Professional Documents
Culture Documents
By
Farhad Ahamed Supervisors:
Formatted: Right
Page |1
Contents
Abstract ........................................................................................................................................................................... 43 1. 2. Introduction ............................................................................................................................................................ 43 Research background.............................................................................................................................................. 54 2.1. 2.2. 2.3. 2.4. 2.5. 2.6. 2.7. 2.8. 2.9. 2.10. 3. 4. Zero-day exploitation ...................................................................................................................................... 65 Cross site scripting issues................................................................................................................................ 76 Distributed Denial of Service .......................................................................................................................... 76 Virtual machine image exploitation ................................................................................................................ 76 Trust and information sharing concerns ......................................................................................................... 87 Public Key Infrastructure related issue ........................................................................................................... 98 Data centric security approach ....................................................................................................................... 98 Privacy homomorphism ................................................................................................................................ 109 Side channels and resource sharing issues ................................................................................................... 109 Energy efficiency and VM consolidation: Security concern .................................................................... 1110
Research questions ............................................................................................................................................. 1312 Research methodology ....................................................................................................................................... 1413 4.1. Security oriented VM consolidation ........................................................................................................... 1413 Experimentation ................................................................................................................................. 1514 Simulation ........................................................................................................................................... 1514
Side channels analysis for co-resident VMs ................................................................................................ 1514 Experimentation ................................................................................................................................. 1514 Statistical analysis ............................................................................................................................... 1514
4.2.1 4.2.2 5. 6. 7. 8.
Required resources ............................................................................................................................................. 1615 Timeline............................................................................................................................................................... 1615 Publishing plan .................................................................................................................................................... 1716 Conclusion ........................................................................................................................................................... 1716
Page |2
2.
Research background................................................................................................................................................ 5 2.1. 2.2. 2.3. 2.4. 2.5. 2.6. 2.7. 2.8. 2.9. 2.10. Zero-day exploitation ........................................................................................................................................ 6 Cross site scripting issues.................................................................................................................................. 7 Distributed Denial of Service ............................................................................................................................ 7 Virtual machine image exploitation .................................................................................................................. 8 Trust and information sharing concerns........................................................................................................... 9 Public Key Infrastructure related issue ............................................................................................................. 9 Data centric security approach ....................................................................................................................... 10 Privacy homomorphism .................................................................................................................................. 10 Side channels and resource sharing issues ..................................................................................................... 11 Energy efficiency and VM consolidation: Security concern ........................................................................ 12
3. 4.
Research questions ................................................................................................................................................. 13 Research methodology ........................................................................................................................................... 14 4.1. Security oriented VM consolidation ............................................................................................................... 14 Experimentation ..................................................................................................................................... 15 Simulation ............................................................................................................................................... 15
Side channels analysis for co-resident VMs .................................................................................................... 15 Experimentation ..................................................................................................................................... 15 Statistical analysis ................................................................................................................................... 15
4.2.1 4.2.2 5. 6. 7. 8.
References ...................................................................................................................................................................... 18
Formatted: No Spacing
Formatted: Right
Page |3
Abstract
Cloud computing is a heterogeneous architecture, benefitting from a range of technologies provisioning several IT services. Although the benefits of these services to scientific and business communities are obvious, ensuring effective and adequate security measures in Cloud environment remains a challenge and dominant concern to the Cloud customers. So, Cloud computing model is not adopted widely with its full capacity. On the other hand, saving energy in the large-scale data centers has gained large attention from the research community. Hence, Cloud providers consolidate virtual machines to utilize less physical machines and save power and operational cost. However, in this process they ignore security issues and trust among the customers. In fact, distributive and multi-tenancy nature of Cloud computing paradigm increased risk and security vulnerabilities like resource monitoring, virtualization, side channels threat, and denial of service. Considering these security issues, we aim to fill the existing research gap with (1) proposing security oriented virtual machine consolidation and (2) mitigating the security threat that emerges from side channels in co-resident virtual machines in Cloud computing environments.
