@article{MTMT:33892640, title = {A Verification Methodology for the Arm (R) Confidential Computing Architecture}, url = {https://m2.mtmt.hu/api/publication/33892640}, author = {Fox, Anthony C. J. and Stockwell, Gareth and Xiong, Shale and Becker, Hanno and Mulligan, Dominic P. and Petri, Gustavo and Chong, Nathan}, doi = {10.1145/3586040}, journal-iso = {PROC ACM PROGRAM LANG}, journal = {PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES}, volume = {7}, unique-id = {33892640}, issn = {2475-1421}, abstract = {We present Arm's efforts in verifying the specification and prototype reference implementation of the Realm Management Monitor (RMM), an essential firmware component of Arm Confidential Computing Architecture (Arm CCA), the recently-announced Confidential Computing technologies incorporated in the Armv9-A architecture. Arm CCA introduced the Realm Management Extension (RME), an architectural extension for Armv9-A, and a technology that will eventually be deployed in hundreds of millions of devices. Given the security-critical nature of the RMM, and its taxing threat model, we use a combination of interactive theorem proving, model checking, and concurrency-aware testing to validate and verify security and safety properties of both the specification and a prototype implementation of the RMM. Crucially, our verification efforts were, and are still being, developed and refined contemporaneously with active development of both specification and implementation, and have been adopted by Arm's product teams. We describe our major achievements, realized through the application of formal techniques, as well as challenges that remain for future work. We believe that the work reported in this paper is the most thorough application of formal techniques to the design and implementation of any current commercially-viable Confidential Computing implementation, setting a new high-water mark for work in this area.}, keywords = {formal methods; Arm Confidential Computing Architecture (Arm CCA); separation kernel; Confidential Computing; operating system verification}, year = {2023} } @article{MTMT:34279341, title = {Adaptive monitoring, detection, and response for agile digital service chains}, url = {https://m2.mtmt.hu/api/publication/34279341}, author = {Repetto, Matteo}, doi = {10.1016/j.cose.2023.103343}, journal-iso = {COMPUT SECUR}, journal = {COMPUTERS AND SECURITY}, volume = {132}, unique-id = {34279341}, issn = {0167-4048}, abstract = {Modern business is increasingly adopting fully-digital workflows composed of complementary services (in terms of infrastructures, software, networks, data and devices) from different domains, hence giving rise to complex and heterogeneous digital chains. The substantial fragmentation in service operation and ownership between these domains impacts cybersecurity operations, by hindering a coherent and cooperative defense strategy for the entire chain. As a result, this situation gives attackers more opportunity to move laterally within the chain once they have found and compromised the weakest link. A ground-breaking evolution of legacy cybersecurity processes is necessary towards collaborative and adaptive models that fit the dynamic, agile, and heterogeneous nature of federated environments. In this paper, we elaborate on the necessary convergence between complementary workflows for response, analysis, and intelligence, by considering the peculiarity of these operations and the relevant threat scenario. Our analysis points out the main research challenges to fill the existing gap between management and protection practice for digital service chains. Moreover, we outline a reference architecture that combines such workflows. The objective is to foster researchers to broaden the scope of their work, in order to address open security issues for modern business and computing paradigms.& COPY; 2023 Published by Elsevier Ltd.}, keywords = {Response; Predictive analytics; Security orchestration and autonomous; Digital service chain; Cyber -threat intelligence; Proactive forensics}, year = {2023}, eissn = {1872-6208} } @article{MTMT:33225321, title = {Digital Twin: A Comprehensive Survey of Security Threats}, url = {https://m2.mtmt.hu/api/publication/33225321}, author = {Alcaraz, Cristina and Lopez, Javier}, doi = {10.1109/COMST.2022.3171465}, journal-iso = {IEEE COMMUN SURV TUTOR}, journal = {IEEE COMMUNICATIONS SURVEYS AND TUTORIALS}, volume = {24}, unique-id = {33225321}, issn = {1553-877X}, abstract = {Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT.}, keywords = {Production; Security; Stakeholders; Predictive models; cybersecurity; digital twin; Tutorials; Fourth Industrial Revolution; Industry 40; Digital twins}, year = {2022}, eissn = {2373-745X}, pages = {1475-1503}, orcid-numbers = {Alcaraz, Cristina/0000-0003-0545-3191; Lopez, Javier/0000-0001-8066-9991} } @article{MTMT:34279342, title = {Comprehensive review on intelligent security defences in cloud: Taxonomy, security issues, ML/DL techniques, challenges and future trends}, url = {https://m2.mtmt.hu/api/publication/34279342}, author = {Belal, Mohamad Mulham and Sundaram, Divya Meena}, doi = {10.1016/j.jksuci.2022.08.035}, journal-iso = {J KING SAUD UNIV COMP INF SCI}, journal = {JOURNAL OF KING SAUD UNIVERSITY - COMPUTER AND INFORMATION SCIENCES}, volume = {34}, unique-id = {34279342}, issn = {1319-1578}, abstract = {Nowadays, machine learning and deep learning algorithms are used in recent studies as active security techniques instead of traditional ones to secure the cloud environment based on pre-trained data. In this paper, a literature review on machine and deep learning based defences against attacks and security issues in cloud computing is provided. A taxonomy of all different types of attacks and threats as per cloud security alliance (CSA) layers; and the general defences against cloud attacks is shown in this review as well as the reasons which let the traditional security techniques fail to satisfy the desired security level are discussed. Forty-two case studies are selected based on seven quality assessment standards and then, analyzed to answer seven research questions which help to protect cloud environments from various attacks, issues, and challenges. The analysis of case studies shows a description of the most common security issues in cloud; machine learning and deep learning models that are applied, datasets models, performance metrics, machine learning and deep learning based countermeasures and defences that are developed to prevent security issues. Finally, the future scope and open challenges in cloud computing security based on machine and deep learning are discussed as well.}, keywords = {machine learning; Anomaly detection; Deep learning; intrusion detection system; Cloud computing security; Cloud attacks}, year = {2022}, eissn = {2213-1248}, pages = {9102-9131} } @article{MTMT:33656133, title = {Service Function Chaining security survey: Addressing security challenges and threats}, url = {https://m2.mtmt.hu/api/publication/33656133}, author = {Pattaranantakul, Montida and Vorakulpipat, Chalee and Takahashi, Takeshi}, doi = {10.1016/j.comnet.2022.109484}, journal-iso = {COMPUT NETW}, journal = {COMPUTER NETWORKS}, volume = {221}, unique-id = {33656133}, issn = {1389-1286}, abstract = {Service function chaining (SFC) is a trending paradigm and it has attracted considerable attention from both the industry and academia because of its potential to improve dynamicity and flexibility in service chain provisioning significantly. SFC makes it easier and more convenient to compose on-demand service chains customized for application-specific requirements. In addition to SFC, network functions virtualization (NFV) and software-defined networking (SDN) are two other technology enablers that drive software-based service chain solutions. SFC leverages NFV for flexible deployment and for the placement of virtual resources and virtual network functions (VNFs); further, it employs SDN to provide traffic steering and network connectivity between the deployed VNF instances to form an application-specific service chain. Although SFC introduces many promising