Difference between revisions of "Journal:Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges"
Shawndouglas (talk | contribs) (Saving and adding more.) |
Shawndouglas (talk | contribs) (Saving and adding more.) |
||
Line 31: | Line 31: | ||
Security is considered a major challenge with MCC environments. Mobile cloud security's issues are inherited from cloud computing, so we are at least familiar with those issues; however, those issues are more critical with MCC because of devices’ limited resource capacity (e.g., lack of CPU capability) to handle CPU-intensive malware detection applications that protect sensitive data, at least when compared to personal computers. The tenants’ worries are concentrated on the migration to the cloud of their data, which might face more risks once they share the same cloud resources with other tenants.<ref name="MollahSecurity17">{{cite journal |title=Security and privacy challenges in mobile cloud computing: Survey and way ahead |journal=Journal of Network and Computer Applications |author=Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. |volume=84 |pages=38–54 |year=2017 |doi=10.1016/j.jnca.2017.02.001}}</ref> With MCC, cloud service providers offer the sharing of their resources to mobile users through the popular technique of virtualization, which increases the efficiency and effectiveness of hardware utilization.<ref name="HanUsing15">{{cite journal |title=Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing |journal=IEEE Transactions on Dependable and Secure Computing |author=Han, Y.; Chan, J.; Alpcan, T. et al. |volume=14 |issue=1 |pages=95–108 |year=2015 |doi=10.1109/TDSC.2015.2429132}}</ref> Various users’ virtual machines are running on the same cloud host when they share the same cloud resources, which leads to additional security risks like violating data use terms once the data shares the same memory or CPU.<ref name="RistenpartHeyYou09">{{cite journal |title=Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds |journal=Proceedings of the 16th ACM Conference on Computer and Communications Security |author=Ristenpart, T.; Tromer, E.; Shacham, H. et al. |pages=199–212 |year=2009 |doi=10.1145/1653662.1653687}}</ref><ref name="RistenpartHeyYou09">{{cite journal |title=Cross-VM side channels and their use to extract private keys |journal=Proceedings of the 2012 ACM Conference on Computer and Communications Security |author=Zhang, Y.; Juels, A.; Reiter, M.K. et al. |pages=305–316 |year=2012 |doi=10.1145/2382196.2382230}}</ref> Consequently, an important question must be raised whether the other cloud virtual machines’ clients are trusted or not. Several robust security techniques have been proposed in this decade, and a number of new techniques or improved versions of the latest approaches have been developed. However, most of the solutions proposed are not practical due to the critical change—eliminating side channels and clocks, as well as the hypervisor—that comes with the cloud platform.<ref name="HanUsing15" /> In this work, we aim to collect and present some relevant virtualization-based security techniques currently available in the field and review in detail the topic of various newly emerged security challenges. | Security is considered a major challenge with MCC environments. Mobile cloud security's issues are inherited from cloud computing, so we are at least familiar with those issues; however, those issues are more critical with MCC because of devices’ limited resource capacity (e.g., lack of CPU capability) to handle CPU-intensive malware detection applications that protect sensitive data, at least when compared to personal computers. The tenants’ worries are concentrated on the migration to the cloud of their data, which might face more risks once they share the same cloud resources with other tenants.<ref name="MollahSecurity17">{{cite journal |title=Security and privacy challenges in mobile cloud computing: Survey and way ahead |journal=Journal of Network and Computer Applications |author=Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. |volume=84 |pages=38–54 |year=2017 |doi=10.1016/j.jnca.2017.02.001}}</ref> With MCC, cloud service providers offer the sharing of their resources to mobile users through the popular technique of virtualization, which increases the efficiency and effectiveness of hardware utilization.<ref name="HanUsing15">{{cite journal |title=Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing |journal=IEEE Transactions on Dependable and Secure Computing |author=Han, Y.; Chan, J.; Alpcan, T. et al. |volume=14 |issue=1 |pages=95–108 |year=2015 |doi=10.1109/TDSC.2015.2429132}}</ref> Various users’ virtual machines are running on the same cloud host when they share the same cloud resources, which leads to additional security risks like violating data use terms once the data shares the same memory or CPU.