Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.327
A. Rafique, D. Landuyt, Vincent Reniers, W. Joosen
In the context of multi-tenant SaaS applications, data confidentiality support is increasingly being offered from within the application layer instead of the database layer or the storage layer to accommodate continuously changing requirements of multiple tenants. Application-level data management middleware platforms are becoming increasingly compelling for dealing with the complexity of a multi-cloud or a federated cloud storage architecture as well as multi-tenant SaaS applications.However, these platforms typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema. Thus, mapping data objects while supporting varying data confidentiality requirements, therefore, leads to fragmentation of data over distributed storage nodes. This introduces significant performance overhead at the level of individual database transactions (e.g., CRUD transactions) and negatively affects the overall scalability.To address these challenges, we present a dedicated data mapping strategy that leverages the data schema flexibility of columnar NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We validate these solutions in the context of an industrial multi-tenant SaaS application and conduct a comprehensive performance evaluation. The results confirm that the proposed data mapping strategy indeed yields scalability and performance improvements.
{"title":"Leveraging NoSQL for Scalable and Dynamic Data Encryption in Multi-tenant SaaS","authors":"A. Rafique, D. Landuyt, Vincent Reniers, W. Joosen","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.327","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.327","url":null,"abstract":"In the context of multi-tenant SaaS applications, data confidentiality support is increasingly being offered from within the application layer instead of the database layer or the storage layer to accommodate continuously changing requirements of multiple tenants. Application-level data management middleware platforms are becoming increasingly compelling for dealing with the complexity of a multi-cloud or a federated cloud storage architecture as well as multi-tenant SaaS applications.However, these platforms typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema. Thus, mapping data objects while supporting varying data confidentiality requirements, therefore, leads to fragmentation of data over distributed storage nodes. This introduces significant performance overhead at the level of individual database transactions (e.g., CRUD transactions) and negatively affects the overall scalability.To address these challenges, we present a dedicated data mapping strategy that leverages the data schema flexibility of columnar NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We validate these solutions in the context of an industrial multi-tenant SaaS application and conduct a comprehensive performance evaluation. The results confirm that the proposed data mapping strategy indeed yields scalability and performance improvements.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127836121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.285
O. Kulyk, B. Reinheimer, Paul Gerber, Florian Volk, M. Volkamer, M. Mühlhäuser
There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.
{"title":"Advancing Trust Visualisations for Wider Applicability and User Acceptance","authors":"O. Kulyk, B. Reinheimer, Paul Gerber, Florian Volk, M. Volkamer, M. Mühlhäuser","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.285","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.285","url":null,"abstract":"There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127925462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.222
Yunan Zhang, Chenghao Rong, Qingjia Huang, Yang Wu, Zeming Yang, Jianguo Jiang
Automatic malware categorization plays an important role in combating the current large volume of malware and aiding the corresponding forensics. Generally, there are lot of sample information could be extracted with the static tools and dynamic sandbox for malware analysis. Combine these obtained features effectively for further analysis would provides us a better understanding. On the other hand, most current works on malware analysis are based on single category of machine learning algorithm to categorize samples. However, different clustering algorithms have their own strengths and weaknesses. And then, how to combine the merits of the multiple categories of features and algorithms to further improve the analysis result is very critical. In this paper, we propose a novel scalable malware analysis framework to exploit the complementary nature of different features and algorithms to optimally integrate their results. By using the concept of clustering ensemble, our system combines partitions from individual category of feature and algorithm to obtain better quality and robustness. Our system composed of the following three parts: (1) extract multiple categories of static and dynamic features; (2) use the k-means and hierarchical clustering algorithms to construct the base clustering; (3) proposed an efficient method based on mixture model clustering ensemble to conduct an effective clustering analysis. We have evaluated our method on two malware datasets, namely the Microsoft malware dataset and our own malware dataset which contained 10868 and 53760 samples respectively. Our experiment results show that our method could categorize malware with better quality and robustness. Also, our method has certain advantages in the system run time and memory consumption compared with the state-of-the art malware analysis works