advantages, security is a major concern and a potential barrier for the widespread adoption of SFC technology. The integration of these technologies introduces a wide variety of security risks in the different levels of SFC stacks because SFC relies on NFV and SDN, and this results in a greater attack surface. Therefore, this survey aims to conduct a comprehensive analysis of SFC from a security perspective. To this end, we examine the SFC architecture in detail, including the design principles and relationships between other functional components, to obtain a clear understanding of SFC. The significant enhancements achieved by adopting SFC are highlighted. Further, we exemplify its deployment in several realistic use cases. Based on the SFC layering model, we analyze security threats to identify all possible risk exposures and establish a layer-specific threat taxonomy. We then systematically analyze the existing defensive solutions and propose a set of security recommendations to secure an SFC-enabled domain. Our goal is to help network operators deploy cost-effective security hardening based on their specific requirements. Finally, several open research challenges and future directions of SFC are also discussed.}, keywords = {ATTACKS; ALLOCATION; OF-THE-ART; network function virtualization; Security threats; software defined networks; Engineering, Electrical & Electronic; Computer Science, Information Systems; Computer Science, Hardware & Architecture; Software-Defined Networking (SDN); vulnerabilities; traffic steering; Network Functions Virtualization (NFV); Attack detection; DOS; Data plane; Service function chaining (SFC); FLOW-TABLE OVERFLOW}, year = {2022}, eissn = {1872-7069} } @article{MTMT:33892641, title = {A Survey of Virtualization Technologies: Towards a New Taxonomic Proposal}, url = {https://m2.mtmt.hu/api/publication/33892641}, author = {Rodriguez, Luis E. Sepulveda and Chavarro-Porras, Julio C. and Sanabria-Ordonez, John A. and Castro, Harold E. and Matthews, Jeanna}, doi = {10.15446/ing.investig.97363}, journal-iso = {ING INVEST}, journal = {INGENIERIA E INVESTIGACION}, volume = {42}, unique-id = {33892641}, issn = {0120-5609}, abstract = {At present, there is a proliferation of virtualization technologies (VTs), which are part of the basic and underlying infrastructure of popular cloud computing. Those interested in VTs are faced with a non-unified volume of information and various approaches to modes of operation, classification structures, and the performance implications of these technologies. This makes it difficult to decide which type of VT is appropriate for a particular context. Therefore, this paper reviews the state of the art on VT taxonomic models. Methodologically, a literature review is carried out to identify VT classification models, recognizing their features and weaknesses. With this in mind, a new taxonomy of virtualization technologies is proposed, which responds to the weaknesses identified in the analyzed schemes. The new VT taxonomy combines the Abstraction Level and Virtual Machine Type approaches, providing the reader with a means to visualize VTs. In doing so, the reader can locate the level of abstraction at which each VT is developed, in addition to the type of machine projected, whether it is a complete system or an execution environment for processes. The proposed taxonomy can be used in the academic environment to facilitate teaching processes or in the business environment to facilitate decision-making when implementing VTs.}, keywords = {taxonomy; container; Virtual machine; virtualization; Virtualization technologies}, year = {2022}, eissn = {2248-8723} } @article{MTMT:33225320, title = {Security of Zero Trust Networks in Cloud Computing: A Comparative Review}, url = {https://m2.mtmt.hu/api/publication/33225320}, author = {Sarkar, Sirshak and Choudhary, Gaurav and Shandilya, Shishir Kumar and Hussain, Azath and Kim, Hwankuk}, doi = {10.3390/su141811213}, journal-iso = {SUSTAINABILITY-BASEL}, journal = {SUSTAINABILITY}, volume = {14}, unique-id = {33225320}, abstract = {Recently, networks have shifted from traditional in-house servers to third-party-managed cloud platforms due to its cost-effectiveness and increased accessibility toward its management. However, the network remains reactive, with less accountability and oversight of its overall security. Several emerging technologies have restructured our approach to the security of cloud networks; one such approach is the zero-trust network architecture (ZTNA), where no entity is implicitly trusted in the network, regardless of its origin or scope of access. The network rewards trusted behaviour and proactively predicts threats based on its users' behaviour. The zero-trust network architecture is still at a nascent stage, and there are many frameworks and models to follow. The primary focus of this survey is to compare the novel requirement-specific features used by state-of-the-art research models for zero-trust cloud networks. In this manner, the features are categorized across nine parameters into three main types: zero-trust-based cloud network models, frameworks and proofs-of-concept. ZTNA, when wholly realized, enables network administrators to tackle critical issues such as how to inhibit internal and external cyber threats, enhance the visibility of the network, automate the calculation of trust for network entities and orchestrate security for users. The paper further focuses on domain-specific issues plaguing modern cloud computing networks, which leverage choosing and implementing features necessary for future networks and incorporate intelligent security orchestration, automation and response. The paper also discusses challenges associated with cloud platforms and requirements for migrating to zero-trust architecture. Finally, possible future research directions are discussed, wherein new technologies can be incorporated into the ZTA to build robust trust-based enterprise networks deployed in the cloud.}, keywords = {Cloud computing; Cloud security; zero trust; zero-trust cloud networks; zero-trust models}, year = {2022}, eissn = {2071-1050}, orcid-numbers = {Kim, Hwankuk/0000-0002-4449-5821} } @article{MTMT:33005383, title = {An Overview of Fog Computing and Edge Computing Security and Privacy Issues}, url = {https://m2.mtmt.hu/api/publication/33005383}, author = {Alwakeel, Ahmed M.}, doi = {10.3390/s21248226}, journal-iso = {SENSORS-BASEL}, journal = {SENSORS}, volume = {21}, unique-id = {33005383}, abstract = {With the advancement of different technologies such as 5G networks and IoT the use of different cloud computing technologies became essential. Cloud computing allowed intensive data processing and warehousing solution. Two different new cloud technologies that inherit some of the traditional cloud computing paradigm are fog computing and edge computing that is aims to simplify some of the complexity of cloud computing and leverage the computing capabilities within the local network in order to preform computation tasks rather than carrying it to the cloud. This makes this technology fits with the properties of IoT systems. However, using such technology introduces several new security and privacy challenges that could be huge obstacle against implementing these technologies. In this paper, we survey some of the main security and privacy challenges that faces fog and edge computing illustrating how these security issues could affect the work and implementation of edge and fog computing. Moreover, we present several countermeasures to mitigate the effect of these security issues.}, keywords = {Cloud computing; IoT; Edge Computing; Fog computing; Cloud security; fog security; privacy of IoT}, year = {2021}, eissn = {1424-8220} } @article{MTMT:32395266, title = {Security Threat Modelling With Bayesian Networks and Sensitivity Analysis for IAAS Virtualization Stack}, url = {https://m2.mtmt.hu/api/publication/32395266}, author = {Asvija, B. and Eswari, R. and Bijoy, M. B.