| Abstract |
: |
The mobile cloud computing as an excellent paradigm offers on-demand services, whereas users can be confident once using them. Nevertheless, the existing cloud virtualization systems are not secure enough regarding the mediocre degree of data protection, which avoids individuals and organizations to engage with this technology. Therefore, the security of sensitive data may be affected when mobile users move it out to the cloud exactly during the processing in virtual machines (VMs). Many studies show that sensitive data of legitimate users’ VMs may be the target of malicious users, which lead to violating VMs’ confidentiality and privacy. The current approaches offer various solutions for this security issue. However, they are suffering from many inconveniences such as unauthorized distributed VM access behavior and robust strategies that ensure strong protection of communication of sensitive data among distributed VMs. The purpose of this paper is to present a new security proxy-based approach that contains three policies based on secured hashed Diffie-Hellman keys for user access control and VM deployment and communication control management in order to defend against three well-known attacks on the mobile cloud environment (co-resident attacks, hypervisor attacks and distributed attacks). The related attacks lead to unauthorized access to sensitive data between different distributed mobile applications while using the cloud as a third party for sharing resources. The proposed approach is illustrated using a healthcare case study. Including the experimental results that show interesting high-efficiency protection and accurate attacks identification. |
| References |
: |
|
[1]Mollah MB, Azad MA, Vasilakos A. Security and privacy challenges in mobile cloud computing: survey and way ahead. Journal of Network and Computer Applications. 2017; 84:38-54.
|
| [Crossref] |
[Google Scholar] |
|
[2]Zhou B, Buyya R. Augmentation techniques for mobile cloud computing: a taxonomy, survey, and future directions. ACM Computing Surveys (CSUR). 2018; 51(1).
|
| [Crossref] |
[Google Scholar] |
|
[4]Ristenpart T, Tromer E, Shacham H, Savage S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In proceedings of the 16th ACM conference on computer and communications security 2009 (pp. 199-212). ACM.
|
| [Crossref] |
[Google Scholar] |
|
[5]Sgandurra D, Lupu E. Evolution of attacks, threat models, and solutions for virtualized systems. ACM Computing Surveys (CSUR). 2016; 48(3).
|
| [Crossref] |
[Google Scholar] |
|
[6]Zhang J, Zheng L, Gong L, Gu Z. A survey on security of cloud environment: threats, solutions, and innovation. In third international conference on data science in cyberspace (DSC) 2018 (pp. 910-6). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[7]Wang Z, Lee RB. New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Computer Architecture News. 2007; 35(2):494-505.
|
| [Crossref] |
[Google Scholar] |
|
[8]Wang Z, Lee RB. Covert and side channels due to processor architecture. In 22nd annual computer security applications conference (ACSAC06) 2006 (pp. 473-82). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[9]Aviram A, Hu S, Ford B, Gummadi R. Determinating timing channels in compute clouds. In proceedings of the ACM workshop on cloud computing security workshop 2010 (pp. 103-8). ACM.
|
| [Crossref] |
[Google Scholar] |
|
[10]Vattikonda BC, Das S, Shacham H. Eliminating fine grained timers in Xen. In proceedings of the 3rd ACM workshop on cloud computing security workshop 2011 (pp. 41-6). ACM.
|
| [Crossref] |
[Google Scholar] |
|
[11]Wu J, Ding L, Lin Y, Min-Allah N, Wang Y. Xenpump: a new method to mitigate timing channel in cloud computing. In fifth international conference on cloud computing 2012 (pp. 678-85). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[12]Han Y, Chan J, Alpcan T, Leckie C. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing. 2017; 14(1):95-108.
|
| [Crossref] |
[Google Scholar] |
|
[13]Idrissi H, Ennahbaoui M, Souidi EM, Hajji SE. Mobile agents with cryptographic traces for intrusion detection in the cloud computing. Procedia Computer Science. 2015; 73:179-86.
|
| [Crossref] |
[Google Scholar] |
|
[14]Zhang Y, Li M, Bai K, Yu M, Zang W. Incentive compatible moving target defense against VM-colocation attacks in clouds. In IFIP international information security conference 2012 (pp. 388-99). Springer, Berlin, Heidelberg.
|
| [Crossref] |
[Google Scholar] |
|
[15]Dixit P, Gupta AK, Trivedi MC, Yadav VK. Traditional and hybrid encryption techniques: a survey. In Networking Communication and Data Knowledge Engineering 2018 (pp. 239-48). Springer, Singapore.
|
| [Crossref] |
[Google Scholar] |
|
[16]Ferretti L, Marchetti M, Andreolini M, Colajanni M. A symmetric cryptographic scheme for data integrity verification in cloud databases. Information Sciences. 2018; 422:497-515.
|
| [Crossref] |
[Google Scholar] |
|
[17]Hu F, Qiu M, Li J, Grant T, Taylor D, McCaleb S, Butler L, Hamner R. A review on cloud computing: design challenges in architecture and security. Journal of Computing and Information Technology. 2011; 19(1):25-55.
|
| [Crossref] |
[Google Scholar] |
|
[18]Islam MM, Razzaque MA, Hassan MM, Ismail WN, Song B. Mobile cloud-based big healthcare data processing in smart cities. IEEE Access. 2017; 5:11887-99.
|
| [Crossref] |
[Google Scholar] |
|
[19]Sahoo J, Mohapatra S, Lath R. Virtualization: a survey on concepts, taxonomy and associated security issues. In second international conference on computer and network technology 2010 (pp. 222-6). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[20]Shi J, Song X, Chen H, Zang B. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In IEEE/IFIP 41st international conference on dependable systems and networks workshops (DSN-W) 2011 (pp. 194-9). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[21]Han Y, Chan J, Alpcan T, Leckie C. Virtual machine allocation policies against co-resident attacks in cloud computing. In international conference on communications (ICC) 2014 (pp. 786-92). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[22]Bates A, Mood B, Pletcher J, Pruse H, Valafar M, Butler K. Detecting co-residency with active traffic analysis techniques. In proceedings of the ACM workshop on cloud computing security workshop 2012 (pp. 1-12). ACM.
|
| [Crossref] |
[Google Scholar] |
|
[23]Yu S, Xiaolin G, Jiancai L, Xuejun Z, Junfei W. Detecting VMS co-residency in cloud: using cache-based side channel attacks. Elektronika ir Elektrotechnika. 2013; 19(5):73-8.
|
| [Crossref] |
[Google Scholar] |
|
[24]Sundareswaran S, Squcciarini AC. Detecting malicious co-resident virtual machines indulging in load-based attacks. In international conference on information and communications security 2013 (pp. 113-24). Springer, Cham.
|
| [Crossref] |
[Google Scholar] |
|
[25]Yu S, Gui X, Lin J. An approach with two-stage mode to detect cache-based side channel attacks. In the international conference on information networking (ICOIN) 2013(pp. 186-91). IEEE.
|
| [Crossref] |
[Google Scholar] |
|
[26]Azar Y, Kamara S, Menache I, Raykova M, Shepard FB. Co-location-resistant clouds. CCSW. 2014; 14:9-20.
|
| [Google Scholar] |
|
[27]Annane B, Ghazali O. Virtualization-based security techniques on mobile cloud computing: research gaps and challenges. International Journal of Interactive Mobile Technologies. 2019; 13(4):20-32.
|
| [Google Scholar] |
|
Full-Text PDF
