Providing secure and efficient access to large scale outsourced data is an important component of cloud computing. In this paper, we propose a mechanism to solve this problem in owner-write-users-read applications. We propose to encrypt every data block with a different key so that flexible cryptography-based access control can be achieved. Through the adoption of key derivation methods, the owner needs to maintain only a few secrets. Analysis shows that the key derivation procedure using hash functions will introduce very limited computation overhead. We propose to use over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. We design mechanisms to handle both updates to outsourced data and changes in user access rights. We investigate the overhead and safety of the proposed approach, and study mechanisms to improve data access efficiency.
OS fingerprinting tries to identify the type and version of a system based on gathered information of a target host. It is an essential step for many subsequent penetration attempts and attacks. Traditional OS fingerprinting depends on banner grabbing schemes or network traffic analysis results to identify the system. These interactive procedures can be detected by intrusion detection systems (IDS) or fooled by fake network packets. In this paper, we propose a new OS fingerprinting mechanism in virtual machine hypervisors that adopt the memory de-duplication technique. Specifically, when multiple memory pages with the same contents occupy only one physical page, their reading and writing access delay will demonstrate some special properties. We use the accumulated access delay to the memory pages that are unique to some specific OS images to derive out whether or not our VM instance and the target VM are using the same OS. The experiment results on VMware ESXi hypervisor with both Windows and Ubuntu Linux OS images show the practicability of the attack. We also discuss the mechanisms to defend against such attacks by the hypervisors and VMs.
Mobile mashups promise great data aggregation and processing capabilities for all end users. During the data collection procedures, some data providers fail to protect confidentiality and privacy of user queries and transmit information in plain text. This enables attackers to eavesdrop on networks and compromise user information. Since mobile mashups can adopt server-side, client-side, or hybrid architectures, no one-size-fits-all solutions can be designed to solve this problem.In this paper, we propose to design two mechanisms using mobile clouds to preserve data query privacy in mobile mashups. For server-side mashups, we propose to use dynamically created virtual machines as proxies to process data collection and aggregation in order to prevent information leakage through eavesdropping. For client-side mashups, we propose to use live migration of the application level virtual machines into mobile cloud to hide the data collection and aggregation procedures from attackers. We will evaluate the proposed approaches through both analysis and experiments on real platforms.
Because of intellectual property, user privacy, and several other reasons, many scientific and military projects choose to hide the information about the data sets that they are using for analysis and computation. Attackers have designed various mechanisms to compromise the operating system or database management system to steal such information. In this paper, we propose a non-interactive mechanism to identify the data sets in use in a cloud computing environment when the virtual machine (VM) hypervisors adopt the memory de-duplication technique. Specifically, when multiple memory pages with the same contents occupy only one physical page, their reading and writing access delay will demonstrate some special properties. We use the access delay of the memory pages that are unique to some specific data sets to derive out whether or not our VM instance is accessing the same data sets as the target of the attack. The experiment results on a widely used scientific analysis software package ParaView demonstrate the practicability of the attack. We also discuss the mechanisms to defend against such attacks.
In this paper we demonstrate an attack scenario in which Bluetooth enabled computers are remotely controlled by an attacker without any security software detecting the connection. We describe in detail the methods to deliver malware, evade detection, elevate permissions, and transport critical iriformation out ofthe network via Bluetooth connections. A prototype system using state-of-the-art operating systems and security software is built to show the practicability of the attack. We also study different mitigation strategies along with their downside. Security improvements for similar scenarios are also discussed
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.