RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing

Ba, Haihe; Zhou, Huaizhe; Qiao, Huidong; Wang, Zhiying; Ren, Jiangchun

doi:10.3390/sym10070253

Cited by 4 publications

(4 citation statements)

References 35 publications

(57 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More measurements to be attested: Our Astrape only attests code integrity measurement to various requesters in cloud computing, which is able to determine whether the remote attested system works as expected. However, our approach can be used to leverage bytecode runtime measurement [14,29,46] to provide more dynamic protection for some high-level applications, such as Java-based cloud services. In addition, Astrape is also retrofitted to support other types of security measurements, such as the cornerstone measurements of confidentiality and availability [10,11] and virtual machine introspection-based [47,48] behavior measurements [49,50].…”

Section: Discussion and Limitationmentioning

confidence: 99%

“…On the other hand, a secure network connection between a requester and an attester is requisite to satisfy the confidentiality requirement and not to expose the detailed information of the attested system, such as a TLS/SSL-protected connection.In a cloud environment, a set of requesters may simultaneously raise their requests to challenge the same target, such as attestations on security monitor systems [9][10][11] or microservices-based cloud systems [12]. While some previous works proposed techniques for TPM-based attestation over a secure connection [6,13,14], they focused on the single-requester scenario. If every requester is to run a standard attestation, the throughput of the attester would be extremely low due to the numerous operations in the signature and encryption.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Astrape: An Efficient Concurrent Cloud Attestation with Ciphertext-Policy Attribute-Based Encryption

Zhou

Mei

et al. 2018

Symmetry

Self Cite

View full text Add to dashboard Cite

Cloud computing emerges as a change in the business paradigm that offers pay-as-you-go computing capability and brings enormous benefits, but there are numerous organizations showing hesitation for the adoption of cloud computing due to security concerns. Remote attestation has been proven to boost confidence in clouds to guarantee hosted cloud applications' integrity. However, the state-of-the-art attestation schemes do not fit that multiple requesters raise their challenges simultaneously, thereby leading to larger performance overheads on the attester side. To address that, we propose an efficient and trustworthy concurrent attestation architecture under multi-requester scenarios, Astrape, to improve efficiency in the integrity and confidentiality protection aspects to generate an unforgeable and encrypted attestation report. Specifically, we propose two key techniques in this paper. The first one-aggregated attestation signature-reliably protects the attestation content from being compromised even in the presence of adversaries who have full control of the network, therefore successfully providing attestation integrity. The second one-delegation-based controlled report-introduces a third-party service to distribute the attestation report to requesters in order to save computation and communication overload on the attested party. The report is encrypted with an access policy by using attribute-based encryption and accessed by a limited number of qualified requesters, hence supporting attestation confidentiality. The experimental results show that Astrape can take no more than 0.4 s to generate an unforgeable and encrypted report for 1000 requesters and deliver a throughput speedup of approximately 30× in comparison to the existing attestation systems.Symmetry 2018, 10, 425 2 of 25 Remote attestation has been proposed for this purpose by analyzing the integrity of a remote system to judge its trustworthiness. Typical attestation schemes are designed based on the following steps. First, an attestation challenger (requester) sends a target system (attester) a challenge message in which there is a random nonce against replay attack. Second, the attester responds with an evidence report about the integrity of its components in an unforgeable manner. Finally, the requester verifies the report and determines whether the status of the attested system is acceptable. Attestation systems in cloud computing typically face challenges in integrity and confidentiality protection as the open network in public clouds is a prime attack vector for adversaries. On the one hand, one common approach to guarantee integrity is to employ a standard signature [6] based on a pair of attestation keys in a Trusted Platform Module (TPM) [7,8] that is first introduced by the Trusted Computing Group (TCG). The standard signature is called the quote operation in trusted computing. On the other hand, a secure network connection between a requester and an attester is requisite to satisfy the confidentiality requirement and not to expose the det...

show abstract

Section: Discussion and Limitationmentioning

confidence: 99%

mentioning

confidence: 99%

Astrape: An Efficient Concurrent Cloud Attestation with Ciphertext-Policy Attribute-Based Encryption

Zhou

Mei

et al. 2018

Symmetry

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [11], the authors discussed the security challenges associated with migrating applications to the cloud. They highlighted the difficulty caused by customers' lack of awareness regarding the proper functioning and security of their cloud-based applications.…”

Section: Literature Reviewmentioning

confidence: 99%

Double Level Code Scanning Leveraging Network virtualization and Machine Learning to Mitigate Memory Starvation Risks and Insecure Programming

Alibrahim,

Hendaoui

2023

Preprint

View full text Add to dashboard Cite

In this study, we investigate the role of software-defined networking (SDN) controller on memory usage, system stability, and performance in cloud computing networks, with a specific focus on the deployment of machine learning techniques. The SDN controller utilizes machine learning algorithms to dynamically detect and block vulnerable and memory-intensive cloudlet codes. The results demonstrate that the deployment of machine learning in the SDN controller significantly improves resource allocation, mitigates resource contention, and reduces the risk of memory exhaustion. By accurately identifying and preventing the execution of insecure cloudlets, the machine learning-enabled SDN controller enhances system security and maintains optimal resource utilization. Moreover, the study highlights the positive influence of the SDN controller on system stability, preventing disruptive operations and minimizing the likelihood of system crashes or slowdowns.

show abstract

“…In a public cloud, the security issues are always critical. Researches [1][2][3][4][5][6][7] about confidentiality, integrity, availability, auditability and so on are proposed to address various security problems. However, if a cloud service provider (CSP) is suspicious, the security problems cloud become much more complicated.…”

Section: Introductionmentioning

confidence: 99%

Practical, Provably Secure, and Black-Box Traceable CP-ABE for Cryptographic Cloud Storage

Qiao

Zhou

et al. 2018

Symmetry

Self Cite

View full text Add to dashboard Cite

Cryptographic cloud storage (CCS) is a secure architecture built in the upper layer of a public cloud infrastructure. In the CCS system, a user can define and manage the access control of the data by himself without the help of cloud storage service provider. The ciphertext-policy attribute-based encryption (CP-ABE) is considered as the critical technology to implement such access control. However, there still exists a large security obstacle to the implementation of CP-ABE in CCS. That is, how to identify the malicious cloud user who illegally shares his private keys with others or applies his keys to construct a decryption device/black-box, and provides the decryption service. Although several CP-ABE schemes with black-box traceability have been proposed to address the problem, most of them are not practical in CCS systems, due to the absence of scalability and expensive computation cost, especially the cost of tracing. Thus, we present a new black-box traceable CP-ABE scheme that is scalable and high efficient. To achieve a much better performance, our work is designed on the prime order bilinear groups that results in a great improvement in the efficiency of group operations, and the cost of tracing is reduced greatly to O ( N ) or O ( 1 ) , where N is the number of users of a system. Furthermore, our scheme is proved secure in a selective standard model. To the best of our knowledge, this work is the first such practical and provably secure CP-ABE scheme for CCS, which is black-box traceable.

show abstract

RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing

Cited by 4 publications

References 35 publications

Astrape: An Efficient Concurrent Cloud Attestation with Ciphertext-Policy Attribute-Based Encryption

Astrape: An Efficient Concurrent Cloud Attestation with Ciphertext-Policy Attribute-Based Encryption

Double Level Code Scanning Leveraging Network virtualization and Machine Learning to Mitigate Memory Starvation Risks and Insecure Programming

Practical, Provably Secure, and Black-Box Traceable CP-ABE for Cryptographic Cloud Storage

Contact Info

Product

Resources

About