1. Introduction
Cloud computing is a heterogeneous architecture, benefitting from a range of technologies provisioning several IT services. There are five widely accepted characteristics common to Cloud systems that are identified by National Institute of Standards and Technology (NIST) [1]. These are on-demand selfservice, broad network access and diversity of client devices, resource pooling, rapid elasticity, and measured service with the pay-per-use business model. Resource pooling allows the Cloud providers to serve multi-tenant clients by managing resource utilization efficiently using virtualization, resource partitioning, and workload balancing. Rapid elasticity scales the needed resources in a dynamic manner. Other important features include the heterogeneity on both provider and client sides, and multi-provider services. Cloud computing is considered as one of the major shifts in contemporary computing. The Internet, web applications, cluster computing, terminal services, and virtualization have all contributed to Cloud computing. They have set the grounds for the remote service clients to utilize distributed computing, resource sharing and pay-as-you go models needed in the Cloud architecture [2]. Three major parts construct the bulk of services in Cloud computing environments [3, 2]. One part is referred to as Software-as-aService (SaaS). This service enables the Cloud client machines to use the software on a Cloud server, as if it were within their local work environments. Platform-as-a-Service (PaaS) provides software development platforms for clients. This can reduce the overheads associated with maintenance and infrastructure. Infrastructure-as-a-Service (IaaS) is the third part. Essentially, IaaS provides software, hardware, and network resources, as virtual but apparently on-demand services. Many of the attacks on Cloud systems relates to their distributed and shared environments. These attacks are considered as traditional network threats and inherited to Cloud environments. Denial of Service (DoS)
Page |4
Formatted: Right
attacks or Cross Site Scripting (CSS) threats are examples on this category [4]. On the other hand, some threats are specific to Cloud environments. This may for instance be related to multi-tenancy nature of the Cloud server or to virtual machines (VM) that form the basis of the Cloud computing paradigm [4]. In either of these cases, traditional cryptography and its evolutions play dominant roles in addressing underlying challenges [5]. Clearly, the challenges in securing the Cloud and the potential solutions encompass many old and new ideas. These are very active research areas and the resulting publications can be overwhelming. In this document, we categorize the security challenges in Cloud. We include the current research directions and more importantly to determine the research areas in securing Cloud. We also pointed out what will be our focus during the research. We discuss the background for this research in section 2. Then, we present the research questions in section 3. We provide the research methodology in section 4. Approximate timeline for the research is provided in section 5. Then, we outline publishing plan in section 6. Finally, section 7 presents the concluding remarks.
2. Research background
Cloud Security Alliance (CSA) has identified seven domains of security threat [6, 7]. Fig 1 summarizes these threat domains. Data integrity in Cloud environment is also a challenge for Cloud service providers (CSP). Either traveling of data in clusters, in VMs, in databases, or into third party storages, data ownership should be always attached to the end users or they should have mechanism to audit the data and verify the logs of data access. Encrypted data can provision these characteristics.
Figure 1. Cloud Security Alliance identified threat domains in Cloud computing There is ongoing research to address how to perform operation on encrypted data without decrypting it. Additionally, it is required to conduct further research to investigate how to sort, search over encrypted data and metadata. These are also discussed in later sections. Data security on remote resources with multiple shared users, security on network transmission protocol, encrypted information, and multiparty data or service provision are examples of conventional or more traditional security threats.
Formatted: Right
Page |5
Formatted: Right
Page |6
Page |7
In public Cloud environments, the data owner does not normally have full physical control over their data.
Figure 3.
