Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
An Overview of Issues and Recent Developments in Cloud Computing and Storage Security Kapitel lesen Erstes Kapitel lesen

2014 | OriginalPaper | Buchkapitel

Secure Mobile Cloud Computing and Security Issues

verfasst von : Qijun Gu, Mina Guirguis

Erschienen in: High Performance Cloud Auditing and Applications

Verlag: Springer New York

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The proliferation of mobile devices, coupled by the increase in their capabilities, have enabled the establishment of a rich mobile computing platform that can be utilized in conjunction with cloud services. In this chapter, we overview the latest mobile computing models and architectures focusing on their security properties. In particular, we study a wide range of threats against the availability, privacy and integrity of mobile cloud computing architectures in which the mobile devices and the cloud jointly perform computation. We then present defense mechanisms that ensure the security of mobile cloud computing architectures and their applications. Throughout the chapter, we identify potential threats as well as possible opportunities for defenses.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Moving Target Defense for Cloud Infrastructures: Lessons from Botnets
Nächstes Kapitel Information Fusion in a Cloud-Enabled Environment
Literatur
1.
Baliga, A., Chen, X., Coskun, B., de los Reyes, G., Lee, S., Mathur, S., Van der Merwe, J.E.: VPMN: virtual private mobile network towards mobility-as-a-service. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Washington, DC, pp. 7–12. ACM, New York (2011). doi:10.1145/1999732.1999735
2.
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, pp. 73–84. ACM, New York (2010). doi:10.1145/1866307.1866317. http://​doi.​acm.​org/​10.​1145/​1866307.​1866317
3.
Barrera, D., Clark, J., McCarney, D., van Oorschot, P.C.: Understanding and improving app installation security mechanisms through empirical analysis of Android. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM’12, Raleigh, pp. 81–92. ACM, New York (2012). doi:10.1145/2381934.2381949
4.
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP’11, Oakland, pp. 96–111. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SP.2011.29
5.
Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC’06, Vancouver, pp. 37–43. USENIX Association, Berkeley (2006)
6.
Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 93–102. ACM, New York (2010). doi:10.1145/1866835.1866853
7.
Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security, PLAS’09, Dublin, pp. 1–7. ACM, New York (2009). doi:10.1145/1554339.1554341
8.
Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. SIGOPS Oper. Syst. Rev. 41(6), 31–44 (2007). doi:10.1145/1323293.1294265CrossRef
9.
Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., Shi, E., Song, Z.: Authentication in the clouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 1–6. ACM, New York (2010). doi:10.1145/1866835.1866837
10.
Christensen, J.H.: Using RESTful web-services and cloud computing to create next generation mobile applications. In: Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications, OOPSLA’09, Orlando, pp. 627–634. ACM, New York (2009). doi:10.1145/1639950.1639958
11.
Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 97–102. ACM, New York (2009). doi:10.1145/1655008.1655022
12.
Chun, B.G., Maniatis, P.: Augmented smartphone applications through clone cloud execution. In: Proceedings of the 12th Conference on Hot Topics in Operating Systems, HotOS’09, Monte Verita, pp. 1–5. USENIX Association, Berkeley (2009)
13.
Chun, B.G., Maniatis, P.: Dynamically partitioning applications between weak devices and clouds. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 7:1–7:5. ACM, New York (2010). doi:10.1145/1810931.1810938
14.
Cuervo, E., Balasubramanian, A., Cho, D.k., Wolman, A., Saroiu, S., Chandra, R., Bahl, P.: MAUI: making smartphones last longer with code offload. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, MobiSys’10, San Francisco, pp. 49–62. ACM, New York (2010). doi:10.1145/1814433.1814441
15.
Danezis, G., Livshits, B.: Towards ensuring client-side computational integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW’11, Chicago, pp. 125–130. ACM, New York (2011). doi:10.1145/2046660.2046683