}, doi = {10.4018/JOEUC.20210701.oa3}, journal-iso = {J ORGAN END USER COM}, journal = {JOURNAL OF ORGANIZATIONAL AND END USER COMPUTING}, volume = {33}, unique-id = {32395266}, issn = {1546-2234}, abstract = {Designing security mechanisms for cloud computing infrastructures has assumed importance with the widespread adoption of public clouds. Virtualization security is a crucial component of the overall cloud infrastructure security. In this article, the authors employ the concept of Bayesian networks and attack graphs to carry out sensitivity analysis on the different components involved in virtualization security for infrastructure as a service (IaaS) cloud infrastructures. They evaluate the Bayesian attack graph (BAG) for the IaaS model to reveal the sensitive regions and thus help the administrators to secure the high risk components in the stack. They present a formal definition of the sensitivity analysis and then evaluate using the BAG model for IaaS stack. The model and analysis presented here can also be used by security analysts and designers to make a selection of the security solutions based on the risk profile of vulnerable nodes and the corresponding cost involved in adding a defense against the identified vulnerabilities.}, keywords = {Sensitivity analysis; Security; IaaS; Cloud computing; virtualization; Bayesian attack graphs}, year = {2021}, eissn = {1546-5012}, pages = {44-69} } @inproceedings{MTMT:32488151, title = {RapidVMI: Fast and multi-core aware active virtual machine introspection}, url = {https://m2.mtmt.hu/api/publication/32488151}, author = {Dangl, T. and Taubmann, B. and Reiser, H.P.}, booktitle = {16th International Conference on Availability, Reliability and Security, ARES 2021}, doi = {10.1145/3465481.3465752}, unique-id = {32488151}, abstract = {Virtual machine introspection (VMI) is a technique for the external monitoring of virtual machines. Through previous work, it became apparent that VMI can contribute to the security of distributed systems and cloud architectures by facilitating stealthy intrusion detection, malware analysis, and digital forensics. The main shortcomings of active VMI-based approaches such as program tracing or process injection in production environments result from the side effects of writing to virtual address spaces and the parallel execution of shared main memory on multiple processor cores. In this paper, we present RapidVMI, a framework for active virtual machine introspection that enables fine-grained, multi-core aware VMI-based memory access on virtual address spaces. It was built to overcome the outlined shortcomings of existing VMI solutions and facilitate the development of introspection applications as if they run in the monitored virtual machine itself. Furthermore, we demonstrate that hypervisor support for this concept improves introspection performance in prevalent virtual machine tracing applications considerably up to 98 times. © 2021 Owner/Author.}, keywords = {Program processors; Security; Distributed systems; Virtual machine; Network security; Production environments; intrusion detection; virtualization; Parallel executions; Memory architecture; digital forensics; Multiple processors; Virtual addresses; Distributed database systems; Cloud architectures; Semantic gap; Malware analysis; second level address translation; virtual machine introspection; virtual machine introspection; Virtual address space}, year = {2021} } @article{MTMT:33005384, title = {Building In-the-Cloud Network Functions: Security and Privacy Challenges}, url = {https://m2.mtmt.hu/api/publication/33005384}, author = {Jiang, Peipei and Wang, Qian and Huang, Muqi and Wang, Cong and Li, Qi and Shen, Chao and Ren, Kui}, doi = {10.1109/JPROC.2021.3127277}, journal-iso = {P IEEE}, journal = {PROCEEDINGS OF THE IEEE}, volume = {109}, unique-id = {33005384}, issn = {0018-9219}, abstract = {Network function virtualization (NFV) has been promising to improve the availability, programmability, and flexibility of network function deployment and communication facilities. Meanwhile, with the advancements of cloud technologies, there has been a trend to outsource network functions through virtualization to a cloud service provider, so as to alleviate the local burdens on provisioning and managing such hardware resources. Promising as it is, redirecting the communication traffic to a third-party service provider has drawn various security and privacy concerns. Traditional end-to-end encryption can protect the traffic in transmit, but it also hinders data usability. This dilemma has raised wide interests from both industry and academia, and great efforts have been made to realize privacy-preserving network function outsourcing that can guarantee the confidentiality of network communications while preserving the ability to inspect the traffic. In this article, we conduct a comprehensive survey of the state-of-the-art literature on network function outsourcing, with a special focus on privacy and security issues. We first give a brief introduction to NFV and pinpoint its challenges and security risks in the cloud context. Then, we present detailed descriptions and comparisons of existing secure network function outsourcing schemes in terms of functionality, efficiency, and security. Finally, we conclude by discussing possible future research directions.}, keywords = {Telecommunication traffic; encryption; Outsourcing; Privacy; Privacy; market research; Cloud computing; network function virtualization; Network function virtualization (NFV); Privacy Preservation; Network function outsourcing}, year = {2021}, eissn = {1558-2256}, pages = {1888-1919}, orcid-numbers = {Jiang, Peipei/0000-0001-5702-7181; Wang, Cong/0000-0003-0547-315X} } @article{MTMT:32489457, title = {Self-secured devices: High performance and secure I/O access in TrustZone-based systems}, url = {https://m2.mtmt.hu/api/publication/32489457}, author = {Pinto, S. and Machado, P. and Oliveira, D. and Cerdeira, D. and Gomes, T.}, doi = {10.1016/j.sysarc.2021.102238}, journal-iso = {J SYST ARCHITECT}, journal = {JOURNAL OF SYSTEMS ARCHITECTURE}, volume = {119}, unique-id = {32489457}, issn = {1383-7621}, abstract = {Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance. This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing. © 2021}, keywords = {Security; Programmable logic controllers; Open sources; Hardware resources; virtualization; Security and performance; TEE; System-on-chip; device access; Hardware devices; Self-secured devices; TrustZone; ARM TrustZone; Hardware technology; System-on-chip solutions}, year = {2021}, eissn = {1873-6165} } @article{MTMT:32395267, title = {An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains}, url = {https://m2.mtmt.hu/api/publication/32395267}, author = {Repetto, Matteo and Striccoli, Domenico and Piro, Giuseppe and Carrega, Alessandro and Boggia, Gennaro and Bolla, Raffaele}, doi = {10.1007/s10922-021-09607-7}, journal-iso = {J NETW SYST MANAG}, journal = {JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT}, volume = {29}, unique-id = {32395267}, issn = {1064-7570}, abstract = {Today, the digital economy is pushing new business models, based on the creation of value chains for data processing, through the interconnection of processes, products, services, software, and things across different domains and organizations. Despite the growing availability of communication infrastructures, computing paradigms, and software architectures that already effectively support the implementation of distributed multi-domain value chains, a comprehensive architecture is still missing that effectively fulfills all related security issues: mutual trustworthiness of entities in partially unknown topologies, identification and mitigation of advanced multi-vector threats, identity management and access control, management and propagation of sensitive data. In order to fill this gap, this work proposes a new methodological approach to design and implement heterogeneous security services for distributed systems that combine together digital resources and components from multiple domains. The framework is designed to support both existing and new security services, and focuses on three novel aspects: (i) full automation of the processes that manage the whole system, i.e., threat detection, collection of information and reaction to attacks and system anomalies; (ii) dynamic adaptation of operations and security tasks to newest attack patterns, and (iii) real-time adjustment of the level of detail of inspection and monitoring processes. The overall architecture as well as the functions and relationships of its logical components are described in detail, presenting also a concrete use case as an example of application of the proposed framework.