Designing a VM-level vertical scalability service in current cloud platforms: A new hope for wearable computers

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Public clouds are becoming ripe for enterprise adoption. Many companies, including large enterprises, are increasingly relying on public clouds as a substitute for, or a supplement to, their own computing infrastructures. On the other hand, cloud storage service has attracted over 625 million users. However, apart from the storage service, other cloud services, such as the computing service, have not yet attracted the end users’ interest for economic and technical reasons. Cloud service providers offers horizontal scalability to make their services scalable and economical for enterprises while it is still not economical for the individual users to use their computing services due to the lack of vertical scalability. Moreover, current virtualization technologies and operating systems, specifically the guest operating systems installed on virtual machines, do not support the concept of vertical scalability. In addition, network remote access protocols are meant to administer remote machines but they are unable to run the non-administrative tasks such as playing heavy games and watching high quality videos remotely in a way that makes the users feel as if they are sitting locally on their personal machines. On the other hand, the industry is yet unable to make efficient wearable computers a reality due to the limited size of the wearable devices, where it is infeasible to place efficient processors and big enough hard disks. This paper aims to highlight the need for the vertical scalability service and design the appropriate cloud, virtualization layer, and operating system services to incorporate vertical scalability in current cloud platforms in a way that will make it economically and technically efficient for the end users to use cloud virtual machines as if they are using their personal laptops. Through these services, the cloud takes wearable computing to the next stage and makes wearable computers a reality

Cloud Computing in the Quantum Era

Cloud computing has become the prominent technology of this era. Its elasticity, dynamicity, availability, heterogeneity, and pay as you go pricing model has attracted several companies to migrate their businesses' services into the cloud. This gives them more time to focus solely on their businesses and reduces the management and backup overhead leveraging the flexibility of cloud computing. On the other hand, quantum technology is developing very rapidly. Experts are expecting to get an efficient quantum computer within the next decade. This has a significant impact on several sciences including cryptography, medical research, and other fields. This paper analyses the reciprocal impact of quantum technology on cloud computing and vice versa

A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

Cloud-based online social network

International audienceOnline social media network has become part of human life by transforming the way users create new social relations or relate with family and friends. Online social network (OSN) has drastically increased the rate at which people interact with each other by simplifying the means of communication. However, privacy is raising a serious concern. All user generated data within the OSN system need to be protected against unauthorized friends or hackers or even against the provider of OSN. Many research works are going on to encounter the privacy issues in OSN. This paper analyses the limitations of the recent work being done in this field and proposes an efficient abstract solution to them

Trust Management for Public Key Infrastructures: Implementing the X.509 Trust Broker

A Public Key Infrastructure (PKI) is considered one of the most important techniques used to propagate trust in authentication over the Internet. This technology is based on a trust model defined by the original X.509 (1988) standard and is composed of three entities: the Certification Authority (CA), the certificate holder (or subject) and the Relying Party (RP). The CA plays the role of a trusted third party between the certificate holder and the RP. In many use cases, this trust model has worked successfully. However on the Internet, PKI technology is currently facing many obstacles that slow down its global adoption. In this paper, we argue that most of these obstacles boil down to one problem, which is the trust issue, i.e. how can an RP trust an unknown CA over the Internet? We demonstrate that the original X.509 trust model is not appropriate for the Internet and must be extended to include a new entity, called the Trust Broker, which helps RPs make trust decisions about CAs. We present an approach to assess the quality of a certificate that is related to the quality of the CA’s policy and its commitment to it. The Trust Broker, which is proposed for inclusion in the 2016 edition of X.509, could follow this approach to give RPs trust information about CAs. Finally, we present a prototype Trust Broker that demonstrates how RPs can make informed decisions about certificates in the context of the Web, by using its services

RootAsRole: a security module to manage the administrative privileges for Linux

Today, Linux users use sudo/su commands to attribute Linux’s administrative privileges to their programs. These commands always give the whole list of administrative privileges to Linux programs, unless there are pre-installed default policies defined by Linux Security Modules(LSM). LSM modules require users to inject the needed privileges into the memory of the process and to declare the needed privileges in an LSM policy. This approach can work for users who have good knowledge of the syntax of LSM modules’ policies. Adding or editing an existing policy is a very time-consuming process because LSM modules require adding a complete list of traditional permissions as well as administrative privileges. We propose a new Linux module called RootAsRole that is dedicated to the management of administrative privileges. RootAsRole is not proposed to replace LSM modules but to be used as a complementary module to manage Linux administrative privileges. RootAsRole allows Linux administrators to define a set of roles that contain the administrative privileges and restrict their usage to a set of users/groups and programs. Finally, we conduct an empirical performance study to compare RootAsRole tools with sudo/su commands to show that the overhead added by our module remains acceptable

MaldomDetector: A System for Detecting Algorithmically Generated Domain Names with Machine Learning

The file attached to this record is the author's final peer reviewed version.open access articleOne of the leading problems in cyber security at present is the unceasing emergence of sophisticated attacks, such as botnets and ransomware, that rely heavily on Command and Control (C&C) channels to conduct their malicious activities remotely. To avoid channel detection, attackers constantly try to create different covert communication techniques. One such technique is Domain Generation Algorithm (DGA), which allows malware to generate numerous domain names until it finds its corresponding C&C server. It is highly resilient to detection systems and reverse engineering, while allowing the C&C server to have several redundant domain names. This paper presents a malicious domain name detection system, MaldomDetector, which is based on machine learning. It is capable of detecting DGA-based communications and circumventing the attack before it makes any successful connection with the C&C server, using only domain name's characters. MaldomDetector uses a set of easy-to-compute and language-independent features in addition to a deterministic algorithm to detect malicious domains. The experimental results demonstrate that MaldomDetector can operate efficiently as a first alarm to detect DGA-based domains of malware families while maintaining high detection accuracy

A Multi-Classifier Network-Based Crypto Ransomware Detection System: A Case Study of Locky Ransomware

open access articleRansomware is a type of advanced malware that has spread rapidly in recent years, causing significant financial losses for a wide range of victims, including organizations, healthcare facilities, and individuals. Modern host-based detection methods require the host to be infected first in order to identify anomalies and detect the malware. By the time of infection, it can be too late as some of the system's assets would have been already exfiltrated or encrypted by the malware. Conversely, the network-based methods can be effective in detecting ransomware attacks, as most ransomware families try to connect to command and control servers before their harmful payloads are executed. Therefore, a careful analysis of ransomware network traffic can be one of the key means for early detection. This paper demonstrates a comprehensive behavioral analysis of crypto ransomware network activities, taking Locky, one of the most serious families, as a case study. A dedicated testbed was built, and a set of valuable and informative network features were extracted and classified into multiple types. A network-based intrusion detection system was implemented, employing two independent classifiers working in parallel on different levels: packet and flow levels. The experimental evaluation of the proposed detection system demonstrates that it offers high detection accuracy, low false positive rate, valid extracted features, and is highly effective in tracking ransomware network activities