1. Developing and Securing the Cloud
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
January – May 2015

2. Objective of the Unit
This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in
Lectures
Secure Web Services
Secure Cloud Computing
Paper Presentations
Book: Bhavani Thuraisingham, Developing and Securing the Cloud, CRC Press, November 2013

3. Outline of the Unit Outline of Course Course Work Course Rules Contact
Papers to read for lectures after Spring Break
Index to lectures and preparation for exams
Acknowledgement:
AFOSR for funding our research in assured cloud computing
NSF for funding our capacity building effort in cloud computing

4. Topics for Lectures January 16: Background Information
Cyber Security, Web Services
January 23: Secure Web Services, Secure Cloud Computing
January 30: Comprehensive Overview of Secure Cloud; Cloud-based Assured Information Sharing
February 6: Secure Document Publishing in the Cloud; Secure Cloud Computing Guidelines
February 13: Secure Virtualization; Virtual Machine Introspection
February 20: Secure Cloud Data and Storage Management
February 27/March 6: Identity Management for the Cloud; Secure Cloud Computing Products
March 13: Exam #1 – Repeat exam: March 27, 2015

5. Topics for Lectures March 20: Mid-term break March 27 – repeat Exam #1
April 3 lecture – Host Health Detection; Big Data Security and Privacy
April 10, 17, 24: Paper presentations
May 1: Paper presentation, Programming project presentation, and review for exam #2
May 6 – Exam #2

6. Course Work Two exams each worth 24 points
Programming project worth 16 points
Four homework assignments – 4 points each
Two term papers – 8 points each (revised: One term paper 8 points)
Paper Presentation - 4 points
Extra credit for term paper #2: 2 points

7. Course Rules
Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 2 points will be deducted out of 100 for each lecture missed without approval.
Each student will work individually
Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date
No make up exams unless student can produce a medical certificate or give evidence of close family emergency
Copying material from other sources will not be permitted unless the source is properly referenced
Any student who plagiarizes from other sources will be reported to the appropriate UTD authorities

8. Contact For more information please contact Dr. Bhavani Thuraisingham
Professor of Computer Science and
Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080
Phone:
Fax:
URL:

9. Assignments/Term Papers/Programming Project Schedule
Posted in Lecture #8
Given on January 30, 2015; Due on February 13, 2015
Assignment #2
Posted in Lecture #12
Given on Feb 13; Due on Feb 27
Assignment #3
Given on April 3, 2015; Due on April 17, 2015
Assignment #4
Given on April 20, 2015; Due on May 4, 2015
Term Paper #1 due on March 6, 2015
Programming project due on May 1, 2015

10. Term Paper Topics Secure Virtualization for the Cloud
Cloud Storage and Data Security
Identity Management for the Cloud
Security Management for the Cloud
Privacy for the Cloud
Audit and Compliance for the Cloud
Cloud Forensics

11. Programming Project Deliverables
Introduction / problem statement
Design of the system (what you would like to implement)
Implementation overview of the system (since you may not be able to implement the entire design)
Test runs/screen shots (if the program does not work explain what the challenges were)
Future work
Also for multi-person project who contributed to which parts

12. Programming Project Sample Topics
Policy-based information sharing in the cloud
Storing documents in the cloud (e.g., Google docs), encrypt and decrypt
Implement a malware detection technique in the cloud
Implement some services (e.g., identity management), access control in the cloud

13. Papers to Read for Exam #1
Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): (2004) (first 6 sections only, proofs are not necessary)
Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar, Bhavani M. Thuraisingham: Design and Implementation of a Cloud-Based Assured Information Sharing System. MMM-ACNS 2012: 36-50
Yangchun Fu, Zhiqiang Lin: Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection. IEEE Symposium on Security and Privacy 2012:
Kerim Yasin Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra, Bhavani M. Thuraisingham: Risk- Aware Workload Distribution in Hybrid Clouds. IEEE CLOUD 2012:

14. Index to Lectures for Exam #1
Lecture 1: Cyber Security essentials (Guest Lecturem not in exam))
Lecture 2: Developments in Web Services
Lecture 3: Introduction to SOA, Cloud Computing and Secure Cloud Computing
Lecture 4: Cloud Computing and Secure Cloud Computing
Lecture 5: Comprehensive Overview of Secure Cloud Computing
Lecture 6: Secure Document Publication in the Cloud (paper #1)
Lecture 7: Cloud-based Assured Information Sharing (paper #2)
Lecture 8: Assignment #1
Lecture 9: NIST Guidelines for Secure Cloud Computing

