UAB - The University of Alabama at Birmingham

May 03

A Paper from SECRETLab Accepted in IEEE SCC 2017

One paper from SECRETLab accepted in the 14th IEEE International Conference on Services Computing (SCC).

Congratulations to Shahid Noor, Arsh Arora, and Ragib Hasan.

Shahid Al Noor, Ragib Hasan, and Arsh Arora, ”ParkBid: An Incentive Based Crowdsourced Bidding Service for Parking Reservation”, in Proceedings of the 14th IEEE International Conference on Services Computing (SCC), Honolulu, Hawaii, 2017.

 

May 03

A Paper from SECRETLab Accepted in IEEE IoTCA 2017

One paper from SECRETLab accepted in the IEEE International Workshop on the Internet of Things Computing and Applications (IoTCA).

Congratulations to Mahmud Hossain, Ragib Hasan, and Anthony Skjellum.

Mahmud Hossain, Ragib Hasan, and Anthony Skjellum, “Securing the Internet of Things: A Meta-Study of Challenges, Approaches, and Open Problems”, IEEE International Workshop on the Internet of Things Computing and Applications (IoTCA), Atlanta, GA, USA, 2017

May 03

3 Papers from SECRETLab Accepted in IEEE ICIoT 2017

Three papers from SECRETLab accepted in the 2nd IEEE International Congress on Internet of Things (ICIoT). Congratulations to Mahmud Hossain, Yasser Karim, Shahid Noor, Shams Zawoad, and Ragib Hasan.

1. Mahmud Hossain, Shahid Al Noor, Yasser Karim, and Ragib Hasan, ”IoTbed: A Generic Architecture for Testbed as a Service for Internet of Things-based Systems”, in Proceedings of the 2nd IEEE International Congress on Internet of Things (ICIoT), Honolulu, Hawaii, 2017.

2. Mahmud Hossain and Ragib Hasan, “Boot-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of IoT Nodes”, in Proceedings of the 2nd IEEE International Congress on Internet of Things (ICIoT), Honolulu, Hawaii, 2017.

3. Mahmud Hossain, Shahid Al Noor, Ragib Hasan, and Shams Zawoad, ”Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of Vehicles (IoV)”, in Proceedings of the 2nd IEEE International Congress on Internet of Things (ICIoT), Honolulu, Hawaii, 2017.

May 03

A Paper from SECRETLab Accepted in IEEE Cloud 2017

One paper from SECRETLab accepted in the 10th IEEE International Conference on Cloud Computing (CLOUD)

Congratulations to Arsh Arora, Thomas Stallings, Gary Warner and Ragib Hasan.

Arsh Arora, Thomas Stallings, Ragib Hasan, and Gary Warrner,, “Malware Secrets: De-obfuscating in the cloud”, in the 10th IEEE International Conference on Cloud Computing (CLOUD), Honolulu, Hawaii, USA, 2017.

Jan 18

2 Papers from SECRETLab Accepted in IEEE Mobile Cloud 2017

Sep 07

Paper Accepted in IEEE SmartCloud 2016

Our work “CACROS: A Context-Aware Cloud Content Roaming Service” got accepted for publication in the IEEE International Conference on Smart Cloud (SmartCloud 2016), New York, USA, Nov 2016.

Congratulations Md. Mahmud Hossain, Shahid Al Noor, Dibya Mukhopadhyay, Ragib Hasan, and Lei Li.

Jul 18

2 Papers from SECRETLab Accepted in BDCloud 2016

Title: Verifiable Data Redundancy in the Cloud

Authors: Mohammad Kamrul Islam and Ragib Hasan

Abstract: Data redundancy is critical for the assurance of service continuity in fault tolerant systems. Researchers have proposed several efficient data replication strategies to secure users’ sensitive information from a single point of failure. Although the cloud service providers (CSP) assure users regarding data safety by following some of those replication strategies, the opaque operational model of the cloud does not allow the users to verify the replications. This, in turn, introduces lack of trust in clouds. The challenge of verifiable data redundancy is two-fold: to verify that the server indeed possesses multiple copies, and to verify that those copies are not located in the same physical system. Current research mainly focuses on verification by access time of multiple requests which is highly system dependent. Hence, we propose a novel storage-as-a-service protocol that provides verifiable data redundancy in the semi or untrusted server. Our proposed model is completely oblivious of the physical system and the allocation protocol of the cloud. It does not include the server in the verification process which eliminates the risk of manipulation by a dishonest service provider. Our model uses distinct copies to store in the server as replicas, and provides deterministic verification of having data redundancies in the server. For generating unique copies of data, we use different random numbers in ElGamal encryption system. After proposing the storage, access, and verification processes, we implemented a prototype system to analyze the performance of our proposed model. Our experimental results show that our system can successfully verify the redundancy of the data in the remote server and detect any service level agreement anomalies.

