SecNetworkCloudSim: An Extensible Simulation Tool for Secure Distributed Mobile Applications

Fueled by the wide interest for achieving rich-storage services with the lowest possible cost, cloud computing has emerged into a highly desired service paradigm extending well beyond Virtualization technology. The next generation of mobile cloud services is now manipulated more and more sensitive data on VM-based distributed applications. Therefore, the need to secure sensitive data over mobile cloud computing is more evident than ever. However, despite the widespread release of several cloud simulators, controlling user’s access and protecting data exchanges in distributed mobile applications over the cloud is considered a major challenge. This paper introduces a new NetworkCloudSim extension named SecNetworkCloudSim, a secure mobile simulation tool which is deliberately designed to ensure the preservation of confidential access to data hosted on mobile device and distributed cloud’s servers. Through high-level mobile users’ requests, users connect to an underlying proxy which is considered an important layer in this new simulator, where users perform secure authentication access to cloud services, allocate their tasks in secure VM-based policy, manage automatically the data confidentiality among VMs and derive high efficiency and coverage rates. Most importantly, due to the secure nature of proxy, user’s distributed tasks can be executed without alterations on different underlying proxy’s security policies. We implement a scenario of follow-up healthcare distributed application using the new extension

Detection of Malware Attacks on Virtual Machines for a Self-Heal Approach in Cloud Computing using VM Snapshots

Cloud Computing strives to be dynamic as a service oriented architecture. The services in the SoA are rendered in terms of private, public and in many other commercial domain aspects. These services should be secured and thus are very vital to the cloud infrastructure. In order, to secure and maintain resilience in the cloud, it not only has to have the ability to identify the known threats but also to new challenges that target the infrastructure of a cloud. In this paper, we introduce and discuss a detection method of malwares from the VM logs and corresponding VM snapshots are classified into attacked and non-attacked VM snapshots. As snapshots are always taken to be a backup in the backup servers, especially during the night hours, this approach could reduce the overhead of the backup server with a self-healing capability of the VMs in the local cloud infrastructure. A machine learning approach at the hypervisor level is projected, the features being gathered from the API calls of VM instances in the IaaS level of cloud service. Our proposed scheme can have a high detection accuracy of about 93% while having the capability to classify and detect different types of malwares with respect to the VM snapshots. Finally the paper exhibits an algorithm using snapshots to detect and thus to self-heal using the monitoring components of a particular VM instances applied to cloud scenarios. The self-healing approach with machine learning algorithms can determine new threats with some prior knowledge of its functionality

HIL: designing an exokernel for the data center

We propose a new Exokernel-like layer to allow mutually untrusting physically deployed services to efficiently share the resources of a data center. We believe that such a layer offers not only efficiency gains, but may also enable new economic models, new applications, and new security-sensitive uses. A prototype (currently in active use) demonstrates that the proposed layer is viable, and can support a variety of existing provisioning tools and use cases.Partial support for this work was provided by the MassTech Collaborative Research Matching Grant Program, National Science Foundation awards 1347525 and 1149232 as well as the several commercial partners of the Massachusetts Open Cloud who may be found at http://www.massopencloud.or

Secure policies for the distributed virtual machines in mobile cloud computing

Mobile Cloud Computing (MCC) is a combination of cloud computing and mobile computing through wireless technology in order to overcome mobile devices' resource limitations. In MCC, virtualization plays a key role whereas the cloud resources are shared among many users to help them achieve an efficient performance and exploiting the maximum capacity of the cloud’s servers. However, the lack of security aspect impedes the benefits of virtualization techniques, whereby malicious users can violate and damage sensitive data in distributed Virtual Machines (VMs). Thus, this study aims to provide protection of distributed VMs and mobile user’s sensitive data in terms of security and privacy. This study proposes an approach based on cloud proxy known as Proxy-3S that combines three security policies for VMs; user’s access control, secure allocation, and secure communication. The Proxy-3S keeps the distributed VMs safe in different servers on the cloud. It enhances the grants access authorization for permitted distributed intensive applications’ tasks. Furthermore, an algorithm that enables secure communication among distributed VMs and protection of sensitive data in VMs on the cloud is proposed. A prototype is implemented on a NetworkCloudSim simulator to manage VMs security and data confidentiality automatically. Several experiments were conducted using real-world healthcare distributed application in terms of efficiency, coverage and execution time. The experiments show that the proposed approach achieved lower attacker’s efficiency and coverage ratios; equal to 0.35 and 0.41 respectively in all experimented configurations compared with existing works. In addition, the execution time of the proposed approach is satisfactory ranging from 441ms to 467ms of small and large cloud configurations. This study serves to provide integrity and confidentiality in exchanging sensitive information among multistakeholder in distributed mobile applications

Implementation of Multivariate Authentication Protocol (MAP) for Side Channel Attack Detection

Cloud Computing offers an extensive variety of resources like computational power, computational storage and applications to clients by means of internet. Cloud Computing is empowering IT administrators to deliver resources to the users quicker in a great flexible way and at a cost effective model without having to restructuring or updating the basic infrastructure. With the expanding number of organizations falling back on utilize resources in the Cloud, there is a need for ensuring the security of the data of the clients using the cloud resources. The major challenged faced by cloud data centers to ensure security to its clients. According to the side channel attack the data privacy of the user is violated by observing the operation of the deduplication in the storage server of cloud, so this attack will easily allow the malicious user to access the data. The major contribution of this paper is to address the serious security issues related to side channel attacks. This paper proposes the design of a Multivariate Authentication Protocol (MAP) protocol against side channel attacks