International Conferences on Service Oriented System Engineering, 2014, Oxford, U.K.

Image removed.

International Conferences: Service Oriented System Engineering, 2014, Oxford, U.K.

The 2014 IEEE 8th International Symposium on Service Oriented System Engineering (SOSE) was held 7-11 April 2014 at Oxford, England. Twenty- two security-related presentations were made and are cited here.

  • Hamadache, K.; Zerva, P., "Provenance of Feedback in Cloud Services," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 23, 34, 7-11 April 2014. doi: 10.1109/SOSE.2014.10 With the fast adoption of Services Computing, even more driven by the emergence of the Cloud, the need to ensure accountability for quality of service (QoS) for service-based systems/services has reached a critical level. This need has triggered numerous researches in the fields of trust, reputation and provenance. Most of the researches on trust and reputation have focused on their evaluation or computation. In case of provenance they have tried to track down how the service has processed and produced data during its execution. If some of them have investigated credibility models and mechanisms, only few have looked into the way reputation information is produced. In this paper we propose an innovative design for the evaluation of feedback authenticity and credibility by considering the feedback's provenance. This innovative consideration brings up a new level of security and trust in Services Computing, by fighting against malicious feedback and reducing the impact of irrelevant one.
    Keywords: cloud computing; trusted computing; QoS; cloud services; credibility models; feedback authenticity; feedback credibility; feedback provenance; innovative design; malicious feedback; quality of service; reputation information; security; service-based systems/services; services computing; trust; Context; Hospitals; Monitoring; Ontologies; Quality of service; Reliability; Schedules; cloud computing; credibility ;feedback; provenance; reputation (ID#:14-3308)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6825960&isnumber=6825948
  • Wei-Tek Tsai; Peide Zhong, "Multi-tenancy and Sub-tenancy Architecture in Software-as-a-Service (SaaS)," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.128,139, 7-11 April 2014. doi: 10.1109/SOSE.2014.20 Multi-tenancy architecture (MTA) is often used in Software-as-a-Service (SaaS) and the central idea is that multiple tenant applications can be developed using components stored in the SaaS infrastructure. Recently, MTA has been extended where a tenant application can have its own sub-tenants as the tenant application acts like a SaaS infrastructure. In other words, MTA is extended to STA (Sub-Tenancy Architecture). In STA, each tenant application not only needs to develop its own functionalities, but also needs to prepare an infrastructure to allow its sub-tenants to develop customized applications. This paper formulates eight models for STA, and discusses their trade-offs including their formal notations and application scenarios.
    Keywords: cloud computing; software architecture;MTA; STA ;SaaS infrastructure; Software-as-a-Service; multitenancy architecture; subtenancy architecture; tenant applications; Computer architecture; Data models; Databases; Organizations; Scalability; Security; Software as a service; Multi-Tenancy Architecture; SaaS; Sub-Tenancy Architecture (ID#:14-3309)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830895&isnumber=6825948
  • Yuan-Hsin Tung; Chen-Chiu Lin; Hwai-Ling Shan, "Test as a Service: A Framework for Web Security TaaS Service in Cloud Environment," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 212, 217, 7-11 April 2014. doi: 10.1109/SOSE.2014.36 As its name suggests, cloud testing is a form of software testing which uses cloud infrastructure. Its effective unlimited storage, quick availability of the infrastructure with scalability, flexibility and availability of distributed testing environment translate to reducing the execution time of testing of large applications and hence lead to cost-effective solutions. In cloud testing, Testing-as-a-Service (TaaS) is a new model to effectively provide testing capabilities and on-demand testing to end users. There are many studies and solutions to support TaaS service. And security testing is the most suitable form for TaaS service. To leverage the features of TaaS, we propose a framework of TaaS for security testing. We implement the prototype system, Security TaaS (abbrev. S-TaaS) based on our proposed framework. The experiments are conducted to evaluate the performance of our framework and prototype system. The experiment results indicate that our prototype system can provide quality and stable service.