<ref name="RistenpartHeyYou09">{{cite journal |title=Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds |journal=Proceedings of the 16th ACM Conference on Computer and Communications Security |author=Ristenpart, T.; Tromer, E.; Shacham, H. et al. |pages=199–212 |year=2009 |doi=10.1145/1653662.1653687}}</ref><ref name="RistenpartHeyYou09">{{cite journal |title=Cross-VM side channels and their use to extract private keys |journal=Proceedings of the 2012 ACM Conference on Computer and Communications Security |author=Zhang, Y.; Juels, A.; Reiter, M.K. et al. |pages=305–316 |year=2012 |doi=10.1145/2382196.2382230}}</ref> Consequently, an important question must be raised whether the other cloud virtual machines’ clients are trusted or not. Several robust security techniques have been proposed in this decade, and a number of new techniques or improved versions of the latest approaches have been developed. However, most of the solutions proposed are not practical due to the critical change—eliminating side channels and clocks, as well as the hypervisor—that comes with the cloud platform.<ref name="HanUsing15" /> In this work, we aim to collect and present some relevant virtualization-based security techniques currently available in the field and review in detail the topic of various newly emerged security challenges. | ||
The rest of this paper is organized as follows. Firstly, we present basic requirements of the virtualization techniques on MCC. We detail malicious attacks and briefly review quality measures. Then, we discuss the recent virtualization security techniques, with comparison and evaluation of different approaches also presented. Then, we present discussion, research gaps, and challenges concerning a security-based virtualization layer. Finally, in the last section, we conclude and present plans for future work. | |||
==Virtualization-based security preliminaries== | |||
In MCC, cloud services are provided for mobile users using virtualization technologies. Virtualization is defined as a middle layer between the software and hardware layers in a cloud server that allows the cloud provider to efficiently exploit their services and computing resources.<ref name="SgandurraEvol16">{{cite journal |title=Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems |journal=ACM Computing Surveys (CSUR) |author=Sgandurra, D.; Lupu, E. |volume=48 |issue=3 |pages=46 |year=2016 |doi=10.1145/2856126}}</ref> These resources can be shared among multiple virtual machines in order to run services simultaneously while also sharing benefits from available servers’ resources (e.g., CPU, network bandwidth, memory, etc.).<ref name="IslamMobile17">{{cite journal |title=Mobile Cloud-Based Big Healthcare Data Processing in Smart Cities |journal=IEEE Access |author=Islam, M.; Rzzaque, A.; Hassan, M.H. et al. |volume=5 |pages=11887–11899 |year=2017 |doi=10.1109/ACCESS.2017.2707439}}</ref> The virtualization process can reportedly increase hardware utilization (efficiency) between 60% and 80%.<ref name="HuAReview11">{{cite journal |title=A Review on Cloud Computing: Design Challenges in Architecture and Security |journal=Journal of Computing and Information Technology |author=Hu, F.; Qiu, M.; Li, J. et al. |volume=19 |issue=1 |pages=25–55 |year=2011 |doi=10.2498/cit.1001864}}</ref> The use of remote servers and other hardware utilization techniques also improves mobile device battery life by saving energy.<ref name="EllouzeAMobile15">{{cite journal |title=A Mobile Application Offloading Algorithm for Mobile Cloud Computing |journal=Proceedings of the 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering |author=Ellouze, A.; Gagnaire, M.; Haddad, A. |pages=34–40 |year=2015 |doi=10.1109/MobileCloud.2015.11}}</ref><ref name="DhanyaAdapt15">{{cite journal |title=Adaptive and Secure Application Partitioning for Offloading in Mobile Cloud Computing |journal=SSCC 2015: International Symposium on Security in Computing and Communication |author=Dhanya, N.M.; Kousalya, G. |pages=45–53 |year=2015 |doi=10.1007/978-3-319-22915-7_5}}</ref> | |||
==References== | ==References== |
Revision as of 22:29, 3 September 2019
Full article title | Virtualization-based security techniques on mobile cloud computing: Research gaps and challenges |
---|---|
Journal | International Journal of Interactive Mobile Technologies |
Author(s) | Annane, Boubakeur; Ghazali, Osman |
Author affiliation(s) | Universiti Utara Malaysia |
Primary contact | Email: jakhar256 at yahoo dot com |
Year published | 2019 |
Volume and issue | 13(4) |
Page(s) | 20–32 |
DOI | 10.3991/ijim.v13i04.10515 |
ISSN | 1865-7923 |
Distribution license | Creative Commons Attribution 3.0 Austria |
Website | https://online-journals.org/index.php/i-jim/article/view/10515 |
Download | https://online-journals.org/index.php/i-jim/article/download/10515/5587 (PDF) |
Abstract