 

 

Title:  SASCloud: Ad hoc Cloud as Secure Storage

Authors:  Shahid Al Noor, Md. Mahmud Hossain and Ragib Hasan

Abstract: With the emergence of high-speed 4G networks along with reachable Wifi system, cloud computing frameworks can greatly leverage in mobile domain. However, receiving a temporary storage service in a communication challenged area is challenging due to the unavailability of any secure third party cloud system. Although the existing ad hoc cloud architectures facilitate distributed computation and sensing operations, such systems fail to deliver secure ad hoc storage as a service when client requests for secure storage as a service. The absence of a proper centralized monitoring system in the existing ad hoc cloud is a major obstacle for convincing a client to trust the neighboring mobile nodes for content offloading. In case a client and an outsourced node gets disconnected, retrieving the offloaded contents along with ensuring their confidentiality and integrity becomes non-trivial. Additionally, providing a feasible and justified monetary incentive is a complex process for such ad hoc mobile frameworks. In this paper, we propose SASCloud, a centrally controlled ad hoc cloud system that provides a secure and reliable storage service for mobile clients. Our proposed system uses the contextual information of mobile users along with partial environmental knowledge and forms a temporal cloud using the resources of neighboring mobile devices. Along with the detailed reasoning of possible threats in our model, we provide a secure framework for content distribution and retrieval. We provide extensive analysis of our model using simulated experimental modules.

 

May 25

Successful PhD defense by SECRETLab PhD Student Rasib Khan

Congratulations to Dr. Rasib Khan, from SECRETLab, for successfully defending his thesis, titled “Towards Trustworthy Authentication in Service Oriented Computing”, supervised by Dr. Ragib Hasan.

Supervisory Committee:IMG_6380_1

Dr. Ragib Hasan, Chair (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Alan Sprague (UAB CIS)

Dr. Anthony Skjellum (Auburn)

Dr. John Sloan (UAB Justice Sciences)

Abstract:

Today’s Internet and network-based applications are highly driven by the service-oriented architecture model. Given the variety of online services, we hypothesized that there is a significant non-uniformity in the behavior of users pertaining to security-oriented practices on the Internet. We performed statistical analysis on open source user-survey datasets to establish the validity of the statement.  We performed further study with respect to the security-oriented behavioral practices in developing countries. We were able to determine certain traits and insecure practices that general Internet users from both developed and developing countries adopt, and addressed the corresponding issues to devise secure authentication technologies for online services.

The rapid growth in the number and type of online services has resulted in adopting diverse models for authentication. Cross-platform and service composition architectures require a complex integration procedure and limit adoptability of newer authentication models. Authentication is generally based on a binary success or failure and relies on credentials proffered at the present moment without considering how or when the credentials were obtained by the subject. The resulting access control engines suffer from rigid service policies and complexity of management.

We adopted notions of real-life authentication with similar causal effects in service computing architectures. We introduced the concept of interaction provenance in service oriented computing as the only and unified authentication factor. Interaction provenance uses the causal relationship of past events to leverage service composition, cross-platform integration, timeline authentication, and easier adoption of newer methods. We presented a W3C PROV standard compliant model for interaction provenance, including secure provenance preservation techniques for service oriented computing architectures. We also applied the concept of interaction provenance to create secure frameworks for provenance-aware services. Next, we explored the causal relationship with the quality of past events to create a flexible and novel authentication and threshold based access control engine using fuzzy policies. We showed how linguistic terminologies, fuzzy ranges, and visualization of policies in fuzzy engines can be used to create simplistic yet innovative policies with additional benefits in the usability and maintenance of such systems.