}, keywords = {Access control; identity management; Threat identification; Cybersecurity framework; Digital service chains}, year = {2021}, eissn = {1573-7705} } @inproceedings{MTMT:32489462, title = {Distributed Operating System Security and Protection: A Short Survey}, url = {https://m2.mtmt.hu/api/publication/32489462}, author = {Abdelmoumin, G. and Hazzazi, N.}, booktitle = {17th International Conference on Information Technology–New Generations (ITNG 2020)}, doi = {10.1007/978-3-030-43020-7_20}, volume = {1134}, unique-id = {32489462}, abstract = {In this paper, we investigate several modern distributed operating systems (DiOSs) and their security policies and mechanisms. We survey the various security and protection issues present in DiOSs and review strategies and techniques used by DiOSs to control access to system resources and protect the integrity of the information stored in the system from accidental events and malicious activities. Further, we distinguish between network security and DiOSs security and explore the attack surface of DiOSs compared to traditional operating systems. We concentrate on a class of distributed operating systems known as cloud operating systems (COSs). © Springer Nature Switzerland AG 2020.}, keywords = {PROTECTION; surveys; Security; Access control; Network security; THREATS; Operating system; vulnerabilities; security policy; Cloud system; distributed system; System resources; Attack surface; Malicious activities; Review strategies; Security and protection; Accidental event; Control access; Distributed operating systems}, year = {2020}, pages = {145-151} } @article{MTMT:31451946, title = {Malware Dynamic Analysis Evasion Techniques: A Survey}, url = {https://m2.mtmt.hu/api/publication/31451946}, author = {Afianian, Amir and Niksefat, Salman and Sadeghiyan, Babak and Baptiste, David}, doi = {10.1145/3365001}, journal-iso = {ACM COMPUT SURV}, journal = {ACM COMPUTING SURVEYS}, volume = {52}, unique-id = {31451946}, issn = {0360-0300}, abstract = {The cyber world is plagued with ever-evolving malware that readily infiltrate all defense mechanisms, operate viciously unbeknownst to the user, and surreptitiously exfiltrate sensitive data. Understanding the inner workings of such malware provides a leverage to effectively combat them. This understanding is pursued often through dynamic analysis which is conducted manually or automatically. Malware authors accordingly, have devised and advanced evasion techniques to thwart or evade these analyses. In this article, we present a comprehensive survey on malware dynamic analysis evasion techniques. In addition, we propose a detailed classification of these techniques and further demonstrate how their efficacy holds against different types of detection and analysis approaches.Our observations attest that evasive behavior is mostly concerned with detecting and evading sandboxes. The primary tactic of such malware we argue is fingerprinting followed by new trends for reverse Turing test tactic which aims at detecting human interaction. Furthermore, we will posit that the current defensive strategies, beginning with reactive methods to endeavors for more transparent analysis systems, are readily foiled by zero-day fingerprinting techniques or other evasion tactics such as stalling. Accordingly, we would recommend the pursuit of more generic defensive strategies with an emphasis on path exploration techniques that has the potential to thwart all the evasive tactics.}, keywords = {Malware; evasion techniques; anti-debugging; sandbox evasion}, year = {2020}, eissn = {1557-7341} } @article{MTMT:31451945, title = {Bayesian attack graphs for platform virtualized infrastructures in clouds}, url = {https://m2.mtmt.hu/api/publication/31451945}, author = {Asvija, B. and Eswari, R. and Bijoy, M. B.}, doi = {10.1016/j.jisa.2020.102455}, journal-iso = {J INF SECUR APPL}, journal = {JOURNAL OF INFORMATION SECURITY AND APPLICATIONS}, volume = {51}, unique-id = {31451945}, issn = {2214-2126}, abstract = {Virtualization security is an important aspect to be carefully addressed while provisioning cloud services. In this paper, we propose a novel model using Bayesian Attack Graphs (BAG) to perform security risk assessment for platform virtualized infrastructures that are used for building cloud services. BAGs are powerful mechanisms that can be used to model the uncertainties inherent in security attacks. We build upon the reference conditional probability tables for the BAG nodes using the reported attacks on virtualized systems from the Common Vulnerabilities and Exposures (CVE) database. We employ Bayesian probabilistic inference techniques on the model presented and showcase the results obtained that can be used by system architects for the risk assessment of such infrastructures. In addition to the probabilistic model, we also present a deterministic approach with security metrics for attack graphs and derive the values for the modeled BAG, which can be used for assessing and comparing with other architectures. The approach described here to draw inferences from the BAG can be employed by system architects to find explanations to critical queries in security design and also to carefully select the countermeasures to be installed. The model can also be used to learn from future a-posteriori evidence data from actual security breaches to provide an efficient risk assessment. (C) 2020 Elsevier Ltd. All rights reserved.}, keywords = {risk assessment; Security; Cloud computing; virtualization; Bayesian attack graphs}, year = {2020}, eissn = {2214-2134} } @{MTMT:32489458, title = {Security and privacy issues and solutions for fog}, url = {https://m2.mtmt.hu/api/publication/32489458}, author = {Mukherjee, M. and Ferrag, M.A. and Maglaras, L. and Derhab, A. and Aazam, M.}, booktitle = {Fog and Fogonomics: Challenges and Practices of Fog Computing, Communication, Networking, Strategy, and Economics}, doi = {10.1002/9781119501121.ch14}, unique-id = {32489458}, abstract = {This chapter presents an overview of the primary security and privacy issues in fog computing. It discusses the state-of-the-art solutions that deal with fog computing-related security and privacy challenges. The chapter also discusses the major attacks on fog-based Internet of Things (IoT) applications. It provides a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving fog-based IoT applications. The chapter aims to summarize all up-to-date research contributions and to outline future research directions that researcher can follow in order to address different security and privacy preservation challenges in fog computing. Cloud computing suffers from substantial yet unsolved challenges such as large end-to-end delay, traffic congestion, lack of mobility, location awareness, and communication cost. Due to lack of centralized and privileged control in security management as in cloud computing, access control becomes a challenging issue in fog computing with heterogeneous and service requirements. © 2020 JohnWiley & Sons, Inc. All rights reserved.}, keywords = {Cloud computing; Internet of Things; Fog computing; security issues; Privacy issues}, year = {2020}, pages = {353-374} } @inproceedings{MTMT:32489460, title = {Investigating Possibilites for Protecting and Hardening Installable FaaS Platforms}, url = {https://m2.mtmt.hu/api/publication/32489460}, author = {Prechtl, M. and Lichtenthäler, R. and Wirtz, G.