{"title":"Based on Multi-features and Clustering Ensemble Method for Automatic Malware Categorization","authors":"Yunan Zhang, Chenghao Rong, Qingjia Huang, Yang Wu, Zeming Yang, Jianguo Jiang","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.222","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.222","url":null,"abstract":"Automatic malware categorization plays an important role in combating the current large volume of malware and aiding the corresponding forensics. Generally, there are lot of sample information could be extracted with the static tools and dynamic sandbox for malware analysis. Combine these obtained features effectively for further analysis would provides us a better understanding. On the other hand, most current works on malware analysis are based on single category of machine learning algorithm to categorize samples. However, different clustering algorithms have their own strengths and weaknesses. And then, how to combine the merits of the multiple categories of features and algorithms to further improve the analysis result is very critical. In this paper, we propose a novel scalable malware analysis framework to exploit the complementary nature of different features and algorithms to optimally integrate their results. By using the concept of clustering ensemble, our system combines partitions from individual category of feature and algorithm to obtain better quality and robustness. Our system composed of the following three parts: (1) extract multiple categories of static and dynamic features; (2) use the k-means and hierarchical clustering algorithms to construct the base clustering; (3) proposed an efficient method based on mixture model clustering ensemble to conduct an effective clustering analysis. We have evaluated our method on two malware datasets, namely the Microsoft malware dataset and our own malware dataset which contained 10868 and 53760 samples respectively. Our experiment results show that our method could categorize malware with better quality and robustness. Also, our method has certain advantages in the system run time and memory consumption compared with the state-of-the art malware analysis works","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127457518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.306
S. Rani, Dileep Kumar Koshley, Raju Halder
In the era of big-data when volume is increasing at an unprecedented rate, structured data is not an exception from this. A survey in 2013 by TDWI says that, for a quarter of organizations, big-data mostly takes the form of the relational and structured data that comes from traditional applications. In this reality, watermarking of large volume of structured relational dataset using existing watermarking techniques are highly inefficient, and even impractical in the situations when periodic rewatermarking after a certain time frame is necessary. As a remedy of this, in this paper, we adapt MapReduce as an effective distributive way of watermarking of large relational dataset. We show how existing algorithms can easily be converted into an equivalent form in MapReduce paradigm. We present experimental evaluation results on a benchmark dataset to establish the effectiveness of our approach. The results demonstrate significant improvements in watermark generation and detection times w.r.t. existing works in the literature.
{"title":"Adapting MapReduce for Efficient Watermarking of Large Relational Dataset","authors":"S. Rani, Dileep Kumar Koshley, Raju Halder","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.306","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.306","url":null,"abstract":"In the era of big-data when volume is increasing at an unprecedented rate, structured data is not an exception from this. A survey in 2013 by TDWI says that, for a quarter of organizations, big-data mostly takes the form of the relational and structured data that comes from traditional applications. In this reality, watermarking of large volume of structured relational dataset using existing watermarking techniques are highly inefficient, and even impractical in the situations when periodic rewatermarking after a certain time frame is necessary. As a remedy of this, in this paper, we adapt MapReduce as an effective distributive way of watermarking of large relational dataset. We show how existing algorithms can easily be converted into an equivalent form in MapReduce paradigm. We present experimental evaluation results on a benchmark dataset to establish the effectiveness of our approach. The results demonstrate significant improvements in watermark generation and detection times w.r.t. existing works in the literature.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"241 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117024293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.359
Varun Mahajan, S. K. Peddoju
The aim of Cloud Computing environment is to provide low cost, reliable, rapid, on-demand services to the users anywhere and anytime. But with its rapid development the security challenges are numerous. The capability of the malicious users to compromise cloud security from outside and inside has increased many folds. Hence organizations and users are skeptical about the security of cloud based services. To detect various attack patterns there are different deployment scenarios and detection methods of intrusion detection system( IDS) a cloud administrator can adopt. The Network IDS and Host IDS techniques have gone a long way in detection of known and unknown attacks in cloud infrastructure as a Service (IaaS). This paper focuses on deployment of signaturebased IDS for detection of intrusion at network level and cloud VM instances. It discusses the flow of traffic in provider and self-service provider network architecture in OpenStack environment and use of port mirroring to detect intrusion. The results evaluate the CPU and memory performance measure of IDS and management of the alerts generated due to malicious and non-malicious traffic at varying speed.