To ensure the integrity of data, periodic audit is necessary. To address the growing concerns about the associated loss of control over private data hosted in the Cloud, an architecture for a secure data repository service, motivated by the smart power grid domains has been proposed [27]. The system masks file names, user permissions, and access patterns while providing auditing capabilities with provable data updates. Providing and managing end user access in the Cloud while enforcing the security policies is an ongoing research issue. If the security of a VM is compromised, the rest of the VM holders, at least those on the same physical machine, will be concerned. To monitor these attacks, while preserving data privacy, some security and access management framework has been proposed [28]. A Cloud provider, CloudPassage, claims to be capable of securing the servers across public, private and hybrid Clouds and give real-time detection for a wide range of security events and system states [29]. However, this type of monitoring requires autonomic intelligent alarm systems and self-defense capabilities.
Page |8
Page |9
Formatted: Right
passively observe the information, or to covert channels that actively send data [64, 65]. An attacker can detect the target VM in a server using the techniques like measuring cache usage, load-based co-residence detection and estimating traffic rates on network address [66]. When the target virtual instance and malicious instance are in the same physical machine, monitoring the CPU, memory, network utilization, and other behavior patterns can lead to cross VM information leakage. It has been proposed that new systems with secure cache be designed to overcome some of these issues [67]. However, this is on theoretical stage and exhausting number of server already dedicated for Cloud with shared CPU design. For our convenience to address the Cloud security, side cannel attacks roughly can be categorized into three types [68]. These are time-driven side channels, access-driven side channels and trace-driven side channels. A time-driven side-channel attack is possible when the total execution times of cryptographic operations with a fixed key are influenced by the value of the key, e.g., due to the structure of the cryptographic implementation or due to system-level effects such as cache evictions. This type of influence can be exploited by an attacker who can measure statistically such timing to infer information about the key. A second class of side-channel attacks is trace-driven. These attacks continuously monitor some aspect of a device throughout a cryptographic operation, such as the devices power draw or electromagnetic emanations. The ability to monitor the device continuously makes these attacks quite powerful but typically requires physical proximity to the device, which we do not assume here. The third class of side-channel attack, of which ours is an example in the methodology, is an access-driven attack, in which the attacker runs a program on the system that is performing the cryptographic operation of interest. The spy program observes usage of a shared architectural component to learn information about the key, e.g., the data cache, instruction cache, floating-point multiplier, or branch-prediction cache. Recently multiple research papers are referred to exploit the data cache to extract private key [66, 68]. This attack is considered as asynchronous, meaning that they do not require the attacker to achieve precisely timed observations of the victim by actively triggering operations of the victim. These attacks leverage CPUs with simultaneous multi-threading (SMT) or the ability to game operating system process schedulers; none was shown to work in symmetric multi-processing (SMP) settings.
P a g e | 11
the VMs. Therefore, it is necessary to employ software centric security to reduce security risk of VM consolidation. There are knowledge base network vulnerability tools (Snort, OpenVAS) that are used for intrusion detection service (IDS) and intrusion prevention service (IPS) [71]. These tools focus on the victim to eliminate the threat. However, there is a research gap to put focus on the attacker, when it is launching the attack or probing for suspected attack. We can identify a suspected attack by analyzing the resource consumption behavior, network probing, signature-based attack, etc. There has been some work to identify signature-based attacks to develop IDS and IPS [13]. Essentially, data mining and pattern recognition techniques are used to develop algorithms to recognize malware attacks.