15. Index to Lectures for Exam #1
Lecture 10: Secure Virtualization
Lecture 11: Virtual Machine Introspection (paper #3)
Lecture 12: Assignment #2
Lecture 13: Hypervisor Security (Extra credit question)
Lecture 14: Cloud Data Management (Guest Lecture, not in exam)
Lecture 15: Secure Cloud Data Storage (paper #4)
Lecture 16: Identity and Access Management
Lecture 17: Revisiting Secure Cloud Computing Concepts and Tools

16. Index to Lectures for Exam #2
Lecture 18: Assignment #3
Lecture 19: VM Fingerprinting
Lecture 20: Big Data Security and Privacy
Lecture 21: Papers to read for April 10
Lecture 22: Papers to read for April 17
Lecture 23: Papers to read for April 24
Lecture 24: Papers to read for May 1
Lecture 25: Assignment #4
Lecture 26: Final Papers selected for Exam #2

17. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2011 (April 10 lecture)
All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono (David Liou, Jinisha)
Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Andrew Brown and Jeff Chase (Mahdi, Amon)
Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson (Hamzaleka, Prathika)
Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux (Arpita, Lauren)

18. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2012 (April 10 lecture)
Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Pavan, Marilyn)
Unity: Secure and Durable Personal Cloud Storage Beom Heyn Kim, Wei Huang, David Lie (Navjoth, Ashwini)
Exploiting Split Browsers for Efficiently Protecting User Data Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos Keromytis (Arti, Dipika)
CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud Ioannis Papagiannis, Peter Pietzuch (Varsha, Pragathi)

19. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2013 (April 10 lecture)
Structural Cloud Audits that Protect Private Information Hongda Xiao; Bryan Ford; Joan Feigenbaum (Shravani, Vivek)
Cloudoscopy: Services Discovery and Topology Mapping Amir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Spoorthy, Gauthum)
Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives Chris Kanich; Peter Snyder (Suhithya, Aravind)
Supporting Complex Queries and Access Policies for Multi-user Encrypted Databases Muhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo (Vidya, Bala)

20. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)
RAID-PIR: Practical Multi-Server PIR Daniel Demmler; Amir Herzberg;Thomas Schneider (Karthik, Ajit)
CloudSafetyNet: Detecting Data Leakage between Cloud Tenants Christian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian Shand; Ruediger Kapitza; Peter Pietzuch (Madav, Prathamik)
Inevitable Failures: The Flawed Trust Assumption in Cloud Yuqiong Sun; Giuseppe Petracca; Trent Jaeger (Swetha, Priyanka)
Memory Access Pattern Protection in the World of Malicious Operating Systems and Commercial Hardware Srini Devadas (Harshamareka, Anirudda)

21. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)
A Visitor's Guide to a Post-Privacy World Ari Juels (Vinay, Pradnya) This paper is not included in the presentations – an alternate paper will be assigned to the students.
A new look at human problem solving: near-optimal solutions to NP- hard problems, Zygmunt Pizlo (Amit, Prathanik)
Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage, Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti (Krishnan, Monica)
A Framework for Outsourcing of Secure Computation Jesper Buus Nielsen; Claudio Orlandi (Prathusha Kendala, Rohini)

22. Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)
Guardians of the Clouds: When Identity Providers Fail Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk (Raju, Moses)
Your Software at my Service Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald; Joerg Schwenk (Chad, Devin)
Co-Location-Resistant Clouds Yossi Azar; Seny Kamara; Ishai Menache; Mariana Raykova; Bruce Shepherd (Prathusha Karnati, Pujitha)
Swap and Play: Live Updating Hypervisors and Its Application to Xen Franz Ferdinand Brasser; Mihai Bucicoiu; Ahmad-Reza Sadeghi (Sridevi, Gayathro)

23. Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)
2014:
FlowK: Information Flow Control for the Cloud Thomas F. J.-M. Pasquier, Jean Bacon, David Eyers (Prashand Pathasarathy)
Verifying Secure Information Flow in Federated Clouds Wen Zeng, Maciej Koutny, Paul Watson (Prashand Pathasarathi)
VLOC: An Approach To Verify The Physical Location Of A Virtual Machine In Cloud; Mojtaba Eskandari, Anderson Santana de Oliveira, Bruno Crispo (Mihir)
Anonymous User Revocation for Using Attribute-Based Signature in Cloud Computing Zhiqian Xu; Keith M. Martin (Akshay)
Multi-User Searchable Encryption with Efficient Access Control for Cloud Storage Zhiquan Lv, Min Zhang, Dengguo Feng (Adhirai)

24. Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)
2013:
Asma Guesmi and Patrice Clemente. Access Control and Security Properties Requirements Specification for Clouds’ SecLAs. (Solomon)
Abdul-Majeed, M., Mahdjoubi, L. and Booth, C. Challenges to BIM-cloud integration: Implication of security issues on secure collaboration (Yifan)
Kenneth Johnson, Yuanzhi Wang, Radu Calinescu, Ian Sommerville, and Gordon Baxter. Services2Cloud: A Framework for Revenue Analysis of Software-as-a-Service Provisioning (Srinidhi)

25. Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)
2012:
SAPPHIRE: Anonymity for Enhanced Control and Private Collaboration in Healthcare Clouds John Pecarina, Shi Pu and Jyh-Charn Liu (Shivani)
A Cloud Design for User-controlled Storage and Processing of Sensor Data René Hummen, Martin Henze, Daniel Catrein and Klaus Wehrle (Athreya)
Thunder in the Clouds: Security Challenges and Solutions for Federated Clouds Karin Bernsmed, Martin Gilje Jaatun, Per Håkon Meland and Astrid Undheim (Kiruja)
Security Risks and their Management in Cloud Computing Afnan Ullah Khan, Manuel Oriol, Mariam Kiran, Ming Jiang and Karim Djemame (Avinash)

26. Papers to Read for Exam #2 – IEEE Cloud, 2013 (Please note this is different from CloudCom; April 24 Lecture)
Secure Enterprise Data Deduplication in the Cloud, Fatema Rashid, Ali Miri, Isaac Woungang (Pradnya))
Security Threats in Cloud Computing Models: A Systematic Mapping Study Carlo Marcelo Revoredo da Silva, José Lutiano Costa da Silva (Vinay)
A Practical and Secure Multi-Keyword Search Method over Encrypted Cloud Data Cengiz Orencik, Murat Kantarcioglu, Erkay Savas (Paresh)

27. Papers to Read for Exam #2 – ACM CODASPY (May 1 Lecture)
Secure Information and Resource Sharing in Cloud; Yun Zhang (UTSA); Prosunjil Biswas (UTSA); Ram Krishnan; (UTSA); Ravi Sandhu (UTSA) Aniruddha
Virtual Resource Orchestration Constraints in Cloud Infrastructure as a Service Khalid Bijon (UTSA); Ram Krishnan (UTSA); Ravi Sandhu (UTSA) Harshawardhan
CODASPY 2013
Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in public cloud Amit
Bo Chen, Reza Curtmola: Towards self-repairing replication-based storage systems using untrusted clouds Prathanik

28. Papers to Read for Exam #2 – Additional Papers (May 1 Lecture)
ACM Cloud Computing Symposium, 2012
OS-Sommelier: Memory-Only Operating System Fingerprinting in the Cloud (paper | presentation) Yufei Gu (University of Texas at Dallas), Yangchun Fu (University of Texas at Dallas), Aravind Prakash (Syracuse University), Zhiqiang Lin (University of Texas at Dallas), and Heng Yin (Syracuse University)
ACM Cloud and Autonomic Computing Conference, CAC '13
Resilient Cloud Data Storage Services - Hemayamini Kurra, Youssif Al-Nashif and Salim Hariri

29. Final Papers Selected for Exam #2
All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono
Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson
Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser
Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud Archives Chris Kanich; Peter Snyder
RAID-PIR: Practical Multi-Server PIR Daniel Demmler; Amir Herzberg;Thomas Schneider

30. Final Papers Selected for Exam #2
Guardians of the Clouds: When Identity Providers Fail Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk
Swap and Play: Live Updating Hypervisors and Its Application to Xen Franz Ferdinand Brasser; Mihai Bucicoiu; Ahmad-Reza Sadeghi
Anonymous User Revocation for Using Attribute-Based Signature in Cloud Computing Zhiqian Xu; Keith M. Martin
Secure Enterprise Data Deduplication in the Cloud, Fatema Rashid, Ali Miri, Isaac Woungang
10th paper is any paper of your choice in the reading list for April 10, 17, 24, May 1 and also presented in class