16.
Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, Oakland, pp. 281–295. IEEE Computer Society, Washington, DC (2008). doi:10.1109/SP.2008.16
17.
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 235–245. ACM, New York (2009). doi:10.1145/1653662.1653691
18.
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI’10, Vancouver, pp. 1–6. USENIX Association, Berkeley (2010)
19.
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love Android: an analysis of Android SSL (in)security. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS’12, Raleigh, pp. 50–61. ACM, New York (2012). doi:10.1145/2382196.2382205
20.
21.
22.
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Network and Distributed Systems Security Symposium, NDSS’03, San Diego, pp. 191–206 (2003)
23.
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC’09, Bethesda, pp. 169–178. ACM, New York (2009). doi:10.1145/1536414.1536440
24.
Gentry, C.: Computing arbitrary functions of encrypted data. Commun. ACM 53(3), 97–105 (2010). doi:10.1145/1666420.1666444CrossRef
25.
Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Bethesda, pp. 21–26. ACM, New York (2011). doi:10.1145/1999732.1999740
26.
Giurgiu, I., Riva, O., Juric, D., Krivulev, I., Alonso, G.: Calling the cloud: enabling mobile phones as interfaces to cloud applications. In: Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware, Middleware’09, Urbana, vol. 5, pp. 5:1–5:20. Springer, New York (2009)
27.
He, S., Guo, L., Guo, Y.: Elastic application container. In: Proceedings of the 12th IEEE/ACM International Conference on Grid Computing, GRID’11, Lyon, pp. 216–217. IEEE Computer Society, Washington, DC (2011). doi:10.1109/Grid.2011.35
28.
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 639–652. ACM, New York (2011). doi:10.1145/2046707.2046780
29.
Huang, D., Zhang, X., Kang, M., Luo, J.: MobiCloud: building secure cloud framework for mobile computing and communication. In: Proceedings of 5th IEEE International Symposium on Service Oriented System Engineering, SOSE’10, Nanjing, pp. 27–34. IEEE Computer Society, Washington, DC (2010). doi:10.1109/SOSE.2010.20
30.
Huang, D., Zhou, Z., Xu, L., Xing, T., Zhong, Y.: Secure data processing framework for mobile cloud computing. In: Proceedings of the IEEE Conference on Computer Communications Workshop, Shanghai, pp. 614–618 (2011). doi:10.1109/INFCOMW.2011.5928886
31.
Huerta-Canepa, G., Lee, D.: A virtual cloud computing provider for mobile devices. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 6:1–6:5. ACM, New York (2010). doi:10.1145/1810931.1810937
32.
33.
34.
35.
Ko, S.Y., Jeon, K., Morales, R.: The HybrEx model for confidentiality and privacy in cloud computing. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, HotCloud’11, Portland, pp. 1–5. USENIX Association, Berkeley (2011)
36.
Kupsch, J.A., Miller, B.P., Heymann, E., César, E.: First principles vulnerability assessment. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 87–92. ACM, New York (2010). doi:10.1145/1866835.1866852
37.
Law, Y.W., Palaniswami, M., Hoesel, L.V., Doumen, J., Hartel, P., Havinga, P.: Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols. Trans. Sens. Netw. 5(1), 6:1–6:38 (2009). doi:10.1145/1464420.1464426
38.
Lee, W., Rotoloni, B.: Emerging cyber threats report 2013. Technical report, Georgia Institute of Technology (2012)
39.
Lessard, J., Kessler, G.: Android forensics: simplifying cell phone examinations. Small Scale Digit. Device Forensics J. 4(1), 1–12 (2010)
40.
41.
Liu, H.: A new form of DoS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 65–76. ACM, New York (2010). doi:10.1145/1866835.1866849
42.
Marforio, C., Francillon, A., Capkun, S.: osti.gov, application collusion attack on the permission-based security model and its implications for modern smartphone systems. http://​goo.​gl/​0Csm2
43.
Micciancio, D.: A first glimpse of cryptography’s holy grail. Commun. ACM 53(3), 96–96 (2010). doi:10.1145/1666420.1666445CrossRef
44.
45.
Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC’10, Austin, pp. 221–230. ACM, New York (2010). doi:10.1145/1920261.1920295
46.
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. Secur. Commun. Netw. 5(6), 658–673 (2012). doi:10.1002/sec.360CrossRef
