Toward Smart Moving Target Defense for Linux Container Resiliency

This paper presents ESCAPE, an informed moving target defense mechanism for cloud containers. ESCAPE models the interaction between attackers and their target containers as a "predator searching for a prey" search game. Live migration of Linux-containers (prey) is used to avoid attacks (predator) and failures. The entire process is guided by a novel host-based behavior-monitoring system that seamlessly monitors containers for indications of intrusions and attacks. To evaluate ESCAPE effectiveness, we simulated the attack avoidance process based on a mathematical model mimicking the prey-vs-predator search game. Simulation results show high container survival probabilities with minimal added overhead.Comment: Published version is available on IEEE Xplore at http://ieeexplore.ieee.org/document/779685

A Framework for Data Sharing in Computer Supported Cooperative Environments

Concurrency control is an indispensable part of any information sharing system. Co-operative work introduces new requirements for concurrency control which cannot be met using existing applications and database management systems developed for non-cooperative environments. The emphasis of concurrency control in conventional database management systems is to keep users and their applications from inadvertently corrupting data rather than support a workgroup develop a product together. This insular approach is necessary because applications that access the database have been built with the assumptions that they have exclusive access to the data they manipulate and that users of these applications are generally oblivious of one another. These assumptions, however, are counter to the premise of cooperative work in which human-human interaction is emphasized among a group of users utilizing multiple applications to jointly accomplish a common goal. Consequently, applying conventional approaches to concurrency control are not only inappropriate for cooperative data sharing but can actually hinder group work. Computer support for cooperative work must therefore adopt a fresh approach to concurrency control which does promote group work as much as possible, but without sacrifice of all ability to guarantee system consistency. This research presents a new framework to support data sharing in computer supported cooperative environments; in particular, product development environments where computer support for cooperation among distributed and diverse product developers is essential to boost productivity. The framework is based on an extensible object-oriented data model, where data are represented as a collection of interrelated objects with ancillary attributes used to facilitate cooperation. The framework offers a flexible model of concurrency control, and provides support for various levels of cooperation among product developers and their applications. In addition, the framework enhances group activity by providing the functionality to implement user mediated consistency and to track the progress of group work. In this dissertation, we present the architecture of the framework; we describe the components of the architecture, their operation, and how they interact together to support cooperative data sharing

Towards autonomous vehicular clouds

The dawn of the 21st century has seen a growing interest in vehicular networking and its myriad potential applications. The initial view of practitioners and researchers was that radio-equipped vehicles could keep the drivers informed about potential safety risks and increase their awareness of road conditions. The view then expanded to include access to the Internet and associated services. This position paper proposes and promotes a novel and more comprehensive vision namely, that advances in vehicular networks, embedded devices and cloud computing will enable the formation of autonomous clouds of vehicular computing, communication, sensing, power and physical resources. Hence, we coin the term, autonomous vehicular clouds (AVCs). A key feature distinguishing AVCs from conventional cloud computing is that mobile AVC resources can be pooled dynamically to serve authorized users and to enable autonomy in real-time service sharing and management on terrestrial, aerial, or aquatic pathways or theaters of operations. In addition to general-purpose AVCs, we also envision the emergence of specialized AVCs such as mobile analytics laboratories. Furthermore, we envision that the integration of AVCs with ubiquitous smart infrastructures including intelligent transportation systems, smart cities and smart electric power grids will have an enormous societal impact enabling ubiquitous utility cyber-physical services at the right place, right time and with right-sized resources

Key Management in Wireless Ad Hoc Networks: Collusion Analysis and Prevention

Due to the dynamic nature of WAHN communications and the multi-node involvement in most WAHN applications, group key management has been proposed for efficient support of secure communications in WAHNs. Exclusion Basis Systems (EBS) provide a framework for scalable and efficient group key management where the number of keys per node and the number of re-key messages can be relatively adjusted. EBS-based solutions, however, may suffer from collusion attacks, where a number of nodes may collaborate to reveal all system keys and consequently capture the network. In this paper we investigate the collusion problem in EBS and demonstrate that a careful assignment of keys to nodes reduces collusion. Since an optimal assignment is NP hard, we propose a location-based heuristic where keys are assigned to neighboring nodes depending on the hamming distance between the strings of bits representing the used subset of the keys employed in the system. Simulation results have demonstrated that our proposed solution significantly boosts the network resilience to potential collusion threats