}, booktitle = {Service-Oriented Computing}, doi = {10.1007/978-3-030-64846-6_7}, volume = {1310}, unique-id = {32489460}, abstract = {Function as a Service is a popular trend in the area of cloud computing and also for IoT use cases. Thus, in addition to cloud services, installable open source platforms for FaaS have recently emerged. To deploy such an installable FaaS platform in production, the security aspect needs to be considered which has not been investigated in detail yet. Therefore, this work presents possible security threats and recommended security measures for protecting and hardening installable FaaS platforms. Currently available FaaS platforms are analyzed according to the possibilities they offer to implement such security measures. Although most platforms provide necessary security measures, there is still potential to improve the platforms by offering advanced measures and facilitate a secure deployment. © 2020, Springer Nature Switzerland AG.}, keywords = {Hardening; COMPUTERS; Computer science; comparison; Security; Security threats; Security aspects; Security measure; Cloud Services; Open source platforms; Function as a Service; FaaS platform}, year = {2020}, pages = {107-126} } @article{MTMT:30806864, title = {Security in hardware assisted virtualization for cloud computing-State of the art issues and challenges}, url = {https://m2.mtmt.hu/api/publication/30806864}, author = {Asvija, B. and Eswari, R. and Bijoy, M. B.}, doi = {10.1016/j.comnet.2019.01.013}, journal-iso = {COMPUT NETW}, journal = {COMPUTER NETWORKS}, volume = {151}, unique-id = {30806864}, issn = {1389-1286}, abstract = {The advantages of virtualization technology have resulted in its wide spread adoption in cloud computing infrastructures. However it has also introduced a new set of security threats that are serious in nature. Many of these threats are unique in virtualized environments and not pertinent in the traditional computing scenarios. Hence these threats have been less studied and thus less addressed by most of the security application vendors. For this reason, it becomes important to carefully analyze the various threats arising at different components of virtualization and thus effectively create solutions to defend the systems against them. This survey attempts to highlight the significant vulnerabilities and expose the readers to the various existing attacks related to Hardware assisted virtualization, as it has become the most widely used form of virtualization in building modern day massive data centers and cloud infrastructures. A Bayesian attack graph model is presented for evaluating the risks associated with the identified threats. A detailed discussion of various countermeasures proposed against the identified threats is presented along with the enumeration of challenges in adopting them. (C) 2019 Elsevier B.V. All rights reserved.}, keywords = {risk assessment; Security; Hardware assisted virtualization; Hypervisor; VMM; Side channels; Bayesian attack graphs}, year = {2019}, eissn = {1872-7069}, pages = {68-92} } @inproceedings{MTMT:30806858, title = {An abstraction layer for cybersecurity context}, url = {https://m2.mtmt.hu/api/publication/30806858}, author = {Bolla, R. and Carrega, A. and Repetto, M.}, booktitle = {2019 International Conference on Computing, Networking and Communications}, doi = {10.1109/ICCNC.2019.8685665}, unique-id = {30806858}, abstract = {The growing complexity and diversification of cy her attacks are largely reflected in the increasing sophistication of security appliances, which arc often too cumbersome to be run in virtual services and IoT devices. Hence, the design of cyber-security frameworks is today looking at more cooperative models, which collect security-related data from a large set of heterogeneous sources for centralized analysis and correlation. In this paper, we outline a flexible abstraction layer for access to security context. It is conceived to program and gather data from lightweight inspection and enforcement hooks deployed in cloud applications and IoT devices. We also provide a preliminary description of its implementation, by reviewing the main software components and their role.}, year = {2019}, pages = {214-218} } @inproceedings{MTMT:30918602, title = {Data Log Management for Cyber-Security Programmability of Cloud Services and Applications}, url = {https://m2.mtmt.hu/api/publication/30918602}, author = {Carrega, Alessandro and Repetto, Matteo}, booktitle = {Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race - CYSARM'19}, doi = {10.1145/3338511.3357351}, unique-id = {30918602}, year = {2019}, pages = {47-52} } @article{MTMT:30806865, title = {Towards Autonomous Security Assurance in 5G Infrastructures}, url = {https://m2.mtmt.hu/api/publication/30806865}, author = {Covaci, Stefan and Repetto, Matteo and Risso, Fulvio}, doi = {10.1587/transcom.2018NVI0001}, journal-iso = {IEICE T COMMUN}, journal = {IEICE TRANSACTIONS ON COMMUNICATIONS}, volume = {E102B}, unique-id = {30806865}, issn = {0916-8516}, abstract = {5G infrastructures will heavily rely on novel paradigms such as Network Function Virtualization and Service Function Chaining to build complex business chains involving multiple parties. Although virtualization of security middleboxes looks a common practice today, we argue that this approach is inefficient and does not fit the peculiar characteristics of virtualized environments. In this paper, we outline a new paradigm towards autonomous security assurance in 5G infrastructures, leveraging service orchestration for semi-autonomous management and reaction, yet decoupling security management from service graph design. Our work is expected to improve the design and deployment of complex business chains, as well as the application of artificial intelligence and machine learning techniques over large and intertwined security datasets. We describe the overall concept and architecture, and discuss in details the three architectural layers. We also report preliminary work on implementation of the system, by introducing relevant technologies.}, keywords = {NFV; 5G; Service Chaining; cyber-security}, year = {2019}, eissn = {1745-1345}, pages = {401-409}, orcid-numbers = {Repetto, Matteo/0000-0001-8478-2633} } @article{MTMT:30918865, title = {Study of Virtualization Software in the context of VMware Infrastructure}, url = {https://m2.mtmt.hu/api/publication/30918865}, author = {Dev, Ras Pandey and Bharat, Mishra}, journal-iso = {IJASRM}, journal = {INTERNATIONAL JOURNAL OF ADVANCED SCIENTIFIC RESEARCH AND MANAGEMENT}, volume = {2019}, unique-id = {30918865}, issn = {2455-6378}, year = {2019}, pages = {55-59} } @article{MTMT:30806863, title = {The role of the adversary model in applied security research}, url = {https://m2.mtmt.hu/api/publication/30806863}, author = {Do, Quang and Martini, Ben and Choo, Kim-Kwang Raymond}, doi = {10.1016/j.cose.2018.12.002}, journal-iso = {COMPUT SECUR}, journal = {COMPUTERS AND SECURITY}, volume = {81}, unique-id = {30806863}, issn = {0167-4048}, abstract = {Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of loT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities. (C) 2018 Elsevier Ltd. All rights reserved.}, keywords = {Mobile security; IoT Security; Adversary Model; Applied security; Forensic Adversary Model}, year = {2019}, eissn = {1872-6208}, pages = {156-181}, orcid-numbers = {Choo, Kim-Kwang Raymond/0000-0001-9208-5336} } @article{MTMT:30806857, title = {A New Resource Allocation Mechanism for Security of Mobile Edge Computing System}, url = {https://m2.mtmt.hu/api/publication/30806857}, author = {Hui, Hongwen and Zhou, Chengcheng and An, Xingshuo and Lin, Fuhong}, doi = {10.1109/ACCESS.2019.2936374}, journal-iso = {IEEE ACCESS}, journal = {IEEE ACCESS}, volume = {7}, unique-id = {30806857}, issn = {2169-3536}, abstract = {Mobile-Edge Computing (MEC) is a new computing paradigm that provides a capillary distribution of cloud computing capabilities to the network edge. In this paper, we studied the security defense problem in MEC network environment. One big challenge is how to efficiently allocate resources to deploy Mobile-Edge Computing-Intrusion Detection Systems (MEC-IDS) in this system, since all the MEC hosts are composed of resource-constrained network devices. To tackle this challenge, a new resource allocation mechanism based on deterministic differential equation model is proposed and investigated. Existence, uniqueness and stability of the positive solution of this model are obtained by using Lyapuonv stability theory. Furthermore, we extended our study to MEC network environment with stochastic perturbation and established a new stochastic differential equation model. We proved the existence, uniqueness, persistence and oscillatory of the positive solution of this model and quantitatively analyzed the relationship between oscillation and intensity of stochastic perturbation. Numerical simulations are carried out to illustrate the effectiveness of the main results.