Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.306
S. Rani, Dileep Kumar Koshley, Raju Halder
In the era of big-data when volume is increasing at an unprecedented rate, structured data is not an exception from this. A survey in 2013 by TDWI says that, for a quarter of organizations, big-data mostly takes the form of the relational and structured data that comes from traditional applications. In this reality, watermarking of large volume of structured relational dataset using existing watermarking techniques are highly inefficient, and even impractical in the situations when periodic rewatermarking after a certain time frame is necessary. As a remedy of this, in this paper, we adapt MapReduce as an effective distributive way of watermarking of large relational dataset. We show how existing algorithms can easily be converted into an equivalent form in MapReduce paradigm. We present experimental evaluation results on a benchmark dataset to establish the effectiveness of our approach. The results demonstrate significant improvements in watermark generation and detection times w.r.t. existing works in the literature.
{"title":"Adapting MapReduce for Efficient Watermarking of Large Relational Dataset","authors":"S. Rani, Dileep Kumar Koshley, Raju Halder","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.306","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.306","url":null,"abstract":"In the era of big-data when volume is increasing at an unprecedented rate, structured data is not an exception from this. A survey in 2013 by TDWI says that, for a quarter of organizations, big-data mostly takes the form of the relational and structured data that comes from traditional applications. In this reality, watermarking of large volume of structured relational dataset using existing watermarking techniques are highly inefficient, and even impractical in the situations when periodic rewatermarking after a certain time frame is necessary. As a remedy of this, in this paper, we adapt MapReduce as an effective distributive way of watermarking of large relational dataset. We show how existing algorithms can easily be converted into an equivalent form in MapReduce paradigm. We present experimental evaluation results on a benchmark dataset to establish the effectiveness of our approach. The results demonstrate significant improvements in watermark generation and detection times w.r.t. existing works in the literature.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"241 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117024293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.285
O. Kulyk, B. Reinheimer, Paul Gerber, Florian Volk, M. Volkamer, M. Mühlhäuser
There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.
{"title":"Advancing Trust Visualisations for Wider Applicability and User Acceptance","authors":"O. Kulyk, B. Reinheimer, Paul Gerber, Florian Volk, M. Volkamer, M. Mühlhäuser","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.285","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.285","url":null,"abstract":"There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations—like, for example, the opinion triangle, the human trust interface, and T-Viz—the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127925462","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.359
Varun Mahajan, S. K. Peddoju
The aim of Cloud Computing environment is to provide low cost, reliable, rapid, on-demand services to the users anywhere and anytime. But with its rapid development the security challenges are numerous. The capability of the malicious users to compromise cloud security from outside and inside has increased many folds. Hence organizations and users are skeptical about the security of cloud based services. To detect various attack patterns there are different deployment scenarios and detection methods of intrusion detection system( IDS) a cloud administrator can adopt. The Network IDS and Host IDS techniques have gone a long way in detection of known and unknown attacks in cloud infrastructure as a Service (IaaS). This paper focuses on deployment of signaturebased IDS for detection of intrusion at network level and cloud VM instances. It discusses the flow of traffic in provider and self-service provider network architecture in OpenStack environment and use of port mirroring to detect intrusion. The results evaluate the CPU and memory performance measure of IDS and management of the alerts generated due to malicious and non-malicious traffic at varying speed.