Apr 26

3 Papers from SECRETLab Accepted in IEEE CLOUD

Three papers from SECRETLab accepted in the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD). Congratulations to Shahid Noor, Md. Mahmud Hossain, Rasib Khan, Shams Zawoad, and Ragib Hasan.

1. Shahid Al Noor, Rasib Khan, Md. Mahmud Hossain,and Ragib Hasan, “Litigo: A Cost-Driven Model for Opaque Cloud Services“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016. (Acceptance Rate 15%).

2. Md. Mahmud Hossain, Rasib Khan, Shahid Al Noor, and Ragib Hasan, “Jugo: A Generic Architecture for Composite Cloud as a Service“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

3. Shams Zawoad and Ragib Hasan, “SECAP: Towards Securing Application Provenance in the Cloud“, In Proceedings of the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD), San Francisco, CA, July 2016.

Mar 18

Successful PhD defense by SECRETLab PhD Student Shams Zawoad

Congratulations to Dr. Shams Zawoad, from SECRETLab, for successfully defending his thesis, titled “Trustworthy and Efficient Forensics in the Cloud”, supervised by Dr. Ragib Hasan.

Supervisory Committee:

Dr. Ragib Hasan (UAB CIS), Chair

Dr. Alan Sprague (UAB CIS)

Dr. Purushotham Bangalore (UAB CIS)

Dr. Marjan Mernik (UM FERI)

Dr. Anthony Skjellum  (AU CSSE)

Abstract:

11700593_954869434634641_188699178773374445_oThe rise of cloud computing has changed the way of using computing services and resources. However, the black-box nature of clouds and the multi-tenant cloud models have brought new security risks, especially in terms of digital forensics. Current cloud computing architectures often lack support for digital forensic investigations since many of the assumptions that are valid for traditional computing environment are invalid in clouds.Current digital forensics tools and procedures rely on the physical access to the evidence. In clouds, computing and storage resources are no longer local and these resources are also shared between multiple cloud users. Hence, even with a subpoena, forensics investigators cannot confiscate a suspect’s computer and get access to the digital evidence that reside in the cloud. Data in the virtual machines (VM) are not also accessible after terminating the VMs. Hence, investigators need to depend on the Cloud Service Providers (CSP) to acquire various important evidence, such as activity logs of VMs, files stored in clouds, VM images, etc. Unfortunately, current cloud architectures do not guarantee that a CSP is providing valid evidence to investigators. A CSP in its entirety or a malicious employee of the CSP can collude with an adversary or a dishonest investigator to tamper with the evidence. Moreover, forensics investigators can also alter the evidence before presenting to a court. Hence, for a reliable digital forensics investigation in clouds, we need to ensure the integrity of the evidence and the privacy of users in the multi-tenant cloud environment.

In this dissertation, we explore techniques for ensuring the trustworthiness of various types of evidence in a strong adversarial scenario. We show that, without incurring high performance overheads, we can preserve and provide required evidence for digital forensics investigations involving clouds, while protecting the privacy and integrity of the evidence. We propose an Open Cloud Forensics model (OCF) and adapt this model to design forensics-enabled architectures for Infrastructure-as-a-Service (IaaS) and Storage-as-a- Service (STaaS) clouds. For IaaS clouds, we first focus on the trustworthiness of activity logs of cloud users. We design a logging scheme to securely retrieve, store, and expose these activity logs to forensics investigators. To ensure the trustworthiness of the time associated with the logs, we propose a tamper-evident scheme to prove the correctness of the system time of cloud hosts and VMs. To parse and store heterogeneous formats of logs securely in a convenient way, we develop the Forensics Aware Language (FAL) – a domain specific language. Next, we focus on the data possession information for STaaS clouds. In this regard, we first design a proof of past data possession scheme to prove the data possession of a particular user at a given past time. We then develop a secure litigation hold management scheme to provide the assurance of maintaining litigation holds on data stored in the cloud. Next, we investigate secure provenance for clouds and develop an efficient, secure data provenance scheme. We integrate all the proposed schemes with an open source cloud platform – OpenStack, and show the efficiency of the schemes. Finally, we investigate the big data forensics domain and design a cloud-based system to expedite the process of digital forensics investigations involving big data.

 

 

Older posts «