}, keywords = {resource allocation; Intrusion detection systems; Stability theory; Stochastic perturbation; Mobile-edge computing}, year = {2019}, eissn = {2169-3536}, pages = {116886-116899} } @article{MTMT:30918619, title = {Analysis of Security Requirements for Session-Oriented Cross Play Using X-box}, url = {https://m2.mtmt.hu/api/publication/30918619}, author = {Kim, Dong-woo and Kang, Soo-young and Kim, Seung-joo}, doi = {10.13089/JKIISC.2019.29.1.235}, journal = {Journal of the Korea Institute of Information Security and Cryptology}, volume = {29}, unique-id = {30918619}, issn = {1598-3986}, year = {2019}, pages = {235-255} } @article{MTMT:31079358, title = {An Overview of Mobile Edge Computing: Architecture, Technology and Direction}, url = {https://m2.mtmt.hu/api/publication/31079358}, author = {Rasheed, Arslan and Chong, Peter Han Joo and Ho, Ivan Wang-Hei and Li, Xue Jun and Liu, William}, doi = {10.3837/tiis.2019.10.002}, journal-iso = {KSII T INTERNET INF}, journal = {KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS}, volume = {13}, unique-id = {31079358}, issn = {1976-7277}, abstract = {Modern applications such as augmented reality, connected vehicles, video streaming and gaming have stringent requirements on latency, bandwidth and computation resources. The explosion in data generation by mobile devices has further exacerbated the situation. Mobile Edge Computing (MEC) is a recent addition to the edge computing paradigm that amalgamates the cloud computing capabilities with cellular communications. The concept of MEC is to relocate the cloud capabilities to the edge of the network for yielding ultra-low latency, high computation, high bandwidth, low burden on the core network, enhanced quality of experience (QoE), and efficient resource utilization. In this paper, we provide a comprehensive overview on different traits of MEC including its use cases, architecture, computation offloading, security, economic aspects, research challenges, and potential future directions.}, keywords = {Cloud computing; Edge Computing; mobile edge computing; Computation Offloading; 5G wireless networks; fog computing and cloudlet computing}, year = {2019}, eissn = {1976-7277}, pages = {4849-4864}, orcid-numbers = {Chong, Peter Han Joo/0000-0002-5375-8961} } @article{MTMT:30918625, title = {Virtualization Solutions Supporting Privacy and Data Protection in Online Activities}, url = {https://m2.mtmt.hu/api/publication/30918625}, author = {Șandor, Andrei}, doi = {10.2478/kbo-2019-0133}, journal-iso = {KBO PROCEEDINGS}, journal = {INTERNATIONAL CONFERENCE - THE KNOWLEDGE-BASED ORGANIZATION}, volume = {25}, unique-id = {30918625}, issn = {1843-6722}, year = {2019}, eissn = {2451-3113}, pages = {168-173} } @article{MTMT:30806860, title = {Container Security: Issues, Challenge and the Road Ahead}, url = {https://m2.mtmt.hu/api/publication/30806860}, author = {Sultan, Sari and Ahmad, Imtiaz and Dimitriou, Tassos}, doi = {10.1109/ACCESS.2019.2911732}, journal-iso = {IEEE ACCESS}, journal = {IEEE ACCESS}, volume = {7}, unique-id = {30806860}, issn = {2169-3536}, abstract = {Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach $2.7 billion in 2020 as compared to $762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area.}, keywords = {Survey; Containers; Security; Docker; Linux containers; OS level virtualization; lightweight virtualization}, year = {2019}, eissn = {2169-3536}, pages = {52976-52996}, orcid-numbers = {Sultan, Sari/0000-0002-4781-5528} } @article{MTMT:30866345, title = {An interactive method for solving a lass of stochastic multi objective integer linear programming problem}, url = {https://m2.mtmt.hu/api/publication/30866345}, author = {Suparni and Mawengkang, H.}, journal-iso = {INT J RECENT TECHNOL AND ENG}, journal = {INTERNATIONAL JOURNAL OF RECENT TECHNOLOGY AND ENGINEERING (IJRTE)}, volume = {7}, unique-id = {30866345}, year = {2019}, eissn = {2277-3878}, pages = {1395-1400} } @article{MTMT:30866342, title = {Towards secure 5G networks: A Survey}, url = {https://m2.mtmt.hu/api/publication/30866342}, author = {Zhang, S. and Wang, Y. and Zhou, W.}, doi = {10.1016/j.comnet.2019.106871}, journal-iso = {COMPUT NETW}, journal = {COMPUTER NETWORKS}, volume = {162}, unique-id = {30866342}, issn = {1389-1286}, year = {2019}, eissn = {1872-7069} } @article{MTMT:30866349, title = {Mobile Edge Computing: A Survey}, url = {https://m2.mtmt.hu/api/publication/30866349}, author = {Abbas, N. and Zhang, Y. and Taherkordi, A. and Skeie, T.}, doi = {10.1109/JIOT.2017.2750180}, journal-iso = {IEEE INTERNET OF THINGS J}, journal = {IEEE INTERNET OF THINGS JOURNAL}, volume = {5}, unique-id = {30866349}, issn = {2327-4662}, year = {2018}, eissn = {2327-4662}, pages = {450-465} } @article{MTMT:30866350, title = {Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures}, url = {https://m2.mtmt.hu/api/publication/30866350}, author = {Barrowclough, J.P. and Asif, R.}, doi = {10.1155/2018/1681908}, journal-iso = {SECUR COMMUN NETW}, journal = {SECURITY AND COMMUNICATION NETWORKS}, volume = {2018}, unique-id = {30866350}, issn = {1939-0114}, year = {2018}, eissn = {1939-0122} } @article{MTMT:30567585, title = {Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms}, url = {https://m2.mtmt.hu/api/publication/30567585}, author = {Botacin, Marcus and de Geus, Paulo Licio and Gregio, Andre}, doi = {10.1145/3199673}, journal-iso = {ACM COMPUT SURV}, journal = {ACM COMPUTING SURVEYS}, volume = {51}, unique-id = {30567585}, issn = {0360-0300}, abstract = {Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms.}, keywords = {Security; SMM; Malware; Binary analysis; HVM; introspection}, year = {2018}, eissn = {1557-7341} } @inproceedings{MTMT:30806861, title = {Situational Awareness in Virtual Networks: the ASTRID Approach}, url = {https://m2.mtmt.hu/api/publication/30806861}, author = {Carrega, A. and Repetto, M. and Risso, F. and Covaci, S. and Zafeiropoulos, A. and Giannetsos, T. and Toscano, O.}, booktitle = {2018 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING (CLOUDNET)}, doi = {10.1109/CloudNet.2018.8549540}, unique-id = {30806861}, abstract = {Cloud-based services often follow the same logical structure of private networks. The lack of physical boundaries and the dependence on third party's infrastructural security mechanisms often undermine the confidence in the overall security level of virtualized applications. Integrating software instances of common security middleboxes into cloud networks helps overcome most suspicions, but leads to inefficient solutions.In this paper, we describe the vision behind the ASTRID project. The novelty of our concept lies in decoupling detection algorithms from monitoring and inspection tasks, seeking better integration with virtualization frameworks. We briefly elaborate on the overall conceptual architecture and the foundation of its implementation components. Additionally, we give insights on the expected impacts and opportunities brought by this novel paradigm over the existing approaches.}, year = {2018} } @inproceedings{MTMT:30567582, title = {Secure Out-of-band Remote Management of Virtual Machines with Transparent Passthrough}, url = {https://m2.mtmt.hu/api/publication/30567582}, author = {Futagami, Shota and Unoki, Tomoya and Kourai, Kenichi}, booktitle = {34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018)}, doi = {10.1145/3274694.3274749}, unique-id = {30567582}, abstract = {Infrastructure-as-a-Service clouds provide out-of-band remote management for users to access their virtual machines (VMs). Out-of-band remote management is a method for indirectly accessing VMs via their virtual devices. While virtual devices running in the virtualized system are managed by cloud operators, not all cloud operators are always trusted in clouds. To prevent information leakage from virtual devices and tampering with their I/O data, several systems have been proposed by trusting the hypervisor in the virtualized system. However, they have various issues on security and management. This paper proposes VSBypass, which enables secure out-of-band remote management outside the virtualized system using a technique called transparent passthrough. VSBypass runs the entire virtualized system in an outer VM using nested virtualization. Then it intercepts I/O requests of out-of-band remote management and processes those requests in shadow devices, which run outside the virtualized system. We have implemented VSBypass in Xen for the virtual serial console and GUI remote access. We confirmed that information leakage was prevented and that the performance was comparable to that in traditional out-of-band remote management.}, keywords = {Virtual machines; Information leakage; Virtualized systems; Remote management; Nested virtualization}, year = {2018}, pages = {430-440} } @inproceedings{MTMT:30866348, title = {Security Issues with Virtualization in Cloud Computing}, url = {https://m2.mtmt.hu/api/publication/30866348}, author = {Kumar, V. and Rathore, R.S.}, booktitle = {2018 IEEE International Conference on Advances in Computing, Communication Control and Networking, ICACCCN 2018}, doi = {10.1109/ICACCCN.2018.8748405}, unique-id = {30866348}, year = {2018}, pages = {487-491} } @article{MTMT:30567584, title = {NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures}, url = {https://m2.mtmt.hu/api/publication/30567584}, author = {Pattaranantakul, Montida and He, Ruan and Song, Qipeng and Zhang, Zonghua and Meddahi, Ahmed}, doi = {10.1109/COMST.2018.2859449}, journal-iso = {IEEE COMMUN SURV TUTOR}, journal = {IEEE COMMUNICATIONS SURVEYS AND TUTORIALS}, volume = {20}, unique-id = {30567584}, issn = {1553-877X}, abstract = {Network functions virtualization (NFV), along with software-defined networking (SDN), drives a new change in networking infrastructure with respect to designing, deploying, and managing various network services. In particular, NFV has potential to significantly reduce the hardware cost, greatly improve operational efficiency, and dramatically shorten the development lifecycle of network service. It also makes network functions and services much more adaptive and scalable. Despite the promising advantages of NFV, security remains to be one of the vital concerns and potential hurdle, as attack surface becomes unclear and defense line turns to be blurred in the virtualization environment. This survey is therefore devoted to analyzing NFV from a security perspective. We first analyze security threats of five well-defined NFV use cases, with an objective to establishing a comprehensive layer-specific threat taxonomy. Second, we conduct in-depth comparative studies on several security mechanisms that are applied in traditional scenarios and in NFV environments. The purpose is to analyze their implicit relationships with NFV performance objectives in terms of feasibility, agility, effectiveness, and so on. Third, based on the established threat taxonomy and the analyzed security mechanisms, we provide a set of recommendations on securing NFV based services, along with the analysis on the state-of-the-art security countermeasures. A resulting holistic security framework is intended to lay a foundation for NFV service providers to deploy adaptive, scalable, and cost-effective security hardening based on their particular needs. Some future research directions are finally discussed.}, keywords = {security management; Network function virtualization (NFV); security functions; service orchestration}, year = {2018}, eissn = {2373-745X}, pages = {3330-3368} } @article{MTMT:27569606, title = {Building situational awareness for network threats in fog/edge computing: Emerging paradigms beyond the security perimeter model}, url = {https://m2.mtmt.hu/api/publication/27569606}, author = {Rapuzzi, R and Repetto, M}, doi = {10.1016/j.future.2018.04.007}, journal-iso = {FUTUR GENER COMP SYST}, journal = {FUTURE GENERATION COMPUTER SYSTEMS}, volume = {85}, unique-id = {27569606}, issn = {0167-739X}, year = {2018}, eissn = {1872-7115}, pages = {235-249} } @article{MTMT:27083720, title = {Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges}, url = {https://m2.mtmt.hu/api/publication/27083720}, author = {Roman, Rodrigo and Lopez, Javier and Mambo, Masahiro}, doi = {10.1016/j.future.2016.11.009}, journal-iso = {FUTUR GENER COMP SYST}, journal = {FUTURE GENERATION COMPUTER SYSTEMS}, volume = {78}, unique-id = {27083720}, issn = {0167-739X}, year = {2018}, eissn = {1872-7115}, pages = {680-698} } @article{MTMT:27569607, title = {Hardware-Assisted Secure Communication in Embedded and Multi-Core Computing Systems}, url = {https://m2.mtmt.hu/api/publication/27569607}, author = {Saeed, Ahmed and Ahmadinia, Ali and Just, Mike}, doi = {10.3390/computers7020031}, journal-iso = {COMPUTERS}, journal = {COMPUTERS}, volume = {7}, unique-id = {27569607}, year = {2018}, eissn = {2073-431X} } @inproceedings{MTMT:30866352, title = {A survey on automated dynamic malware analysis evasion and counter-evasion: PC, Mobile, and Web}, url = {https://m2.mtmt.hu/api/publication/30866352}, author = {Bulazel, A. and Yener, B.}, booktitle = {Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium}, doi = {10.1145/3150376.3150378}, unique-id = {30866352}, year = {2017} } @article{MTMT:30866355, title = {Multilevel classification of security concerns in cloud computing}, url = {https://m2.mtmt.hu/api/publication/30866355}, author = {Hussain, S.A. and Fatima, M. and Saeed, A. and Raza, I. and Shahzad, R.K.}, doi = {10.1016/j.aci.2016.03.001}, journal-iso = {APPLIED COMPUTING AND INFORMATICS}, journal = {APPLIED COMPUTING AND INFORMATICS}, volume = {13}, unique-id = {30866355}, year = {2017}, eissn = {2210-8327}, pages = {57-65} } @{MTMT:30922465, title = {Mobile Edge Computing}, url = {https://m2.mtmt.hu/api/publication/30922465}, author = {Liang, Ben}, booktitle = {Key Technologies for 5G Wireless Systems}, unique-id = {30922465}, year = {2017}, pages = {76-91} } @inproceedings{MTMT:33091106, title = {A systematic review of vulnerabilities in hypervisors and their detection}, url = {https://m2.mtmt.hu/api/publication/33091106}, author = {Litchfield, Alan and Shahzad, Abid}, booktitle = {AMCIS 2017 - America's Conference on Information Systems: A Tradition of Innovation}, volume = {2017-August}, unique-id = {33091106}, abstract = {The paper presents a systematic review of risk assessment processes to provide an overview of the risks to cloud computing and identify future research directions. This paper also provides an analysis of sophisticated threats to hypervisors and highlights vulnerabilities and exploits. Virtualization is a core feature of Cloud Computing and it is often a target for attackers. The hypervisor, which provides the virtualization layer, if compromised, can result in loss or damage to critical assets owned by Cloud Service Providers and their customers. The exploitation of hypervisor vulnerabilities provide opportunities for an attacker to launch sophisticated attacks such as Cross-VM Side Channel, Denial of Service, and Hypervisor Escape. The rate of adoption of cloud services is reflected in the lack of security controls against such sophisticated attacks and the resulting lack of trust, therefore we argue that risk assessment for hypervisors’ is significant for Cloud Service Providers. © 2017 AIS/ICIS Administrative Office. All Rights Reserved.}, keywords = {risk assessment; risk assessment; Virtual reality; Information Systems; Vulnerability assessment; Cloud computing; virtualization; Information use; Denial-of-service attack; Vulnerability assessments; Side channel attack; vulnerabilities; vulnerabilities; Hypervisor; Hypervisor; Distributed database systems; Zero-day threat; Vulnerability exploits; Vulnerability exploits; Zero days}, year = {2017}, pages = {2071-2080} } @{MTMT:30866357, title = {A Design Methodology for Developing Resilient Cloud Services}, url = {https://m2.mtmt.hu/api/publication/30866357}, author = {Tunc, C. and Hariri, S. and Battou, A.