{"title":"Deployment of Intrusion Detection System in Cloud: A Performance-Based Study","authors":"Varun Mahajan, S. K. Peddoju","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.359","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.359","url":null,"abstract":"The aim of Cloud Computing environment is to provide low cost, reliable, rapid, on-demand services to the users anywhere and anytime. But with its rapid development the security challenges are numerous. The capability of the malicious users to compromise cloud security from outside and inside has increased many folds. Hence organizations and users are skeptical about the security of cloud based services. To detect various attack patterns there are different deployment scenarios and detection methods of intrusion detection system( IDS) a cloud administrator can adopt. The Network IDS and Host IDS techniques have gone a long way in detection of known and unknown attacks in cloud infrastructure as a Service (IaaS). This paper focuses on deployment of signaturebased IDS for detection of intrusion at network level and cloud VM instances. It discusses the flow of traffic in provider and self-service provider network architecture in OpenStack environment and use of port mirroring to detect intrusion. The results evaluate the CPU and memory performance measure of IDS and management of the alerts generated due to malicious and non-malicious traffic at varying speed.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131057931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.325
Mohammed Al-Zobbi, S. Shahrestani, Chun Ruan
Analytics in big data is maturing and moving towards mass adoption. The emergence of analytics increases the need for innovative tools and methodologies to protect data against privacy violation. Many data anonymization methods were proposed to provide some degree of privacy protection by applying data suppression and other distortion techniques. However, currently available methods suffer from poor scalability, performance and lack of framework standardization. Current anonymization methods are unable to cope with the massive size of data processing. Some of these methods were especially proposed for MapReduce framework to operate in Big Data. However, they still operate in conventional data management approaches. Therefore, there were no remarkable gains in the performance. We introduce a framework that can operate in MapReduce environment to benefit from its advantages, as well as from those in Hadoop ecosystems. Our framework provides a granular user's access that can be tuned to different authorization levels. The proposed solution provides a fine-grained alteration based on the user's authorization level to access MapReduce domain for analytics. Using well-developed role-based access control approaches, this framework is capable of assigning roles to users and map them to relevant data attributes.
{"title":"Implementing A Framework for Big Data Anonymity and Analytics Access Control","authors":"Mohammed Al-Zobbi, S. Shahrestani, Chun Ruan","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.325","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.325","url":null,"abstract":"Analytics in big data is maturing and moving towards mass adoption. The emergence of analytics increases the need for innovative tools and methodologies to protect data against privacy violation. Many data anonymization methods were proposed to provide some degree of privacy protection by applying data suppression and other distortion techniques. However, currently available methods suffer from poor scalability, performance and lack of framework standardization. Current anonymization methods are unable to cope with the massive size of data processing. Some of these methods were especially proposed for MapReduce framework to operate in Big Data. However, they still operate in conventional data management approaches. Therefore, there were no remarkable gains in the performance. We introduce a framework that can operate in MapReduce environment to benefit from its advantages, as well as from those in Hadoop ecosystems. Our framework provides a granular user's access that can be tuned to different authorization levels. The proposed solution provides a fine-grained alteration based on the user's authorization level to access MapReduce domain for analytics. Using well-developed role-based access control approaches, this framework is capable of assigning roles to users and map them to relevant data attributes.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129468200","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.222
Yunan Zhang, Chenghao Rong, Qingjia Huang, Yang Wu, Zeming Yang, Jianguo Jiang
Automatic malware categorization plays an important role in combating the current large volume of malware and aiding the corresponding forensics. Generally, there are lot of sample information could be extracted with the static tools and dynamic sandbox for malware analysis. Combine these obtained features effectively for further analysis would provides us a better understanding. On the other hand, most current works on malware analysis are based on single category of machine learning algorithm to categorize samples. However, different clustering algorithms have their own strengths and weaknesses. And then, how to combine the merits of the multiple categories of features and algorithms to further improve the analysis result is very critical. In this paper, we propose a novel scalable malware analysis framework to exploit the complementary nature of different features and algorithms to optimally integrate their results. By using the concept of clustering ensemble, our system combines partitions from individual category of feature and algorithm to obtain better quality and robustness. Our system composed of the following three parts: (1) extract multiple categories of static and dynamic features; (2) use the k-means and hierarchical clustering algorithms to construct the base clustering; (3) proposed an efficient method based on mixture model clustering ensemble to conduct an effective clustering analysis. We have evaluated our method on two malware datasets, namely the Microsoft malware dataset and our own malware dataset which contained 10868 and 53760 samples respectively. Our experiment results show that our method could categorize malware with better quality and robustness. Also, our method has certain advantages in the system run time and memory consumption compared with the state-of-the art malware analysis works
