A new secure proxy-based distributed virtual machines management in mobile cloud computing

The mobile cloud computing as an excellent paradigm offers on-demand services, whereas users can be confident once using them. Nevertheless, the existing cloud virtualization systems are not secure enough regarding the mediocre degree of data protection, which avoids individuals and organizations to engage with this technology. Therefore, the security of sensitive data may be affected when mobile users move it out to the cloud exactly during the processing in virtual machines (VMs). Many studies show that sensitive data of legitimate users’ VMs may be the target of malicious users, which lead to violating VMs’ confidentiality and privacy. The current approaches offer various solutions for this security issue. However, they are suffering from many inconveniences such as unauthorized distributed VM access behavior and robust strategies that ensure strong protection of communication of sensitive data among distributed VMs. The purpose of this paper is to present a new security proxy-based approach that contains three policies based on secured hashed DiffieHellman keys for user access control and VM deployment and communication control management in order to defend against three well-known attacks on the mobile cloud environment (co-resident attacks, hypervisor attacks and distributed attacks). The related attacks lead to unauthorized access to sensitive data between different distributed mobile applications while using the cloud as a third party for sharing resources. The proposed approach is illustrated using a healthcare case study. Including the experimental results that show interesting high-efficiency protection and accurate attacks identification

Secure policies for the distributed virtual machines in mobile cloud computing

Mobile Cloud Computing (MCC) is a combination of cloud computing and mobile computing through wireless technology in order to overcome mobile devices' resource limitations. In MCC, virtualization plays a key role whereas the cloud resources are shared among many users to help them achieve an efficient performance and exploiting the maximum capacity of the cloud’s servers. However, the lack of security aspect impedes the benefits of virtualization techniques, whereby malicious users can violate and damage sensitive data in distributed Virtual Machines (VMs). Thus, this study aims to provide protection of distributed VMs and mobile user’s sensitive data in terms of security and privacy. This study proposes an approach based on cloud proxy known as Proxy-3S that combines three security policies for VMs; user’s access control, secure allocation, and secure communication. The Proxy-3S keeps the distributed VMs safe in different servers on the cloud. It enhances the grants access authorization for permitted distributed intensive applications’ tasks. Furthermore, an algorithm that enables secure communication among distributed VMs and protection of sensitive data in VMs on the cloud is proposed. A prototype is implemented on a NetworkCloudSim simulator to manage VMs security and data confidentiality automatically. Several experiments were conducted using real-world healthcare distributed application in terms of efficiency, coverage and execution time. The experiments show that the proposed approach achieved lower attacker’s efficiency and coverage ratios; equal to 0.35 and 0.41 respectively in all experimented configurations compared with existing works. In addition, the execution time of the proposed approach is satisfactory ranging from 441ms to 467ms of small and large cloud configurations. This study serves to provide integrity and confidentiality in exchanging sensitive information among multistakeholder in distributed mobile applications

Reliable and secure low energy sensed spectrum communication for time critical cloud computing applications

Reliability and security of data transmission and access are of paramount importance to enhance the dependability of time critical remote monitoring systems (e.g. tele-monitoring patients, surveillance of smart grid components). Potential failures for data transmissions include wireless channel unavailability and delays due to the interruptions. Reliable data transmission demands seamless channel availability with minimum delays in spite of interruptions (e.g. fading, denial-of-service attacks). Secure data transmissions require sensed data to be transmitted over unreliable wireless channels with sucient security using suitable encryption techniques. The transmitted data are stored in secure cloud repositories. Potential failures for data access include unsuccessful user authentications due to mis-management of digital identities and insucient permissions to authorize situation specic data access requests. Reliable and secure data access requires robust user authentication and context-dependent authorization to fulll situation specic data utility needs in cloud repositories. The work herein seeks to enhance the dependability of time critical remote monitoring applications, by reducing these failure conditions which may degrade the reliability and security of data transmission or access. As a result of an extensive literature survey, in order to achieve the above said security and reliability, the following areas have been selected for further investigations. The enhancement of opportunistic transmissions in cognitive radio networks to provide greater channel availability as opposed to xed spectrum allocations in conventional wireless networks. Delay sensitive channel access methods to ensure seamless connectivity in spite of multiple interruptions in cognitive radio networks. Energy ecient encryption and route selection mechanisms to enhance both secure and reliable data transmissions. Trustworthy digital identity management in cloud platforms which can facilitate ecient user authentication to ensure reliable access to the sensed remote monitoring data. Context-aware authorizations to reliably handle the exible situation specic data access requests. Main contributions of this thesis include a novel trust metric to select non-malicious cooperative spectrum sensing users to reliably detect vacant channels, a reliable delaysensitive cognitive radio spectrum hand-o management method for seamless connectivity and an energy-aware physical unclonable function based encryption key size selection method for secure data transmission. Furthermore, a trust based identity provider selection method for user authentications and a reliable context-aware situation specic authorization method are developed for more reliable and secure date access in cloud repositories. In conclusion, these contributions can holistically contribute to mitigate the above mentioned failure conditions to achieve the intended dependability of the timecritical remote monitoring applications