Formatted: Right
P a g e | 12
3. Research questions
In this section, we discuss the research questions. Based on classification of threats in Cloud computing presented in the section 2, our research will fall within the share technology issues in Cloud computing environment. In the following, we explain the details of the research questions: 1. Power consumption is one of the main sources of operational cost in the data centres. To save energy and power in large data centres, instances of the VMs are consolidated within same physical machines. Cloud providers apply these policies to private, public or hybrid Cloud without considering security. However, co-residency of VMs is can introduce some security challenges. a) How the safety of other tenants in Cloud can be ensured by characterise a particular VM unsafe? b) What are the security parameters based on VM resource usages pattern that must be included in their security profiles? How can be these profiles measured without violating their access privilege and privacy policy? c) Each VM sends interrupts, requests for CPU clock cycle for processing. These VMs utilize server disks, dynamic memory and network bandwidth. Additionally, these VMs access diverse resources on the network. How we can construct these security profiles based on process, memory and network utilization of the VMs? d) Large computation tasks and data instances are sliced into small units and distributed to the Cloud. Having the security profile of the VM, how we can ensure distribution of tasks will be scalable in terms of the security? 2. A user can monitor the cryptographic process on co-resident VMs by utilizing side channels attacks. Eventually, by applying statistical methodology analysis on collected data, they could decipher the secret key (AES or RSA) of the running process of the target VM. How we can mitigate side channel threat from shared CPU cycle, shared cache memory in public Cloud? a) One of the possible ways to hide the cryptographic processing information from side channel attack is to increase processing noise randomly. A defender process can create a shell to run cryptographic process to hide the real crypto key. How we can achieve solution that can be applied locally to the shared VMs to secure the cryptographic process? b) VMs has no real access to physical machine entropy, therefore, there is good possibility to generate same random number by different VMs. These periodic random numbers are used for secure network communication that could be compromised. This threat becomes real when there is co-residence of VMs. How we can alleviate this probability of random number generation?
Formatted: Right
P a g e | 13
4. Research methodology
In this section, we discuss research methodology to address the research questions. We present four layers of Cloud architecture model in the figure 4. PMs and VMs construct the foundation in the layer one. In the layer two, VM manager performs management and administration tasks. The third Llayer threep provides platform for the Cloud services for through a Cloud middleware. Lastly, layer four provides Cloud applications to the customers and Cloud brokers. Considering the first research question, our focus will be on building a security service on layer 3. Additionally, we will also focus on layer 2 to investigate the second research question and simulate a threat scenario that would lead to build a VM protector component. Layer 4 Cloud applications Layer 3 Cloud services Layer 2 Management and administration tools
VM n
Users
Security service VM protector
VM 1
Brokers
Cloud middleware
VM manager
VM 2
PM 1
PM 2
PM n
P a g e | 14
experiment on real system. We will identify the major characteristics or parameters that will be considered for constructing the security profile. In the second phase, we will use simulator to analyze experiment results. Later in second phase, we will consolidate VMs utilizing the threat classification and parameters.
4.2.1 Experimentation
In our experiment, we will setup a real private Cloud environment using Open Stack. Multiple VMs will run simultaneously to generate traffic by connecting with Internet or intranet. We will utilize traffic catcher like Wireshark to intercept the network packets [72]. Then, based on the collected data, we would seek to discover network access or attack pattern. We may also construct network devices trusted tree to contribute to security profile of VMs. We can look into the possibilities to develop additional modules on open source tools like Snort or OpenVAS to serve the purpose of creating security profiles [71] [73]. These modules would provide vulnerability value of each VM based on signature-based attacks. The end users may pre-define a vulnerability value for specific signature attacks to be high, medium, low, or based on any numeric value.
4.2.2 Simulation
After the generation of security profile, we will simulate VMs consolidation environment. For simulation, we will use CloudSim which is an open source tool to consolidate the VMs based on security profile [74]. CloudSim can generate large scale VMs testing environment. Existing VM consolidation algorithms will be used in the simulation; however, we need to extend the algorithm considering security profile. Then, the simulation result can be analyzed with Matlab for performance metrics analysis purpose [75].
4.2.1 Experimentation
Multiple VMs will be installed in a PM for the experiment. Initially, we will start the experiment and data collection with three VMs. The target VM will run continuous cryptographic process with a secret key. The attacker VM will run a spy process to monitor CPU cycle and memory usages patterns for all the VMs. Data will be collected from the process and cache memory to find out maxima and minima of CPU utilization as well as CPU cache hit from different VMs.
Formatted: Right
usages. This analysis would open door to insert and read from the physical memory of the target VM. Then, code will be developed to insert and extract the secret key from the cache.