{"title":"Based on Multi-features and Clustering Ensemble Method for Automatic Malware Categorization","authors":"Yunan Zhang, Chenghao Rong, Qingjia Huang, Yang Wu, Zeming Yang, Jianguo Jiang","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.222","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.222","url":null,"abstract":"Automatic malware categorization plays an important role in combating the current large volume of malware and aiding the corresponding forensics. Generally, there are lot of sample information could be extracted with the static tools and dynamic sandbox for malware analysis. Combine these obtained features effectively for further analysis would provides us a better understanding. On the other hand, most current works on malware analysis are based on single category of machine learning algorithm to categorize samples. However, different clustering algorithms have their own strengths and weaknesses. And then, how to combine the merits of the multiple categories of features and algorithms to further improve the analysis result is very critical. In this paper, we propose a novel scalable malware analysis framework to exploit the complementary nature of different features and algorithms to optimally integrate their results. By using the concept of clustering ensemble, our system combines partitions from individual category of feature and algorithm to obtain better quality and robustness. Our system composed of the following three parts: (1) extract multiple categories of static and dynamic features; (2) use the k-means and hierarchical clustering algorithms to construct the base clustering; (3) proposed an efficient method based on mixture model clustering ensemble to conduct an effective clustering analysis. We have evaluated our method on two malware datasets, namely the Microsoft malware dataset and our own malware dataset which contained 10868 and 53760 samples respectively. Our experiment results show that our method could categorize malware with better quality and robustness. Also, our method has certain advantages in the system run time and memory consumption compared with the state-of-the art malware analysis works","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127457518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.352
Antonio La Marra, F. Martinelli, P. Mori, A. Saracino
Internet of Things (IoT) is a paradigm which has become extremely popular, with applications spanning from ehealth to industrial controls. IoT architectures are distributed and often based on constrained devices, which make challenging the task of introducing security mechanisms, in particular those requiring dynamic policy evaluation. In this paper we present UCIoT (Usage Control in IoT), a fault tolerant and adaptable framework for the enforcement of usage control policies in IoT environments. UCIoT brings the functionalities of a U-XACMLbased usage control framework on a decentralized, distributed and Peer-to-Peer (P2P) architecture. In the present work, we describe an application of UCIoT in a Smart-Home environment, presenting also two possible use cases where usage control is exploited to implement a policy for energy saving and a policy for safety. A set of experiments on real devices is finally presented to report the performance of the system, measuring the overhead introduced by the UCIoT framework.
{"title":"Implementing Usage Control in Internet of Things: A Smart Home Use Case","authors":"Antonio La Marra, F. Martinelli, P. Mori, A. Saracino","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.352","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352","url":null,"abstract":"Internet of Things (IoT) is a paradigm which has become extremely popular, with applications spanning from ehealth to industrial controls. IoT architectures are distributed and often based on constrained devices, which make challenging the task of introducing security mechanisms, in particular those requiring dynamic policy evaluation. In this paper we present UCIoT (Usage Control in IoT), a fault tolerant and adaptable framework for the enforcement of usage control policies in IoT environments. UCIoT brings the functionalities of a U-XACMLbased usage control framework on a decentralized, distributed and Peer-to-Peer (P2P) architecture. In the present work, we describe an application of UCIoT in a Smart-Home environment, presenting also two possible use cases where usage control is exploited to implement a policy for energy saving and a policy for safety. A set of experiments on real devices is finally presented to report the performance of the system, measuring the overhead introduced by the UCIoT framework.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126247572","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.327
A. Rafique, D. Landuyt, Vincent Reniers, W. Joosen
In the context of multi-tenant SaaS applications, data confidentiality support is increasingly being offered from within the application layer instead of the database layer or the storage layer to accommodate continuously changing requirements of multiple tenants. Application-level data management middleware platforms are becoming increasingly compelling for dealing with the complexity of a multi-cloud or a federated cloud storage architecture as well as multi-tenant SaaS applications.However, these platforms typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema. Thus, mapping data objects while supporting varying data confidentiality requirements, therefore, leads to fragmentation of data over distributed storage nodes. This introduces significant performance overhead at the level of individual database transactions (e.g., CRUD transactions) and negatively affects the overall scalability.To address these challenges, we present a dedicated data mapping strategy that leverages the data schema flexibility of columnar NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We validate these solutions in the context of an industrial multi-tenant SaaS application and conduct a comprehensive performance evaluation. The results confirm that the proposed data mapping strategy indeed yields scalability and performance improvements.
{"title":"Leveraging NoSQL for Scalable and Dynamic Data Encryption in Multi-tenant SaaS","authors":"A. Rafique, D. Landuyt, Vincent Reniers, W. Joosen","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.327","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.327","url":null,"abstract":"In the context of multi-tenant SaaS applications, data confidentiality support is increasingly being offered from within the application layer instead of the database layer or the storage layer to accommodate continuously changing requirements of multiple tenants. Application-level data management middleware platforms are becoming increasingly compelling for dealing with the complexity of a multi-cloud or a federated cloud storage architecture as well as multi-tenant SaaS applications.However, these platforms typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema. Thus, mapping data objects while supporting varying data confidentiality requirements, therefore, leads to fragmentation of data over distributed storage nodes. This introduces significant performance overhead at the level of individual database transactions (e.g., CRUD transactions) and negatively affects the overall scalability.To address these challenges, we present a dedicated data mapping strategy that leverages the data schema flexibility of columnar NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We validate these solutions in the context of an industrial multi-tenant SaaS application and conduct a comprehensive performance evaluation. The results confirm that the proposed data mapping strategy indeed yields scalability and performance improvements.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127836121","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.344
Yifeng Mo, Shuguo Li
Base extent (BE) is the most costly operation in classic RNS Montgomery multiplication. In this paper, we propose a method to optimize Chinese Remainder Theorem (CRT)- based BE, where some common factors are extracted that the precomputed parameters of BEs can be adjusted to some forms with a small Hamming weight if modulo selected properly. Four modulo are selected to demonstrate the advantage of the proposed method. Using the proposed method and four modulo, the 32 multiplications of BEs can be replaced with 40 additions. The most efficient algorithm state of the art requires 48 multiplication for a system of four modulo while the proposed method reduced the number of the required multiplications from 48 to 20. Our method allows faster computation of RNS Montgomery multiplication.
{"title":"Base Extent Optimization for RNS Montgomery Algorithm","authors":"Yifeng Mo, Shuguo Li","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.344","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.344","url":null,"abstract":"Base extent (BE) is the most costly operation in classic RNS Montgomery multiplication. In this paper, we propose a method to optimize Chinese Remainder Theorem (CRT)- based BE, where some common factors are extracted that the precomputed parameters of BEs can be adjusted to some forms with a small Hamming weight if modulo selected properly. Four modulo are selected to demonstrate the advantage of the proposed method. Using the proposed method and four modulo, the 32 multiplications of BEs can be replaced with 40 additions. The most efficient algorithm state of the art requires 48 multiplication for a system of four modulo while the proposed method reduced the number of the required multiplications from 48 to 20. Our method allows faster computation of RNS Montgomery multiplication.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122420593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.281
Rui Zhao, Z. Meng, Yan Zheng, Qiangguo Jin, Anbang Ruan, Hanglun Xie
MapReduce system over a cloud computing infrastructure has made an extensive use in the field of finance, medical health, scientific research, traffic, energy and so on which attracts more and more attention on the security of the platform. Due to the sensitivity of the data in these fields, the user suffers great threat on their privacy and security. And the wrong results produced by the MapReduce platform may mislead the user to a big disaster. Current solutions mainly focus on the procedure of encryption before transmission and storage and decryption when processing. However, these solutions cannot prevent the user data stolen by the data processing program and the wrong result produced by the platform. In this paper, we propose a Security-Oriented MapReduce (SOMR) infrastructure that integrates the big-data processing framework, key management system and trusted computing infrastructure to ensure the security of every operation. While big data processing framework controls the life cycle of the cloud computing platform, key management system provides the trust assurance of encryption and trusted computing infrastructure makes measurable verification on the platform, SOMR presents a persistent security guarantee on the user data and processing results. We implemented SOMR on the infrastructure of OpenStack with Sahara, Barbican and OAT. The evaluations on our prototype showed that the platform can resist many typical attacker behaviors, and the overheads can be reduced to a very low level.
{"title":"SOMR: Towards a Security-Oriented MapReduce Infrastructure","authors":"Rui Zhao, Z. Meng, Yan Zheng, Qiangguo Jin, Anbang Ruan, Hanglun Xie","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.281","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.281","url":null,"abstract":"MapReduce system over a cloud computing infrastructure has made an extensive use in the field of finance, medical health, scientific research, traffic, energy and so on which attracts more and more attention on the security of the platform. Due to the sensitivity of the data in these fields, the user suffers great threat on their privacy and security. And the wrong results produced by the MapReduce platform may mislead the user to a big disaster. Current solutions mainly focus on the procedure of encryption before transmission and storage and decryption when processing. However, these solutions cannot prevent the user data stolen by the data processing program and the wrong result produced by the platform. In this paper, we propose a Security-Oriented MapReduce (SOMR) infrastructure that integrates the big-data processing framework, key management system and trusted computing infrastructure to ensure the security of every operation. While big data processing framework controls the life cycle of the cloud computing platform, key management system provides the trust assurance of encryption and trusted computing infrastructure makes measurable verification on the platform, SOMR presents a persistent security guarantee on the user data and processing results. We implemented SOMR on the infrastructure of OpenStack with Sahara, Barbican and OAT. The evaluations on our prototype showed that the platform can resist many typical attacker behaviors, and the overheads can be reduced to a very low level.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127888223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-08-01DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.239
Tasnuva Tithi, Chris Winstead, Ryan M. Gerdes
This work investigates the viability of using the visible shadows cast by vehicles to verify position claims made by vehicles in a platoon. Platooning is a method of guiding a group of vehicles whereby a lead vehicle determines the speed/velocity of the vehicles that follow. A cooperative following strategy is then employed by the followers to maintain a desired separation between themselves. In this way a group of vehicles acts as a single unit, which has been shown to have many safety and efficiency benefits. Existing work, however, demonstrates that a disruptive member of a platoon is capable of causing the rest of the platoon to increase its total energy expenditure, or even destabilizing the platoon, which could result in catastrophic accidents. Knowledge about the position and velocity of each vehicle can help deter such attacks by attributing the disruption to the specific vehicle causing it.One way to achieve this is to assume that the lead vehicle is trusted and equipped with a camera so as to watch over the platoon and identify deviations from reported positions/velocities. As platoons often move in a straight line, it might be impossible for the leader to obtain a direct view of all the vehicles in the platoon. Under a broad range of circumstances, however, a direct view of the vehicle or the shadows of the vehicles are visible to the leader. In this work we investigate whether the differential distance between shadows, as viewed through a monocular camera, can reveal that the distance between two vehicles has changed over time, and thus serve as a mechanism to verify positions claims. When a direct view of the vehicle is not achievable, the use of shadows to detect the relative positions of vehicles under a variety of weather and daylight conditions are considered. Our analysis finds that shadow analysis can be used in sequential images to detect practical changes in the distance between two vehicles for visible shadows in non-light-of-sightscenarios. We also present the analysis to efficiently use the technique as the position of the Sun changes through out the day for a given site location.
{"title":"Viability of Using Shadows Cast by Vehicles for Position Verification in Vehicle Platooning","authors":"Tasnuva Tithi, Chris Winstead, Ryan M. Gerdes","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.239","DOIUrl":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.239","url":null,"abstract":"This work investigates the viability of using the visible shadows cast by vehicles to verify position claims made by vehicles in a platoon. Platooning is a method of guiding a group of vehicles whereby a lead vehicle determines the speed/velocity of the vehicles that follow. A cooperative following strategy is then employed by the followers to maintain a desired separation between themselves. In this way a group of vehicles acts as a single unit, which has been shown to have many safety and efficiency benefits. Existing work, however, demonstrates that a disruptive member of a platoon is capable of causing the rest of the platoon to increase its total energy expenditure, or even destabilizing the platoon, which could result in catastrophic accidents. Knowledge about the position and velocity of each vehicle can help deter such attacks by attributing the disruption to the specific vehicle causing it.One way to achieve this is to assume that the lead vehicle is trusted and equipped with a camera so as to watch over the platoon and identify deviations from reported positions/velocities. As platoons often move in a straight line, it might be impossible for the leader to obtain a direct view of all the vehicles in the platoon. Under a broad range of circumstances, however, a direct view of the vehicle or the shadows of the vehicles are visible to the leader. In this work we investigate whether the differential distance between shadows, as viewed through a monocular camera, can reveal that the distance between two vehicles has changed over time, and thus serve as a mechanism to verify positions claims. When a direct view of the vehicle is not achievable, the use of shadows to detect the relative positions of vehicles under a variety of weather and daylight conditions are considered. Our analysis finds that shadow analysis can be used in sequential images to detect practical changes in the distance between two vehicles for visible shadows in non-light-of-sightscenarios. We also present the analysis to efficiently use the technique as the position of the Sun changes through out the day for a given site location.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115891848","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: