Highly Scalable and Secure Mobile Applications in Cloud Computing Systems

Cloud computing provides scalable processing and storage resources that are hosted on a third-party provider to permit clients to economically meet real-time service demands. The confidentiality of client data outsourced to the cloud is a paramount concern since the provider cannot necessarily be trusted with read access to voluminous sensitive client data. A particular challenge of mobile cloud computing is that a cloud application may be accessed by a very large and dynamically changing population of mobile devices requiring access control. The thesis addresses the problems of achieving efficient and highly scalable key management for resource-constrained users of an untrusted cloud, and also of preserving the privacy of users. A model for key distribution is first proposed that is based on dynamic proxy re-encryption of data. Keys are managed inside the client domain for trust reasons, computationally-intensive re-encryption is performed by the cloud provider, and key distribution is minimized to conserve communication. A mechanism manages key evolution for a continuously changing user population. Next, a novel form of attribute-based encryption is proposed that authorizes users based on the satisfaction of required attributes. The greater computational load from cryptographic operations is performed by the cloud provider and a trusted manager rather than the mobile data owner. Furthermore, data re-encryption may be optionally performed by the cloud provider to reduce the expense of user revocation. Another key management scheme based on threshold cryptography is proposed where encrypted key shares are stored in the cloud, taking advantage of the scalability of storage in the cloud. The key share material erodes over time to allow user revocation to occur efficiently without additional coordination by the data owner; multiple classes of user privileges are also supported. Lastly, an alternative exists where cloud data is considered public knowledge, but the specific information queried by a user must be kept private. A technique is presented utilizing private information retrieval, where the query is performed in a computationally efficient manner without requiring a trusted third-party component. A cloaking mechanism increases the privacy of a mobile user while maintaining constant traffic cost

Executable Model Synthesis and Property Validation for Message Sequence Chart Specifications

Message sequence charts (MSC’s) are a formal language for the specification of scenarios in concurrent real-time systems. The thesis addresses the synthesis of executable object-oriented design-time models from MSC specifications. The synthesis integrates with the software development process, its purpose being to automatically create working prototypes from specifications without error and create executable models on which properties may be validated. The usefulness of existing algorithms for the synthesis of ROOM (Real-Time Object Oriented Modeling) models from MSC’s has been evaluated from the perspective of an applications programmer ac-cording to various criteria. A number of new synthesis features have been proposed to address them, and applied to a telephony call management system for illustration. These include the specification and construction of hierarchical structure and behavior of ROOM actors, views, multiple containment, replication, resolution of non-determinism and automatic coordination. Generalizations and algorithms have been provided. The hierarchical actor structure, replication, FSM merging, and global coordinator algorithms have been implemented in the Mesa CASE tool. A comparison is made to other specification and modeling languages and their synthesis, such as SDL, LSC’s, and statecharts. Another application of synthesis is to generate a model with support for the automated validation of safety and liveness properties. The Mobility Management services of the GSM digital mobile telecommunications system were specified in MSC’s. A Promela model of the system was then synthesized. A number of optimizations have been proposed to reduce the complexity of the model in order to successfully perform a validation of it. Properties of the system were encoded in Linear Temporal Logic, and the Promela model was used to automatically validate a number of identified properties using the model checker Spin. A ROOM model was then synthesized from the validated MSC specification using the proposed refinement features

Re-Encryption-Based Key Management Towards Secure and Scalable Mobile Applications in Clouds

Cloud computing confers strong economic advantages, but many clients are reluctant to implicitly trust a third-party cloud provider. To address these security concerns, data may be transmitted and stored in encrypted form. Major challenges exist concerning the aspects of the generation, distribution, and usage of encryption keys in cloud systems, such as the safe location of keys, and serving the recent trend of users that tend to connect to contemporary cloud applications using resource-constrained mobile devices in extremely large numbers simultaneously; these characteristics lead to difficulties in achieving efficient and highly scalable key management. In this work, a model for key distribution based on the principle of dynamic data re-encryption is applied to a cloud computing system in a unique way to address the demands of a mobile device environment, including limitations on client wireless data usage, storage capacity, processing power, and battery life. The proposed cloud-based re-encryption model is secure, efficient, and highly scalable in a cloud computing context, as keys are managed by the client for trust reasons, processor-intensive data re-encryption is handled by the cloud provider, and key redistribution is minimized to conserve communication costs on mobile devices. A versioning history mechanism effectively manages keys for a continuously changing user population. Finally, an implementation on commercial mobile and cloud platforms is used to validate the performance of the model

JaCaL : an implementation of Linda in Java

Java is an object-oriented programming language with built-in features for creating distributed programs. A key feature-set that is missing, however, is'an easy-to-use, reliable, and scaleable tool for writing truly parallel programs. The Linda para\lel programming model defmes a client-server approach where concurrent execution requests are serviced and results are stored to a shared data repository called a Tuple Space. Tuples consist of heterogeneous coIIections of data of various types. An interpretation of the model aIIows the programmer to create active tuples, in which user-defined functions are automatically and transparently launched in concurrently executing processes distributed on remote workstations. This paper presents an implementation of Linda in Java called JaCaL, a library of classes and interfaces easily integrated into a client application. The Tuple Space has been implemented as a data store residing on a single machine, whilst being accessible by clients distributed on other machines. Clients can create active tuples, which cause processes on distributed machines to be transparently invoked to execute user-defined functions, employing a load-balanced worker process model. No pre-processor is required to parse the client program before compilation. The implementation allows a Java application developer to create more efficient coarse grained parallel programs with minimal effort. Performance measurements have been made and compared to those of another, similar implementation