}, booktitle = {Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber Physical Systems}, doi = {10.1016/B978-0-12-803773-7.00009-7}, unique-id = {30866357}, year = {2017}, pages = {177-197} } @article{MTMT:30806867, title = {Network-Based Secret Communication in Clouds: A Survey}, url = {https://m2.mtmt.hu/api/publication/30806867}, author = {Ullrich, Johanna and Zseby, Tanja and Fabini, Joachim and Weippl, Edgar}, doi = {10.1109/COMST.2017.2659646}, journal-iso = {IEEE COMMUN SURV TUTOR}, journal = {IEEE COMMUNICATIONS SURVEYS AND TUTORIALS}, volume = {19}, unique-id = {30806867}, issn = {1553-877X}, abstract = {The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities-data transmission concealing its mere existence or some of its characteristics-in clouds. The ability to establish such secret communication provides a powerful instrument to adversaries and can be used to gather information for attack preparation, to conceal the coordination of malicious instances or to leak sensitive data. In this paper, we investigate potentials for secret communication in cloud environments and show possible application scenarios. We survey current approaches of different kinds of secret communication including covert channels, side channels, and obfuscation techniques. While most existing work focuses on covert and side channels within a physical server (cross-VM channels), we place emphasis on network-based covert and side channels, which are rarely addressed in current literature about cloud security. We then discuss secret communication techniques with respect to the application scenarios and show their advantages and limitations.}, keywords = {Security; Distributed computing; Network security; side-channel attacks}, year = {2017}, eissn = {2373-745X}, pages = {1112-1144}, orcid-numbers = {Ullrich, Johanna/0000-0003-0297-9614} } @inproceedings{MTMT:27317540, title = {Detecting Virtualization Specific Vulnerabilities in Cloud Computing Environment}, url = {https://m2.mtmt.hu/api/publication/27317540}, author = {Zhu, Guodong and Yin, Yue and Cai, Ruoyan and Li, Kang}, booktitle = {10th IEEE International Conference on Cloud Computing, CLOUD 2017}, doi = {10.1109/CLOUD.2017.105}, unique-id = {27317540}, year = {2017}, pages = {743-748} } @{MTMT:30866361, title = {Fusion trust service assessment for crisis management environments}, url = {https://m2.mtmt.hu/api/publication/30866361}, author = {Blasch, E. and Badr, Y. and Hariri, S. and Al-Nashif, Y.}, booktitle = {Fusion Methodologies in Crisis Management: Higher Level Fusion and Decision Making}, doi = {10.1007/978-3-319-22527-2_18}, unique-id = {30866361}, year = {2016}, pages = {389-420} } @inproceedings{MTMT:30806868, title = {An empirical analysis of vulnerabilities in virtualization technologies}, url = {https://m2.mtmt.hu/api/publication/30806868}, author = {Gkortzis, Antonios and Rizou, Stamatia and Spinellis, Diomidis}, booktitle = {2016 8TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2016)}, doi = {10.1109/CloudCom.2016.78}, unique-id = {30806868}, abstract = {Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features.}, year = {2016}, pages = {533-538} } @article{MTMT:26227325, title = {A Practical Application of TrimCloud: Using TrimCloud as an Educational Technology in Developing Countries}, url = {https://m2.mtmt.hu/api/publication/26227325}, author = {Gomez, Beatriz Adriana and Evans, Kailash}, doi = {10.4018/IJCAC.2016040104}, journal-iso = {IJCAC}, journal = {INTERNATIONAL JOURNAL OF CLOUD APPLICATIONS AND COMPUTING}, volume = {6}, unique-id = {26227325}, issn = {2156-1834}, year = {2016}, eissn = {2156-1826}, pages = {37-48} } @CONFERENCE{MTMT:26161436, title = {Cloud computing data breaches a socio-technical review of literature}, url = {https://m2.mtmt.hu/api/publication/26161436}, author = {Kolevski, D and Michael, K}, booktitle = {Proceedings of the 2015 International Conference on Green Computing and Internet of Things, ICGCIoT 2015}, doi = {10.1109/ICGCIoT.2015.7380702}, unique-id = {26161436}, year = {2016}, pages = {1486-1495} } @inproceedings{MTMT:26227326, title = {The Forensic Effectiveness of Virtual Disk Sanitization}, url = {https://m2.mtmt.hu/api/publication/26227326}, author = {Sablatura, Joshua and Karabiyik, Umit}, booktitle = {2016 4TH INTERNATIONAL SYMPOSIUM ON DIGITAL FORENSIC AND SECURITY (ISDFS)}, doi = {10.1109/ISDFS.2016.7473530}, publisher = {Institute of Electrical and Electronics Engineers}, unique-id = {26227326}, year = {2016}, pages = {126-131} } @article{MTMT:25797807, title = {Evolution of attacks, threat models, and solutions for virtualized systems}, url = {https://m2.mtmt.hu/api/publication/25797807}, author = {Sgandurra, Daniele and Lupu, Emil}, doi = {10.1145/2856126}, journal-iso = {ACM COMPUT SURV}, journal = {ACM COMPUTING SURVEYS}, volume = {48}, unique-id = {25797807}, issn = {0360-0300}, year = {2016}, eissn = {1557-7341} } @inproceedings{MTMT:30866366, title = {Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments}, url = {https://m2.mtmt.hu/api/publication/30866366}, author = {Badr, Y. and Hariri, S. and Al-Nashif, Y. and Blasch, E.}, booktitle = {International Conference On Computational Science, ICCS 2015}, doi = {10.1016/j.procs.2015.05.370}, volume = {51}, unique-id = {30866366}, year = {2015}, pages = {2623-2637} } @inproceedings{MTMT:30866365, title = {Container-based virtualization for HPC}, url = {https://m2.mtmt.hu/api/publication/30866365}, author = {Gantikow, H. and Klingberg, S. and Reich, C.}, booktitle = {5th International Conference on Cloud Computing and Services Science}, unique-id = {30866365}, year = {2015}, pages = {543-550} } @CONFERENCE{MTMT:25478513, title = {Hardware-assisted secure communication for FPGA-based embedded systems}, url = {https://m2.mtmt.hu/api/publication/25478513}, author = {Saeed, A and Ahmadinia, A and Just, M}, booktitle = {2015 11th Conference on Ph.D. Research in Microelectronics and Electronics, PRIME 2015}, doi = {10.1109/PRIME.2015.7251373}, unique-id = {25478513}, year = {2015}, pages = {216-219} } @inproceedings{MTMT:25478514, title = {Analysis of Virtual Machine Monitor as Trusted Dependable Systems}, url = {https://m2.mtmt.hu/api/publication/25478514}, author = {Santoso, GZ and Jung, Y-W and Kim, H-Y}, booktitle = {2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops}, doi = {10.1109/UIC-ATC-ScalCom.2014.32}, unique-id = {25478514}, year = {2015}, pages = {603-608} } @inproceedings{MTMT:30866363, title = {Autonomic Resilient Cloud Management (ARCM) design and evaluation}, url = {https://m2.mtmt.hu/api/publication/30866363}, author = {Tunc, C. and Fargo, F. and Al-Nashif, Y. and Hariri, S. and Hughes, J.}, booktitle = {Proceedings - 2014 International Conference on Cloud and Autonomic Computing}, doi = {10.1109/ICCAC.2014.35}, unique-id = {30866363}, year = {2015}, pages = {44-49} } @book{MTMT:30866351, title = {Security in network functions virtualization}, url = {https://m2.mtmt.hu/api/publication/30866351}, isbn = {9781785482571}, author = {Zhang, Z. and Meddahi, A.}, doi = {10.1016/C2016-0-01121-X}, publisher = {Elsevier B.V.}, unique-id = {30866351}, year = {2015}, pages = {1-272} } @{MTMT:30866368, title = {A performance analysis of ARM virtual machines secured using SELinux}, url = {https://m2.mtmt.hu/api/publication/30866368}, author = {Paolino, M. and Hamayun, M.M. and Raho, D.}, booktitle = {Cyber Security and Privacy. CSP 2014.}, doi = {10.1007/978-3-319-12574-9_3}, volume = {470}, unique-id = {30866368}, year = {2014}, pages = {28-36} } @inproceedings{MTMT:2697765, title = {On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment}, url = {https://m2.mtmt.hu/api/publication/2697765}, author = {Pék, Gábor and Andrea, Lanzi and Abhinav, Srivastava and Davide, Balzarotti and Aurélien, Francillon and Christoph, Neumann}, booktitle = {Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security}, doi = {10.1145/2590296.2590299}, unique-id = {2697765}, year = {2014}, pages = {305-316} }