5. Required resources
The following listed resources are required for this research. 1) 2) 3) 4) 5) 6) 7) 8) Multiple physical servers ( minimum 3 PMs ) VMware virtual machines software suite ( ESXi, etc.) VMs with Windows, Linux ( minimum 6 VMs with 2 VMs per PM) Open Stack Cloud middleware Wireshark OpenVAS Matlab Eclipse, CloudSim
6. Timeline
In this section, we include the approximate timeline to accomplish milestone for this research. This schedule is outlined for part-time research. If sponsorship or scholarship is received, the research schedule will be reduced by multiple semesters.
2012 Semester 1 2014 Semester 3 2015 Semester 4 Identify the Research question and Methodology Conference Publication Journal Publication Define the Research question and Methodology Confirmation of candidature Classification and identification of the security parameters, patterns to be identified during experiment Setup experiment environment using Open Stack Conference Publication Data collection [ Number of threats, level of threats, vulnerability type, VM cache usages] Data analysis [ Statistical analysis of cache usages, develop code] Conference Publication Develop an algorithm to quantify the VM security profiles Data collection Data analysis [ Look for possible solution to avoid side-channel attack] Journal Publication Thesis draft
Formatted: Right
2013
Semester 2
P a g e | 16
2016
Semester 5
Use simulation tool for consolidation and performance checking. Data collection and analysis Conference Publication Thesis writing, finalizing , proofreading Journal Publication Thesis submission Left for unforseen reason
2017
Semester 6
2018-19
7. Publishing plan
2012 Farhad Ahamed, Seyed Shahrestani and Athula Ginige, Addressing the Challenges in securing Cloud computing, The 19th IBIMA conference proceeding, Barcelona, Spain. Farhad Ahamed, Seyed Shahrestani and Athula Ginige, Cloud Computing: Security and Reliability Issues, Communications of the IBIMA, vol. 2013, Article ID 655710, 12 pages, DOI: 10.5171/2013.655710 2013 Publish in IEEE e-Science conference / UCC Conference 2014 Publish in IEEE CloudCom conference 2015 Publish in IEEE Transactions on Cloud Computing 2016 Publish in IEEE Cloud Conference 2017 Publish in IEEE Transactions on Cloud Computing
8. Conclusion
Cloud computing paradigm has gained popularity due to inexpensive operating costs and pay per usages model. On the other hand, as it is presented in this document, traditional, contemporary and potential security threats resulted non-geometric growth of Cloud computing. Due to the inherent multi-tenancy architecture and virtualization environment, Cloud-computing environments are prone to threats that can intervene with any distributed system. Furthermore, widely used PKI can be the underlying cause for some security issue. There have been solutions suggested for overcoming some of these issues. For example, datacentric solutions can provide security enhancement for some applications that utilize Cloud resources. To minimize security risks due to co-residency of VMs, detection of security profile of the VMs needs to be sorted. Hence, our research will focus on discovery and quantification of security threats in Cloud
Formatted: Right
P a g e | 17
environment, provide security service in relation to VM consolidation, and mitigate the threat of sidechannels in multi tenancy Cloud.