    Keywords: cloud computing; program testing; security of data; TaaS service; Web security; cloud environment; cloud infrastructure; cloud testing; distributed testing environment; on-demand testing; software testing; testing capabilities; testing-as-a-service; Cloud computing; Computational modeling; Monitoring; Prototypes; Security; Software testing; TaaS; Test as a Service; cloud computing; security test; vulnerability detection; web vulnerability (ID#:14-3310)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830908&isnumber=6825948
  • Yan Ding; Huaimin Wang; Songzheng Chen; Xiaodong Tang; Hongyi Fu; Peichang Shi, "PIIM: Method of Identifying Malicious Workers in the MapReduce System with an Open Environment," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 326, 331, 7-11 April 2014. doi: 10.1109/SOSE.2014.47 MapReduce is widely utilized as a typical computation model of mass data processing. When a MapReduce framework is deployed in an open computation environment, the trustworthiness of the participant workers becomes an important issue because of security threats and the motivation of subjective cheating. Current integrity protection mechanisms are based on replication techniques and use redundant computation to process the same task. However, these solutions require a large amount of computation resource and lack scalability. A probe injection-based identification of malicious worker (PIIM) method is explored in this study. The method randomly injects the probes, whose results are previously known, into the input data and detects malicious workers by analyzing the processed results of the probes. A method of obtaining the set of workers involved in the computation of each probe is proposed by analyzing the shuffle phase in the MapReduce programming model. An EnginTrust-based reputation mechanism that employs information on probe execution is then designed to evaluate the trustworthiness of all the workers and detect the malicious ones. The proposed method operates at the application level and requires no modification to the MapReduce framework. Simulation experiments indicate that the proposed method is effective in detecting malicious workers in large-scale computations. In a system with 100 workers wherein 20 of them are malicious, a detection rate of above 97% can be achieved with only 500 randomly injected probes.
    Keywords: administrative data processing; invasive software; parallel programming; EnginTrust-based reputation mechanism; MapReduce programming model; MapReduce system; PIIM method; malicious worker identification; mass data processing; open computation environment; probe injection-based identification of malicious worker; security threats; subjective cheating; Computational modeling; Data models; Data processing; Estimation; Probes; Programming; Security; MapReduce; mass data processing; open system; probe injection; reputation; worker trustworthiness (ID#:14-3311)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830925&isnumber=6825948
  • Hu Ge; Li Ting; Dong Hang; Yu Hewei; Zhang Miao, "Malicious Code Detection for Android Using Instruction Signatures," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 332, 337, 7-11 April 2014. doi: 10.1109/SOSE.2014.48 This paper provides an overview of the current static analysis technology of Android malicious code, and a detailed analysis of the format of APK which is the application name of Android platform executable file (dex). From the perspective of binary sequence, Dalvik VM file is syncopated in method, and these test samples are analyzed by automated DEX file parsing tools and Levenshtein distance algorithm, which can detect the malicious Android applications that contain the same signatures effectively. Proved by a large number of samples, this static detection system that based on signature sequences can't only detect malicious code quickly, but also has a very low rate of false positives and false negatives.
    Keywords: Android (operating system); digital signatures; program compilers; program diagnostics; APK format; Android malicious code detection;Android platform executable file;Dalvik VM file; Levenshtein distance algorithm; automated DEX file parsing tools; binary sequence; instruction signatures; malicious Android applications detection; signature sequences; static analysis technology; static detection system; Libraries; Malware; Mobile communication; Smart phones; Software; Testing; Android; DEX; Static Analysis; malicious code (ID#:14-3312)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830926&isnumber=6825948
  • AlJahdali, H.; Albatli, A.; Garraghan, P.; Townend, P.; Lau, L.; Jie Xu, "Multi-tenancy in Cloud Computing," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp. 344, 351, 7-11 April 2014. doi: 10.1109/SOSE.2014.50 As Cloud Computing becomes the trend of information technology computational model, the Cloud security is becoming a major issue in adopting the Cloud where security is considered one of the most critical concerns for the large customers of Cloud (i.e. governments and enterprises). Such valid concern is mainly driven by the Multi-Tenancy situation which refers to resource sharing in Cloud Computing and its associated risks where confidentiality and/or integrity could be violated. As a result, security concerns may harness the advancement of Cloud Computing in the market. So, in order to propose effective security solutions and strategies a good knowledge of the current Cloud implementations and practices, especially the public Clouds, must be understood by professionals. Such understanding is needed in order to recognize attack vectors and attack surfaces. In this paper we will propose an attack model based on a threat model designed to take advantage of Multi-Tenancy situation only. Before that, a clear understanding of Multi-Tenancy, its origin and its benefits will be demonstrated. Also, a novel way on how to approach Multi-Tenancy will be illustrated. Finally, we will try to sense any suspicious behavior that may indicate to a possible attack where we will try to recognize the proposed attack model empirically from Google trace logs. Google trace logs are a 29-day worth of data released by Google. The data set was utilized in reliability and power consumption studies, but not been utilized in any security study to the extent of our knowledge.
