high performance cloud auditing and applications978-1-4614-3296-8/1.pdf · to prepare cloud...
TRANSCRIPT
High Performance Cloud Auditing and Applications
Keesook J. Han • Baek-Young Choi • Sejun SongEditors
High Performance CloudAuditing and Applications
123
EditorsKeesook J. HanAir Force Research LaboratoryRome, NY, USA
Sejun SongDepartment of Engineering TechnologyThe Dwight Look College of EngineeringTexas A&M UniversityCollege Station, TX, USA
Baek-Young ChoiSchool of Computing and EngineeringUniversity of Missouri – Kansas CityKansas City, MO, USA
ISBN 978-1-4614-3295-1 ISBN 978-1-4614-3296-8 (eBook)DOI 10.1007/978-1-4614-3296-8Springer New York Heidelberg Dordrecht London
Library of Congress Control Number: 2013945311
© Springer Science+Business Media New York 2014This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part ofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodologynow known or hereafter developed. Exempted from this legal reservation are brief excerpts in connectionwith reviews or scholarly analysis or material supplied specifically for the purpose of being enteredand executed on a computer system, for exclusive use by the purchaser of the work. Duplication ofthis publication or parts thereof is permitted only under the provisions of the Copyright Law of thePublisher’s location, in its current version, and permission for use must always be obtained from Springer.Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violationsare liable to prosecution under the respective Copyright Law.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.While the advice and information in this book are believed to be true and accurate at the date ofpublication, neither the authors nor the editors nor the publisher can accept any legal responsibility forany errors or omissions that may be made. The publisher makes no warranty, express or implied, withrespect to the material contained herein.
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
Preface
Introduction
Cloud computing is revolutionizing all aspects of technologies to provide scalability,flexibility and cost-effectiveness. It has become a challenge to ensure the security ofcloud computing that supports cross-domain services on a federation of multilevelsecure servers. To secure cloud services and resources, cloud auditing and rapidresponse tasks are very important to meet the Service Level Agreement (SLA)requirements that may specify the levels of availability, serviceability, performance,security, or other attributes of the service. This book mainly focuses on cloudsecurity and high performance computing for cloud auditing. Big cloud audit datasets may consist of client and server audit logs, router logs, etc. Since cloudcomputing may deploy services in federated cloud environments, audit data arecollected and stored in distributed environments. It is necessary to feasibly capture,store, and analyze logs in order to identify threats and prevent attacks. Capturingsecurity relevant information and auditing the results to determine the existence ofsecurity threats in the clouds are still challenging problems.
There is a growing demand for cloud computing standards. Establishing cloudcomputing standards is challenging because it is very complicated to integrateexisting standards and new cloud computing related standards to provide reliablecloud services in federated cloud computing environments. Standards organizations(see Table 1) and working groups are documenting the guidelines and specificationsto prepare cloud computing standardizations (see Table 2). The National Institute ofStandards and Technology (NIST), the Cloud Security Alliance (CSA) and the Dis-tributed Management Task Force (DMTF) Cloud Auditing Data Federation (CADF)Working Group have released essential cloud computing related publications. TheNIST cloud computing publications provide comprehensive cloud computing, cloudsecurity and cloud auditing guidelines. The CSA has released cloud securityguidelines to establish a stable and secure baseline for cloud operations. The DMTFCADF cloud auditing specifications contain useful information for cloud auditing.
v
vi Preface
Table 1 Cloud-related standards organizations
Standards organization
National Institute of Standards and Technology (NIST) United StatesDistributed Management Task Force (DMTF) InternationalIEEE Standards Association (IEEE-SA) InternationalInternational Telecommunications Union (ITU) InternationalEuropean Telecommunications Standards Institute (ETSI) EuropeanOrganization for the Advancement of Structured Information
Standards (OASIS)International
International Organization for Standardization (ISO)/IEC International
Table 2 Cloud security and auditing publications
Publication title
NIST Challenging Security Requirements for US Government Cloud Computing AdoptionNIST Cloud Computing Security Reference ArchitectureNIST Guide to Security for Full Virtualization TechnologiesCSA Security Guidance for Critical Areas of Cloud ComputingCSA Trusted Cloud Initiative (TCI) Reference GuidelinesDMTF The CADF Data Format and Interface Definitions SpecificationCSC Digital Trust in the CloudsOACIS Security, Access and Identity Policy StandardsITU Focus Group on Cloud Computing Technical Report (Parts 1–6)
The NIST has collaborated on cloud computing to define and advance standardswith United States Government (USG) agencies, federal Chief Information Officers(CIOs), private sector experts, and international bodies to identify and reachconsensus on cloud computing technology and standardization priorities. The NISTreleased a two-volume “USG Cloud Computing Technology Roadmap” document(see NIST Special Publication 500-293) to support secure and effective cloudcomputing for the purpose of reducing costs and improving federated cloud com-puting services. These volumes put forth ten NIST strategic and tactical objectivesrelated to cloud computing. The NIST has also established public working groupsto achieve the ten requirements by leveraging the expertise of the broad cloudcomputing stakeholder community. The NIST Cloud Computing Security WorkingGroup (NCC-SWG) is working on six of these requirements which facilitate secureadoption of cloud services.
The goal of the CSA Trusted Computing Initiative (TCI) is to supportcloud providers in developing industry-recommended secure and interoperableidentity, access and compliance management configurations, and practices.The TCI-Reference Architecture (TCI-RA) has been developed to provide amethodology and a set of tools that enable security architects, enterprise architectsand risk management professionals to leverage a common set of solutions tomeet the security requirements for a secure and trusted cloud. The NCC-SWGhas developed the NIST Cloud Computing Security Reference Architecture
Preface vii
(NCC-SRA) that was derived from the NIST Cloud Computing ReferenceArchitecture (NCC-RA). The NIST leveraged the CSA TCI-RA to identify theset of security components in the NCC-SRA. The set of security components fora particular cloud model is introduced in detail in NCC-SRA. The NCC-SRAsecurity components are carried on the three root-domains (Business OperationSupport Service (BOSS), Information Technology Operation Support (ITOS) andSecurity and Risk Management (S&RM)) and the four service layers. Eighteensecurity control families are identified in the NIST SP 800-53.
The DMTF CADF Working Group proposed the open standards to meet the cloudcustomer expectations that cloud providers must provide standard mechanismsfor their tenant customers to self-manage and self-audit application security. Acloud providers ability to provide specific audit event, log and report informationon a per-tenant and application basis is essential. Therefore, the DMTF CADFWorking Group has released the CADF Data Format and Interface Specificationto enable information sharing by supporting the federation of normative auditevent data in the form of customized reports and logs. This documentation alsodefines domain specific identifiers, event classification values and tags that can beused to dynamically generate customized logs and reports for cloud subscribers orcustomers.
Cloud federation is still a new and emerging research area. Federated cloudcomputing faces challenges relating to policy, technology, guidance, security, andstandards. Cloud computing related specifications, standards and implementationtechnologies are required to establish security, interoperability, and portability tosupport federated cloud computing. Comprehensive federated computing technolo-gies are critical to ensure cost-effective and secure cloud computing, and to assuremission-critical requirements. Therefore, standards organizations have worked withnumerous cloud security and auditing working groups to develop cloud computingstandards. In summer 2011, the United States Air Force Research Laboratory(AFRL) CyberBAT Cloud Security and Auditing Team initiated the exploration ofthe cloud security challenges and future cloud auditing research directions that arecovered in this book.
Expected Audience
This book provides cloud security and auditing implementation strategies andresearch directions to diverse audiences:
• Academics and students: This book contains a comprehensive review of cloudsecurity and auditing technologies, secure cloud architectures, programminglanguages, software and/or hardware based implementation and evaluation strate-gies for high performance cloud auditing and applications. It also providesintroductory course materials for students.
viii Preface
• Researchers: This book puts forth future research directions and providesimportant references to a variety of research areas. Researchers can find thismaterial useful in developing their concepts and strategies.
• Standard developers and policy makers: The standard developers need to usethe high performance cloud auditing technology to adapt cloud security into theNCC-SRA or other cloud security reference models. Cloud access control andassured information sharing are useful to the policy makers.
• Cloud vendors and auditors: This book presents a comprehensive treatment ofcloud security and auditing technologies. This book provides useful knowledgefor building secure clouds to process and analyze massive audit data sets and tomeet the SLA requirements.
Book Overview
The objectives of this book are to present surveys, concepts, algorithms, techniquesand components of high performance cloud auditing systems in order to reducecloud security risks, and to increase availability and performance of cloud com-puting for surviving in a contested network environment. The book consists of 13chapters contributed by 40 authors. The book chapters are split into three parts.
Part I: Cloud Architectures and Security Issues
Part I contains surveys of cyber threats and security issues in cloud computing andpresents secure cloud architectures. This part is designed to provide introductorymaterials for cloud auditing technologies.
Chapter “An Overview of Issues and Recent Developments in Cloud Computingand Storage Security” presents an overview of issues and recent developments incloud computing and storage security. This chapter addresses security and privacyconcerns due to lack of data protection transparency and accountability in thecloud. The survey topics include recent security threats, authentication, virtualiza-tion, availability, accountability, and privacy and integrity of remote storage andoutsourced computation.
Chapter “Moving Target Defense for Cloud Infrastructures: Lessons from Bot-nets” proposes the novel moving target defense (MTD) for cloud infrastructures.Botnets are fast-moving targets that are difficult to detect with conventional securitytools. Therefore, MTD has become a major theme in cyber security researches.The authors comprehensively survey the botnet literature, describe the evolutionin botnet technologies, draw lessons from botnets in identifying cloud securitychallenges, and propose solutions to MTD for cloud infrastructures in order to makethe network more resilient against novel and persistent attacks.
Preface ix
Chapter “Secure Mobile Cloud Computing and Security Issues” discusses securemobile cloud computing and security issues. This chapter provides an overviewof the latest mobile computing models and architectures focusing on securityproperties. A wide range of threats against the availability, privacy and integrityof mobile cloud computing architectures is investigated in order to develop defensemechanisms for secure mobile cloud computing and applications.
Chapter “Information Fusion in a Cloud-Enabled Environment” presents infor-mation fusion in a cloud-enabled environment. This chapter describes three aspectsof current developments to low/high-level information fusion (LLIF/HLIF) andcloud computing such as agent-based service architectures, ontologies, and metricsfor timeliness, confidence and security, and introduces the Cloud-Enabled BayesNetwork (CEBN) for wide area motion imagery target tracking and identification.
Part II: Cloud Auditing and Assured Information Sharing
Part II aims to provide in-depth cloud auditing techniques, federated cloud securityarchitectures, cloud access control models, and access assured information sharingtechnologies. The cloud access control and assured information sharing technolo-gies are in this part because cloud data contain sensitive information which needsto be shared in order to aggregate, analyze and query the data in federated cloudcomputing environments.
Chapter “Diagnosing Vulnerability Patterns in Cloud Audit Logs” analyzes thediagnosis of vulnerability patterns in cloud audit logs. Existing security standards,protocols and auditing mechanisms can provide audit logs but auditable eventsof web service compositions in service cloud architectures are not well defined.This chapter specifies the audit log and defines the Vulnerability Diagnostic Trees(VDTs) to determine security vulnerability patterns emerging from Service Orien-tation Architecture (SOA) communications in conjunction with service compositionallocation and cross-cloud communication.
Chapter “Exploiting Timing Side Channel in Secure Cloud Scheduling” ex-ploits a timing side channel in secure cloud scheduling. In multi-tenancy cloudenvironments, a malicious user can learn about the service usage pattern of aninnocent user by a timing based side channel attack. This chapter demonstratesthe information leakage of a timing side channel in shared schedulers, discussestiming side channel threats and countermeasures, and introduces the design ofsecure scheduling policies.
Chapter “Federated Cloud Security Architecture for Secure and Agile Clouds”introduces the federated cloud security architecture for secure and agile clouds. Thischapter describes cloud security threats and proposes a novel federated securityarchitecture that consists of a set of seamlessly integrated systematic securitymechanisms at the application layer, the network layer and the system layer infederated cloud computing environments.
x Preface
Chapter “Trust-Based Access Control for Secure Cloud Computing” presentstrust-based access control for secure cloud computing. Multi-tenancy, elasticity anddynamicity pose several novel challenges for access control in a cloud environment.This chapter summarizes traditional and modern access control models, exploreschallenges of cloud access control, identifies various authorization and enforcementrequirements and desirable properties of access control models, and introducesgraph-theoretic semantics of an access control model.
Chapter “Assured Information Sharing (AIS) Using Private Clouds” introducesthe concept of assured information sharing in private clouds. The authors providebasic characteristics of an AIS framework, discuss the state of the art in the realm ofAIS, and provide contemporary cloud-based AIS implementation methodologies forCloud-centric Assured Information Sharing System (CAISS) and CAISS XACMLpolicies (CAISS-X). The CAISS uses a cloud-based framework for both data storageand retrieval as well as policy enforcement and CAISS-X employs a cloud-centricframework to store and query large amounts of data via a non-cloud policy enginethat enforces XACML-based policies.
Part III: High Performance Cloud Computing
Part III outlines a wide range of challenges and provides solutions to manageand control very large and complex data sets. It is impractical to process a hugeaudit data set using existing on-hand database management tools or data processingapplications in real-time. CPU-GPU computing, MapReduce and router-basedfiltering technologies are employed to face the challenges of big data processing.
Chapter “GPGPU Computing for Cloud Auditing” presents GPGPU computingfor cloud auditing. There is a growing need for computing platforms that areable to rapidly analyze data-intensive cloud audit data. GPGPU computing canperform data analysis with a high level of parallelism employing tools likeHadoop MapReduce. The chapter contains a broad background on GPGPU com-puting, architectures, and programming options, illustrated by helpful programmingexamples.
Chapter “CPU-GPU System Designs for High Performance Cloud Computing”discusses CPU-GPU system designs for high performance cloud computing. Thischapter focuses on the improvement of cloud computing performance by combiningthe powerful scalar processing on CPU with the efficient parallel processing onGPU. The authors also introduce the mainstream and emerging memory hierarchydesigns in CPU-GPU systems and optimization techniques of the data allocationand migration between CPU and GPU for performance improvement.
Chapter “MapReduce Performance in Federated Cloud Computing Environ-ments” introduces MapReduce optimization in federated cloud computing en-vironments. The demand for federation among multiple distributed clusters isgrowing, in order to process data-intensive and compute-intensive applications. TheMapReduce framework coupled with cloud computing is emerging as a viable
Preface xi
solution for distributed big data processing. The authors describe various cloudbased applications over distributed clouds and provide a network aware MapReduceoptimization technique.
Chapter “Improving Cloud Performance with Router-Based Filtering” presentsimproving cloud performance with router-based filtering. The router-based filteringtechnology has been developed to enhance the availability of cloud computing andperformance of cloud auditing. An overview of the specification and generation offiltering rules used by routers, and a theoretical model to find the best locations forhardware routers in a network to block malicious traffic, and experimental resultsare provided in this chapter.
Rome, NY, USA Keesook J. HanKansas City, MO, USA Baek-Young ChoiCollege Station, TX, USA Sejun Song
“Approved for Public Release; Distribution Unlimited: 88ABW-2013-2591, 31-May-2013”
Acknowledgements
This work was supported by the United States government funds from the AirForce Office of Scientific Research (AFOSR), the AFOSR Summer Faculty Fel-lowship Program (SFFP), the Air Force Research Laboratory (AFRL) VisitingFaculty Research Program (VFRP), the National Science Foundation (NSF) and theNational Institute of Health (NIH). The editors especially appreciated the supportof AFOSR/RSL Program Manager Dr. Robert Herklotz; all chapters were partiallysupported by his AFOSR Information Operations and Security Program fundsfor extramural projects and AFOSR intramural project (LRIR 11RI01COR). Theeditors are grateful for the support provided by AFRL Information Institute DirectorMr. John Graniero and Mr. Frank Hoke, and also to Elizabeth Schlaegel for helpingVFRP and SFFP fellows. The editors are also thankful to Dr. Warren DebanyAFRL/RIG, Mr. James Perretta AFRL/RIGA, Mary Allen AF 88ABW/PAX,Sandra Simison AF 88ABW/PAX, and Springer Science+Business Media EditorialAssistant Rebecca Hotowitz for reviewing book chapters. The editors also expresstheir gratitude to Prof. John Kieffer for proofreading the book.
xiii
Contents
Part I Cloud Architectures and Security Issues
An Overview of Issues and Recent Developments in CloudComputing and Storage Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Everaldo Aguiar, Yihua Zhang, and Marina Blanton
Moving Target Defense for Cloud Infrastructures: Lessonsfrom Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Wei Peng, Feng Li, and Xukai Zou
Secure Mobile Cloud Computing and Security Issues . . . . . . . . . . . . . . . . . . . . . . . 65Qijun Gu and Mina Guirguis
Information Fusion in a Cloud-Enabled Environment . . . . . . . . . . . . . . . . . . . . . . 91Erik Blasch, Yu Chen, Genshe Chen, Dan Shen, and Ralph Kohler
Part II Cloud Auditing and Assured Information Sharing
Diagnosing Vulnerability Patterns in Cloud Audit Logs . . . . . . . . . . . . . . . . . . . . . 119Rui Xie, Rose Gamble, and Norman Ahmed
Exploiting Timing Side Channel in Secure Cloud Scheduling . . . . . . . . . . . . . . 147Sachin Kadloor and Negar Kiyavash
Federated Cloud Security Architecture for Secure and Agile Clouds . . . . . . 169Weiliang Luo, Li Xu, Zhenxin Zhan, Qingji Zheng, and Shouhuai Xu
Trust-Based Access Control for Secure Cloud Computing . . . . . . . . . . . . . . . . . . 189Indrajit Ray and Indrakshi Ray
Assured Information Sharing (AIS) Using Private Clouds . . . . . . . . . . . . . . . . . . 215Vaibhav Khadilkar, Tyrone Cadenhead, Murat Kantarcioglu,and Bhavani Thuraisingham
xv
xvi Contents
Part III High Performance Cloud Computing
GPGPU Computing for Cloud Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Virginia W. Ross and Miriam E. Leeser
CPU-GPU System Designs for High Performance Cloud Computing . . . . . 283Yiran Chen, Jie Guo, and Zhenyu Sun
MapReduce Performance in Federated Cloud ComputingEnvironments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Praveenkumar Kondikoppa, Chui-Hui Chiu, and Seung-Jong Park
Improving Cloud Performance with Router-Based Filtering . . . . . . . . . . . . . . . 323Chin-Tser Huang, Heath Carroll, and James Perretta
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Contributors
Everaldo Aguiar University of Notre Dame, Notre Dame, IN, USA
Norman Ahmed Air Force Research Laboratory, Rome, NY, USAPurdue University, West Lafayette, IN, USA
Marina Blanton University of Notre Dame, Notre Dame, IN, USA
Erik Blasch Air Force Research Laboratory, Rome, NY, USA
Tyrone Cadenhead University of Texas at Dallas, Richardson, TX, USA
Heath Carroll University of South Carolina, Columbia, SC, USA
Genshe Chen Intelligent Fusion Tech, Gaithersburg, MD, USA
Yiran Chen University of Pittsburgh, Pittsburgh, PA, USA
Yu Chen SUNY-Binghamton, Binghamton, NY, USA
Chui-Hui Chiu Louisiana State University, Baton Rouge, LA, USA
Rose Gamble University of Tulsa, Tulsa, OK, USA
Qijun Gu Texas State University-San Marcos, San Marcos, TX, USA
Mina Guirguis Texas State University-San Marcos, San Marcos, TX, USA
Jie Guo University of Pittsburgh, Pittsburgh, PA, USA
Chin-Tser Huang University of South Carolina, Columbia, SC, USA
Sachin Kadloor University of Illinois at Urbana-Champaign, Urbana, IL, USA
Murat Kantarcioglu University of Texas at Dallas, Richardson, TX, USA
Vaibhav Khadilkar University of Texas at Dallas, Richardson, TX, USA
Negar Kiyavash University of Illinois at Urbana-Champaign, Urbana, IL, USA
Ralph Kohler Air Force Research Laboratory, Rome, NY, USA
xvii
xviii Contributors
Praveenkumar Kondikoppa Louisiana State University, Baton Rouge, LA, USA
Miriam E. Leeser Northeastern University, Boston, MA, USA
Feng Li Indiana University-Purdue University Indianapolis, Indianapolis, IN, USA
Weiliang Luo University of Texas at San Antonio, San Antonio, TX, USA
Seung-Jong Park Louisiana State University, Baton Rouge, LA, USA
Wei Peng Indiana University-Purdue University Indianapolis, Indianapolis,IN, USA
James Perretta Air Force Research Laboratory, Rome, NY, USA
Indrajit Ray Colorado State University, Fort Collins, CO, USA
Indrakshi Ray Colorado State University, Fort Collins, CO, USA
Virginia W. Ross Air Force Research Laboratory, WPAFB, Ohio, OH, USA
Dan Shen Intelligent Fusion Tech, Gaithersburg, MD, USA
Zhenyu Sun University of Pittsburgh, Pittsburgh, PA, USA
Bhavani Thuraisingham University of Texas at Dallas, Richardson, TX, USA
Rui Xie University of Tulsa, Tulsa, OK, USA
Li Xu University of Texas at San Antonio, San Antonio, TX, USA
Shouhuai Xu University of Texas at San Antonio, San Antonio, TX, USA
Zhenxin Zhan University of Texas at San Antonio, San Antonio, TX, USA
Yihua Zhang University of Notre Dame, Notre Dame, IN, USA
Qingji Zheng University of Texas at San Antonio, San Antonio, TX, USA
Xukai Zou Indiana University-Purdue University Indianapolis, Indianapolis,IN, USA
Acronyms
ABAC Attribute-Based Access ControlACID Atomicity, Consistency, Isolation, DurabilityACL Access Control ListAIS Assured Information SharingAISL Assured Information Sharing LifecycleAMP Accelerated Massive ParallelismAOM Agile Opportunistic MigrationAPI Application Programming InterfaceAPT Advanced Persistent ThreatAPU Accelerated Processing UnitARP Address Resolution ProtocolAS Autonomous SystemAWS Amazon Web ServicesBE Broadband EngineBFE Bloom Filter EncodingBGP Border Gateway ProtocolBLAS Basic Linear Algebra SubroutineBPDU Bridge Protocol Data UnitBOSS Business Operation Support ServiceC&C Command and ControlC2 Command and ControlCADF Cloud Auditing Data FederationCAISS Cloud-Centric Assured Information Sharing SystemCASA Context-Aware Security ArchitectureCBAC Coalition-Based Access ControlCC Cluster ControllerCCE Common Configuration EnumerationCDS Connected Dominating SetCEBN Cloud-enabled Bayes NetworkCG Conjugate GradientCGCM CPU-GPU Communication Manager
xix
xx Acronyms
CIO Chief Information OfficerCLC CLoud ControllerCM Cloud ManagerC-OODA Cognitive-Observe-Orient-Decide-ActCPU Central processing unitCRON Cyberinfrastructure of Reconfigurable Optical NetworkingCSA Cloud Security AllianceCSP Cloud Service ProviderCUDA Compute Unified Device ArchitectureCUFFT CUDA Fast Fourier TransformDAC Discretionary Access ControlDBMS Database management systemsDCGS Distributed Common Ground SystemDDL Data Definition LanguageDDoS Distributed Denial of ServiceDIB DCGS Integration BackboneDMA Direct Memory AccessDMC Discrete Memoryless ChannelDNS Domain Name SystemDMTF Distributed Management Task ForceDoS Denial of ServiceDRAM Dynamic Random-Access MemoryDSCP Differentiated Services Code PointDSL Digital Subscriber LineDX DirectXEC2 Elastic Compute CloudETSI European Telecommunications Standards InstituteFAT File Allocation TableFCL Fusion Control LinkFFT Fast Fourier TransformFIFO First In, First OutFPGA Field-Programmable Gate ArrayGDDR Graphics Double Data RateGFS Google File SystemGIG Global Information GridGMC Graphics Memory ControllerGPGPU General-purpose Programming on GPUGPS Global Positioning SystemGPU Graphics Processing UnitHDD Hard Disk DriveHDFS Hadoop Distributed File SystemHFS Hierarchical File SystemHLIF High-Level Information FusionHPCC Hybrid P2P-based C&CHSF Hard-Soft Fusion
Acronyms xxi
HSI Human Systems IntegrationHTTP Hypertext Transfer ProtocolHVMR Heterogeneous VM ReplicationI/O Input/OutputIaaS Infrastructure as a ServiceIEC International Electrotechnical CommissionIEEE-SA IEEE Standards AssociationICMP Internet Control Message ProtocolIFS Information Fusion SystemIFSA Information Fusion Situation AssessmentIM Information ManagementIP Internet ProtocolISO International Organization for StandardizationISP Internet Service ProviderISR Intelligence, Surveillance and ReconnaissanceITOS Information Technology Operation SupportITU International Telecommunications UnionJASYPT Java Simplified EncryptionJDL Joint Director of the LaboratoriesJTAG Joint Test Access GroupJVM Java Virtual MachineKVM Kernel-Based Virtual MachineLAIR Large Area Image RecorderLBS Location-Based ServiceLLC Last Level CacheLLIF Low-Level Information FusionLTL Linear Temporal LogicMAC Mandatory Access ControlMAC Media Access ControlMBR Master Boot RecordMIO Managed Information ObjectMLC Multi-Level CellMLS Multi-Level SecurityMOS Mobile Operating SystemMPI Message Passing InterfaceMPLS Multi-Protocol Label SwitchingMSASP Microsoft Active Server PageMTBDD Multi-terminal binary decision diagramMTD Moving Target DefenseMTJ Magnetic Tunnel JunctionNAT Network Address TranslationNCC-RA NIST Cloud Computing Reference ArchitectureNCC-SRA NIST Cloud Computing Security Reference ArchitectureNCC-SWG NIST Cloud Computing Security Working GroupNIC Network Interface Card
xxii Acronyms
NIDPS Network Intrusion Detection and Prevention SystemNIST National Institute of Standards and TechnologyNLP Natural Language ProcessingNLRI Network Layer Reachability InformationNTFS NT File SystemOASIS Organization for the Advancement of Structured Information Stan-
dardsOGC Open Geospatial ConsortiumOMTP Open Mobile Terminal PlatformOODA Observe-Orient-Decide-ActOpenCL Open Computing LanguageOpenGL Open Graphics LibraryOWL Web Ontology LanguagePaaS Platform as a ServicePAP Policy Administration PointPCA Proof-Carrying AuthorizationPCI Peripheral Component InterconnectPCM Phase Change MemoryPCT Mathworks Parallel Computing ToolboxPDP Policy Decision PointPEP Policy Enforcement PointPGI Portland Group, IncPIN Personal Identification NumberPIP Policy Information PointPLA Parallel Linear AlgebraPPBT Poisson Pareto Burst TrafficPRA Permission-Role AssignmentQoS Quality of ServiceRBAC Role Based Access ControlRDF Resource Description FrameworkRDFS Resource Description Framework SchemaRFI Receive Requests for InformationRH Role HierarchyRISC Reduced Instruction Set ComputerRM Resource ManagementRPC Remote Procedure CallRR Round-RobinRTT Round-Trip TimeS3 Simple Storage ServiceS&RM Security and Risk ManagementSC Storage ControllerSCT Security Context TokenSIM Subscriber Identity ModuleSIMD Single Instruction Multiple DataSIMT Single Instruction Multiple Thread
Acronyms xxiii
SIS Secure Information SharingSJF Shortest-Job-FirstSLA Service Level AgreementSM Session ManagerSM Streaming MultiprocessorsSMH Session Manager HistorySMS Short Message ServiceSMT Simultaneous Multi-ThreadSoA Service-Oriented ArchitectureSOAP Simple Object Access ProtocolSoD Separation of DutySOI Silicon on InsulatorSOP Same Origin PolicySaaS Software as a ServiceSOP Standard Operating ProcedureSPMD Single program multiple dataSQL Structured Query LanguageSP Streaming ProcessorSRAM Static Random-Access MemorySSD Solid State DriveSSH Secure ShellSSL Secure Sockets LayerSTID Simultaneous Tracking and IdentificationSTIG Security Technical Implementation GuideSTS Security Token ServiceTBAC Trust-Based Access ControlTCB Trusted Computing BaseTCI Trusted Cloud InitiativeTCI-RA Trusted Cloud Initiative Reference ArchitectureTCP Transmission Control ProtocolTCSEC Trusted Computer System Evaluation CriteriaTDMA Time Division Multiple AccessTLS Transport Layer SecurityTMAC Team-Based Access ControlTOR The Onion RouterToS Type of ServiceTPM Trusted Platform ModuleTRBAC Temporal RBACTTL Time To LiveUDP User Datagram ProtocolUFCC URL Flux-based C&CUFS Unix File SystemUI User interfaceUMA Unified Memory ArchitectureURA User-Role Assignment
xxiv Acronyms
URL Uniform Resource LocatorUSG United States GovernmentUTS Upper Tier ServerVLAN Virtual Local Area NetworkVRF Virtual Routing and ForwardingVM Virtual MachineVMI Virtual Machine IntrospectionVMM Virtual Machine ManagerVMM Virtual Machine MonitorWAMI Wide Area Motion ImageryWAP Wireless Access PointWLAN Wireless Local Area NetworkWMIR Millimeter-wave infraredWSDL Web Service Definition LanguageXACML EXtensible Access Control Markup LanguageXML Extensible Markup LanguageXSS Cross Site Scripting