References
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] M. Hogan, F. Liu, A. Sokol, and J. Tong, "NIST Cloud Computing Standards Roadmap", 2011. L. Youseff, M. Butrico, and D. Da Silva, "Toward a Unified Ontology of Cloud Computing", presented at the Grid Computing Environments Workshop, 2008. GCE '08, 2008. L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, "A break in the clouds: towards a cloud definition", SIGCOMM Comput. Commun. Rev., vol. 39, pp. 50-55, 2008. Y. Chen, V. Paxson, and R. H. Katz, "Whats new about Cloud Computing Security? ", EECS Department, University of California, Berkeley, 2010. S. Kamara and K. Lauter, "Cryptographic cloud storage", presented at the Proceedings of the 14th international conference on Financial cryptograpy and data security, Tenerife, Canary Islands, Spain, 2010. Cloud Security Alliance. (2011). Security guidance for critical areas of focus in Cloud computing [Webpage]. Available: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf Cloud Security Alliance. (2009). Top Threats in Cloud Computing v 1.0 [Webpage]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf M. Henning, "API design matters", Queue, vol. 5, pp. 24-36, 2007. Web Hacking Incident Database. (2011). [Webpage]. Available: http://projects.webappsec.org/w/page/13246995/WebHacking-Incident-Database L. Essers. (2011). Dutch Government Struggles to Deal With DigiNotar Hack [Webpage]. Available: http://www.pcworld.com/businesscenter/article/239639/dutch_government_struggles_to_deal_with_diginotar_hack.html ICANN. DNSSEC Standards [Webpage]. Available: http://www.icann.org/en/news/in-focus/dnssec/standards TechWeb. (2006) Exploit Prevention Labs Ships Zero-day Exploit Blocker. TechWeb. 1-1. Available: http://search.proquest.com/docview/201528695?accountid=36155 B. Lahiri, "Detecting exploit patterns from network packet streams," Ph.D. 3511430, Iowa State University, United States -- Iowa, 2012. SANS Institute. (2009). The top cyber security risks [Webpage]. Available: http://www.sans.org/top-cyber-security-risks S. Lloyd, D. Fillingham, R. Lampard, S. Orlowski, and J. Weigelt, "CA-CA Interoperability", PKI Forum, Mar, 2001. Open Web Application Security Project. (2010). OWASP Top 10 Risks [Webpage]. Available: http://www.owasp.org/index.php/Top_10_2010 J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono, "All your clouds are belong to us: security analysis of cloud management interfaces", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. M. Johns, "Code injection vulnerabilities in Web applications - Exemplified at Cross-site Scripting," University of Passau, Passau, 2009. L. Bello and A. Russo, "Towards a taint mode for cloud computing web applications", presented at the Proceedings of the 7th Workshop on Programming Languages and Analysis for Security, Beijing, China, 2012. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds", presented at the Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2, 2005. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms", SIGCOMM Comput. Commun. Rev., vol. 34, pp. 39-53, 2004. J. Idziorek and M. Tannian, "Exploiting Cloud Utility Models for Profit and Ruin", presented at the Cloud Computing (CLOUD), 2011 IEEE International Conference on, 2011. A. Kurmus, M. Gupta, R. Pletka, C. Cachin, and R. Haas, "A comparison of secure multi-tenancy architectures for filesystem storage clouds", presented at the Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware, Lisbon, Portugal, 2011. T. Garfinkel and M. Rosenblum, "When virtual is harder than real: Security challenges in virtual machine based computing environments", In Proceedings of the 10th HotOS, 2005. J. Wei, X. Zhang, G. Ammons, V. Bala, and P. Ning, "Managing security of virtual machine images in a cloud environment", presented at the Proceedings of the 2009 ACM workshop on Cloud computing security, Chicago, Illinois, USA, 2009. F. Rocha and M. Correia, "Lucy in the sky without diamonds: Stealing confidential data in the cloud", presented at the IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 2011.
