To monitor virtual machines and applications in IaaS cloud environments, cloud providers require installing agents in tenants' virtual machines. It is inconvenient for users and is prone to cyber attacks. In this paper, we propose oMon, a out-of-the-box application monitoring framework for cloud applications. oMon does not requires installing any agent in the guest OS of tenants' virtual machines, thus is transparent to the cloud applications, and could supports a wide range of guest OS and legacy systems. We design and implement several modules in oMon which can not only obtain the performance statistics of tenants' virtual machines, but also collect information on process, system call, disk I/O and network communications. oMon also enables comprehensive analysis by correlating these information. We evaluate the effectiveness and efficiency of oMon through several experiments. The results shown that oMon could successfully provide fine-grained monitoring for cloud applications with small overhead.
{"title":"Towards an Out-of-the-Box Cloud Application Monitoring Framework","authors":"Jianjun Li, Wei Li, Ming Li","doi":"10.1109/CSCloud.2016.39","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.39","url":null,"abstract":"To monitor virtual machines and applications in IaaS cloud environments, cloud providers require installing agents in tenants' virtual machines. It is inconvenient for users and is prone to cyber attacks. In this paper, we propose oMon, a out-of-the-box application monitoring framework for cloud applications. oMon does not requires installing any agent in the guest OS of tenants' virtual machines, thus is transparent to the cloud applications, and could supports a wide range of guest OS and legacy systems. We design and implement several modules in oMon which can not only obtain the performance statistics of tenants' virtual machines, but also collect information on process, system call, disk I/O and network communications. oMon also enables comprehensive analysis by correlating these information. We evaluate the effectiveness and efficiency of oMon through several experiments. The results shown that oMon could successfully provide fine-grained monitoring for cloud applications with small overhead.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115998718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Graphene, a single layer of carbon atoms in a two-dimensional honeycomb lattice, have attracted tremendous attention from researchers in recent years, due to its excellent electrical, mechanical and optical performances. However, preparation of grapheme with simple methods is still a huge challenge. In this paper, graphene oxide is prepared by Hummers method. The graphene prepared by hydrazine hydrate chemical reduction of graphite oxide are characterized by Fourier transform infrared (FTIR) spectroscopy, Raman spectroscopy. Additionally, the electrochemical performance is tested. Results show that the prepared graphene has good performance and safe manufacturing process.
{"title":"Preparation of Graphene and Its Performance Analysis","authors":"W. Sheng","doi":"10.1109/CSCloud.2016.20","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.20","url":null,"abstract":"Graphene, a single layer of carbon atoms in a two-dimensional honeycomb lattice, have attracted tremendous attention from researchers in recent years, due to its excellent electrical, mechanical and optical performances. However, preparation of grapheme with simple methods is still a huge challenge. In this paper, graphene oxide is prepared by Hummers method. The graphene prepared by hydrazine hydrate chemical reduction of graphite oxide are characterized by Fourier transform infrared (FTIR) spectroscopy, Raman spectroscopy. Additionally, the electrochemical performance is tested. Results show that the prepared graphene has good performance and safe manufacturing process.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127141586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Analyzing similarity of access control policies is very important in many application sceneries, for example, conducting similarity analysis to reduce policy scale in cloud services composition, or through similar policies to find cloud services which have same function. Existing methods of policy similarity analysis are mainly based on logical reasoning or Boolean function comparison, which are computationally expensive and do not scale well for large heterogeneous distributed cloud environments. In this paper, we propose a lightweight approach for analyzing the similarity of heterogeneous policy in cloud environment, called Saphena. In Saphena, paired attributes are used to unify and simplify heterogeneous policies and the similarity of attribute is calculated by utilizing semantic-based analysis method. The similarity of policies is obtained by digging the similarities of all attributes in policies and controlling the corresponding weighting factor. We design a threshold that is used to judge whether similarity among policies. Cloud service providers can set threshold through interface flexibly based on their difference request. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with the classic cosine similarity analysis arithmetic.
{"title":"Saphena: An Approach for Analyzing Similarity of Heterogeneous Policies in Cloud Environment","authors":"Li Lin, Jian Hu, Xinya Mao, Jian-biao Zhang","doi":"10.1109/CSCloud.2016.13","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.13","url":null,"abstract":"Analyzing similarity of access control policies is very important in many application sceneries, for example, conducting similarity analysis to reduce policy scale in cloud services composition, or through similar policies to find cloud services which have same function. Existing methods of policy similarity analysis are mainly based on logical reasoning or Boolean function comparison, which are computationally expensive and do not scale well for large heterogeneous distributed cloud environments. In this paper, we propose a lightweight approach for analyzing the similarity of heterogeneous policy in cloud environment, called Saphena. In Saphena, paired attributes are used to unify and simplify heterogeneous policies and the similarity of attribute is calculated by utilizing semantic-based analysis method. The similarity of policies is obtained by digging the similarities of all attributes in policies and controlling the corresponding weighting factor. We design a threshold that is used to judge whether similarity among policies. Cloud service providers can set threshold through interface flexibly based on their difference request. Comprehensive experiments have been conducted, which demonstrate the effectiveness of the proposed method by the comparison with the classic cosine similarity analysis arithmetic.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130984488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Recent years witness the successful adoption of Cloud computing. However, security remains the top concern for cloud users. The fundamental issue is that cloud providers cannot convince cloud users the trustworthiness of cloud platforms. In this paper, we propose a cloud auditing framework, named CloudAuditor, to examine the behaviors of cloud platforms. By leveraging nested virtualization technology, CloudAuditor could identify the stealthy memory and disk access from cloud platforms to users' virtual machines and can support the mainstream IaaS platforms such as VMware, Xen and KVM. We evaluate the effectiveness and efficiency of CloudAuditor through comprehensive experiments. The results show that CloudAuditor can identify the suspicious behaviors of cloud platforms with acceptable performance overhead.
{"title":"CloudAuditor: A Cloud Auditing Framework Based on Nested Virtualization","authors":"Zhe Wang, Jin Zeng, Tao Lv, Bin Shi, Bo Li","doi":"10.1109/CSCloud.2016.40","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.40","url":null,"abstract":"Recent years witness the successful adoption of Cloud computing. However, security remains the top concern for cloud users. The fundamental issue is that cloud providers cannot convince cloud users the trustworthiness of cloud platforms. In this paper, we propose a cloud auditing framework, named CloudAuditor, to examine the behaviors of cloud platforms. By leveraging nested virtualization technology, CloudAuditor could identify the stealthy memory and disk access from cloud platforms to users' virtual machines and can support the mainstream IaaS platforms such as VMware, Xen and KVM. We evaluate the effectiveness and efficiency of CloudAuditor through comprehensive experiments. The results show that CloudAuditor can identify the suspicious behaviors of cloud platforms with acceptable performance overhead.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125210800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paper uses EMD to construct a new transformation matrix to improve the original matrix coding algorithm and proposes a new video steganography algorithm:Improved Matrix Encoding (IME). The proposed algorithmretains the advantages of EMD and matrix encoding that it can greatly reduce the modifications of embed carrier to achieve a high embedding efficiency under the conditions of same embedding capacity. At the same time, the proposed algorithm solves the problem that the embedding rate of matrix encoding is relatively low. The experiment compared with similar algorithms show that the algorithm has advantages in PSNR, SSIM, and bitrate increase.
{"title":"An Improved Matrix Encoding Steganography Algorithm Based on H.264 Video","authors":"Liyun Qian, Zhitang Li, Pei-Zhang Zhou, Jian Chen","doi":"10.1109/CSCloud.2016.8","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.8","url":null,"abstract":"The paper uses EMD to construct a new transformation matrix to improve the original matrix coding algorithm and proposes a new video steganography algorithm:Improved Matrix Encoding (IME). The proposed algorithmretains the advantages of EMD and matrix encoding that it can greatly reduce the modifications of embed carrier to achieve a high embedding efficiency under the conditions of same embedding capacity. At the same time, the proposed algorithm solves the problem that the embedding rate of matrix encoding is relatively low. The experiment compared with similar algorithms show that the algorithm has advantages in PSNR, SSIM, and bitrate increase.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126630589","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Virtual network management is a basic component provided by cloud computing system. In cloud environment, the fact that VMs in the same subnet are located in different hosts, the traffic of VMs attached to different users should be isolated, the VM would be migrated to other hosts makes network management different from that in physical network. Technology like overlay and SDN is usually introduced to establish a reliable and efficient virtual network management scheme. However, there are many drawbacks such as flexibility and hardware costs in most schemes introducing technology above-mentioned. We addressing these problems by designing a scheme on the hyper-visor layer of physical hosts based on overlay and SDN technology, which means the tradition virtual network can be easily transformed to our system without purchasing new devices supported OpenFlow or VXLAN(a kind of technology in overlay) protocol. Besides additional functions like monitor and traffic mirror can be customized by users' needs for the system's flexibility and scalability the SDN technology endowing. We also design a Distributed Virtual Router(DVR) on each host to solve the general problem of traffic between Internet and Intranet concentrating in most schemes. The experimental evaluation shows that our system has achieve the basic intercommunication under the situation of tenant isolation and its performance of communication between Internet and Intranet acts obviously better than that in OpenStack scheme for our DVR design.
{"title":"A Novel Software Defined Networking Framework for Cloud Environments","authors":"Yukun Zhang, B. Li","doi":"10.1109/CSCloud.2016.22","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.22","url":null,"abstract":"Virtual network management is a basic component provided by cloud computing system. In cloud environment, the fact that VMs in the same subnet are located in different hosts, the traffic of VMs attached to different users should be isolated, the VM would be migrated to other hosts makes network management different from that in physical network. Technology like overlay and SDN is usually introduced to establish a reliable and efficient virtual network management scheme. However, there are many drawbacks such as flexibility and hardware costs in most schemes introducing technology above-mentioned. We addressing these problems by designing a scheme on the hyper-visor layer of physical hosts based on overlay and SDN technology, which means the tradition virtual network can be easily transformed to our system without purchasing new devices supported OpenFlow or VXLAN(a kind of technology in overlay) protocol. Besides additional functions like monitor and traffic mirror can be customized by users' needs for the system's flexibility and scalability the SDN technology endowing. We also design a Distributed Virtual Router(DVR) on each host to solve the general problem of traffic between Internet and Intranet concentrating in most schemes. The experimental evaluation shows that our system has achieve the basic intercommunication under the situation of tenant isolation and its performance of communication between Internet and Intranet acts obviously better than that in OpenStack scheme for our DVR design.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114974816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber Security breaches and attacks are on the ascendancy as corporations, governments, universities, and private individuals are conducting their business and personal transactions on the web. This increasing participating on the web necessitates that robust and efficient cyber security systems need to be put in place by these entities to safeguard their cyber assets. Intelligent Systems needs to be employed to buttress the cyber security protocols established in cloud computing for proper decision-making, which may depend on the effective knowledge representation. However, as one of the dominant industry standards for knowledge representation, Web Ontology Language (OWL) has limitations, such as the lack of support for custom relations. Pace University has extended OWL to support Knowledge Graph as a replacement to better support knowledge representation and decision making. This paper examines using KG as the basis in the design of a knowledge-representation system that drives the filtration process of a company's cyber security ecosystem in cloud computing by employing a use case of cyber security communications in-order to identify the entity relations of threat types for the filtration process.
{"title":"Powering Filtration Process of Cyber Security Ecosystem Using Knowledge Graph","authors":"C. Asamoah, Lixin Tao, Keke Gai, Ning Jiang","doi":"10.1109/CSCloud.2016.36","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.36","url":null,"abstract":"Cyber Security breaches and attacks are on the ascendancy as corporations, governments, universities, and private individuals are conducting their business and personal transactions on the web. This increasing participating on the web necessitates that robust and efficient cyber security systems need to be put in place by these entities to safeguard their cyber assets. Intelligent Systems needs to be employed to buttress the cyber security protocols established in cloud computing for proper decision-making, which may depend on the effective knowledge representation. However, as one of the dominant industry standards for knowledge representation, Web Ontology Language (OWL) has limitations, such as the lack of support for custom relations. Pace University has extended OWL to support Knowledge Graph as a replacement to better support knowledge representation and decision making. This paper examines using KG as the basis in the design of a knowledge-representation system that drives the filtration process of a company's cyber security ecosystem in cloud computing by employing a use case of cyber security communications in-order to identify the entity relations of threat types for the filtration process.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126966250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Password-based user authentication service is widely used in Internet. Most of the password-based authentication protocols are constructed under the single-server structure that a authencitation server stores cleartext passwords or verification data derived from password and responds to users' authentication request. The security of single-server authentication system is very fragile. In particular, when the server is comprimised, all of users' verification data is exposed to the attacker. Nowadays, development of mobile Internet leads the demand of authentication on roaming device. In this scenario, easily memorable short password and simple secret is accepted by most people despite of its security limitation. The utilization of short password worsens the situation of single-server authentication protocol. Attackers controlling the system can launch off-line dictionary attack from internal of server side to obtain users' original password. Multi-server authentication protocols can improve the security of verification data by distributed storing data on the cluster. This approach increases the difficulty of internal attack and guarantees security even if a portion of servers in the cluster are controlled by adversary. But in practice, There are some problems in existing multi-server protocols. For example, communicating with multiple servers brings extra network and computational burden to client device. To address these problems, in this paper we propose a novel password-based multi-server authenication protocol which not only require less computation on client device but remain functional and secure even if adversary controls some servers and forces them collude to attack our protocol.
{"title":"A Threshold Multi-server Protocol for Password-Based Authentication","authors":"M. Guan, Jiaxing Song, Weidong Liu","doi":"10.1109/CSCloud.2016.26","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.26","url":null,"abstract":"Password-based user authentication service is widely used in Internet. Most of the password-based authentication protocols are constructed under the single-server structure that a authencitation server stores cleartext passwords or verification data derived from password and responds to users' authentication request. The security of single-server authentication system is very fragile. In particular, when the server is comprimised, all of users' verification data is exposed to the attacker. Nowadays, development of mobile Internet leads the demand of authentication on roaming device. In this scenario, easily memorable short password and simple secret is accepted by most people despite of its security limitation. The utilization of short password worsens the situation of single-server authentication protocol. Attackers controlling the system can launch off-line dictionary attack from internal of server side to obtain users' original password. Multi-server authentication protocols can improve the security of verification data by distributed storing data on the cluster. This approach increases the difficulty of internal attack and guarantees security even if a portion of servers in the cluster are controlled by adversary. But in practice, There are some problems in existing multi-server protocols. For example, communicating with multiple servers brings extra network and computational burden to client device. To address these problems, in this paper we propose a novel password-based multi-server authenication protocol which not only require less computation on client device but remain functional and secure even if adversary controls some servers and forces them collude to attack our protocol.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"151 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133543402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Biometric systems such as fingerprint, iris, DNA became popular methods in user authentication. Compared to these biometric systems, keystroke biometric authentication systems have not gained so much attention because of lower accuracy compared to other biometric systems. A number of researches have been conducted on keystroke biometric using different generative and discriminative classifiers. As Hidden Markov Models have proven a great success in voice recognition, this study investigates Hidden Markov Models in keystroke dynamic. This paper proposes a novel user verification technique using 1-substate Hidden Markov Model through keystroke dynamic. To verify the effectiveness of the proposed system, extensive experiments have been conducted and 80% accuracy was achieved by the proposed system.
{"title":"Keystroke Biometric User Verification Using Hidden Markov Model","authors":"M. Ali, Kutub Thakur, C. Tappert, Meikang Qiu","doi":"10.1109/CSCloud.2016.23","DOIUrl":"https://doi.org/10.1109/CSCloud.2016.23","url":null,"abstract":"Biometric systems such as fingerprint, iris, DNA became popular methods in user authentication. Compared to these biometric systems, keystroke biometric authentication systems have not gained so much attention because of lower accuracy compared to other biometric systems. A number of researches have been conducted on keystroke biometric using different generative and discriminative classifiers. As Hidden Markov Models have proven a great success in voice recognition, this study investigates Hidden Markov Models in keystroke dynamic. This paper proposes a novel user verification technique using 1-substate Hidden Markov Model through keystroke dynamic. To verify the effectiveness of the proposed system, extensive experiments have been conducted and 80% accuracy was achieved by the proposed system.","PeriodicalId":410477,"journal":{"name":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132117004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: