International Journal of Advanced Computer Research (IJACR) ISSN (P): 2249-7277 ISSN (O): 2277-7970 Vol - 9, Issue - 43, July 2019
  1. 1
    Google Scholar
  2. 4
    Impact Factor
A new secure proxy-based distributed virtual machines management in mobile cloud computing

Boubakeur Annane, Osman Ghazali and Adel Alti

Abstract

The mobile cloud computing as an excellent paradigm offers on-demand services, whereas users can be confident once using them. Nevertheless, the existing cloud virtualization systems are not secure enough regarding the mediocre degree of data protection, which avoids individuals and organizations to engage with this technology. Therefore, the security of sensitive data may be affected when mobile users move it out to the cloud exactly during the processing in virtual machines (VMs). Many studies show that sensitive data of legitimate users’ VMs may be the target of malicious users, which lead to violating VMs’ confidentiality and privacy. The current approaches offer various solutions for this security issue. However, they are suffering from many inconveniences such as unauthorized distributed VM access behavior and robust strategies that ensure strong protection of communication of sensitive data among distributed VMs. The purpose of this paper is to present a new security proxy-based approach that contains three policies based on secured hashed Diffie-Hellman keys for user access control and VM deployment and communication control management in order to defend against three well-known attacks on the mobile cloud environment (co-resident attacks, hypervisor attacks and distributed attacks). The related attacks lead to unauthorized access to sensitive data between different distributed mobile applications while using the cloud as a third party for sharing resources. The proposed approach is illustrated using a healthcare case study. Including the experimental results that show interesting high-efficiency protection and accurate attacks identification.

Keyword

Security and privacy, Virtualization, Secure proxy-based approach, Cloud co-residency attacks, Distributed connected VMs, Secure VMs communication.

Cite this article

Annane B, Ghazali O, Alti A

Refference

[1][1]Mollah MB, Azad MA, Vasilakos A. Security and privacy challenges in mobile cloud computing: survey and way ahead. Journal of Network and Computer Applications. 2017; 84:38-54.

[2][2]Zhou B, Buyya R. Augmentation techniques for mobile cloud computing: a taxonomy, survey, and future directions. ACM Computing Surveys (CSUR). 2018; 51(1).

[3][3]Vaezi M, Zhang Y. Cloud mobile networks. Springer; 2017.

[4][4]Ristenpart T, Tromer E, Shacham H, Savage S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In proceedings of the 16th ACM conference on computer and communications security 2009 (pp. 199-212). ACM.

[5][5]Sgandurra D, Lupu E. Evolution of attacks, threat models, and solutions for virtualized systems. ACM Computing Surveys (CSUR). 2016; 48(3).

[6][6]Zhang J, Zheng L, Gong L, Gu Z. A survey on security of cloud environment: threats, solutions, and innovation. In third international conference on data science in cyberspace (DSC) 2018 (pp. 910-6). IEEE.

[7][7]Wang Z, Lee RB. New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Computer Architecture News. 2007; 35(2):494-505.

[8][8]Wang Z, Lee RB. Covert and side channels due to processor architecture. In 22nd annual computer security applications conference (ACSAC06) 2006 (pp. 473-82). IEEE.

[9][9]Aviram A, Hu S, Ford B, Gummadi R. Determinating timing channels in compute clouds. In proceedings of the ACM workshop on cloud computing security workshop 2010 (pp. 103-8). ACM.

[10][10]Vattikonda BC, Das S, Shacham H. Eliminating fine grained timers in Xen. In proceedings of the 3rd ACM workshop on cloud computing security workshop 2011 (pp. 41-6). ACM.

[11][11]Wu J, Ding L, Lin Y, Min-Allah N, Wang Y. Xenpump: a new method to mitigate timing channel in cloud computing. In fifth international conference on cloud computing 2012 (pp. 678-85). IEEE.

[12][12]Han Y, Chan J, Alpcan T, Leckie C. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing. 2017; 14(1):95-108.

[13][13]Idrissi H, Ennahbaoui M, Souidi EM, Hajji SE. Mobile agents with cryptographic traces for intrusion detection in the cloud computing. Procedia Computer Science. 2015; 73:179-86.

[14][14]Zhang Y, Li M, Bai K, Yu M, Zang W. Incentive compatible moving target defense against VM-colocation attacks in clouds. In IFIP international information security conference 2012 (pp. 388-99). Springer, Berlin, Heidelberg.

[15][15]Dixit P, Gupta AK, Trivedi MC, Yadav VK. Traditional and hybrid encryption techniques: a survey. In Networking Communication and Data Knowledge Engineering 2018 (pp. 239-48). Springer, Singapore.

[16][16]Ferretti L, Marchetti M, Andreolini M, Colajanni M. A symmetric cryptographic scheme for data integrity verification in cloud databases. Information Sciences. 2018; 422:497-515.

[17][17]Hu F, Qiu M, Li J, Grant T, Taylor D, McCaleb S, Butler L, Hamner R. A review on cloud computing: design challenges in architecture and security. Journal of Computing and Information Technology. 2011; 19(1):25-55.

[18][18]Islam MM, Razzaque MA, Hassan MM, Ismail WN, Song B. Mobile cloud-based big healthcare data processing in smart cities. IEEE Access. 2017; 5:11887-99.

[19][19]Sahoo J, Mohapatra S, Lath R. Virtualization: a survey on concepts, taxonomy and associated security issues. In second international conference on computer and network technology 2010 (pp. 222-6). IEEE.

[20][20]Shi J, Song X, Chen H, Zang B. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In IEEE/IFIP 41st international conference on dependable systems and networks workshops (DSN-W) 2011 (pp. 194-9). IEEE.

[21][21]Han Y, Chan J, Alpcan T, Leckie C. Virtual machine allocation policies against co-resident attacks in cloud computing. In international conference on communications (ICC) 2014 (pp. 786-92). IEEE.

[22][22]Bates A, Mood B, Pletcher J, Pruse H, Valafar M, Butler K. Detecting co-residency with active traffic analysis techniques. In proceedings of the ACM workshop on cloud computing security workshop 2012 (pp. 1-12). ACM.

[23][23]Yu S, Xiaolin G, Jiancai L, Xuejun Z, Junfei W. Detecting VMS co-residency in cloud: using cache-based side channel attacks. Elektronika ir Elektrotechnika. 2013; 19(5):73-8.

[24][24]Sundareswaran S, Squcciarini AC. Detecting malicious co-resident virtual machines indulging in load-based attacks. In international conference on information and communications security 2013 (pp. 113-24). Springer, Cham.

[25][25]Yu S, Gui X, Lin J. An approach with two-stage mode to detect cache-based side channel attacks. In the international conference on information networking (ICOIN) 2013(pp. 186-91). IEEE.

[26][26]Azar Y, Kamara S, Menache I, Raykova M, Shepard FB. Co-location-resistant clouds. CCSW. 2014; 14:9-20.

[27][27]Annane B, Ghazali O. Virtualization-based security techniques on mobile cloud computing: research gaps and challenges. International Journal of Interactive Mobile Technologies. 2019; 13(4):20-32.