Secure Mobile Cloud Computing and Security Issues

The proliferation of mobile devices, coupled by the increase in their capabilities, have enabled the establishment of a rich mobile computing platform that can be utilized in conjunction with cloud services. In this chapter, we overview the latest mobile computing models and architectures focusing on their security properties. In particular, we study a wide range of threats against the availability, privacy and integrity of mobile cloud computing architectures in which the mobile devices and the cloud jointly perform computation. We then present defense mechanisms that ensure the security of mobile cloud computing architectures and their applications. Throughout the chapter, we identify potential threats as well as possible opportunities for defenses.

[1]  Wenyuan Xu,et al.  Jamming sensor networks: attack and defense strategies , 2006, IEEE Network.

[2]  Byung-Gon Chun,et al.  Dynamically partitioning applications between weak devices and clouds , 2010, MCS '10.

[3]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[4]  Claudiu Barca,et al.  A virtual cloud computing provider for mobile devices , 2016, 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[5]  Avik Chaudhuri,et al.  Language-based security on Android , 2009, PLAS '09.

[6]  Xuxian Jiang,et al.  Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[7]  Dimitrios Pendarakis,et al.  Security audits of multi-tier virtual infrastructures in public infrastructure clouds , 2010, CCSW '10.

[8]  XiaoFeng Wang,et al.  Sedic: privacy-aware data intensive computing on hybrid clouds , 2011, CCS '11.

[9]  Yoshiyasu Takefuji,et al.  Towards a tamper-resistant kernel rootkit detector , 2007, SAC '07.

[10]  Ivan Martinovic,et al.  Short paper: reactive jamming in wireless networks: how realistic is the threat? , 2011, WiSec '11.

[11]  Jason H. Christensen,et al.  Using RESTful web-services and cloud computing to create next generation mobile applications , 2009, OOPSLA Companion.

[12]  Kyungho Jeon,et al.  The HybrEx Model for Confidentiality and Privacy in Cloud Computing , 2011, HotCloud.

[13]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[14]  Mahadev Satyanarayanan,et al.  Mobile computing: the next decade , 2010, MCS '10.

[15]  S. Kotani,et al.  TrustCube: An Infrastructure that Builds Trust in Client , 2009 .

[16]  Xin Zheng,et al.  Secure web applications via automatic partitioning , 2007, SOSP.

[17]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[18]  Srdjan Capkun,et al.  Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems , 2010 .

[19]  Jörg Schwenk,et al.  All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.

[20]  Felix C. Freiling,et al.  Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices , 2011, 2011 IEEE Symposium on Security and Privacy.

[21]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[22]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[23]  George Danezis,et al.  Towards ensuring client-side computational integrity , 2011, CCSW '11.

[24]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[25]  Patrick D. McDaniel,et al.  Porscha: policy oriented secure content handling in Android , 2010, ACSAC '10.

[26]  Tim Verbelen,et al.  Cloudlets: bringing the cloud to the mobile user , 2012, MCS '12.

[27]  Markus Jakobsson,et al.  Authentication in the clouds: a framework and its application to mobile users , 2010, CCSW '10.

[28]  Jeremy Clark,et al.  Understanding and improving app installation security mechanisms through empirical analysis of android , 2012, SPSM '12.

[29]  Gustavo Alonso,et al.  Calling the Cloud: Enabling Mobile Phones as Interfaces to Cloud Applications , 2009, Middleware.

[30]  Brian Neil Levine,et al.  Forensic Triage for Mobile Phones with DEC0DE , 2011, USENIX Security Symposium.

[31]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[32]  Yike Guo,et al.  Elastic Application Container , 2011, 2011 IEEE/ACM 12th International Conference on Grid Computing.

[33]  Yajin Zhou,et al.  A Survey of Android Malware , 2013 .

[34]  Kevin Fu,et al.  Secure Software Updates: Disappointments and New Challenges , 2006, HotSec.

[35]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[36]  David J. Thuente,et al.  Intelligent jamming in wireless networks with applications to 802.11b and other networks , 2006 .

[37]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[38]  Gary C. Kessler,et al.  Android forensics: Simplifying cell phone examinations , 2010 .

[39]  Byung-Gon Chun,et al.  Augmented Smartphone Applications Through Clone Cloud Execution , 2009, HotOS.

[40]  Daniele Micciancio,et al.  A first glimpse of cryptography's Holy Grail , 2010, CACM.

[41]  Zhibin Zhou,et al.  Secure data processing framework for mobile cloud computing , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[42]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[43]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[44]  Dijiang Huang,et al.  MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication , 2010, 2010 Fifth IEEE International Symposium on Service Oriented System Engineering.

[45]  Barton P. Miller,et al.  First principles vulnerability assessment , 2010, CCSW '10.

[46]  Daniele Sgandurra,et al.  Cloud security is not (just) virtualization security: a short paper , 2009, CCSW '09.

[47]  Craig Gentry,et al.  Computing arbitrary functions of encrypted data , 2010, CACM.

[48]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[49]  Yee Wei Law,et al.  Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols , 2005, TOSN.

[50]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[51]  Alec Wolman,et al.  MAUI: making smartphones last longer with code offload , 2010, MobiSys '10.

[52]  Christopher Krügel,et al.  Detecting System Emulators , 2007, ISC.

[53]  Arati Baliga,et al.  VPMN: virtual private mobile network towards mobility-as-a-service , 2011, MCS '11.

[54]  Steven J. Murdoch,et al.  Thinking Inside the Box: System-Level Failures of Tamper Proofing , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[55]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[56]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[57]  Anish Arora,et al.  Capabilities of Low-Power Wireless Jammers , 2009, IEEE INFOCOM 2009.

[58]  Vyas Sekar,et al.  Verifiable resource accounting for cloud computing services , 2011, CCSW '11.

[59]  Xinwen Zhang,et al.  Securing elastic applications on mobile devices for cloud computing , 2009, CCSW '09.