    Keywords: cloud computing; resource allocation; security of data; Google trace logs; attack model; attack surfaces; attack vectors; cloud computing; cloud security; information technology computational model; multitenancy situation; public clouds; resource sharing; suspicious behavior; threat model; Cloud computing; Computational modeling; Databases; Resource management; Security; Servers; Virtualization; Attack Models; Cloud Computing; Cloud Data; Multi-Tenancy; Security (ID#:14-3313)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830928&isnumber=6825948
  • Wei Xiong; Wei-Tek Tsai, "HLA-Based SaaS-Oriented Simulation Frameworks," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.376, 383, 7-11 April 2014 doi: 10.1109/SOSE.2014.74 SaaS (Software-as-a-Service) as a part of cloud computing is a new approach for software construction, evolution, and delivery. This paper proposes HLA-based SaaS-oriented simulation frameworks where simulation services will be organized into a SaaS framework running in a cloud environment. This SaaS-oriented framework can be applied to multiple application domains but illustrated by using HLA (High-Level Architecture). The framework will allow integration of a variety of modules, service-oriented design, flexible customization, multi-granularity simulation, high-performance computing, and system security. It has the potential to reduce system development time, and allows simulation to be run in a cloud environment taking advantages of resources offered by the cloud.
    Keywords: cloud computing; digital simulation; security of data; service-oriented architecture; HLA-based SaaS-oriented simulation; cloud computing; cloud environment; flexible customization; high-level architecture; high-performance computing; multigranularity simulation; service-oriented design; simulation service software as a service; software construction; software delivery; software evolution; system development time reduction; system security; Adaptation models; Computational modeling; Computer architecture; Data models; Databases; Object oriented modeling; Software as a service; HLA; SaaS (Software-as-a-Service);service-oriented design; simulation frameworks (ID#:14-3314)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830933&isnumber=6825948
  • Dornhackl, H.; Kadletz, K.; Luh, R.; Tavolato, P., "Malicious Behavior Patterns," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.384, 389, 7-11 April 2014. doi: 10.1109/SOSE.2014.52 This paper details a schema developed for defining malicious behavior in software. The presented approach enables malware analysts to identify and categorize malicious software through its high-level goals as well as down to the individual functions executed on operating system level. We demonstrate the practical application of the schema by mapping dynamically extracted system call patterns to a comprehensive hierarchy of malicious behavior.
    Keywords: invasive software; object-oriented methods; malicious behavior patterns; malware analyst; operating system level; Availability; Grammar; Malware; Payloads; Reconnaissance; Software; Vectors; behavior pattern; formal grammar; malware (ID#:14-3315)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830934&isnumber=6825948
  • Atkinson, J.S.; Mitchell, J.E.; Rio, M.; Matich, G., "Your WiFi Is Leaking: Building a Low-Cost Device to Infer User Activities," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.396,397, 7-11 April 2014. doi: 10.1109/SOSE.2014.54 This paper documents a hardware and software implementation to monitor, capture and store encrypted WiFi communication data. The implementation detailed can perform this entirely passively using only cheap commodity hardware and freely available software. It is hoped that this will be of use to other researchers and practitioners wishing to explore activity inference without breaking encryption, or supplement the (somewhat scarce) existing body of data available from this particular external perspective.
    Keywords: cryptography; wireless LAN; WiFi; communication data; encryption; Encryption; Hardware; IEEE 802.11 Standards; Privacy; Software; Wireless communication; activity inference; cyber security; encryption; implementation; wifi (ID#:14-3316)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830936&isnumber=6825948
  • Alzahrani, A.A.H.; Eden, A.H.; Yafi, M.Z., "Structural Analysis of the Check Point Pattern," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.404, 408, 7-11 April 2014. doi: 10.1109/SOSE.2014.56 We investigate intuitive claims made in security pattern catalogues using the formal language of Codecharts and the Two-Tier Programming Toolkit. We analyse the Check Point pattern's structure and explore claims about conformance (of programs to the pattern), about consistency (between different catalogues), and about the relation between (security and design) patterns. Our analysis shows that some of the intuitive claims hold whereas others were found inaccurate or false.
    Keywords: checkpointing; formal languages; security of data; check point pattern; codecharts; formal language; intuitive claims; security pattern catalogues; structural analysis; two-tier programming toolkit; Educational institutions; Java; Object oriented modeling; Security; Software; Unified modeling language; Codecharts; Security patterns; design pattern; design verification; formal languages (ID#:14-3317)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830938&isnumber=6825948
  • Kulkarni, A.; Metta, R., "A New Code Obfuscation Scheme for Software Protection," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.409, 414, 7-11 April 2014. doi: 10.1109/SOSE.2014.57 IT industry loses tens of billions of dollars annually from security attacks such as tampering and malicious reverse engineering. Code obfuscation techniques counter such attacks by transforming code into patterns that resist the attacks. None of the current code obfuscation techniques satisfy all the obfuscation effectiveness criteria such as resistance to reverse engineering attacks and state space increase. To address this, we introduce new code patterns that we call nontrivial code clones and propose a new obfuscation scheme that combines nontrivial clones with existing obfuscation techniques to satisfy all the effectiveness criteria. The nontrivial code clones need to be constructed manually, thus adding to the development cost. This cost can be limited by cloning only the code fragments that need protection and by reusing the clones across projects. This makes it worthwhile considering the security risks. In this paper, we present our scheme and illustrate it with a toy example.
    Keywords: computer crime; reverse engineering; software engineering; systems re-engineering; IT industry; code fragment cloning; code obfuscation scheme; code patterns; code transformation; malicious reverse engineering; nontrivial code clones; security attacks; software protection; tampering; Cloning; Complexity theory; Data processing; Licenses; Resistance; Resists; Software (ID#:14-3318)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830939&isnumber=6825948
  • Smith, P.; Schaeffer-Filho, A., "Management Patterns for Smart Grid Resilience," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.415,416, 7-11 April 2014. doi: 10.1109/SOSE.2014.58 Smart grids are power distribution networks characterised by an increased level of automation of the infrastructure, sensors and actuators connected to monitoring and control centres, and are strongly supported by information and communication technology (ICT). Consequently, smart grids are more vulnerable to cyber-attacks. In this position paper, we advocate the need for management patterns that capture best-practices for ensuring the resilience of smart grids to cyber-attacks and other related challenges. Management patterns are akin to software design patterns in the sense that patterns promote the use of well-established solutions to recurring problems. These patterns describe how to orchestrate the cyber-physical behaviour of ICT, industrial control systems and human resources in a safe manner, in response to cyber-attacks.
    Keywords: actuators; distribution networks; power engineering computing; power system management; security of data; sensors; smart power grids; ICT; actuators; control centres; cyber-attacks; cyber-physical behaviour; human resources; industrial control systems; information and communication technology; management patterns; power distribution networks; sensors; smart grid resilience;software design patterns; Automation; Guidelines; Resilience; Security; Smart grids; Standards (ID#:14-3319)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830940&isnumber=6825948
  • Blyth, A., "Understanding Security Patterns for Socio-technical Systems via Responsibility Modelling," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.417, 421, 7-11 April 2014. doi: 10.1109/SOSE.2014.59 Increasingly, security requirements are being viewed as a social construct derived from the culture and society within which the requirement is said to exist. A socio-technical system can be modelled as a series of inter-related, and interacting patterns of behaviour. Within a socio-technical system a security requirements can be derived from the analysis and interaction of the pattern. To capture and understand these requirements/patterns we need to make use of a formal reasoning system that supports a rigorous deductive process. In this paper we will develop a formal model of a socio -- technical systems pattern using a Kripke Semantic model. Then, via the application of Kripke Semantics to the modelling of responsibilities and how they are created/fulfilled within a socio -- context, we will derive a set of security requirements/patterns.
    Keywords: {human computer interaction; programming language semantics; security of data; social aspects of automation; Kripke semantic model; deductive process; formal reasoning system; responsibility modelling; security patterns; security requirements; socio-technical system; Analytical models; Computational modeling; Context; Security; Semantics; Sociotechnical systems; Accountability; Liability and Culpability; Modal Action Logic (MAL); Responsibility Modelling; SocioTechnical System (STS) (ID#:14-3320)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830941&isnumber=6825948
  • Aziz, B.; Blackwell, C., "Using Security Patterns for Modelling Security Capabilities in Grid Systems," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.422,427, 7-11 April 2014. doi: 10.1109/SOSE.2014.60 We extend previous work on formalising design patterns to start the development of security patterns for Grid systems. We demonstrate the feasibility of our approach with a case study involving a deployed security architecture in a Grid Operating System called XtreemOS. A number of Grid security management capabilities that aid the secure setting-up and running of a Grid are presented. We outline the functionality needed for such cases in a general form, which could be utilised when considering the development of similar large-scale systems in the future. We also specifically describe the use of authentication patterns that model the extension of trust from a secure core, and indicate how these patterns can be composed, specialised and instantiated.
    Keywords: grid computing; operating systems (computers); security of data; XtreemOS; authentication patterns; design patterns formalization; grid operating system; grid security management capabilities; grid systems; security capabilities modeling; security patterns; trust extension; Authentication; Databases; Monitoring; Operating systems; Public key; Receivers; Grid operating systems; Security patterns; authentication patterns; security architectures (ID#:14-3321)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830942&isnumber=6825948
  • Duncan, I.; De Muijnck-Hughes, J., "Security Pattern Evaluation," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.428, 429, 7-11 April 2014. doi: 10.1109/SOSE.2014.61 Current Security Pattern evaluation techniques are demonstrated to be incomplete with respect to quantitative measurement and comparison. A proposal for a dynamic testbed system is presented as a potential mechanism for evaluating patterns within a constrained environment.
    Keywords: pattern classification; security of data; dynamic testbed system; security pattern evaluation; Complexity theory; Educational institutions; Measurement; Security; Software; Software reliability; Testing; evaluation; metrics; security patterns; testing (ID#:14-3322)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830943&isnumber=6825948
  • Madhusudhan, R.; Kumar, S.R., "Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.474,477, 7-11 April 2014. doi: 10.1109/SOSE.2014.84 Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table.
    Keywords: computer network security; cryptographic protocols; message authentication; smart cards; Yung-Cheng-Lee's protocol; cryptanalysis; denial-of-service attack; insecure channel; insider attacks; legitimacy verification; password change phase; remote user authentication protocol; server impersonation attack; session key; smart cards; user impersonation attack; verification table;Authentication;Bismuth;Cryptography;Protocols;Servers;Smart cards; authentication; smart card; cryptanalysis; dynamic id (ID#:14-3323)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830951&isnumber=6825948
  • Alarifi, S.; Wolthusen, S.D., "Mitigation of Cloud-Internal Denial of Service Attacks," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.478,483, 7-11 April 2014. doi: 10.1109/SOSE.2014.71 Cloud computing security is one of the main concerns preventing the adoption of the cloud by many organisations. This paper introduces mitigation strategies to defend the cloud specific CIDoS class of attacks (Cloud-Internal Denial of Service), presented in [1]. The mitigation approaches are based on techniques used in signals processing field. The main strategy to detect the attack is the calculation of correlations measurement and distances between attackers workload patters, we use DCT (Discrete Cosine Transform) to accomplish this task. This paper also suggests some prevention and response strategies.
    Keywords: cloud computing; computer network security; discrete cosine transforms; CIDoS class; DCT; attack detection; cloud computing security; cloud-internal denial of service attack mitigation; correlations measurement; discrete cosine transform; mitigation strategies; prevention strategy; response strategy; signals processing field; Computer crime; Correlation; Delays; Discrete cosine transforms; Educational institutions; Monitoring; Testing; CIDoS attack detection; Cloud Attack Mitigation; Cloud Computing Security; Cloud DoS attacks; IaaS Cloud Security (ID#:14-3324)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830952&isnumber=6825948
  • Mapp, G.; Aiash, M.; Ondiege, B.; Clarke, M., "Exploring a New Security Framework for Cloud Storage Using Capabilities," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.484,489, 7-11 April 2014. doi: 10.1109/SOSE.2014.69 We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analysed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring.
    Keywords: cloud computing; electronic health records; patient monitoring; social networking (online);storage management;IPv6 addressing; capability ID system; cloud security; cloud storage; cloud technology; e-Health system; e-health networks; environmental monitoring; facebook; infrastructural monitoring; patient monitoring; security for data security framework; sensor networks; social networks; system entity; Cloud computing; Companies; Monitoring; Protocols; Security; Servers; Virtual machine monitors; Capability Systems; Cloud Storage; Security Framework; e-Health Monitoring (ID#:14-3325)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830953&isnumber=6825948
  • Euijin Choo; Younghee Park; Siyamwala, H., "Identifying Malicious Metering Data in Advanced Metering Infrastructure," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.490,495, 7-11 April 2014. doi: 10.1109/SOSE.2014.75 Advanced Metering Infrastructure (AMI) has evolved to measure and control energy usage in communicating through metering devices. However, the development of the AMI network brings with it security issues, including the increasingly serious risk of malware in the new emerging network. Malware is often embedded in the data payloads of legitimate metering data. It is difficult to detect malware in metering devices, which are resource-constrained embedded systems, during time-critical communications. This paper describes a method in order to distinguish malware-bearing traffic and legitimate metering data using a disassembler and statistical analysis. Based on the discovered unique characteristic of each data type, the proposed method detects malicious metering data. (i.e. malware-bearing data). The analysis of data payloads is statistically performed while investigating a distribution of instructions in traffic by using a disassembler. Doing so demonstrates that the distribution of instructions in metering data is significantly different from that in malware-bearing data. The proposed approach successfully identifies the two different types of data with complete accuracy, with 0% false positives and 0% false negatives.
    Keywords: invasive software; metering; power system security; program assemblers; smart meters; statistical analysis; AMI network; advanced metering infrastructure; data payloads; disassembler; energy usage; malicious metering data; malware-bearing data; malware-bearing traffic; metering devices; resource constrained embedded systems; security issues; statistical analysis; time-critical communications; Malware; Registers; Statistical analysis; Testing; Training; ARM Instructions; Advanced Metering Infrastructure; Diassembler; Malware; Security; Smart Meters (ID#:14-3326)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830954&isnumber=6825948
  • Hongjun Dai; Qian Li; Meikang Qiu; Zhilou Yu; Zhiping Jia, "A Cloud Trust Authority Framework for Mobile Enterprise Information System," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.496,501, 7-11 April 2014. doi: 10.1109/SOSE.2014.68 With the trend of mobile enterprise information systems, security has become the primary issue as it relates to business secret, decision, and process control. Hence, we carry out a fully customized framework to emphasize on security from trust authority of the cloud certificate authority server, and to guarantee security with the process of the software developments. The core object model, named as secure mobile beans (SMB), can be deployed into the cloud server. Our framework consists of SMB models, object-relation mapping module, SMB translator, and development tools. The use cases show that it can free developers from the complex implementation of security policies during the development stages, shorten the time of mobile application's development effectively.
    Keywords: cloud computing; file servers; information systems; trusted computing; SMB translator; business secret; cloud certificate authority server; cloud trust authority framework; fully customized framework; mobile enterprise information system; object-relation mapping module; process control; secure mobile beans; security policies; software developments; Authentication; Data models; Databases; Java; Mobile communication; Servers; cloud trust authority; enterprise development framework; mobile enterprise information system; secure mobile beans (ID#:14-3327)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830955&isnumber=6825948

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.