Formatted: Right
[24] [25]
[26]
P a g e | 18
[27]
[31] [32] [33] [34] [35] [36] [37] [38] [39] [40]
[41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51]
[52] [53]
A. G. Kumbhare, Y. Simmhan, and V. Prasanna, "Designing a secure storage repository for sharing scientific datasets using public clouds", presented at the Proceedings of the second international workshop on Data intensive computing in the clouds, Seattle, Washington, USA, 2011. M. Almorsy, J. Grundy, and A. S. Ibrahim, "Collaboration-Based Cloud Computing Security Management Framework", presented at the IEEE International Conference on Cloud Computing (CLOUD), 2011. A. R. Hickey and J. E. McCarthy, "20 Coolest Cloud Security", CRN, pp. 24-n/a, 2012. Y. Demchenko, N. Canh, C. de Laat, T. W. Wlodarczyk, R. Chunming, and W. Ziegler, "Security Infrastructure for Ondemand Provisioned Cloud Infrastructure Services", presented at the IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom), 2011. J. Golbeck. (2004). Trust Networks for Email Filtering [Webpage]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.81.6090&rep=rep1&type=pdf K. M. Khan and Q. Malluhi, "Establishing Trust in Cloud Computing", IT Professional, vol. Vol. 12, pp. pp. 20-27, 2010. M. Kretzschmar, M. Golling, and S. Hanigk, "Security Management Areas in the Inter-cloud", IEEE International Conference on Cloud Computing (CLOUD), pp. 762-763, 4-9 July 2011 2011. P. Eckersley. (2011). How secure is HTTPS today? How often is it attacked? [Webpage]. Available: https://www.eff.org/deeplinks/2011/10/how-secure-https-today L. Whitney. (2011). Comodohacker returns in DigiNotar incident. Available: http://news.cnet.com/8301-1009_320102027-83/comodohacker-returns-in-diginotar-incident/ A. v. d. Stock, J. Williams, and D. Wichers. (2007). OWASP Top 10 Risks [Webpage]. Available: http://www.owasp.org/index.php/Top_10_2007 A. M. Childs and W. Van Dam, "Quantum algorithms for algebraic problems", Reviews of Modern Physics, vol. 82, p. 1, 2010. A. Ekert and R. Jozsa, "Quantum computation and Shor's factoring algorithm", Reviews of Modern Physics, vol. 68, pp. 733-753, 1996. R. Kui, W. Cong, and W. Qian, "Security Challenges for the Public Cloud", Internet Computing, IEEE, vol. 16, pp. 6973, 2012. W. Zhou, M. Sherr, W. R. Marczak, Z. Zhang, T. Tao, B. T. Loo, and I. Lee, "Towards a data -centric view of cloud security", presented at the Proceedings of the second international workshop on Cloud data management, Toronto, ON, Canada, 2010. W. Cong, W. Qian, and R. Kui, "Towards Secure and Effective Utilization over Encrypted Cloud Data", presented at the 31st International Conference on Distributed Computing Systems Workshops (ICDCSW), 2011. R. L. Rivest, L. Adleman, and M. L. Dertouzos, "On data banks and privacy homomorphisms", Foundations of secure computation, vol. 32, pp. 169-178, 1978. J. Bringer, H. Chabanne, D. Pointcheval, and Q. Tang, "Extended private information retrieval and its application in biometrics authentications", 2007. M. Jurik and J. B. Nielsen, "A generalization of pailliers public -key system with applications to electronic voting", 2003. K. Peng, R. Aditya, C. Boyd, E. Dawson, and B. Lee, "Multiplicative homomorphic e-voting", in Progress in Cryptology-INDOCRYPT 2004, ed: Springer, 2005, pp. 61-72. J. D. Cohen and M. J. Fischer, "A robust and verifiable cryptographically secure election scheme", presented at the 26th Annual Symposium on Foundations of Computer Science, 1985. C. Gentry, "Computing Arbitrary Functions of Encrypted Data", Communications of the ACM, vol. 53, pp. 97-105, 2010. C. Gentry, "Fully homomorphic encryption using ideal lattices", presented at the Proceedings of the 41st annual ACM symposium on Theory of computing, Bethesda, MD, USA, 2009. V. Vaikuntanathan, "Computing Blindfolded: New Developments in Fully Homomorphic Encryption", presented at the IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS, 2011. J. C. Mitchell, R. Sharma, D. Stefan, and J. Zimmerman, "Information-Flow Control for Programming on Encrypted Data", presented at the IEEE 25th Computer Security Foundations Symposium (CSF), 2012. E. Naone. (2011, 2011 May-June) Homomorphic encryption: making cloud computing more secure. Technology Review (Cambridge, Mass.) [Article]. 50+. Available: http://go.galegroup.com/ps/i.do?id=GALE%7CA255493451&v=2.1&u=uwsydney&it=r&p=AONE&sw=w C. Gentry and S. Halevi, "Implementing Gentrys Fully-Homomorphic Encryption Scheme, Advances in Cryptology EUROCRYPT 2011". vol. 6632, K. Paterson, Ed., ed: Springer Berlin / Heidelberg, 2011, pp. 129-148. G. Chunsheng, "New fully homomorphic encryption over the integers," Cryptology ePrint Archive, Report 2011/118, 2011.2011.
Formatted: Right
P a g e | 19
[54] [55] [56] [57] [58] [59] [60] [61] [62] [63] [64] [65]
[66]
[75]
J. S. Coron, A. Mandal, D. Naccache, and M. Tibouchi, "Fully homomorphic encryption over the integers with shorter public keys", Advances in CryptologyCRYPTO 2011, pp. 487-504, 2011. N. Smart and F. Vercauteren, "Fully homomorphic encryption with relatively small key and ciphertext sizes", Public Key CryptographyPKC 2010, pp. 420-443, 2010. M. Van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan, "Fully homomorphic encryption over the integers", Advances in CryptologyEUROCRYPT 2010, pp. 24-43, 2010. M. Naehrig, K. Lauter, and V. Vaikuntanathan, "Can homomorphic encryption be practical?", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. G. Chun-sheng and G. Ji-xing. (2012). Attack on Fully Homomorphic Encryption over Principal Ideal Lattice [Webpage]. Available: http://onlinepresent.org/proceedings/vol1_2012/9.pdf G. Chunsheng, "Attack on Fully Homomorphic Encryption over the Integers", International Journal of Information and Network Security (IJINS), vol. 1, pp. 275-281, 2012. Z. Brakerski, C. Gentry, and V. Vaikuntanathan, "Fully homomorphic encryption without bootstrapping", Innovations in Theoretical Computer Science, 2012. Z. Zhang, T. Plantard, and W. Susilo, "Reaction attack on outsourced computing with fully homomorphic encryption schemes", in Information Security and Cryptology-ICISC 2011, ed: Springer, 2012, pp. 419-436. Homeland Security News Wire. (2011). Hackers using cloud networks to launch powerful attacks [Webpage]. Available: http://www.homelandsecuritynewswire.com/hackers-using-cloud-networks-launch-powerful-attacks L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda, "All your contacts are belong to us: automated identity theft attacks on social networks", presented at the ACM, 2009. A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating timing channels in compute clouds", presented at the Proceedings of the 2010 ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2010. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, "An exploration of L2 cache covert channels in virtualized environments", presented at the Proceedings of the 3rd ACM workshop on Cloud computing security workshop, Chicago, Illinois, USA, 2011. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds", presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009. Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks", SIGARCH Comput. Archit. News, vol. 35, pp. 494-505, 2007. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Cross-VM side channels and their use to extract private keys", in Proceedings of the 2012 ACM conference on Computer and communications security , 2012, pp. 305-316. A. Verma, P. Ahuja, and A. Neogi, "pMapper: power and migration cost aware application placement in virtualized systems", in Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware , 2008, pp. 243-264. G. Jung, K. Joshi, M. Hiltunen, R. Schlichting, and C. Pu, "A cost-sensitive adaptation engine for server consolidation of multitier applications", Middleware 2009, pp. 163-183, 2009. M. Roesch, "Snort-lightweight intrusion detection for networks", in Proceedings of the 13th USENIX conference on System administration, 1999, pp. 229-238. G. Combs. Wireshark [Web Page]. Available: http://www.wireshark.org/ OpenVAS. Open Vulnerability Assessment System [Webpage]. Available: www.openvas.org R. N. Calheiros, R. Ranjan, A. Beloglazov, C. A. De Rose, and R. Buyya, "CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms", Software: Practice and Experience, vol. 41, pp. 23-50, 2011. T. Mathworks. MATLAB - The language of technical computing [Webpage]. Available: www.mathworks.com.au/products/matlab/
Formatted: Right
P a g e | 20