{"title":"Deployment of Intrusion Detection System in Cloud: A Performance-Based Study","authors":"Varun Mahajan, S. K. Peddoju","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.359","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.359","url":null,"abstract":"The aim of Cloud Computing environment is to provide low cost, reliable, rapid, on-demand services to the users anywhere and anytime. But with its rapid development the security challenges are numerous. The capability of the malicious users to compromise cloud security from outside and inside has increased many folds. Hence organizations and users are skeptical about the security of cloud based services. To detect various attack patterns there are different deployment scenarios and detection methods of intrusion detection system( IDS) a cloud administrator can adopt. The Network IDS and Host IDS techniques have gone a long way in detection of known and unknown attacks in cloud infrastructure as a Service (IaaS). This paper focuses on deployment of signaturebased IDS for detection of intrusion at network level and cloud VM instances. It discusses the flow of traffic in provider and self-service provider network architecture in OpenStack environment and use of port mirroring to detect intrusion. The results evaluate the CPU and memory performance measure of IDS and management of the alerts generated due to malicious and non-malicious traffic at varying speed.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131057931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Network attack prevention is a critical research area of information security. Network attacks would become choked if attribution techniques are capable of tracing back to the attacker after the hacking event. Therefore, attributing these attacks to a person or organization turns into one of the important tasks when analysts attempt to profile the attacker behind attack traces. To facilitate this process, we research on the connections among attribution traces and propose methods based on probabilistic relevance. First, we present a two-layer NetworkTrace frame, then based on relevance patterns, we propose the existence probability of concerned subjects. At last, we quantify the connection relevance between subjects through a Ref algorithm. By means of analyzing the attribution traces extracted from APT1 report, we illustrate the effectiveness of the existence probability algorithm. Then, we demonstrate Ref's effectiveness in quantifying the relevancies between organization and its affinitive partners by analyzing the relevancies and draw relevance matrix between APT1 inodes. The results show the proposed NetworkTrace facilitates the evaluation of the plausibility relevance between different traceable subjects.
{"title":"NetworkTrace: Probabilistic Relevant Pattern Recognition Approach to Attribution Trace Analysis","authors":"Jian Xu, Xiao-chun Yun, Yongzheng Zhang, Yafei Sang, Zhenyu Cheng","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.301","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.301","url":null,"abstract":"Network attack prevention is a critical research area of information security. Network attacks would become choked if attribution techniques are capable of tracing back to the attacker after the hacking event. Therefore, attributing these attacks to a person or organization turns into one of the important tasks when analysts attempt to profile the attacker behind attack traces. To facilitate this process, we research on the connections among attribution traces and propose methods based on probabilistic relevance. First, we present a two-layer NetworkTrace frame, then based on relevance patterns, we propose the existence probability of concerned subjects. At last, we quantify the connection relevance between subjects through a Ref algorithm. By means of analyzing the attribution traces extracted from APT1 report, we illustrate the effectiveness of the existence probability algorithm. Then, we demonstrate Ref's effectiveness in quantifying the relevancies between organization and its affinitive partners by analyzing the relevancies and draw relevance matrix between APT1 inodes. The results show the proposed NetworkTrace facilitates the evaluation of the plausibility relevance between different traceable subjects.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131840755","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.328
Jorge Gonzalez-Lopez, Alberto Cano, S. Ventura
Multi-label learning is a challenging problem which has received growing attention in the research community over the last years. Hence, there is a growing demand of effective and scalable multi-label learning methods for larger datasets both in terms of number of instances and numbers of output labels. The use of ensemble classifiers is a popular approach for improving multi-label model accuracy, especially for datasets with high-dimensional label spaces. However, the increasing computational complexity of the algorithms in such ever-growing high-dimensional label spaces, requires new approaches to manage data effectively and efficiently in distributed computing environments. Spark is a framework based on MapReduce, a distributed programming model that offers a robust paradigm to handle large-scale datasets in a cluster of nodes. This paper focuses on multi-label ensembles and proposes a number of implementations through the use of parallel and distributed computing using Spark. Additionally, five different implementations are proposed and the impact on the performance of the ensemble is analyzed. The experimental study shows the benefits of using distributed implementations over the traditional single-node single-thread execution, in terms of performance over multiple metrics as well as significant speedup tested on 29 benchmark datasets.
