
IaaS. Thus, the proposed logging solutions can assist in mitigating the
risks associated with the CSA threats to benefit both consumers and
providers. This could promote systematic support for accountability
in the cloud
Fog computing security: a review of current applications and security solutions
Fog computing is a new paradigm that extends the Cloud platform model by providing computing resources on the edges of a network. It can be described as a cloud-like platform having similar data, computation, storage and application services, but is fundamentally different in that it is decentralized. In addition, Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the Fog platform highly suitable for time and location-sensitive applications. For example, Internet of Things (IoT) devices are required to quickly process a large amount of data. This wide range of functionality driven applications intensifies many security issues regarding data, virtualization, segregation, network, malware and monitoring. This paper surveys existing literature on Fog computing applications to identify common security gaps. Similar technologies like Edge computing, Cloudlets and Micro-data centres have also been included to provide a holistic review process. The majority of Fog applications are motivated by the desire for functionality and end-user requirements, while the security aspects are often ignored or considered as an afterthought. This paper also determines the impact of those security issues and possible solutions, providing future security-relevant directions to those responsible for designing, developing, and maintaining Fog systems
Gotcha! I Know What You are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links
In recent decades, due to the emerging requirements of computation
acceleration, cloud FPGAs have become popular in public clouds. Major cloud
service providers, e.g. AWS and Microsoft Azure have provided FPGA computing
resources in their infrastructure and have enabled users to design and deploy
their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple
users can share the same FPGA fabric with certain types of isolation to improve
resource efficiency, have already been proved feasible. However, this also
raises security concerns. Various types of side-channel attacks targeting
multi-tenancy FPGAs have been proposed and validated. The awareness of security
vulnerabilities in the cloud has motivated cloud providers to take action to
enhance the security of their cloud environments.
In FPGA security research papers, researchers always perform attacks under
the assumption that attackers successfully co-locate with victims and are aware
of the existence of victims on the same FPGA board. However, the way to reach
this point, i.e., how attackers secretly obtain information regarding
accelerators on the same fabric, is constantly ignored despite the fact that it
is non-trivial and important for attackers. In this paper, we present a novel
fingerprinting attack to gain the types of co-located FPGA accelerators. We
utilize a seemingly non-malicious benchmark accelerator to sniff the
communication link and collect performance traces of the FPGA-host
communication link. By analyzing these traces, we are able to achieve high
classification accuracy for fingerprinting co-located accelerators, which
proves that attackers can use our method to perform cloud FPGA accelerator
fingerprinting with a high success rate. As far as we know, this is the first
paper targeting multi-tenant FPGA accelerator fingerprinting with the
communication side-channel.Comment: To be published in ACM CCS 202
Migrating to Post-Quantum Cryptography: a Framework Using Security Dependency Analysis
Quantum computing is emerging as an unprecedented threat to the current state
of widely used cryptographic systems. Cryptographic methods that have been
considered secure for decades will likely be broken, with enormous impact on
the security of sensitive data and communications in enterprises worldwide. A
plan to migrate to quantum-resistant cryptographic systems is required.
However, migrating an enterprise system to ensure a quantum-safe state is a
complex process. Enterprises will require systematic guidance to perform this
migration to remain resilient in a post-quantum era, as many organisations do
not have staff with the expertise to manage this process unaided. This paper
presents a comprehensive framework designed to aid enterprises in their
migration. The framework articulates key steps and technical considerations in
the cryptographic migration process. It makes use of existing organisational
inventories and provides a roadmap for prioritising the replacement of
cryptosystems in a post-quantum context. The framework enables the efficient
identification of cryptographic objects, and can be integrated with other
frameworks in enterprise settings to minimise operational disruption during
migration. Practical case studies are included to demonstrate the utility and
efficacy of the proposed framework using graph theoretic techniques to
determine and evaluate cryptographic dependencies.Comment: 21 Page
TAXONOMY OF SECURITY AND PRIVACY ISSUES IN SERVERLESS COMPUTING
The advent of cloud computing has led to a new era of computer usage. Networking and physical security are some of the IT infrastructure concerns that IT administrators around the world had to worry about for their individual environments. Cloud computing took away that burden and redefined the meaning of IT administrators. Serverless computing as it relates to secure software development is creating the same kind of change. Developers can quickly spin up a secure development environment in a matter of minutes without having to worry about any of the underlying infrastructure setups. In the paper, we will look at the merits and demerits of serverless computing, what is drawing the demand for serverless computing among developers, the security and privacy issues of serverless technology, and detail the parameters to consider when setting up and using a secure development environment based on serverless computin
- …