The principle constraints of mobile devices are their limited resources, including processing capability, storage space, and battery life. However, cloud computing offers a means of vast computing resources and services. With it a new idea emerged, the inclusion of cloud computing into mobile devices such as smartphones, tablet, and other personal digital assistants (PDA) to augment their capacities, providing a robust technology called mobile cloud computing (MCC). Although MCC has brought many advantages to mobile users, it also still suffers from the security and privacy issues of data while hosted on virtual machines (VM) on remote cloud’s servers. Currently, the eyes of security experts are turned towards the virtualization-based security techniques used either on the cloud or on mobile devices. The new challenge is to develop secure methods in order to authenticate highly sensitive digital content. This paper investigates the main challenges regarding the security and privacy issues inherent to the mobile cloud, focusing on the virtualization issue layer and giving clear strengths and weaknesses of recent relevant virtualization security techniques existing in the literature. Hence, the paper provides perspectives for researchers to adapt in order to achieve progress with future work.
Keywords: mobile cloud computing; virtualization; security and privacy of information; user virtual machines
Introduction
Nowadays, cloud computing is an attractive technology that is known to have an increasing importance for users by delivering services over the internet. It is defined as an information technology (IT) paradigm that allows the user to exploit cloud services in an on-demand way.[1] Three main services are provided: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In IaaS, virtualization relies on sharing computing resources rather than having personal mobile devices to handle and to perform applications and tasks simultaneously and efficiently.[2]
Mobile cloud computing (MCC) has quickly grown in popularity among individuals and user communities. It combines the cloud computing paradigm with mobile devices through wireless technology in order to avoid the devices’ capacity restrictions and leverage the resources offered by cloud computing services.[3] Mobile devices such as smartphone and tablets have several limitations in their resource capacities (CPU, memory, and storage space) which inhibit application developers from providing powerful software solutions and hinder users in enjoying those solutions in their daily life.[2] Integrating cloud computing services with mobile computing is an interesting solution towards solving these issues. MCC allows users to upload and move their applications, services, and data on shared cloud servers, taking advantage of their large remote storage capacity and significant computing resources when running intensive applications, taking the strain off the battery life of mobile devices. Recently, the use of mobile devices has moved beyond simple applications and into more complex and crucial applications which deal with sensitive data in various multimedia formats (text, images, audio, and video), including banking, health, and transport applications. The moving of clients’ data and services to the cloud raises many security challenges, particularly involving the major concerns of data security and privacy protection due to data being located in different distributed places.
Security is considered a major challenge with MCC environments. Mobile cloud security's issues are inherited from cloud computing, so we are at least familiar with those issues; however, those issues are more critical with MCC because of devices’ limited resource capacity (e.g., lack of CPU capability) to handle CPU-intensive malware detection applications that protect sensitive data, at least when compared to personal computers. The tenants’ worries are concentrated on the migration to the cloud of their data, which might face more risks once they share the same cloud resources with other tenants.[4] With MCC, cloud service providers offer the sharing of their resources to mobile users through the popular technique of virtualization, which increases the efficiency and effectiveness of hardware utilization.[5] Various users’ virtual machines are running on the same cloud host when they share the same cloud resources, which leads to additional security risks like violating data use terms once the data shares the same memory or CPU.[6][6] Consequently, an important question must be raised whether the other cloud virtual machines’ clients are trusted or not. Several robust security techniques have been proposed in this decade, and a number of new techniques or improved versions of the latest approaches have been developed. However, most of the solutions proposed are not practical due to the critical change—eliminating side channels and clocks, as well as the hypervisor—that comes with the cloud platform.[5] In this work, we aim to collect and present some relevant virtualization-based security techniques currently available in the field and review in detail the topic of various newly emerged security challenges.
The rest of this paper is organized as follows. Firstly, we present basic requirements of the virtualization techniques on MCC. We detail malicious attacks and briefly review quality measures. Then, we discuss the recent virtualization security techniques, with comparison and evaluation of different approaches also presented. Then, we present discussion, research gaps, and challenges concerning a security-based virtualization layer. Finally, in the last section, we conclude and present plans for future work.
Virtualization-based security preliminaries
In MCC, cloud services are provided for mobile users using virtualization technologies. Virtualization is defined as a middle layer between the software and hardware layers in a cloud server that allows the cloud provider to efficiently exploit their services and computing resources.[7] These resources can be shared among multiple virtual machines in order to run services simultaneously while also sharing benefits from available servers’ resources (e.g., CPU, network bandwidth, memory, etc.).[8] The virtualization process can reportedly increase hardware utilization (efficiency) between 60% and 80%.[9] The use of remote servers and other hardware utilization techniques also improves mobile device battery life by saving energy.[10][11]
References
- ↑ Deng, M.; Petkovic, M.; Nalin, M. et al. (2011). "A Home Healthcare System in the Cloud--Addressing Security and Privacy Challenges". IEEE 4th International Conference on Cloud Computing: 549-556. doi:10.1109/CLOUD.2011.108.
- ↑ 2.0 2.1 Rahimi, M.R.; Rn, J.; Liu, C.H. et al. (2014). "Mobile Cloud Computing: A Survey, State of Art and Future Directions". Mobile Networks and Applications 19 (2): 133–43. doi:10.1007/s11036-013-0477-4.
- ↑ Zhang, Y.; Chen, X.; Li, J. et al. (2017). "Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing". Information Sciences 379: 42–61. doi:10.1016/j.ins.2016.04.015.
- ↑ Mollah, M.B.; Azad, M.A.K.; Vasilakos, A. (2017). "Security and privacy challenges in mobile cloud computing: Survey and way ahead". Journal of Network and Computer Applications 84: 38–54. doi:10.1016/j.jnca.2017.02.001.
- ↑ 5.0 5.1 Han, Y.; Chan, J.; Alpcan, T. et al. (2015). "Using Virtual Machine Allocation Policies to Defend against Co-Resident Attacks in Cloud Computing". IEEE Transactions on Dependable and Secure Computing 14 (1): 95–108. doi:10.1109/TDSC.2015.2429132.
- ↑ 6.0 6.1 Ristenpart, T.; Tromer, E.; Shacham, H. et al. (2009). "Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds". Proceedings of the 16th ACM Conference on Computer and Communications Security: 199–212. doi:10.1145/1653662.1653687.
Cite error: Invalid
<ref>
tag; name "RistenpartHeyYou09" defined multiple times with different content - ↑ Sgandurra, D.; Lupu, E. (2016). "Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems". ACM Computing Surveys (CSUR) 48 (3): 46. doi:10.1145/2856126.
- ↑ Islam, M.; Rzzaque, A.; Hassan, M.H. et al. (2017). "Mobile Cloud-Based Big Healthcare Data Processing in Smart Cities". IEEE Access 5: 11887–11899. doi:10.1109/ACCESS.2017.2707439.
- ↑ Hu, F.; Qiu, M.; Li, J. et al. (2011). "A Review on Cloud Computing: Design Challenges in Architecture and Security". Journal of Computing and Information Technology 19 (1): 25–55. doi:10.2498/cit.1001864.
- ↑ Ellouze, A.; Gagnaire, M.; Haddad, A. (2015). "A Mobile Application Offloading Algorithm for Mobile Cloud Computing". Proceedings of the 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering: 34–40. doi:10.1109/MobileCloud.2015.11.
- ↑ Dhanya, N.M.; Kousalya, G. (2015). "Adaptive and Secure Application Partitioning for Offloading in Mobile Cloud Computing". SSCC 2015: International Symposium on Security in Computing and Communication: 45–53. doi:10.1007/978-3-319-22915-7_5.
Notes
This presentation attempts to remain faithful to the original, with only a few minor changes to presentation. Grammar and punctuation has been updated reasonably to improve readability. In some cases important information was missing from the references, and that information was added.