{"title":"Large-Scale Multi-label Ensemble Learning on Spark","authors":"Jorge Gonzalez-Lopez, Alberto Cano, S. Ventura","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.328","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.328","url":null,"abstract":"Multi-label learning is a challenging problem which has received growing attention in the research community over the last years. Hence, there is a growing demand of effective and scalable multi-label learning methods for larger datasets both in terms of number of instances and numbers of output labels. The use of ensemble classifiers is a popular approach for improving multi-label model accuracy, especially for datasets with high-dimensional label spaces. However, the increasing computational complexity of the algorithms in such ever-growing high-dimensional label spaces, requires new approaches to manage data effectively and efficiently in distributed computing environments. Spark is a framework based on MapReduce, a distributed programming model that offers a robust paradigm to handle large-scale datasets in a cluster of nodes. This paper focuses on multi-label ensembles and proposes a number of implementations through the use of parallel and distributed computing using Spark. Additionally, five different implementations are proposed and the impact on the performance of the ensemble is analyzed. The experimental study shows the benefits of using distributed implementations over the traditional single-node single-thread execution, in terms of performance over multiple metrics as well as significant speedup tested on 29 benchmark datasets.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132147222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.344
Yifeng Mo, Shuguo Li
Base extent (BE) is the most costly operation in classic RNS Montgomery multiplication. In this paper, we propose a method to optimize Chinese Remainder Theorem (CRT)- based BE, where some common factors are extracted that the precomputed parameters of BEs can be adjusted to some forms with a small Hamming weight if modulo selected properly. Four modulo are selected to demonstrate the advantage of the proposed method. Using the proposed method and four modulo, the 32 multiplications of BEs can be replaced with 40 additions. The most efficient algorithm state of the art requires 48 multiplication for a system of four modulo while the proposed method reduced the number of the required multiplications from 48 to 20. Our method allows faster computation of RNS Montgomery multiplication.
{"title":"Base Extent Optimization for RNS Montgomery Algorithm","authors":"Yifeng Mo, Shuguo Li","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.344","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.344","url":null,"abstract":"Base extent (BE) is the most costly operation in classic RNS Montgomery multiplication. In this paper, we propose a method to optimize Chinese Remainder Theorem (CRT)- based BE, where some common factors are extracted that the precomputed parameters of BEs can be adjusted to some forms with a small Hamming weight if modulo selected properly. Four modulo are selected to demonstrate the advantage of the proposed method. Using the proposed method and four modulo, the 32 multiplications of BEs can be replaced with 40 additions. The most efficient algorithm state of the art requires 48 multiplication for a system of four modulo while the proposed method reduced the number of the required multiplications from 48 to 20. Our method allows faster computation of RNS Montgomery multiplication.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122420593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.281
Rui Zhao, Z. Meng, Yan Zheng, Qiangguo Jin, Anbang Ruan, Hanglun Xie
MapReduce system over a cloud computing infrastructure has made an extensive use in the field of finance, medical health, scientific research, traffic, energy and so on which attracts more and more attention on the security of the platform. Due to the sensitivity of the data in these fields, the user suffers great threat on their privacy and security. And the wrong results produced by the MapReduce platform may mislead the user to a big disaster. Current solutions mainly focus on the procedure of encryption before transmission and storage and decryption when processing. However, these solutions cannot prevent the user data stolen by the data processing program and the wrong result produced by the platform. In this paper, we propose a Security-Oriented MapReduce (SOMR) infrastructure that integrates the big-data processing framework, key management system and trusted computing infrastructure to ensure the security of every operation. While big data processing framework controls the life cycle of the cloud computing platform, key management system provides the trust assurance of encryption and trusted computing infrastructure makes measurable verification on the platform, SOMR presents a persistent security guarantee on the user data and processing results. We implemented SOMR on the infrastructure of OpenStack with Sahara, Barbican and OAT. The evaluations on our prototype showed that the platform can resist many typical attacker behaviors, and the overheads can be reduced to a very low level.
