Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds.

Slides:

Advertisements

Similar presentations

Abstract Shortest distance query is a fundamental operation in large-scale networks. Many existing methods in the literature take a landmark embedding.

Advertisements

CloudMoV: Cloud-based Mobile Social TV

On the Node Clone Detection inWireless Sensor Networks.

Optimizing Cloud Resources for Delivering IPTV Services Through Virtualization.

Abstract Cloud data center management is a key problem due to the numerous and heterogeneous strategies that can be applied, ranging from the VM placement.

Annotating Search Results from Web Databases. Abstract An increasing number of databases have become web accessible through HTML form-based search interfaces.

Abstract Load balancing in the cloud computing environment has an important impact on the performance. Good load balancing makes cloud computing more.

A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation.

Back-Pressure-Based Packet-by-Packet Adaptive Routing in Communication Networks.

Personalized QoS-Aware Web Service Recommendation and Visualization.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs.

NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.

Dynamic Resource Allocation Using Virtual Machines for Cloud Computing Environment.

Security Evaluation of Pattern Classifiers under Attack.

Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks.

Privacy-Preserving Public Auditing for Secure Cloud Storage

BestPeer++: A Peer-to-Peer Based Large-Scale Data Processing Platform.

Improving Network I/O Virtualization for Cloud Computing.

Privacy Preserving Data Sharing With Anonymous ID Assignment

Mobile Relay Configuration in Data-Intensive Wireless Sensor Networks.

m-Privacy for Collaborative Data Publishing

PACK: Prediction-Based Cloud Bandwidth and Cost Reduction System

EAACK—A Secure Intrusion-Detection System for MANETs

A Fast Clustering-Based Feature Subset Selection Algorithm for High- Dimensional Data.

Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks.

Optimal Client-Server Assignment for Internet Distributed Systems.

Protecting Sensitive Labels in Social Network Data Anonymization.

Identity-Based Secure Distributed Data Storage Schemes.

Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.

Hiding in the Mobile Crowd: Location Privacy through Collaboration.

LARS*: An Efficient and Scalable Location-Aware Recommender System.

Cooperative Caching for Efficient Data Access in Disruption Tolerant Networks.

Anonymization of Centralized and Distributed Social Networks by Sequential Clustering.

Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.

Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage.

Content Sharing over Smartphone-Based Delay- Tolerant Networks.

Abstract Link error and malicious packet dropping are two sources for packet losses in multi-hop wireless ad hoc network. In this paper, while observing.

A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.

Modeling the Pairwise Key Predistribution Scheme in the Presence of Unreliable Links.

Privacy Preserving Delegated Access Control in Public Clouds.

Anomaly Detection via Online Over-Sampling Principal Component Analysis.

A Method for Mining Infrequent Causal Associations and Its Application in Finding Adverse Drug Reaction Signal Pairs.

A Generalized Flow-Based Method for Analysis of Implicit Relationships on Wikipedia.

Keyword Query Routing.

A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.

Abstract With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to the commercial.

Facilitating Document Annotation using Content and Querying Value.

Traffic Pattern-Based Content Leakage Detection for Trusted Content Delivery Networks.

Privacy Preserving Back- Propagation Neural Network Learning Made Practical with Cloud Computing.

Participatory Privacy: Enabling Privacy in Participatory Sensing

Preventing Private Information Inference Attacks on Social Networks.

DCIM: Distributed Cache Invalidation Method for Maintaining Cache Consistency in Wireless Mobile Networks.

Supporting Privacy Protection in Personalized Web Search.

Twitsper: Tweeting Privately. Abstract Although online social networks provide some form of privacy controls to protect a user's shared content from other.

m-Privacy for Collaborative Data Publishing

Attribute-Based Encryption With Verifiable Outsourced Decryption.

A Scalable Two-Phase Top-Down Specialization Approach for Data Anonymization Using MapReduce on Cloud.

Multiparty Access Control for Online Social Networks : Model and Mechanisms.

Harnessing the Cloud for Securely Outsourcing Large- Scale Systems of Linear Equations.

Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption.

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.

Privacy-Enhanced Web Service Composition. Abstract Data as a Service (DaaS) builds on service-oriented technologies to enable fast access to data resources.

Privacy-Preserving and Content-Protecting Location Based Queries.

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.

Load Rebalancing for Distributed File Systems in Clouds.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Dynamic Query Forms for Database Queries. Abstract Modern scientific databases and web databases maintain large and heterogeneous data. These real-world.

Presentation transcript:

Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds

Abstract Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers.

Abstract con… We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

Existing System Cloud computing has emerged as a cost-effective resource leasing paradigm, which obviates the need for users maintain complex physical computing infrastructures by themselves. Software-as-a-service (SaaS) clouds (e.g., Amazon Web Service (AWS) [1] and Google AppEngine [2]) build upon the concepts of software as a service [3] and service-oriented architecture (SOA) [4], [5], which enable application service providers (ASPs) to deliver their applications via the massive cloud computing infrastructure. In particular, our work focuses on data stream processing services [6], [7], [8] that are considered to be one class of killer applications for clouds with many real-world applications in security surveillance, scientific computing, and business intelligence.

ArchitectureDiagram

System Specification HARDWARE REQUIREMENTS Processor : intel Pentium IV Ram : 512 MB Hard Disk : 80 GB HDD SOFTWARE REQUIREMENTS Operating System : windows XP / Windows 7 FrontEnd : Java BackEnd : MySQL 5

C ONCLUSION In this paper, we have presented the design and imple¬mentation of IntTest, a novel integrated service integrity attestation framework for multitenant software-as-a-service cloud systems. IntTest employs randomized replay-based consistency check to verify the integrity of distributed service components without imposing high overhead to the cloud infrastructure. IntTest performs integrated analysis over both consistency and inconsistency attestation graphs to pinpoint colluding attackers more efficiently than xisting techniques. Furthermore, IntTest provides result autocorrection to automatically correct compromised re¬sults to improve the result quality.

THANK YOU