47.
Pelechrinis, K., Iliofotou, M., Krishnamurthy, V.: Denial of service attacks in wireless networks: the case of jammers. IEEE Commun. Surv. Tutor. 13(2) (2011). doi:10.1109/SURV.2011.041110.00022
48.
49.
Quynh, N.A., Takefuji, Y.: Towards a tamper-resistant Kernel rootkit detector. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC’07, Seoul, pp. 276–283. ACM, New York (2007). doi:10.1145/1244002.1244070
50.
Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Proceedings of the Information Security, Valparaíso, pp. 1–18 (2007)
51.
Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 77–84. ACM, New York (2009). doi:10.1145/1655008.1655019
52.
53.
Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of Kernel rootkits with VMM-based memory shadowing. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID’08, Cambridge, pp. 1–20. Springer, Berlin/Heidelberg (2008). doi:10.1007/978-3-540-87403-4_1
54.
Rosenfeld, K., Karri, R.: Attacks and defenses for JTAG. IEEE Des. Test 27(1), 36–47 (2010). doi:10.1109/MDT.2010.9CrossRef
55.
Sang, L., Arora, A.: Capabilities of low-power wireless jammers. In: Proceedings of INFOCOM, Rio de Janeiro (2009). doi:10.1109/INFCOM. 2009.5062185
56.
Satyanarayanan, M.: Mobile computing: the next decade. SIGMOBILE Mobile Comput. Commun. Rev. 15(2), 2–10 (2011). doi:10.1145/ 2016598.2016600CrossRef
57.
Satyanarayanan, M., Bahl, P., Caceres, R., Davies, N.: The case for VM-based cloudlets in mobile computing. IEEE Pervasive Comput. 8(4), 14–23 (2009). doi:10.1109/MPRV.2009.82CrossRef
58.
Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 21–26. ACM, New York (2011). doi:10.1145/2046660.2046666
59.
Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 3–14. ACM, New York (2011). doi:10.1145/2046660.2046664
60.
Song, Z., Molina, J., Lee, S., Lee, H., Kotani, S., Masuoka, R.: Trustcube: an infrastructure that builds trust in client. In: Proceedings of the 1st International Conference Future of Trust in Computing, Berlin, pp. 68–79. Vieweg+Teubner (2009). doi:10.1007/978-3-8348-9324-6_8
61.
62.
Szeliski, R.: Image alignment and stitching: a tutorial. Found. Trends Comput. Graph. Vis. 2(1), 1–104 (2006). doi:10.1561/0600000009CrossRef
63.
Thuente, D.J., Acharya, M.: Intelligent jamming in wireless networks with applications to 802.11b and other networks. In: Proceedings of the 2006 IEEE Conference on Military Communications, MILCOM’06, Washington, DC, pp. 1075–1081. IEEE Press, Piscataway (2006)
64.
Verbelen, T., Simoens, P., De Turck, F., Dhoedt, B.: Cloudlets: bringing the cloud to the mobile user. In: Proceedings of the 3rd ACM Workshop on Mobile Cloud Computing and Services, MCS’12, Low Wood Bay, pp. 29–36. ACM, New York (2012). doi:10.1145/2307849.2307858
65.
Walls, R.J., Learned-Miller, E., Levine, B.N.: Forensic triage for mobile phones with DEC0DE. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, San Francisco, pp. 1–14. USENIX Association, Berkeley (2011)
66.
Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 91–96. ACM, New York (2009). doi:10.1145/1655008.1655021
67.
Wilhelm, M., Martinovic, I., Schmitt, J.B., Lenders, V.: Short paper: reactive jamming in wireless networks: how realistic is the threat? In: Proceedings of the 4th ACM Conference on Wireless Network Security, WiSec’11, Hamburg, pp. 47–52. ACM, New York (2011). doi:10.1145/ 1998412.1998422
68.
Xu, W., Ma, K., Trappe, W., Zhang, Y.: Jamming sensor networks: attack and defense strategies. Netw. Mag. Glob. Internetwkg. 20(3), 41–47 (2006). doi:10.1109/MNET.2006.1637931
69.
Zhang, X., Schiffman, J., Gibbs, S., Kunjithapatham, A., Jeong, S.: Securing elastic applications on mobile devices for cloud computing. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 127–134. ACM, New York (2009). doi:10.1145/1655008.1655026
70.
Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 515–526. ACM, New York (2011). doi:10.1145/2046707. 2046767
Metadaten
Titel
Secure Mobile Cloud Computing and Security Issues
verfasst von
Qijun Gu
Mina Guirguis
Copyright-Jahr
2014
Verlag
Springer New York
Buch
High Performance Cloud Auditing and Applications

Print ISBN: 978-1-4614-3295-1

Electronic ISBN: 978-1-4614-3296-8

Copyright-Jahr: 2014

DOI
https://doi.org/10.1007/978-1-4614-3296-8_3

Premium Partner

    Bildnachweise