{"title":"SOMR: Towards a Security-Oriented MapReduce Infrastructure","authors":"Rui Zhao, Z. Meng, Yan Zheng, Qiangguo Jin, Anbang Ruan, Hanglun Xie","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.281","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.281","url":null,"abstract":"MapReduce system over a cloud computing infrastructure has made an extensive use in the field of finance, medical health, scientific research, traffic, energy and so on which attracts more and more attention on the security of the platform. Due to the sensitivity of the data in these fields, the user suffers great threat on their privacy and security. And the wrong results produced by the MapReduce platform may mislead the user to a big disaster. Current solutions mainly focus on the procedure of encryption before transmission and storage and decryption when processing. However, these solutions cannot prevent the user data stolen by the data processing program and the wrong result produced by the platform. In this paper, we propose a Security-Oriented MapReduce (SOMR) infrastructure that integrates the big-data processing framework, key management system and trusted computing infrastructure to ensure the security of every operation. While big data processing framework controls the life cycle of the cloud computing platform, key management system provides the trust assurance of encryption and trusted computing infrastructure makes measurable verification on the platform, SOMR presents a persistent security guarantee on the user data and processing results. We implemented SOMR on the infrastructure of OpenStack with Sahara, Barbican and OAT. The evaluations on our prototype showed that the platform can resist many typical attacker behaviors, and the overheads can be reduced to a very low level.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127888223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.239
Tasnuva Tithi, Chris Winstead, Ryan M. Gerdes
This work investigates the viability of using the visible shadows cast by vehicles to verify position claims made by vehicles in a platoon. Platooning is a method of guiding a group of vehicles whereby a lead vehicle determines the speed/velocity of the vehicles that follow. A cooperative following strategy is then employed by the followers to maintain a desired separation between themselves. In this way a group of vehicles acts as a single unit, which has been shown to have many safety and efficiency benefits. Existing work, however, demonstrates that a disruptive member of a platoon is capable of causing the rest of the platoon to increase its total energy expenditure, or even destabilizing the platoon, which could result in catastrophic accidents. Knowledge about the position and velocity of each vehicle can help deter such attacks by attributing the disruption to the specific vehicle causing it.One way to achieve this is to assume that the lead vehicle is trusted and equipped with a camera so as to watch over the platoon and identify deviations from reported positions/velocities. As platoons often move in a straight line, it might be impossible for the leader to obtain a direct view of all the vehicles in the platoon. Under a broad range of circumstances, however, a direct view of the vehicle or the shadows of the vehicles are visible to the leader. In this work we investigate whether the differential distance between shadows, as viewed through a monocular camera, can reveal that the distance between two vehicles has changed over time, and thus serve as a mechanism to verify positions claims. When a direct view of the vehicle is not achievable, the use of shadows to detect the relative positions of vehicles under a variety of weather and daylight conditions are considered. Our analysis finds that shadow analysis can be used in sequential images to detect practical changes in the distance between two vehicles for visible shadows in non-light-of-sightscenarios. We also present the analysis to efficiently use the technique as the position of the Sun changes through out the day for a given site location.
{"title":"Viability of Using Shadows Cast by Vehicles for Position Verification in Vehicle Platooning","authors":"Tasnuva Tithi, Chris Winstead, Ryan M. Gerdes","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.239","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.239","url":null,"abstract":"This work investigates the viability of using the visible shadows cast by vehicles to verify position claims made by vehicles in a platoon. Platooning is a method of guiding a group of vehicles whereby a lead vehicle determines the speed/velocity of the vehicles that follow. A cooperative following strategy is then employed by the followers to maintain a desired separation between themselves. In this way a group of vehicles acts as a single unit, which has been shown to have many safety and efficiency benefits. Existing work, however, demonstrates that a disruptive member of a platoon is capable of causing the rest of the platoon to increase its total energy expenditure, or even destabilizing the platoon, which could result in catastrophic accidents. Knowledge about the position and velocity of each vehicle can help deter such attacks by attributing the disruption to the specific vehicle causing it.One way to achieve this is to assume that the lead vehicle is trusted and equipped with a camera so as to watch over the platoon and identify deviations from reported positions/velocities. As platoons often move in a straight line, it might be impossible for the leader to obtain a direct view of all the vehicles in the platoon. Under a broad range of circumstances, however, a direct view of the vehicle or the shadows of the vehicles are visible to the leader. In this work we investigate whether the differential distance between shadows, as viewed through a monocular camera, can reveal that the distance between two vehicles has changed over time, and thus serve as a mechanism to verify positions claims. When a direct view of the vehicle is not achievable, the use of shadows to detect the relative positions of vehicles under a variety of weather and daylight conditions are considered. Our analysis finds that shadow analysis can be used in sequential images to detect practical changes in the distance between two vehicles for visible shadows in non-light-of-sightscenarios. We also present the analysis to efficiently use the technique as the position of the Sun changes through out the day for a given site location.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115891848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: