Developing and Securing the Cloud

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

Introduction to the Course

January – May 2015

Objective of the Unit

This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in

- Lectures Secure Web Services Secure Cloud Computing

- Paper Presentations

Book: Bhavani Thuraisingham, Developing and Securing the Cloud, CRC Press, November 2013

Outline of the Unit

Outline of Course Course Work Course Rules Contact Papers to read for lectures after Spring Break Index to lectures and preparation for exams Acknowledgement:

- AFOSR for funding our research in assured cloud computing

- NSF for funding our capacity building effort in cloud computing

Topics for Lectures January 16: Background Information

- Cyber Security, Web Services January 23: Secure Web Services, Secure Cloud Computing January 30: Comprehensive Overview of Secure Cloud;

Cloud-based Assured Information Sharing February 6: Secure Document Publishing in the Cloud;

Secure Cloud Computing Guidelines February 13: Secure Virtualization; Virtual Machine

Introspection February 20: Secure Cloud Data and Storage Management February 27/March 6: Identity Management for the Cloud;

Secure Cloud Computing Products March 13: Exam #1 – Repeat exam: March 27, 2015

Topics for Lectures March 20: Mid-term break March 27 – repeat Exam #1 April 3 lecture – Host Health Detection; Big Data Security and

Privacy April 10, 17, 24: Paper presentations May 1: Paper presentation, Programming project

presentation, and review for exam #2 May 6 – Exam #2

Course Work

Two exams each worth 24 points Programming project worth 16 points Four homework assignments – 4 points each Two term papers – 8 points each (revised: One term paper 8

points) Paper Presentation - 4 points Extra credit for term paper #2: 2 points

Course Rules Course attendance is mandatory; unless permission is obtained from

instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 2 points will be deducted out of 100 for each lecture missed without approval.

Each student will work individually Late assignments will not be accepted. All assignments have to be

turned in just after the lecture on the due date No make up exams unless student can produce a medical certificate or

give evidence of close family emergency Copying material from other sources will not be permitted unless the

source is properly referenced Any student who plagiarizes from other sources will be reported to the

appropriate UTD authorities

Contact

For more information please contact

- Dr. Bhavani Thuraisingham

- Professor of Computer Science and

- Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080

- Phone: 972-883-4738

- Fax: 972-883-2399

- Email: bhavani.thuraisingham@utdallas.edu

- URL:http://www.utdallas.edu/~bxt043000/

Assignments/Term Papers/Programming Project Schedule

Assignment #1

- Posted in Lecture #8

- Given on January 30, 2015; Due on February 13, 2015 Assignment #2

- Posted in Lecture #12

- Given on Feb 13; Due on Feb 27 Assignment #3

- Given on April 3, 2015; Due on April 17, 2015 Assignment #4

- Given on April 20, 2015; Due on May 4, 2015 Term Paper #1 due on March 6, 2015 Programming project due on May 1, 2015

Term Paper Topics

Secure Virtualization for the Cloud Cloud Storage and Data Security Identity Management for the Cloud Security Management for the Cloud Privacy for the Cloud Audit and Compliance for the Cloud Cloud Forensics

Programming Project Deliverables

Introduction / problem statement Design of the system (what you would like to implement) Implementation overview of the system (since you may not be

able to implement the entire design) Test runs/screen shots (if the program does not work explain

what the challenges were) Future work Also for multi-person project who contributed to which parts

Programming Project Sample Topics

Policy-based information sharing in the cloud Storing documents in the cloud (e.g., Google docs), encrypt

and decrypt Implement a malware detection technique in the cloud Implement some services (e.g., identity management), access

control in the cloud

Papers to Read for Exam #1 Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.

Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections only, proofs are not necessary)

Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar, Bhavani M. Thuraisingham: Design and Implementation of a Cloud-Based Assured Information Sharing System. MMM-ACNS 2012: 36-50

Yangchun Fu, Zhiqiang Lin: Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection. IEEE Symposium on Security and Privacy 2012: 586-600

Kerim Yasin Oktay, Vaibhav Khadilkar, Bijit Hore, Murat Kantarcioglu, Sharad Mehrotra, Bhavani M. Thuraisingham: Risk-Aware Workload Distribution in Hybrid Clouds. IEEE CLOUD 2012: 229-236

Index to Lectures for Exam #1 Lecture 1: Cyber Security essentials (Guest Lecturem not in

exam)) Lecture 2: Developments in Web Services Lecture 3: Introduction to SOA, Cloud Computing and Secure

Cloud Computing Lecture 4: Cloud Computing and Secure Cloud Computing Lecture 5: Comprehensive Overview of Secure Cloud

Computing Lecture 6: Secure Document Publication in the Cloud (paper #1) Lecture 7: Cloud-based Assured Information Sharing (paper #2) Lecture 8: Assignment #1 Lecture 9: NIST Guidelines for Secure Cloud Computing

Index to Lectures for Exam #1

Lecture 10: Secure Virtualization Lecture 11: Virtual Machine Introspection (paper #3) Lecture 12: Assignment #2 Lecture 13: Hypervisor Security (Extra credit question) Lecture 14: Cloud Data Management (Guest Lecture, not in

exam) Lecture 15: Secure Cloud Data Storage (paper #4) Lecture 16: Identity and Access Management Lecture 17: Revisiting Secure Cloud Computing Concepts

and Tools

Index to Lectures for Exam #2

Lecture 18: Assignment #3 Lecture 19: VM Fingerprinting Lecture 20: Big Data Security and Privacy Lecture 21: Papers to read for April 10 Lecture 22: Papers to read for April 17 Lecture 23: Papers to read for April 24 Lecture 24: Papers to read for May 1 Lecture 25: Assignment #4 Lecture 26: Final Papers selected for Exam #2

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2011 (April 10 lecture)

All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono (David Liou, Jinisha)

Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted Applications Andrew Brown and Jeff Chase (Mahdi, Amon)

Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson (Hamzaleka, Prathika)

Managing Multi-Jurisdictional Requirements in the Cloud: Towards a Computational Legal Landscape, David Gordon and Travis Breaux (Arpita, Lauren)

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2012 (April 10 lecture)

Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Pavan, Marilyn)

Unity: Secure and Durable Personal Cloud Storage Beom Heyn Kim, Wei Huang, David Lie (Navjoth, Ashwini)

Exploiting Split Browsers for Efficiently Protecting User Data Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos Keromytis (Arti, Dipika)

CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud Ioannis Papagiannis, Peter Pietzuch (Varsha, Pragathi)

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2013 (April 10 lecture)

Structural Cloud Audits that Protect Private InformationHongda Xiao; Bryan Ford; Joan Feigenbaum (Shravani, Vivek)

Cloudoscopy: Services Discovery and Topology MappingAmir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Spoorthy, Gauthum)

Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud ArchivesChris Kanich; Peter Snyder (Suhithya, Aravind)

Supporting Complex Queries and Access Policies for Multi-user Encrypted DatabasesMuhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo (Vidya, Bala)

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)

RAID-PIR: Practical Multi-Server PIRDaniel Demmler; Amir Herzberg;Thomas Schneider (Karthik, Ajit)

CloudSafetyNet: Detecting Data Leakage between Cloud TenantsChristian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian Shand; Ruediger Kapitza; Peter Pietzuch (Madav, Prathamik)

Inevitable Failures: The Flawed Trust Assumption in CloudYuqiong Sun; Giuseppe Petracca; Trent Jaeger (Swetha, Priyanka)

Memory Access Pattern Protection in the World of Malicious Operating Systems and Commercial HardwareSrini Devadas (Harshamareka, Anirudda)

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)

A Visitor's Guide to a Post-Privacy WorldAri Juels (Vinay, Pradnya) This paper is not included in the presentations – an alternate paper will be assigned to the students.

A new look at human problem solving: near-optimal solutions to NP-hard problems, Zygmunt Pizlo (Amit, Prathanik)

Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage, Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti (Krishnan, Monica)

A Framework for Outsourcing of Secure ComputationJesper Buus Nielsen; Claudio Orlandi (Prathusha Kendala, Rohini)

Papers to Read for Exam #2 – ACM CCS Cloud Workshop 2014 (April 17 lecture)

Guardians of the Clouds: When Identity Providers Fail Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk (Raju, Moses)

Your Software at my Service Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald; Joerg Schwenk (Chad, Devin)

Co-Location-Resistant Clouds Yossi Azar; Seny Kamara; Ishai Menache; Mariana Raykova; Bruce Shepherd (Prathusha Karnati, Pujitha)

Swap and Play: Live Updating Hypervisors and Its Application to XenFranz Ferdinand Brasser; Mihai Bucicoiu; Ahmad-Reza Sadeghi (Sridevi, Gayathro)

Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)

2014:

- FlowK: Information Flow Control for the CloudThomas F. J.-M. Pasquier, Jean Bacon, David Eyers (Prashand Pathasarathy)

- Verifying Secure Information Flow in Federated CloudsWen Zeng, Maciej Koutny, Paul Watson (Prashand Pathasarathi)

- VLOC: An Approach To Verify The Physical Location Of A Virtual Machine In Cloud; Mojtaba Eskandari, Anderson Santana de Oliveira, Bruno Crispo (Mihir)

- Anonymous User Revocation for Using Attribute-Based Signature in Cloud Computing Zhiqian Xu; Keith M. Martin (Akshay)

- Multi-User Searchable Encryption with Efficient Access Control for Cloud Storage Zhiquan Lv, Min Zhang, Dengguo Feng (Adhirai)

Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)

2013:

- Asma Guesmi and Patrice Clemente. Access Control and Security Properties Requirements Specification for Clouds’ SecLAs. (Solomon)

- Abdul-Majeed, M., Mahdjoubi, L. and Booth, C. Challenges to BIM-cloud integration: Implication of security issues on secure collaboration (Yifan)

- Kenneth Johnson, Yuanzhi Wang, Radu Calinescu, Ian Sommerville, and Gordon Baxter. Services2Cloud: A Framework for Revenue Analysis of Software-as-a-Service Provisioning (Srinidhi)

Papers to Read for Exam #2 – IEEE CloudCom 2012, 2013, 2014 (April 24 lecture)

2012:

- SAPPHIRE: Anonymity for Enhanced Control and Private Collaboration in Healthcare CloudsJohn Pecarina, Shi Pu and Jyh-Charn Liu (Shivani)

- A Cloud Design for User-controlled Storage and Processing of Sensor Data René Hummen, Martin Henze, Daniel Catrein and Klaus Wehrle (Athreya)

- Thunder in the Clouds: Security Challenges and Solutions for Federated Clouds Karin Bernsmed, Martin Gilje Jaatun, Per Håkon Meland and Astrid Undheim (Kiruja)

- Security Risks and their Management in Cloud ComputingAfnan Ullah Khan, Manuel Oriol, Mariam Kiran, Ming Jiang and Karim Djemame (Avinash)

Papers to Read for Exam #2 – IEEE Cloud, 2013(Please note this is different from CloudCom; April 24 Lecture)

Secure Enterprise Data Deduplication in the Cloud, Fatema Rashid, Ali Miri, Isaac Woungang (Pradnya))

Security Threats in Cloud Computing Models: A Systematic Mapping Study Carlo Marcelo Revoredo da Silva, José Lutiano Costa da Silva (Vinay)

A Practical and Secure Multi-Keyword Search Method over Encrypted Cloud Data Cengiz Orencik, Murat Kantarcioglu, Erkay Savas (Paresh)

Papers to Read for Exam #2 – ACM CODASPY (May 1 Lecture)

CODASPY 2015

- Secure Information and Resource Sharing in Cloud; Yun Zhang (UTSA); Prosunjil Biswas (UTSA); Ram Krishnan; (UTSA); Ravi Sandhu (UTSA) Aniruddha

- Virtual Resource Orchestration Constraints in Cloud Infrastructure as a Service Khalid Bijon (UTSA); Ram Krishnan (UTSA); Ravi Sandhu (UTSA) Harshawardhan

CODASPY 2013

- Wei Wei, Ting Yu, Rui Xue:iBigTable: practical data integrity for bigtable in public cloud. 341-352 Amit

- Bo Chen, Reza Curtmola:Towards self-repairing replication-based storage systems using untrusted clouds. 377-388 Prathanik

Papers to Read for Exam #2 – Additional Papers (May 1 Lecture)

ACM Cloud Computing Symposium, 2012

- OS-Sommelier: Memory-Only Operating System Fingerprinting in the Cloud (paper | presentation)Yufei Gu (University of Texas at Dallas), Yangchun Fu (University of Texas at Dallas), Aravind Prakash (Syracuse University), Zhiqiang Lin (University of Texas at Dallas), and Heng Yin (Syracuse University)

ACM Cloud and Autonomic Computing Conference, CAC '13

- Resilient Cloud Data Storage Services - Hemayamini Kurra, Youssif Al-Nashif and Salim Hariri

Final Papers Selected for Exam #2 All Your Clouds are Belong to us - Security Analysis of Cloud

Management Interfaces Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils Gruschka and Luigi Lo Iacono

Detecting Fraudulent Use of Cloud Resources Joseph Idziorek, Mark Tannian and Doug Jacobson

Fast Dynamic Extracted Honeypots in Cloud Computing Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser

Cloudsweeper: Enabling Data-Centric Document Management for Secure Cloud ArchivesChris Kanich; Peter Snyder

RAID-PIR: Practical Multi-Server PIRDaniel Demmler; Amir Herzberg;Thomas Schneider

Final Papers Selected for Exam #2 Guardians of the Clouds: When Identity Providers Fail

Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk

Swap and Play: Live Updating Hypervisors and Its Application to XenFranz Ferdinand Brasser; Mihai Bucicoiu; Ahmad-Reza Sadeghi

Anonymous User Revocation for Using Attribute-Based Signature in Cloud Computing Zhiqian Xu; Keith M. Martin

Secure Enterprise Data Deduplication in the Cloud, Fatema Rashid, Ali Miri, Isaac Woungang

10th paper is any paper of your choice in the reading list for April 10, 17, 24, May 1 and also presented in class