Difference between revisions of "Journal:Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
(Saving and adding more.)
Line 54: Line 54:


Virtualization-based security techniques have five important proprieties<ref name="HanVirtual14" /><ref name="SuoSecur13">{{cite journal |title=Security and privacy in mobile cloud computing |journal=Proceedings from the 9th International Wireless Communications and Mobile Computing Conference |author=Suo, H.; Liu, Z.; Wan, J. et al. |pages=655–659 |year=2013 |doi=10.1109/IWCMC.2013.6583635}}</ref>: efficiency, coverage, complexity, security, and robustness. Roughly speaking, efficiency represents the number of malicious VMs that succeed to co-locate with a target (victim VM), divided by the total number of VMs lunched by the attacker. Coverage represents the number of malicious VMs that succeed to co-locate with a target, divided by the number of targets lunched by a legitimate user. Complexity in security is defined as any secure complex technique that needs high execution time, high computation complexity, and high energy consumption from the cloud server. Security refers to the privacy of the VMs and their sensitive data, meaning that optimally no one would be able to remove or extract the data without knowing the secure key. Similarly, robustness refers to the degree of resistance against any kind of manipulation. Any new approach must negotiate a trade-off among these five proprieties.
Virtualization-based security techniques have five important proprieties<ref name="HanVirtual14" /><ref name="SuoSecur13">{{cite journal |title=Security and privacy in mobile cloud computing |journal=Proceedings from the 9th International Wireless Communications and Mobile Computing Conference |author=Suo, H.; Liu, Z.; Wan, J. et al. |pages=655–659 |year=2013 |doi=10.1109/IWCMC.2013.6583635}}</ref>: efficiency, coverage, complexity, security, and robustness. Roughly speaking, efficiency represents the number of malicious VMs that succeed to co-locate with a target (victim VM), divided by the total number of VMs lunched by the attacker. Coverage represents the number of malicious VMs that succeed to co-locate with a target, divided by the number of targets lunched by a legitimate user. Complexity in security is defined as any secure complex technique that needs high execution time, high computation complexity, and high energy consumption from the cloud server. Security refers to the privacy of the VMs and their sensitive data, meaning that optimally no one would be able to remove or extract the data without knowing the secure key. Similarly, robustness refers to the degree of resistance against any kind of manipulation. Any new approach must negotiate a trade-off among these five proprieties.
Many researchers have begun developing frameworks, policies, and approaches against these kinds of challenges to ensure security for mobile users. These methods are mainly focused on how to ignore the side channel attacks between VMs while the malicious VMs access the cloud servers.<ref name="VattikondaElim11">{{cite journal |title=Eliminating fine grained timers in Xen |journal=Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop |author=Vattikonda, B.C.; Das, S.; Shacham, H. |pages=41–46 |year=2011 |doi=10.1145/2046660.2046671}}</ref><ref name="WuXenPump12">{{cite journal |title=XenPump: A New Method to Mitigate Timing Channel in Cloud Computing |journal=IEEE Fifth International Conference on Cloud Computing |author=Wu, J.; Ding, L.; Lin, Y. et al. |pages=678–685 |year=2012 |doi=10.1109/CLOUD.2012.28}}</ref><ref name="AviramDeterm10">{{cite journal |title=Determinating timing channels in compute clouds |journal=Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop |author=Aviram, A.; Hu, S.; Ford, B. et al. |pages=103–108 |year=2010 |doi=10.1145/1866835.1866854}}</ref><ref name="ShiLimit11">{{cite journal |title=Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring |journal=IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops |author=Shi, J.; Song, X.; Chen, H. et al. |pages=194–199 |year=2011 |doi=10.1109/DSNW.2011.5958812}}</ref> However, all the methods proposed require fundamental changes to the current commercial platform, and they are neither practical nor immediately deployable.<ref name="HanVirtual14" /> Additionally, while also strong candidates, hardware-based techniques lead to a high cost barrier.<ref name="HaoSMOC15" />


==References==
==References==

Revision as of 00:00, 4 September 2019

Full article title Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges
Journal International Journal of Interactive Mobile Technologies
Author(s) Annane, Boubakeur; Ghazali, Osman
Author affiliation(s) Universiti Utara Malaysia
Primary contact Email: jakhar256 at yahoo dot com
Year published 2019
Volume and issue 13(4)
Page(s) 20–32
DOI 10.3991/ijim.v13i04.10515
ISSN 1865-7923
Distribution license Creative Commons Attribution 3.0 Austria
Website https://online-journals.org/index.php/i-jim/article/view/10515
Download https://online-journals.org/index.php/i-jim/article/download/10515/5587 (PDF)

Abstract

The principle constraints of mobile devices are their limited resources, including processing capability, storage space, and battery life. However, cloud computing offers a means of vast computing resources and services. With it a new idea emerged, the inclusion of cloud computing into mobile devices such as smartphones, tablet, and other personal digital assistants (PDA) to augment their capacities, providing a robust technology called mobile cloud computing (MCC). Although MCC has brought many advantages to mobile users, it also still suffers from the security and privacy issues of data while hosted on virtual machines (VM) on remote cloud’s servers. Currently, the eyes of security experts are turned towards the virtualization-based security techniques used either on the cloud or on mobile devices. The new challenge is to develop secure methods in order to authenticate highly sensitive digital content. This paper investigates the main challenges regarding the security and privacy issues inherent to the mobile cloud, focusing on the virtualization issue layer and giving clear strengths and weaknesses of recent relevant virtualization security techniques existing in the literature. Hence, the paper provides perspectives for researchers to adapt in order to achieve progress with future work.

Keywords: mobile cloud computing; virtualization; security and privacy of information; user virtual machines

Introduction

Nowadays, cloud computing is an attractive technology that is known to have an increasing importance for users by delivering services over the internet. It is defined as an information technology (IT) paradigm that allows the user to exploit cloud services in an on-demand way.[1] Three main services are provided: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In IaaS, virtualization relies on sharing computing resources rather than having personal mobile devices to handle and to perform applications and tasks simultaneously and efficiently.[2]

Mobile cloud computing (MCC) has quickly grown in popularity among individuals and user communities. It combines the cloud computing paradigm with mobile devices through wireless technology in order to avoid the devices’ capacity restrictions and leverage the resources offered by cloud computing services.[3] Mobile devices such as smartphone and tablets have several limitations in their resource capacities (CPU, memory, and storage space) which inhibit application developers from providing powerful software solutions and hinder users in enjoying those solutions in their daily life.[2] Integrating cloud computing services with mobile computing is an interesting solution towards solving these issues. MCC allows users to upload and move their applications, services, and data on shared cloud servers, taking advantage of their large remote storage capacity and significant computing resources when running intensive applications, taking the strain off the battery life of mobile devices. Recently, the use of mobile devices has moved beyond simple applications and into more complex and crucial applications which deal with sensitive data in various multimedia formats (text, images, audio, and video), including banking, health, and transport applications. The moving of clients’ data and services to the cloud raises many security challenges, particularly involving the major concerns of data security and privacy protection due to data being located in different distributed places.

Security is considered a major challenge with MCC environments. Mobile cloud security's issues are inherited from cloud computing, so we are at least familiar with those issues; however, those issues are more critical with MCC because of devices’ limited resource capacity (e.g., lack of CPU capability) to handle CPU-intensive malware detection applications that protect sensitive data, at least when compared to personal computers. The tenants’ worries are concentrated on the migration to the cloud of their data, which might face more risks once they share the same cloud resources with other tenants.[4] With MCC, cloud service providers offer the sharing of their resources to mobile users through the popular technique of virtualization, which increases the efficiency and effectiveness of hardware utilization.[5] Various users’ virtual machines are running on the same cloud host when they share the same cloud resources, which leads to additional security risks like violating data use terms once the data shares the same memory or CPU.[6][6] Consequently, an important question must be raised whether the other cloud virtual machines’ clients are trusted or not. Several robust security techniques have been proposed in this decade, and a number of new techniques or improved versions of the latest approaches have been developed. However, most of the solutions proposed are not practical due to the critical change—eliminating side channels and clocks, as well as the hypervisor—that comes with the cloud platform.[5] In this work, we aim to collect and present some relevant virtualization-based security techniques currently available in the field and review in detail the topic of various newly emerged security challenges.

The rest of this paper is organized as follows. Firstly, we present basic requirements of the virtualization techniques on MCC. We detail malicious attacks and briefly review quality measures. Then, we discuss the recent virtualization security techniques, with comparison and evaluation of different approaches also presented. Then, we present discussion, research gaps, and challenges concerning a security-based virtualization layer. Finally, in the last section, we conclude and present plans for future work.

Virtualization-based security preliminaries

In MCC, cloud services are provided for mobile users using virtualization technologies. Virtualization is defined as a middle layer between the software and hardware layers in a cloud server that allows the cloud provider to efficiently exploit their services and computing resources.[7] These resources can be shared among multiple virtual machines in order to run services simultaneously while also sharing benefits from available servers’ resources (e.g., CPU, network bandwidth, memory, etc.).[8] The virtualization process can reportedly increase hardware utilization (efficiency) between 60% and 80%.[9] The use of remote servers and other hardware utilization techniques also improves mobile device battery life by saving energy.[10][11]

The execution of mobile applications is considered a computationally intensive task that requires significant resource consumption on mobile devices. However, this kind of challenge has been defeated by the offloading technique. The computationally intensive application is divided into many tasks, which are migrated to the cloud (remote servers) for fast processing, with the results returned back to the mobile terminal afterwards.[12] On the cloud end, once the mobile task is offloaded, a virtual machine image of the mobile device (also called a "phone clone") is pre-installed for processing the mobile user’s application data, which increases the efficiency of the cloud environment and decreases the maintenance overhead on the mobile device.[4][13] Therefore, running the phone clone of the mobile device on the same server and isolating them is the main role of the virtualization technology. However, multiple works[5][6][14][15][16][17][18] have shown that virtualization has brought with it several security concerns[7] that affect virtualized systems, including denial-of-service (DOS) attacks. This kind of attack hits insipid information like workload statistics to know whether the system is vulnerable or not. Moreover, virtualization techniques on MCC brings new security risks such as unauthorized access from malicious virtual machines (VMs), VM-to-VM attacks, breaches of confidential mobile user data, VM monitoring challenges (e.g., the hypervisor), and communication challenges in a virtualized environment.[4][7] Thus, ensuring security mechanisms that prevent leakage of sensitive data and information from legitimate phone clones is not an easy task.

In terms of security, virtualization-based techniques are regrouped into two main categories: hardware-based techniques and software-based techniques. For the first class, we distinguish secure application cloning on VM[14] and the protection of VMs from a malicious hypervisor[19] as two useful techniques. For the second, we also consider two techniques: VM-based security techniques[15][16][17][20] and security techniques based on load balancing the VM.[5][18] Fig. 1 summarizes the important classes of virtualization-based security approaches.


Fig1 Annane IntJInterMobileTech2019 13-4.png

Fig. 1 Classification of virtualization-based security techniques

Virtualization-based security techniques have five important proprieties[16][21]: efficiency, coverage, complexity, security, and robustness. Roughly speaking, efficiency represents the number of malicious VMs that succeed to co-locate with a target (victim VM), divided by the total number of VMs lunched by the attacker. Coverage represents the number of malicious VMs that succeed to co-locate with a target, divided by the number of targets lunched by a legitimate user. Complexity in security is defined as any secure complex technique that needs high execution time, high computation complexity, and high energy consumption from the cloud server. Security refers to the privacy of the VMs and their sensitive data, meaning that optimally no one would be able to remove or extract the data without knowing the secure key. Similarly, robustness refers to the degree of resistance against any kind of manipulation. Any new approach must negotiate a trade-off among these five proprieties.

Many researchers have begun developing frameworks, policies, and approaches against these kinds of challenges to ensure security for mobile users. These methods are mainly focused on how to ignore the side channel attacks between VMs while the malicious VMs access the cloud servers.[22][23][24][25] However, all the methods proposed require fundamental changes to the current commercial platform, and they are neither practical nor immediately deployable.[16] Additionally, while also strong candidates, hardware-based techniques lead to a high cost barrier.[14]

References

  1. Deng, M.; Petkovic, M.; Nalin, M. et al. (2011). "A Home Healthcare System in the Cloud--Addressing Security and Privacy Challenges". IEEE 4th International Conference on Cloud Computing: 549-556. doi:10.1109/CLOUD.2011.108. 
  2. 2.0 2.1 Rahimi, M.R.; Rn, J.; Liu, C.H. et al. (2014). "Mobile Cloud Computing: A Survey, State of Art and Future Directions". Mobile Networks and Applications 19 (2): 133–43. doi:10.1007/s11036-013-0477-4. 
  3. Zhang, Y.; Chen, X.; Li, J. et al. (2017). "Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing". Information Sciences 379: 42–61. doi:10.1016/j.ins.2016.04.015. 
  4. 4.0 4.1 4.2 Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. (2017). "Security and privacy challenges in mobile cloud computing: Survey and way ahead". Journal of Network and Computer Applications 84: 38–54. doi:10.1016/j.jnca.2017.02.001. 
  5. 5.0 5.1 5.2 5.3 Han, Y.; Chan, J.; Alpcan, T. et al. (2015). "Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing". IEEE Transactions on Dependable and Secure Computing 14 (1): 95–108. doi:10.1109/TDSC.2015.2429132. 
  6. 6.0 6.1 6.2 Ristenpart, T.; Tromer, E.; Shacham, H. et al. (2009). "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds". Proceedings of the 16th ACM Conference on Computer and Communications Security: 199–212. doi:10.1145/1653662.1653687.  Cite error: Invalid <ref> tag; name "RistenpartHeyYou09" defined multiple times with different content
  7. 7.0 7.1 7.2 Sgandurra, D.; Lupu, E. (2016). "Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems". ACM Computing Surveys (CSUR) 48 (3): 46. doi:10.1145/2856126. 
  8. Islam, M.; Rzzaque, A.; Hassan, M.H. et al. (2017). "Mobile Cloud-Based Big Healthcare Data Processing in Smart Cities". IEEE Access 5: 11887–11899. doi:10.1109/ACCESS.2017.2707439. 
  9. Hu, F.; Qiu, M.; Li, J. et al. (2011). "A Review on Cloud Computing: Design Challenges in Architecture and Security". Journal of Computing and Information Technology 19 (1): 25–55. doi:10.2498/cit.1001864. 
  10. Ellouze, A.; Gagnaire, M.; Haddad, A. (2015). "A Mobile Application Offloading Algorithm for Mobile Cloud Computing". Proceedings of the 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering: 34–40. doi:10.1109/MobileCloud.2015.11. 
  11. Dhanya, N.M.; Kousalya, G. (2015). "Adaptive and Secure Application Partitioning for Offloading in Mobile Cloud Computing". SSCC 2015: International Symposium on Security in Computing and Communication: 45–53. doi:10.1007/978-3-319-22915-7_5. 
  12. Shiraz, M.; Gani, A.; Jhokhar, R. et al. (2013). "A Review on Distributed Application Processing Frameworks in Smart Mobile Devices for Mobile Cloud Computing". IEEE Communications Surveys & Tutorials 15 (3): 1294–1313. doi:10.1109/SURV.2012.111412.00045. 
  13. Sahoo, J.; Mohapatra, S.; Lath, R. (2010). "Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues". Second International Conference on Computer and Network Technology: 222–226. doi:10.1109/ICCNT.2010.49. 
  14. 14.0 14.1 14.2 Hao, Z.; Tang, Y.; Zhang, Y. et al. (2015). "SMOC: A secure mobile cloud computing platform". 2015 IEEE Conference on Computer Communications: 2668-2676. doi:10.1109/INFOCOM.2015.7218658. 
  15. 15.0 15.1 Paladi, N.; Gehrmann, C.; Michalas, A. (2017). "Providing User Security Guarantees in Public Infrastructure Clouds". IEEE Transactions on Cloud Computing 5: 405-419. doi:10.1109/TCC.2016.2525991. 
  16. 16.0 16.1 16.2 16.3 Han, Y.; Chan, J.; Alpcan, T. et al. (2014). "Virtual machine allocation policies against co-resident attacks in cloud computing". 2014 IEEE International Conference on Communications: 786-792. doi:10.1109/ICC.2014.6883415. 
  17. 17.0 17.1 Yu, S.; Xiaolin, G.; Jiancai, L. et al. (2013). "Detecting VMs Co-residency in Cloud: Using Cache-based Side Channel Attacks". Elektronika ir Elektrotechnika 19 (5): 73–78. doi:10.5755/j01.eee.19.5.2422. 
  18. 18.0 18.1 Vaezpour, S.Y.; Zhang, R.; Wi, K. et al. (2016). "A new approach to mitigating security risks of phone clone co-location over mobile clouds". Journal of Network and Computer Applications 62: 171–184. doi:10.1016/j.jnca.2016.01.005. 
  19. Jin, S.; Ahn, J.; Seol, J. et al. (2015). "H-SVM: Hardware-Assisted Secure Virtual Machines under a Vulnerable Hypervisor". IEEE Transactions on Computers 64 (10): 2833–2846. doi:10.1109/TC.2015.2389792. 
  20. Liang, H.; Han, C.; Zhang, D. et al. (2015). "A Lightweight Security Isolation Approach for Virtual Machines Deployment". Inscrypt 2014: International Conference on Information Security and Cryptology: 516–529. doi:10.1007/978-3-319-16745-9_28. 
  21. Suo, H.; Liu, Z.; Wan, J. et al. (2013). "Security and privacy in mobile cloud computing". Proceedings from the 9th International Wireless Communications and Mobile Computing Conference: 655–659. doi:10.1109/IWCMC.2013.6583635. 
  22. Vattikonda, B.C.; Das, S.; Shacham, H. (2011). "Eliminating fine grained timers in Xen". Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop: 41–46. doi:10.1145/2046660.2046671. 
  23. Wu, J.; Ding, L.; Lin, Y. et al. (2012). "XenPump: A New Method to Mitigate Timing Channel in Cloud Computing". IEEE Fifth International Conference on Cloud Computing: 678–685. doi:10.1109/CLOUD.2012.28. 
  24. Aviram, A.; Hu, S.; Ford, B. et al. (2010). "Determinating timing channels in compute clouds". Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop: 103–108. doi:10.1145/1866835.1866854. 
  25. Shi, J.; Song, X.; Chen, H. et al. (2011). "Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring". IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops: 194–199. doi:10.1109/DSNW.2011.5958812. 

Notes

This presentation attempts to remain faithful to the original, with only a few minor changes to presentation. Grammar and punctuation has been updated reasonably to improve readability. In some cases important information was missing from the references, and that information was added. References appear in the order of the inline citations, by design.