TY - JOUR AU - Fox, Anthony C. J. AU - Stockwell, Gareth AU - Xiong, Shale AU - Becker, Hanno AU - Mulligan, Dominic P. AU - Petri, Gustavo AU - Chong, Nathan TI - A Verification Methodology for the Arm (R) Confidential Computing Architecture JF - PROCEEDINGS OF THE ACM ON PROGRAMMING LANGUAGES J2 - PROC ACM PROGRAM LANG VL - 7 PY - 2023 IS - OOPSLA PG - 30 SN - 2475-1421 DO - 10.1145/3586040 UR - https://m2.mtmt.hu/api/publication/33892640 ID - 33892640 AB - We present Arm's efforts in verifying the specification and prototype reference implementation of the Realm Management Monitor (RMM), an essential firmware component of Arm Confidential Computing Architecture (Arm CCA), the recently-announced Confidential Computing technologies incorporated in the Armv9-A architecture. Arm CCA introduced the Realm Management Extension (RME), an architectural extension for Armv9-A, and a technology that will eventually be deployed in hundreds of millions of devices. Given the security-critical nature of the RMM, and its taxing threat model, we use a combination of interactive theorem proving, model checking, and concurrency-aware testing to validate and verify security and safety properties of both the specification and a prototype implementation of the RMM. Crucially, our verification efforts were, and are still being, developed and refined contemporaneously with active development of both specification and implementation, and have been adopted by Arm's product teams. We describe our major achievements, realized through the application of formal techniques, as well as challenges that remain for future work. We believe that the work reported in this paper is the most thorough application of formal techniques to the design and implementation of any current commercially-viable Confidential Computing implementation, setting a new high-water mark for work in this area. LA - English DB - MTMT ER - TY - JOUR AU - Repetto, Matteo TI - Adaptive monitoring, detection, and response for agile digital service chains JF - COMPUTERS AND SECURITY J2 - COMPUT SECUR VL - 132 PY - 2023 PG - 18 SN - 0167-4048 DO - 10.1016/j.cose.2023.103343 UR - https://m2.mtmt.hu/api/publication/34279341 ID - 34279341 AB - Modern business is increasingly adopting fully-digital workflows composed of complementary services (in terms of infrastructures, software, networks, data and devices) from different domains, hence giving rise to complex and heterogeneous digital chains. The substantial fragmentation in service operation and ownership between these domains impacts cybersecurity operations, by hindering a coherent and cooperative defense strategy for the entire chain. As a result, this situation gives attackers more opportunity to move laterally within the chain once they have found and compromised the weakest link. A ground-breaking evolution of legacy cybersecurity processes is necessary towards collaborative and adaptive models that fit the dynamic, agile, and heterogeneous nature of federated environments. In this paper, we elaborate on the necessary convergence between complementary workflows for response, analysis, and intelligence, by considering the peculiarity of these operations and the relevant threat scenario. Our analysis points out the main research challenges to fill the existing gap between management and protection practice for digital service chains. Moreover, we outline a reference architecture that combines such workflows. The objective is to foster researchers to broaden the scope of their work, in order to address open security issues for modern business and computing paradigms.& COPY; 2023 Published by Elsevier Ltd. LA - English DB - MTMT ER - TY - JOUR AU - Alcaraz, Cristina AU - Lopez, Javier TI - Digital Twin: A Comprehensive Survey of Security Threats JF - IEEE COMMUNICATIONS SURVEYS AND TUTORIALS J2 - IEEE COMMUN SURV TUTOR VL - 24 PY - 2022 IS - 3 SP - 1475 EP - 1503 PG - 29 SN - 1553-877X DO - 10.1109/COMST.2022.3171465 UR - https://m2.mtmt.hu/api/publication/33225321 ID - 33225321 AB - Industry 4.0 is having an increasingly positive impact on the value chain by modernizing and optimizing the production and distribution processes. In this streamline, the digital twin (DT) is one of the most cutting-edge technologies of Industry 4.0, providing simulation capabilities to forecast, optimize and estimate states and configurations. In turn, these technological capabilities are encouraging industrial stakeholders to invest in the new paradigm, though an increased focus on the risks involved is really needed. More precisely, the deployment of a DT is based on the composition of technologies such as cyber-physical systems, the Industrial Internet of Things, edge computing, virtualization infrastructures, artificial intelligence and big data. However, the confluence of all these technologies and the implicit interaction with the physical counterpart of the DT in the real world generate multiple security threats that have not yet been sufficiently studied. In that context, this paper analyzes the current state of the DT paradigm and classifies the potential threats associated with it, taking into consideration its functionality layers and the operational requirements in order to achieve a more complete and useful classification. We also provide a preliminary set of security recommendations and approaches that can help to ensure the appropriate and trustworthy use of a DT. LA - English DB - MTMT ER - TY - JOUR AU - Belal, Mohamad Mulham AU - Sundaram, Divya Meena TI - Comprehensive review on intelligent security defences in cloud: Taxonomy, security issues, ML/DL techniques, challenges and future trends JF - JOURNAL OF KING SAUD UNIVERSITY - COMPUTER AND INFORMATION SCIENCES J2 - J KING SAUD UNIV COMP INF SCI VL - 34 PY - 2022 IS - 10 SP - 9102 EP - 9131 PG - 30 SN - 1319-1578 DO - 10.1016/j.jksuci.2022.08.035 UR - https://m2.mtmt.hu/api/publication/34279342 ID - 34279342 AB - Nowadays, machine learning and deep learning algorithms are used in recent studies as active security techniques instead of traditional ones to secure the cloud environment based on pre-trained data. In this paper, a literature review on machine and deep learning based defences against attacks and security issues in cloud computing is provided. A taxonomy of all different types of attacks and threats as per cloud security alliance (CSA) layers; and the general defences against cloud attacks is shown in this review as well as the reasons which let the traditional security techniques fail to satisfy the desired security level are discussed. Forty-two case studies are selected based on seven quality assessment standards and then, analyzed to answer seven research questions which help to protect cloud environments from various attacks, issues, and challenges. The analysis of case studies shows a description of the most common security issues in cloud; machine learning and deep learning models that are applied, datasets models, performance metrics, machine learning and deep learning based countermeasures and defences that are developed to prevent security issues. Finally, the future scope and open challenges in cloud computing security based on machine and deep learning are discussed as well. LA - English DB - MTMT ER - TY - JOUR AU - Pattaranantakul, Montida AU - Vorakulpipat, Chalee AU - Takahashi, Takeshi TI - Service Function Chaining security survey: Addressing security challenges and threats JF - COMPUTER NETWORKS J2 - COMPUT NETW VL - 221 PY - 2022 PG - 27 SN - 1389-1286 DO - 10.1016/j.comnet.2022.109484 UR - https://m2.mtmt.hu/api/publication/33656133 ID - 33656133 N1 - Funding Agency and Grant Number: National Institute of Information andCommunications Technologies (NICT)6, Japan Funding text: This work is the output of ASEAN International Virtual Organization(ASEAN IVO) project5entitled "Agricultural IoT based on Edge comput-ing", and financially supported by National Institute of Information andCommunications Technologies (NICT)6, Japan AB - Service function chaining (SFC) is a trending paradigm and it has attracted considerable attention from both the industry and academia because of its potential to improve dynamicity and flexibility in service chain provisioning significantly. SFC makes it easier and more convenient to compose on-demand service chains customized for application-specific requirements. In addition to SFC, network functions virtualization (NFV) and software-defined networking (SDN) are two other technology enablers that drive software-based service chain solutions. SFC leverages NFV for flexible deployment and for the placement of virtual resources and virtual network functions (VNFs); further, it employs SDN to provide traffic steering and network connectivity between the deployed VNF instances to form an application-specific service chain. Although SFC introduces many promising advantages, security is a major concern and a potential barrier for the widespread adoption of SFC technology. The integration of these technologies introduces a wide variety of security risks in the different levels of SFC stacks because SFC relies on NFV and SDN, and this results in a greater attack surface. Therefore, this survey aims to conduct a comprehensive analysis of SFC from a security perspective. To this end, we examine the SFC architecture in detail, including the design principles and relationships between other functional components, to obtain a clear understanding of SFC. The significant enhancements achieved by adopting SFC are highlighted. Further, we exemplify its deployment in several realistic use cases. Based on the SFC layering model, we analyze security threats to identify all possible risk exposures and establish a layer-specific threat taxonomy. We then systematically analyze the existing defensive solutions and propose a set of security recommendations to secure an SFC-enabled domain. Our goal is to help network operators deploy cost-effective security hardening based on their specific requirements. Finally, several open research challenges and future directions of SFC are also discussed. LA - English DB - MTMT ER - TY - JOUR AU - Rodriguez, Luis E. Sepulveda AU - Chavarro-Porras, Julio C. AU - Sanabria-Ordonez, John A. AU - Castro, Harold E. AU - Matthews, Jeanna TI - A Survey of Virtualization Technologies: Towards a New Taxonomic Proposal JF - INGENIERIA E INVESTIGACION J2 - ING INVEST VL - 42 PY - 2022 IS - 3 PG - 14 SN - 0120-5609 DO - 10.15446/ing.investig.97363 UR - https://m2.mtmt.hu/api/publication/33892641 ID - 33892641 AB - At present, there is a proliferation of virtualization technologies (VTs), which are part of the basic and underlying infrastructure of popular cloud computing. Those interested in VTs are faced with a non-unified volume of information and various approaches to modes of operation, classification structures, and the performance implications of these technologies. This makes it difficult to decide which type of VT is appropriate for a particular context. Therefore, this paper reviews the state of the art on VT taxonomic models. Methodologically, a literature review is carried out to identify VT classification models, recognizing their features and weaknesses. With this in mind, a new taxonomy of virtualization technologies is proposed, which responds to the weaknesses identified in the analyzed schemes. The new VT taxonomy combines the Abstraction Level and Virtual Machine Type approaches, providing the reader with a means to visualize VTs. In doing so, the reader can locate the level of abstraction at which each VT is developed, in addition to the type of machine projected, whether it is a complete system or an execution environment for processes. The proposed taxonomy can be used in the academic environment to facilitate teaching processes or in the business environment to facilitate decision-making when implementing VTs. LA - English DB - MTMT ER - TY - JOUR AU - Sarkar, Sirshak AU - Choudhary, Gaurav AU - Shandilya, Shishir Kumar AU - Hussain, Azath AU - Kim, Hwankuk TI - Security of Zero Trust Networks in Cloud Computing: A Comparative Review JF - SUSTAINABILITY J2 - SUSTAINABILITY-BASEL VL - 14 PY - 2022 IS - 18 PG - 21 SN - 2071-1050 DO - 10.3390/su141811213 UR - https://m2.mtmt.hu/api/publication/33225320 ID - 33225320 AB - Recently, networks have shifted from traditional in-house servers to third-party-managed cloud platforms due to its cost-effectiveness and increased accessibility toward its management. However, the network remains reactive, with less accountability and oversight of its overall security. Several emerging technologies have restructured our approach to the security of cloud networks; one such approach is the zero-trust network architecture (ZTNA), where no entity is implicitly trusted in the network, regardless of its origin or scope of access. The network rewards trusted behaviour and proactively predicts threats based on its users' behaviour. The zero-trust network architecture is still at a nascent stage, and there are many frameworks and models to follow. The primary focus of this survey is to compare the novel requirement-specific features used by state-of-the-art research models for zero-trust cloud networks. In this manner, the features are categorized across nine parameters into three main types: zero-trust-based cloud network models, frameworks and proofs-of-concept. ZTNA, when wholly realized, enables network administrators to tackle critical issues such as how to inhibit internal and external cyber threats, enhance the visibility of the network, automate the calculation of trust for network entities and orchestrate security for users. The paper further focuses on domain-specific issues plaguing modern cloud computing networks, which leverage choosing and implementing features necessary for future networks and incorporate intelligent security orchestration, automation and response. The paper also discusses challenges associated with cloud platforms and requirements for migrating to zero-trust architecture. Finally, possible future research directions are discussed, wherein new technologies can be incorporated into the ZTA to build robust trust-based enterprise networks deployed in the cloud. LA - English DB - MTMT ER - TY - JOUR AU - Alwakeel, Ahmed M. TI - An Overview of Fog Computing and Edge Computing Security and Privacy Issues JF - SENSORS J2 - SENSORS-BASEL VL - 21 PY - 2021 IS - 24 PG - 20 SN - 1424-8220 DO - 10.3390/s21248226 UR - https://m2.mtmt.hu/api/publication/33005383 ID - 33005383 AB - With the advancement of different technologies such as 5G networks and IoT the use of different cloud computing technologies became essential. Cloud computing allowed intensive data processing and warehousing solution. Two different new cloud technologies that inherit some of the traditional cloud computing paradigm are fog computing and edge computing that is aims to simplify some of the complexity of cloud computing and leverage the computing capabilities within the local network in order to preform computation tasks rather than carrying it to the cloud. This makes this technology fits with the properties of IoT systems. However, using such technology introduces several new security and privacy challenges that could be huge obstacle against implementing these technologies. In this paper, we survey some of the main security and privacy challenges that faces fog and edge computing illustrating how these security issues could affect the work and implementation of edge and fog computing. Moreover, we present several countermeasures to mitigate the effect of these security issues. LA - English DB - MTMT ER - TY - JOUR AU - Asvija, B. AU - Eswari, R. AU - Bijoy, M. B. TI - Security Threat Modelling With Bayesian Networks and Sensitivity Analysis for IAAS Virtualization Stack JF - JOURNAL OF ORGANIZATIONAL AND END USER COMPUTING J2 - J ORGAN END USER COM VL - 33 PY - 2021 IS - 4 SP - 44 EP - 69 PG - 26 SN - 1546-2234 DO - 10.4018/JOEUC.20210701.oa3 UR - https://m2.mtmt.hu/api/publication/32395266 ID - 32395266 N1 - Centre for Development of Advanced Computing (C-DAC), India National Institute of Technology, Tiruchirappalli, India Export Date: 10 November 2021 AB - Designing security mechanisms for cloud computing infrastructures has assumed importance with the widespread adoption of public clouds. Virtualization security is a crucial component of the overall cloud infrastructure security. In this article, the authors employ the concept of Bayesian networks and attack graphs to carry out sensitivity analysis on the different components involved in virtualization security for infrastructure as a service (IaaS) cloud infrastructures. They evaluate the Bayesian attack graph (BAG) for the IaaS model to reveal the sensitive regions and thus help the administrators to secure the high risk components in the stack. They present a formal definition of the sensitivity analysis and then evaluate using the BAG model for IaaS stack. The model and analysis presented here can also be used by security analysts and designers to make a selection of the security solutions based on the risk profile of vulnerable nodes and the corresponding cost involved in adding a defense against the identified vulnerabilities. LA - English DB - MTMT ER - TY - CHAP AU - Dangl, T. AU - Taubmann, B. AU - Reiser, H.P. ED - Association, for Computing Machinery TI - RapidVMI: Fast and multi-core aware active virtual machine introspection T2 - 16th International Conference on Availability, Reliability and Security, ARES 2021 PB - Association for Computing Machinery (ACM) CY - New York, New York SN - 9781450390514 PY - 2021 DO - 10.1145/3465481.3465752 UR - https://m2.mtmt.hu/api/publication/32488151 ID - 32488151 N1 - Conference code: 171232 Export Date: 10 November 2021 Funding details: Deutsche Forschungsgemeinschaft, DFG, 361891819 Funding text 1: This work has been funded by the Deutsche Forschungsgemein-schaft (DFG, German Research Foundation) – 361891819 (ARADIA). AB - Virtual machine introspection (VMI) is a technique for the external monitoring of virtual machines. Through previous work, it became apparent that VMI can contribute to the security of distributed systems and cloud architectures by facilitating stealthy intrusion detection, malware analysis, and digital forensics. The main shortcomings of active VMI-based approaches such as program tracing or process injection in production environments result from the side effects of writing to virtual address spaces and the parallel execution of shared main memory on multiple processor cores. In this paper, we present RapidVMI, a framework for active virtual machine introspection that enables fine-grained, multi-core aware VMI-based memory access on virtual address spaces. It was built to overcome the outlined shortcomings of existing VMI solutions and facilitate the development of introspection applications as if they run in the monitored virtual machine itself. Furthermore, we demonstrate that hypervisor support for this concept improves introspection performance in prevalent virtual machine tracing applications considerably up to 98 times. © 2021 Owner/Author. LA - English DB - MTMT ER - TY - JOUR AU - Jiang, Peipei AU - Wang, Qian AU - Huang, Muqi AU - Wang, Cong AU - Li, Qi AU - Shen, Chao AU - Ren, Kui TI - Building In-the-Cloud Network Functions: Security and Privacy Challenges JF - PROCEEDINGS OF THE IEEE J2 - P IEEE VL - 109 PY - 2021 IS - 12 SP - 1888 EP - 1919 PG - 32 SN - 0018-9219 DO - 10.1109/JPROC.2021.3127277 UR - https://m2.mtmt.hu/api/publication/33005384 ID - 33005384 N1 - Funding Agency and Grant Number: NSFC [61822207, U20B2049, 62132011, U21B2018, 61822309, 61773310, U1736205, 62032021, 61772236]; Fundamental Research Funds for the Central Universities [2042021gf0006]; Research Grants Council of Hong Kong [CityU 11217819, CityU 11217620, R6021-20F]; Beijing National Research Center for Information Science and Technology (BNRist) [BNR2020RC01013]; National Key Research and Development Program [2020YFB1406900]; Shanxi Province Key Industry Innovation Program [2021ZDLGY01-02]; Zhejiang Key Research and Development Plan [2019C03133] Funding text: This work supported in part by NSFC under Grant 61822207, Grant U20B2049, Grant 62132011, Grant U21B2018, Grant 61822309, Grant 61773310, Grant U1736205, Grant 62032021, and Grant 61772236; in part by the Fundamental Research Funds for the Central Universities under Grant 2042021gf0006; in part by the Research Grants Council of Hong Kong under Grant CityU 11217819, Grant CityU 11217620, and Grant R6021-20F; in part by the Beijing National Research Center for Information Science and Technology (BNRist) under Grant BNR2020RC01013; in part by the National Key Research and Development Program under Grant 2020YFB1406900; in part by the Shanxi Province Key Industry Innovation Program under Grant 2021ZDLGY01-02; and in part by the Zhejiang Key Research and Development Plan under Grant 2019C03133. AB - Network function virtualization (NFV) has been promising to improve the availability, programmability, and flexibility of network function deployment and communication facilities. Meanwhile, with the advancements of cloud technologies, there has been a trend to outsource network functions through virtualization to a cloud service provider, so as to alleviate the local burdens on provisioning and managing such hardware resources. Promising as it is, redirecting the communication traffic to a third-party service provider has drawn various security and privacy concerns. Traditional end-to-end encryption can protect the traffic in transmit, but it also hinders data usability. This dilemma has raised wide interests from both industry and academia, and great efforts have been made to realize privacy-preserving network function outsourcing that can guarantee the confidentiality of network communications while preserving the ability to inspect the traffic. In this article, we conduct a comprehensive survey of the state-of-the-art literature on network function outsourcing, with a special focus on privacy and security issues. We first give a brief introduction to NFV and pinpoint its challenges and security risks in the cloud context. Then, we present detailed descriptions and comparisons of existing secure network function outsourcing schemes in terms of functionality, efficiency, and security. Finally, we conclude by discussing possible future research directions. LA - English DB - MTMT ER - TY - JOUR AU - Pinto, S. AU - Machado, P. AU - Oliveira, D. AU - Cerdeira, D. AU - Gomes, T. TI - Self-secured devices: High performance and secure I/O access in TrustZone-based systems JF - JOURNAL OF SYSTEMS ARCHITECTURE J2 - J SYST ARCHITECT VL - 119 PY - 2021 SN - 1383-7621 DO - 10.1016/j.sysarc.2021.102238 UR - https://m2.mtmt.hu/api/publication/32489457 ID - 32489457 N1 - Export Date: 10 November 2021 CODEN: JSARF Correspondence Address: Pinto, S.; Centro ALGORITMI, Portugal; email: sandro.pinto@dei.uminho.pt Funding details: UIDB/00319/2020 Funding details: Fundação para a Ciência e a Tecnologia, FCT Funding text 1: This work has been supported by FCT -Funda??o para a Ci?ncia e Tecnologia, Portugal within the R&D Units Project Scope: UIDB/00319/2020. Funding text 2: This work has been supported by FCT -Fundação para a Ciência e Tecnologia, Portugal within the R&D Units Project Scope: UIDB/00319/2020 . AB - Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance. This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing. © 2021 LA - English DB - MTMT ER - TY - JOUR AU - Repetto, Matteo AU - Striccoli, Domenico AU - Piro, Giuseppe AU - Carrega, Alessandro AU - Boggia, Gennaro AU - Bolla, Raffaele TI - An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains JF - JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT J2 - J NETW SYST MANAG VL - 29 PY - 2021 IS - 4 PG - 34 SN - 1064-7570 DO - 10.1007/s10922-021-09607-7 UR - https://m2.mtmt.hu/api/publication/32395267 ID - 32395267 N1 - IMATI - CNR, Genoa, Italy Dept. of Electrical and Information Engineering (DEI), Politecnico di Bari, Bari, Italy CNIT, Consorzio Nazionale Interuniversitario per le Telecomunicazioni, Pisa, Italy S2N Lab, CNIT, Genoa, Italy DITEN, University of Genoa, Genoa, Italy Export Date: 10 November 2021 CODEN: JNSME Correspondence Address: Striccoli, D.; Dept. of Electrical and Information Engineering (DEI), Italy; email: domenico.striccoli@poliba.it Funding details: Horizon 2020 Framework Programme, H2020, 786922, 833456 Funding text 1: This work was framed in the context of the projects ASTRID and GUARD, which receive funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement 833456 and 786922, respectively. Funding text 2: Open access funding provided by Politecnico di Bari within the CRUI-CARE Agreement. AB - Today, the digital economy is pushing new business models, based on the creation of value chains for data processing, through the interconnection of processes, products, services, software, and things across different domains and organizations. Despite the growing availability of communication infrastructures, computing paradigms, and software architectures that already effectively support the implementation of distributed multi-domain value chains, a comprehensive architecture is still missing that effectively fulfills all related security issues: mutual trustworthiness of entities in partially unknown topologies, identification and mitigation of advanced multi-vector threats, identity management and access control, management and propagation of sensitive data. In order to fill this gap, this work proposes a new methodological approach to design and implement heterogeneous security services for distributed systems that combine together digital resources and components from multiple domains. The framework is designed to support both existing and new security services, and focuses on three novel aspects: (i) full automation of the processes that manage the whole system, i.e., threat detection, collection of information and reaction to attacks and system anomalies; (ii) dynamic adaptation of operations and security tasks to newest attack patterns, and (iii) real-time adjustment of the level of detail of inspection and monitoring processes. The overall architecture as well as the functions and relationships of its logical components are described in detail, presenting also a concrete use case as an example of application of the proposed framework. LA - English DB - MTMT ER - TY - CHAP AU - Abdelmoumin, G. AU - Hazzazi, N. ED - Latifi, Shahram TI - Distributed Operating System Security and Protection: A Short Survey T2 - 17th International Conference on Information Technology–New Generations (ITNG 2020) VL - 1134 PB - Springer Netherlands CY - Cham SN - 9783030430207 T3 - Advances in Intelligent Systems and Computing, ISSN 2194-5357 ; 1134. PY - 2020 SP - 145 EP - 151 PG - 7 DO - 10.1007/978-3-030-43020-7_20 UR - https://m2.mtmt.hu/api/publication/32489462 ID - 32489462 N1 - Conference code: 240139 Export Date: 10 November 2021 Correspondence Address: Abdelmoumin, G.; Howard UniversityUnited States; email: ghada.abdelmoumin@bison.howard.edu AB - In this paper, we investigate several modern distributed operating systems (DiOSs) and their security policies and mechanisms. We survey the various security and protection issues present in DiOSs and review strategies and techniques used by DiOSs to control access to system resources and protect the integrity of the information stored in the system from accidental events and malicious activities. Further, we distinguish between network security and DiOSs security and explore the attack surface of DiOSs compared to traditional operating systems. We concentrate on a class of distributed operating systems known as cloud operating systems (COSs). © Springer Nature Switzerland AG 2020. LA - English DB - MTMT ER - TY - JOUR AU - Afianian, Amir AU - Niksefat, Salman AU - Sadeghiyan, Babak AU - Baptiste, David TI - Malware Dynamic Analysis Evasion Techniques: A Survey JF - ACM COMPUTING SURVEYS J2 - ACM COMPUT SURV VL - 52 PY - 2020 IS - 6 PG - 28 SN - 0360-0300 DO - 10.1145/3365001 UR - https://m2.mtmt.hu/api/publication/31451946 ID - 31451946 N1 - APA Research Center, Amirkabir University of Technology, No. 350, Hafez Ave, Valiasr Square, Tehran, Iran ESIEA (C + V)O Lab, Laval, France Cited By :20 Export Date: 10 November 2021 CODEN: ACSUE Funding details: American Philological Association, APA Funding details: Amirkabir University of Technology, AUT Funding text 1: This work is supported by APA research center (http://apa.aut.ac.ir) at Amirkabir University of Technology, Tehran, Iran. Funding text 2: This work is supported by APA research center (http://apa.aut.ac.ir) at Amirkabir University of Technology, Tehran, Iran. Authors’ addresses: A. Afianian, S. Niksefat, and B. Sadeghiyan, APA Research Center, Amirkabir University of Technology, No. 350, Hafez Ave, Valiasr Square, Tehran, Iran 1591634311; emails: {a.afianian, niksefat, basadegh}@aut.ac.ir; D. Baptiste, ESIEA (C + V)O lab, Laval, France; email: baptiste.david@esiea.fr. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. © 2019 Association for Computing Machinery. 0360-0300/2019/11-ART126 $15.00 https://doi.org/10.1145/3365001 AB - The cyber world is plagued with ever-evolving malware that readily infiltrate all defense mechanisms, operate viciously unbeknownst to the user, and surreptitiously exfiltrate sensitive data. Understanding the inner workings of such malware provides a leverage to effectively combat them. This understanding is pursued often through dynamic analysis which is conducted manually or automatically. Malware authors accordingly, have devised and advanced evasion techniques to thwart or evade these analyses. In this article, we present a comprehensive survey on malware dynamic analysis evasion techniques. In addition, we propose a detailed classification of these techniques and further demonstrate how their efficacy holds against different types of detection and analysis approaches.Our observations attest that evasive behavior is mostly concerned with detecting and evading sandboxes. The primary tactic of such malware we argue is fingerprinting followed by new trends for reverse Turing test tactic which aims at detecting human interaction. Furthermore, we will posit that the current defensive strategies, beginning with reactive methods to endeavors for more transparent analysis systems, are readily foiled by zero-day fingerprinting techniques or other evasion tactics such as stalling. Accordingly, we would recommend the pursuit of more generic defensive strategies with an emphasis on path exploration techniques that has the potential to thwart all the evasive tactics. LA - English DB - MTMT ER - TY - JOUR AU - Asvija, B. AU - Eswari, R. AU - Bijoy, M. B. TI - Bayesian attack graphs for platform virtualized infrastructures in clouds JF - JOURNAL OF INFORMATION SECURITY AND APPLICATIONS J2 - J INF SECUR APPL VL - 51 PY - 2020 PG - 10 SN - 2214-2126 DO - 10.1016/j.jisa.2020.102455 UR - https://m2.mtmt.hu/api/publication/31451945 ID - 31451945 N1 - Centre for Development of Advanced Computing (C-DAC), Bangalore, India Department of Computer Applications, National Institute of Technology, Tiruchirappalli, India Cited By :5 Export Date: 10 November 2021 Correspondence Address: Asvija, B.; Centre for Development of Advanced Computing (C-DAC)India; email: asvijab@cdac.in AB - Virtualization security is an important aspect to be carefully addressed while provisioning cloud services. In this paper, we propose a novel model using Bayesian Attack Graphs (BAG) to perform security risk assessment for platform virtualized infrastructures that are used for building cloud services. BAGs are powerful mechanisms that can be used to model the uncertainties inherent in security attacks. We build upon the reference conditional probability tables for the BAG nodes using the reported attacks on virtualized systems from the Common Vulnerabilities and Exposures (CVE) database. We employ Bayesian probabilistic inference techniques on the model presented and showcase the results obtained that can be used by system architects for the risk assessment of such infrastructures. In addition to the probabilistic model, we also present a deterministic approach with security metrics for attack graphs and derive the values for the modeled BAG, which can be used for assessing and comparing with other architectures. The approach described here to draw inferences from the BAG can be employed by system architects to find explanations to critical queries in security design and also to carefully select the countermeasures to be installed. The model can also be used to learn from future a-posteriori evidence data from actual security breaches to provide an efficient risk assessment. (C) 2020 Elsevier Ltd. All rights reserved. LA - English DB - MTMT ER - TY - CHAP AU - Mukherjee, M. AU - Ferrag, M.A. AU - Maglaras, L. AU - Derhab, A. AU - Aazam, M. ED - Yang, Yang ED - Jianwei, Huang ED - Tao, Zhang ED - Joe, Weinman TI - Security and privacy issues and solutions for fog T2 - Fog and Fogonomics: Challenges and Practices of Fog Computing, Communication, Networking, Strategy, and Economics PB - Wiley CY - Hoboken (NJ) SN - 9781119501121 PY - 2020 SP - 353 EP - 374 PG - 22 DO - 10.1002/9781119501121.ch14 UR - https://m2.mtmt.hu/api/publication/32489458 ID - 32489458 N1 - Cited By :5 Export Date: 10 November 2021 Correspondence Address: Mukherjee, M.; Guangdong Provincial Key Laboratory of Petrochemical Equipment Fault Diagnosis, China AB - This chapter presents an overview of the primary security and privacy issues in fog computing. It discusses the state-of-the-art solutions that deal with fog computing-related security and privacy challenges. The chapter also discusses the major attacks on fog-based Internet of Things (IoT) applications. It provides a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving fog-based IoT applications. The chapter aims to summarize all up-to-date research contributions and to outline future research directions that researcher can follow in order to address different security and privacy preservation challenges in fog computing. Cloud computing suffers from substantial yet unsolved challenges such as large end-to-end delay, traffic congestion, lack of mobility, location awareness, and communication cost. Due to lack of centralized and privileged control in security management as in cloud computing, access control becomes a challenging issue in fog computing with heterogeneous and service requirements. © 2020 JohnWiley & Sons, Inc. All rights reserved. LA - English DB - MTMT ER - TY - CHAP AU - Prechtl, M. AU - Lichtenthäler, R. AU - Wirtz, G. ED - Dustdar, S. TI - Investigating Possibilites for Protecting and Hardening Installable FaaS Platforms T2 - Service-Oriented Computing VL - 1310 PB - Springer Netherlands CY - Cham SN - 9783030648459 T3 - Communications in Computer and Information Science, ISSN 1865-0929 ; 1310. PY - 2020 SP - 107 EP - 126 PG - 20 DO - 10.1007/978-3-030-64846-6_7 UR - https://m2.mtmt.hu/api/publication/32489460 ID - 32489460 N1 - Conference code: 252909 Cited By :1 Export Date: 10 November 2021 Correspondence Address: Lichtenthäler, R.; Distributed Systems Group, Germany; email: robin.lichtenthaeler@uni-bamberg.de AB - Function as a Service is a popular trend in the area of cloud computing and also for IoT use cases. Thus, in addition to cloud services, installable open source platforms for FaaS have recently emerged. To deploy such an installable FaaS platform in production, the security aspect needs to be considered which has not been investigated in detail yet. Therefore, this work presents possible security threats and recommended security measures for protecting and hardening installable FaaS platforms. Currently available FaaS platforms are analyzed according to the possibilities they offer to implement such security measures. Although most platforms provide necessary security measures, there is still potential to improve the platforms by offering advanced measures and facilitate a secure deployment. © 2020, Springer Nature Switzerland AG. LA - English DB - MTMT ER - TY - JOUR AU - Asvija, B. AU - Eswari, R. AU - Bijoy, M. B. TI - Security in hardware assisted virtualization for cloud computing-State of the art issues and challenges JF - COMPUTER NETWORKS J2 - COMPUT NETW VL - 151 PY - 2019 SP - 68 EP - 92 PG - 25 SN - 1389-1286 DO - 10.1016/j.comnet.2019.01.013 UR - https://m2.mtmt.hu/api/publication/30806864 ID - 30806864 N1 - Centre for Development of Advanced Computing (C-DAC), Bengaluru, India Department of Computer Applications, National Institute of Technology, Tiruchirappalli, India Cited By :2 Export Date: 29 October 2019 CODEN: CNETD Correspondence Address: Asvija, B.; Centre for Development of Advanced Computing (C-DAC)India; email: asvijab@cdac.in AB - The advantages of virtualization technology have resulted in its wide spread adoption in cloud computing infrastructures. However it has also introduced a new set of security threats that are serious in nature. Many of these threats are unique in virtualized environments and not pertinent in the traditional computing scenarios. Hence these threats have been less studied and thus less addressed by most of the security application vendors. For this reason, it becomes important to carefully analyze the various threats arising at different components of virtualization and thus effectively create solutions to defend the systems against them. This survey attempts to highlight the significant vulnerabilities and expose the readers to the various existing attacks related to Hardware assisted virtualization, as it has become the most widely used form of virtualization in building modern day massive data centers and cloud infrastructures. A Bayesian attack graph model is presented for evaluating the risks associated with the identified threats. A detailed discussion of various countermeasures proposed against the identified threats is presented along with the enumeration of challenges in adopting them. (C) 2019 Elsevier B.V. All rights reserved. LA - English DB - MTMT ER - TY - CHAP AU - Bolla, R. AU - Carrega, A. AU - Repetto, M. ED - IEEE, null TI - An abstraction layer for cybersecurity context T2 - 2019 International Conference on Computing, Networking and Communications PB - Institute of Electrical and Electronics Engineers (IEEE) CY - Piscataway (NJ) SN - 9781538692233 PY - 2019 SP - 214 EP - 218 PG - 5 DO - 10.1109/ICCNC.2019.8685665 UR - https://m2.mtmt.hu/api/publication/30806858 ID - 30806858 N1 - DITEN - University of Genoa, Genoa, Italy S3ITI Lab, CNIT, Genoa, Italy Export Date: 29 October 2019 AB - The growing complexity and diversification of cy her attacks are largely reflected in the increasing sophistication of security appliances, which arc often too cumbersome to be run in virtual services and IoT devices. Hence, the design of cyber-security frameworks is today looking at more cooperative models, which collect security-related data from a large set of heterogeneous sources for centralized analysis and correlation. In this paper, we outline a flexible abstraction layer for access to security context. It is conceived to program and gather data from lightweight inspection and enforcement hooks deployed in cloud applications and IoT devices. We also provide a preliminary description of its implementation, by reviewing the main software components and their role. LA - English DB - MTMT ER - TY - CHAP AU - Carrega, Alessandro AU - Repetto, Matteo ED - ACM, null TI - Data Log Management for Cyber-Security Programmability of Cloud Services and Applications T2 - Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race - CYSARM'19 PB - Association for Computing Machinery (ACM) CY - New York, New York SN - 9781450368407 PY - 2019 SP - 47 EP - 52 PG - 6 DO - 10.1145/3338511.3357351 UR - https://m2.mtmt.hu/api/publication/30918602 ID - 30918602 N1 - ACM SIGSAC Conference code: 165664 Export Date: 10 November 2021 Funding details: Horizon 2020 Framework Programme, H2020, 786922, 833456 Funding details: European Commission, EC Funding details: Korea Coast Guard, KCG Funding text 1: This work was partially supported by the European Commission under the projects ASTRID (contract 786922) and GUARD (contract 833456). LA - English DB - MTMT ER - TY - JOUR AU - Covaci, Stefan AU - Repetto, Matteo AU - Risso, Fulvio TI - Towards Autonomous Security Assurance in 5G Infrastructures JF - IEICE TRANSACTIONS ON COMMUNICATIONS J2 - IEICE T COMMUN VL - E102B PY - 2019 IS - 3 SP - 401 EP - 409 PG - 9 SN - 0916-8516 DO - 10.1587/transcom.2018NVI0001 UR - https://m2.mtmt.hu/api/publication/30806865 ID - 30806865 N1 - Export Date: 29 October 2019 CODEN: ITRCE AB - 5G infrastructures will heavily rely on novel paradigms such as Network Function Virtualization and Service Function Chaining to build complex business chains involving multiple parties. Although virtualization of security middleboxes looks a common practice today, we argue that this approach is inefficient and does not fit the peculiar characteristics of virtualized environments. In this paper, we outline a new paradigm towards autonomous security assurance in 5G infrastructures, leveraging service orchestration for semi-autonomous management and reaction, yet decoupling security management from service graph design. Our work is expected to improve the design and deployment of complex business chains, as well as the application of artificial intelligence and machine learning techniques over large and intertwined security datasets. We describe the overall concept and architecture, and discuss in details the three architectural layers. We also report preliminary work on implementation of the system, by introducing relevant technologies. LA - English DB - MTMT ER - TY - JOUR AU - Dev, Ras Pandey AU - Bharat, Mishra TI - Study of Virtualization Software in the context of VMware Infrastructure JF - INTERNATIONAL JOURNAL OF ADVANCED SCIENTIFIC RESEARCH AND MANAGEMENT J2 - IJASRM VL - 2019 PY - 2019 IS - 5 SP - 55 EP - 59 PG - 5 SN - 2455-6378 UR - https://m2.mtmt.hu/api/publication/30918865 ID - 30918865 LA - English DB - MTMT ER - TY - JOUR AU - Do, Quang AU - Martini, Ben AU - Choo, Kim-Kwang Raymond TI - The role of the adversary model in applied security research JF - COMPUTERS AND SECURITY J2 - COMPUT SECUR VL - 81 PY - 2019 SP - 156 EP - 181 PG - 26 SN - 0167-4048 DO - 10.1016/j.cose.2018.12.002 UR - https://m2.mtmt.hu/api/publication/30806863 ID - 30806863 N1 - School of Information Technology & Mathematical Sciences, University of South Australia, Adelaide, SA 5095, Australia Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX 78249, United States Cited By :1 Export Date: 29 October 2019 CODEN: CPSED Correspondence Address: Choo, K.-K.R.; Department of Information Systems and Cyber Security, University of Texas at San AntonioUnited States; email: raymond.choo@fulbrightmail.org AB - Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of loT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities. (C) 2018 Elsevier Ltd. All rights reserved. LA - English DB - MTMT ER - TY - JOUR AU - Hui, Hongwen AU - Zhou, Chengcheng AU - An, Xingshuo AU - Lin, Fuhong TI - A New Resource Allocation Mechanism for Security of Mobile Edge Computing System JF - IEEE ACCESS J2 - IEEE ACCESS VL - 7 PY - 2019 SP - 116886 EP - 116899 PG - 14 SN - 2169-3536 DO - 10.1109/ACCESS.2019.2936374 UR - https://m2.mtmt.hu/api/publication/30806857 ID - 30806857 N1 - School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing, 100083, China Fifteenth Research Institute of China Electronic Science and Technology Group Corporation, Beijing, 100083, China Cited By :15 Export Date: 10 November 2021 Correspondence Address: Lin, F.; School of Computer and Communication Engineering, China; email: fhlin@ustb.edu.cn Funding details: National Natural Science Foundation of China, NSFC, 61873026 Funding details: National Key Research and Development Program of China, NKRDPC, 2018YFB1003905 Funding text 1: This work was supported by the National Key Research and Development Program of China under Grant 2018YFB1003905, and in part by the Natural Science Foundation of China under Grant 61873026. AB - Mobile-Edge Computing (MEC) is a new computing paradigm that provides a capillary distribution of cloud computing capabilities to the network edge. In this paper, we studied the security defense problem in MEC network environment. One big challenge is how to efficiently allocate resources to deploy Mobile-Edge Computing-Intrusion Detection Systems (MEC-IDS) in this system, since all the MEC hosts are composed of resource-constrained network devices. To tackle this challenge, a new resource allocation mechanism based on deterministic differential equation model is proposed and investigated. Existence, uniqueness and stability of the positive solution of this model are obtained by using Lyapuonv stability theory. Furthermore, we extended our study to MEC network environment with stochastic perturbation and established a new stochastic differential equation model. We proved the existence, uniqueness, persistence and oscillatory of the positive solution of this model and quantitatively analyzed the relationship between oscillation and intensity of stochastic perturbation. Numerical simulations are carried out to illustrate the effectiveness of the main results. LA - English DB - MTMT ER - TY - JOUR AU - Kim, Dong-woo AU - Kang, Soo-young AU - Kim, Seung-joo TI - Analysis of Security Requirements for Session-Oriented Cross Play Using X-box JF - Journal of the Korea Institute of Information Security and Cryptology VL - 29 PY - 2019 IS - 1 SP - 235 EP - 255 PG - 21 SN - 1598-3986 DO - 10.13089/JKIISC.2019.29.1.235 UR - https://m2.mtmt.hu/api/publication/30918619 ID - 30918619 LA - Korean DB - MTMT ER - TY - JOUR AU - Rasheed, Arslan AU - Chong, Peter Han Joo AU - Ho, Ivan Wang-Hei AU - Li, Xue Jun AU - Liu, William TI - An Overview of Mobile Edge Computing: Architecture, Technology and Direction JF - KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS J2 - KSII T INTERNET INF VL - 13 PY - 2019 IS - 10 SP - 4849 EP - 4864 PG - 16 SN - 1976-7277 DO - 10.3837/tiis.2019.10.002 UR - https://m2.mtmt.hu/api/publication/31079358 ID - 31079358 N1 - Department of Electrical and Electronic Engineering, Auckland University of Technology, New Zealand Department of Electrical and Information Engineering, Hong Kong Polytechnic University, Hong Kong Department of Information Technology and Software Engineering, Auckland University of Technology, New Zealand Cited By :8 Export Date: 10 November 2021 Correspondence Address: Joo Chong, P.H.; Department of Electrical and Electronic Engineering, New Zealand; email: peter.chong@aut.ac.nz AB - Modern applications such as augmented reality, connected vehicles, video streaming and gaming have stringent requirements on latency, bandwidth and computation resources. The explosion in data generation by mobile devices has further exacerbated the situation. Mobile Edge Computing (MEC) is a recent addition to the edge computing paradigm that amalgamates the cloud computing capabilities with cellular communications. The concept of MEC is to relocate the cloud capabilities to the edge of the network for yielding ultra-low latency, high computation, high bandwidth, low burden on the core network, enhanced quality of experience (QoE), and efficient resource utilization. In this paper, we provide a comprehensive overview on different traits of MEC including its use cases, architecture, computation offloading, security, economic aspects, research challenges, and potential future directions. LA - English DB - MTMT ER - TY - JOUR AU - Șandor, Andrei TI - Virtualization Solutions Supporting Privacy and Data Protection in Online Activities JF - INTERNATIONAL CONFERENCE - THE KNOWLEDGE-BASED ORGANIZATION J2 - KBO PROCEEDINGS VL - 25 PY - 2019 IS - 3 SP - 168 EP - 173 PG - 6 SN - 1843-6722 DO - 10.2478/kbo-2019-0133 UR - https://m2.mtmt.hu/api/publication/30918625 ID - 30918625 LA - English DB - MTMT ER - TY - JOUR AU - Sultan, Sari AU - Ahmad, Imtiaz AU - Dimitriou, Tassos TI - Container Security: Issues, Challenge and the Road Ahead JF - IEEE ACCESS J2 - IEEE ACCESS VL - 7 PY - 2019 SP - 52976 EP - 52996 PG - 21 SN - 2169-3536 DO - 10.1109/ACCESS.2019.2911732 UR - https://m2.mtmt.hu/api/publication/30806860 ID - 30806860 N1 - Cited By :1 Export Date: 29 October 2019 Correspondence Address: Ahmad, I.; Department of Computer Engineering, Kuwait UniversityKuwait; email: imtiaz.ahmad@ku.edu.kw AB - Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach $2.7 billion in 2020 as compared to $762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area. LA - English DB - MTMT ER - TY - JOUR AU - Suparni, null AU - Mawengkang, H. TI - An interactive method for solving a lass of stochastic multi objective integer linear programming problem JF - INTERNATIONAL JOURNAL OF RECENT TECHNOLOGY AND ENGINEERING (IJRTE) J2 - INT J RECENT TECHNOL AND ENG VL - 7 PY - 2019 IS - 6 SP - 1395 EP - 1400 PG - 6 SN - 2277-3878 UR - https://m2.mtmt.hu/api/publication/30866345 ID - 30866345 N1 - Export Date: 29 October 2019 Correspondence Address: Mawengkang, H.; University of Sumatera UtaraIndonesia; email: hmawengkang@yahoo.com LA - English DB - MTMT ER - TY - JOUR AU - Zhang, S. AU - Wang, Y. AU - Zhou, W. TI - Towards secure 5G networks: A Survey JF - COMPUTER NETWORKS J2 - COMPUT NETW VL - 162 PY - 2019 SN - 1389-1286 DO - 10.1016/j.comnet.2019.106871 UR - https://m2.mtmt.hu/api/publication/30866342 ID - 30866342 N1 - Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100049, China Export Date: 29 October 2019 CODEN: CNETD Correspondence Address: Wang, Y.; Institute of Information Engineering, Chinese Academy of SciencesChina; email: wangyongming@iie.ac.cn LA - English DB - MTMT ER - TY - JOUR AU - Abbas, N. AU - Zhang, Y. AU - Taherkordi, A. AU - Skeie, T. TI - Mobile Edge Computing: A Survey JF - IEEE INTERNET OF THINGS JOURNAL J2 - IEEE INTERNET OF THINGS J VL - 5 PY - 2018 IS - 1 SP - 450 EP - 465 PG - 16 SN - 2327-4662 DO - 10.1109/JIOT.2017.2750180 UR - https://m2.mtmt.hu/api/publication/30866349 ID - 30866349 N1 - Department of Informatics, University of Oslo, Norway Simula Research Laboratory, Lysaker, 1325, Norway Cited By :183 Export Date: 29 October 2019 Correspondence Address: Zhang, Y.; Department of Informatics, University of OsloNorway; email: yanzhang@ifi.uio.no LA - English DB - MTMT ER - TY - JOUR AU - Barrowclough, J.P. AU - Asif, R. TI - Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures JF - SECURITY AND COMMUNICATION NETWORKS J2 - SECUR COMMUN NETW VL - 2018 PY - 2018 SN - 1939-0114 DO - 10.1155/2018/1681908 UR - https://m2.mtmt.hu/api/publication/30866350 ID - 30866350 N1 - Export Date: 29 October 2019 Correspondence Address: Asif, R.; Centre for Distributed Computing, Networks, and Security, School of Computing, Edinburgh Napier UniversityUnited Kingdom; email: r.asif@napier.ac.uk LA - English DB - MTMT ER - TY - JOUR AU - Botacin, Marcus AU - de Geus, Paulo Licio AU - Gregio, Andre TI - Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms JF - ACM COMPUTING SURVEYS J2 - ACM COMPUT SURV VL - 51 PY - 2018 IS - 4 PG - 34 SN - 0360-0300 DO - 10.1145/3199673 UR - https://m2.mtmt.hu/api/publication/30567585 ID - 30567585 N1 - University of Campinas, Av. Albert Einstein, 1251, Cidade Universitaria 'Zeferino Vaz', Barao Geraldo, Campinas, SP, 13083-852, Brazil Federal University of Parana, Rua Evaristo F. F. da Costa, 383-391, Jardim das Americas, Curitiba, PR, 80050-540, Brazil Export Date: 29 October 2019 CODEN: ACSUE University of Campinas, Av. Albert Einstein, 1251, Cidade Universitaria 'Zeferino Vaz', Barao Geraldo, Campinas, SP, 13083-852, Brazil Federal University of Parana, Rua Evaristo F. F. da Costa, 383-391, Jardim das Americas, Curitiba, PR, 80050-540, Brazil Export Date: 13 November 2019 CODEN: ACSUE AB - Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms. LA - English DB - MTMT ER - TY - CHAP AU - Carrega, A. AU - Repetto, M. AU - Risso, F. AU - Covaci, S. AU - Zafeiropoulos, A. AU - Giannetsos, T. AU - Toscano, O. ED - IEEE, null TI - Situational Awareness in Virtual Networks: the ASTRID Approach T2 - 2018 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING (CLOUDNET) PB - IEEE CY - New York, New York SN - 9781538668313 PY - 2018 PG - 6 DO - 10.1109/CloudNet.2018.8549540 UR - https://m2.mtmt.hu/api/publication/30806861 ID - 30806861 N1 - CNIT, S3ITI Lab, Italy Politecnico di Torino, Italy Technical University of Berlin, Germany Ubitech Ltd, Greece University of Surrey, United Kingdom Ericsson Telecomunicazioni, Italy Export Date: 29 October 2019 AB - Cloud-based services often follow the same logical structure of private networks. The lack of physical boundaries and the dependence on third party's infrastructural security mechanisms often undermine the confidence in the overall security level of virtualized applications. Integrating software instances of common security middleboxes into cloud networks helps overcome most suspicions, but leads to inefficient solutions.In this paper, we describe the vision behind the ASTRID project. The novelty of our concept lies in decoupling detection algorithms from monitoring and inspection tasks, seeking better integration with virtualization frameworks. We briefly elaborate on the overall conceptual architecture and the foundation of its implementation components. Additionally, we give insights on the expected impacts and opportunities brought by this novel paradigm over the existing approaches. LA - English DB - MTMT ER - TY - CHAP AU - Futagami, Shota AU - Unoki, Tomoya AU - Kourai, Kenichi TI - Secure Out-of-band Remote Management of Virtual Machines with Transparent Passthrough T2 - 34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018) PB - Association for Computing Machinery (ACM) CY - New York, New York PY - 2018 SP - 430 EP - 440 PG - 11 DO - 10.1145/3274694.3274749 UR - https://m2.mtmt.hu/api/publication/30567582 ID - 30567582 N1 - Export Date: 29 October 2019 AB - Infrastructure-as-a-Service clouds provide out-of-band remote management for users to access their virtual machines (VMs). Out-of-band remote management is a method for indirectly accessing VMs via their virtual devices. While virtual devices running in the virtualized system are managed by cloud operators, not all cloud operators are always trusted in clouds. To prevent information leakage from virtual devices and tampering with their I/O data, several systems have been proposed by trusting the hypervisor in the virtualized system. However, they have various issues on security and management. This paper proposes VSBypass, which enables secure out-of-band remote management outside the virtualized system using a technique called transparent passthrough. VSBypass runs the entire virtualized system in an outer VM using nested virtualization. Then it intercepts I/O requests of out-of-band remote management and processes those requests in shadow devices, which run outside the virtualized system. We have implemented VSBypass in Xen for the virtual serial console and GUI remote access. We confirmed that information leakage was prevented and that the performance was comparable to that in traditional out-of-band remote management. LA - English DB - MTMT ER - TY - CHAP AU - Kumar, V. AU - Rathore, R.S. ED - Singh, M. ED - Sharma, V. TI - Security Issues with Virtualization in Cloud Computing T2 - 2018 IEEE International Conference on Advances in Computing, Communication Control and Networking, ICACCCN 2018 PB - Institute of Electrical and Electronics Engineers (IEEE) CY - Piscataway (NJ) SN - 9781538641194 PY - 2018 SP - 487 EP - 491 PG - 5 DO - 10.1109/ICACCCN.2018.8748405 UR - https://m2.mtmt.hu/api/publication/30866348 ID - 30866348 N1 - Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - JOUR AU - Pattaranantakul, Montida AU - He, Ruan AU - Song, Qipeng AU - Zhang, Zonghua AU - Meddahi, Ahmed TI - NFV Security Survey: From Use Case Driven Threat Analysis to State-of-the-Art Countermeasures JF - IEEE COMMUNICATIONS SURVEYS AND TUTORIALS J2 - IEEE COMMUN SURV TUTOR VL - 20 PY - 2018 IS - 4 SP - 3330 EP - 3368 PG - 39 SN - 1553-877X DO - 10.1109/COMST.2018.2859449 UR - https://m2.mtmt.hu/api/publication/30567584 ID - 30567584 N1 - Cited By :7 Export Date: 29 October 2019 Correspondence Address: Zhang, Z.; SAMOVAR Lab, CNRS UMR 5157France; email: zonghua.zhang@imt-Lille-douai.fr AB - Network functions virtualization (NFV), along with software-defined networking (SDN), drives a new change in networking infrastructure with respect to designing, deploying, and managing various network services. In particular, NFV has potential to significantly reduce the hardware cost, greatly improve operational efficiency, and dramatically shorten the development lifecycle of network service. It also makes network functions and services much more adaptive and scalable. Despite the promising advantages of NFV, security remains to be one of the vital concerns and potential hurdle, as attack surface becomes unclear and defense line turns to be blurred in the virtualization environment. This survey is therefore devoted to analyzing NFV from a security perspective. We first analyze security threats of five well-defined NFV use cases, with an objective to establishing a comprehensive layer-specific threat taxonomy. Second, we conduct in-depth comparative studies on several security mechanisms that are applied in traditional scenarios and in NFV environments. The purpose is to analyze their implicit relationships with NFV performance objectives in terms of feasibility, agility, effectiveness, and so on. Third, based on the established threat taxonomy and the analyzed security mechanisms, we provide a set of recommendations on securing NFV based services, along with the analysis on the state-of-the-art security countermeasures. A resulting holistic security framework is intended to lay a foundation for NFV service providers to deploy adaptive, scalable, and cost-effective security hardening based on their particular needs. Some future research directions are finally discussed. LA - English DB - MTMT ER - TY - JOUR AU - Rapuzzi, R AU - Repetto, M TI - Building situational awareness for network threats in fog/edge computing: Emerging paradigms beyond the security perimeter model JF - FUTURE GENERATION COMPUTER SYSTEMS J2 - FUTUR GENER COMP SYST VL - 85 PY - 2018 SP - 235 EP - 249 PG - 15 SN - 0167-739X DO - 10.1016/j.future.2018.04.007 UR - https://m2.mtmt.hu/api/publication/27569606 ID - 27569606 N1 - Cited By :6 Export Date: 29 October 2019 CODEN: FGCSE Correspondence Address: Repetto, M.; CNIT, S3ITI National Lab, Via Opera Pia 13, Italy; email: matteo.repetto@cnit.it LA - English DB - MTMT ER - TY - JOUR AU - Roman, Rodrigo AU - Lopez, Javier AU - Mambo, Masahiro TI - Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges JF - FUTURE GENERATION COMPUTER SYSTEMS J2 - FUTUR GENER COMP SYST VL - 78 PY - 2018 SP - 680 EP - 698 PG - 19 SN - 0167-739X DO - 10.1016/j.future.2016.11.009 UR - https://m2.mtmt.hu/api/publication/27083720 ID - 27083720 N1 - Computer Science Department, University of Malaga, Ada Byron building, Malaga, 29071, Spain Faculty of Electrical and Computer Engineering, Institute of Science and Engineering, Kanazawa University, Kakuma Kanazawa, 920-1192, Japan Cited By :210 Export Date: 29 October 2019 CODEN: FGCSE Correspondence Address: Roman, R.; Computer Science Department, University of Malaga, Ada Byron building, Spain; email: roman@lcc.uma.es LA - English DB - MTMT ER - TY - JOUR AU - Saeed, Ahmed AU - Ahmadinia, Ali AU - Just, Mike TI - Hardware-Assisted Secure Communication in Embedded and Multi-Core Computing Systems JF - COMPUTERS J2 - COMPUTERS VL - 7 PY - 2018 IS - 2 PG - 22 SN - 2073-431X DO - 10.3390/computers7020031 UR - https://m2.mtmt.hu/api/publication/27569607 ID - 27569607 N1 - Export Date: 29 October 2019 Correspondence Address: Ahmadinia, A.; Department of Computer Science and Information Systems, California State University San MarcosUnited States; email: aahmadinia@csusm.edu LA - English DB - MTMT ER - TY - CHAP AU - Bulazel, A. AU - Yener, B. ED - Association, for Computing Machinery TI - A survey on automated dynamic malware analysis evasion and counter-evasion: PC, Mobile, and Web T2 - Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium PB - Association for Computing Machinery (ACM) CY - New York, New York SN - 9781450353212 PY - 2017 DO - 10.1145/3150376.3150378 UR - https://m2.mtmt.hu/api/publication/30866352 ID - 30866352 N1 - Cited By :2 Export Date: 29 October 2019 Cited By :3 Export Date: 13 November 2019 LA - English DB - MTMT ER - TY - JOUR AU - Hussain, S.A. AU - Fatima, M. AU - Saeed, A. AU - Raza, I. AU - Shahzad, R.K. TI - Multilevel classification of security concerns in cloud computing JF - APPLIED COMPUTING AND INFORMATICS J2 - APPLIED COMPUTING AND INFORMATICS VL - 13 PY - 2017 IS - 1 SP - 57 EP - 65 PG - 9 SN - 2210-8327 DO - 10.1016/j.aci.2016.03.001 UR - https://m2.mtmt.hu/api/publication/30866355 ID - 30866355 N1 - Department of Computer Science, COMSATS Institute of Information Technology Lahore, Pakistan School of Computing and Communications, Lancaster University, Lancaster, United Kingdom School of Computing, Blekinge Institute of Technology, Sweden Cited By :25 Export Date: 29 October 2019 Correspondence Address: Hussain, S.A.; Department of Computer Science, COMSATS Institute of Information Technology LahorePakistan; email: asadhussain@ciitlahore.edu.pk LA - English DB - MTMT ER - TY - CHAP AU - Liang, Ben ED - Wong, VWS TI - Mobile Edge Computing T2 - Key Technologies for 5G Wireless Systems PB - Cambridge University Press CY - Cambridge SN - 1107172411 PY - 2017 SP - 76 EP - 91 PG - 16 UR - https://m2.mtmt.hu/api/publication/30922465 ID - 30922465 LA - English DB - MTMT ER - TY - CHAP AU - Litchfield, Alan AU - Shahzad, Abid TI - A systematic review of vulnerabilities in hypervisors and their detection T2 - AMCIS 2017 - America's Conference on Information Systems: A Tradition of Innovation VL - 2017-August PB - Curran Associates CY - Atlanta (GA) CY - Red Hook (NY) SN - 9781510856578 PY - 2017 SP - 2071 EP - 2080 PG - 10 UR - https://m2.mtmt.hu/api/publication/33091106 ID - 33091106 N1 - Cited By :2 Export Date: 13 September 2022 AB - The paper presents a systematic review of risk assessment processes to provide an overview of the risks to cloud computing and identify future research directions. This paper also provides an analysis of sophisticated threats to hypervisors and highlights vulnerabilities and exploits. Virtualization is a core feature of Cloud Computing and it is often a target for attackers. The hypervisor, which provides the virtualization layer, if compromised, can result in loss or damage to critical assets owned by Cloud Service Providers and their customers. The exploitation of hypervisor vulnerabilities provide opportunities for an attacker to launch sophisticated attacks such as Cross-VM Side Channel, Denial of Service, and Hypervisor Escape. The rate of adoption of cloud services is reflected in the lack of security controls against such sophisticated attacks and the resulting lack of trust, therefore we argue that risk assessment for hypervisors’ is significant for Cloud Service Providers. © 2017 AIS/ICIS Administrative Office. All Rights Reserved. LA - English DB - MTMT ER - TY - CHAP AU - Tunc, C. AU - Hariri, S. AU - Battou, A. ED - Edward, Griffor TI - A Design Methodology for Developing Resilient Cloud Services T2 - Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber Physical Systems PB - Elsevier Inc. CY - Amsterdam SN - 9780128038383 PY - 2017 SP - 177 EP - 197 PG - 21 DO - 10.1016/B978-0-12-803773-7.00009-7 UR - https://m2.mtmt.hu/api/publication/30866357 ID - 30866357 N1 - Electrical and Computer Engineering Department, University of Arizona, Tucson, AZ, United States Advanced Network Technologies Division, National Institute of Standards and Technology (NIST), Gaithersburg, MD, United States Export Date: 29 October 2019 Correspondence Address: Tunc, C.; Electrical and Computer Engineering Department, University of ArizonaUnited States LA - English DB - MTMT ER - TY - JOUR AU - Ullrich, Johanna AU - Zseby, Tanja AU - Fabini, Joachim AU - Weippl, Edgar TI - Network-Based Secret Communication in Clouds: A Survey JF - IEEE COMMUNICATIONS SURVEYS AND TUTORIALS J2 - IEEE COMMUN SURV TUTOR VL - 19 PY - 2017 IS - 2 SP - 1112 EP - 1144 PG - 33 SN - 1553-877X DO - 10.1109/COMST.2017.2659646 UR - https://m2.mtmt.hu/api/publication/30806867 ID - 30806867 N1 - SBA Research, Vienna, 1040, Austria Institute of Telecommunications, TU Wien, Vienna, 1040, Austria Cited By :3 Export Date: 29 October 2019 AB - The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities-data transmission concealing its mere existence or some of its characteristics-in clouds. The ability to establish such secret communication provides a powerful instrument to adversaries and can be used to gather information for attack preparation, to conceal the coordination of malicious instances or to leak sensitive data. In this paper, we investigate potentials for secret communication in cloud environments and show possible application scenarios. We survey current approaches of different kinds of secret communication including covert channels, side channels, and obfuscation techniques. While most existing work focuses on covert and side channels within a physical server (cross-VM channels), we place emphasis on network-based covert and side channels, which are rarely addressed in current literature about cloud security. We then discuss secret communication techniques with respect to the application scenarios and show their advantages and limitations. LA - English DB - MTMT ER - TY - CHAP AU - Zhu, Guodong AU - Yin, Yue AU - Cai, Ruoyan AU - Li, Kang ED - Fox, Geoffrey C TI - Detecting Virtualization Specific Vulnerabilities in Cloud Computing Environment T2 - 10th IEEE International Conference on Cloud Computing, CLOUD 2017 PB - IEEE Computer Society CY - Los Alamitos (CA) SN - 9781538619940 T3 - IEEE - International Conference on Cloud Computing, ISSN 2159-6190 PY - 2017 SP - 743 EP - 748 PG - 6 DO - 10.1109/CLOUD.2017.105 UR - https://m2.mtmt.hu/api/publication/27317540 ID - 27317540 N1 - Cited By :1 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - CHAP AU - Blasch, E. AU - Badr, Y. AU - Hariri, S. AU - Al-Nashif, Y. ED - Galina, Rogova ED - Peter, Scott TI - Fusion trust service assessment for crisis management environments T2 - Fusion Methodologies in Crisis Management: Higher Level Fusion and Decision Making PB - Springer Netherlands CY - Cham (Németország) SN - 9783319225272 PY - 2016 SP - 389 EP - 420 PG - 32 DO - 10.1007/978-3-319-22527-2_18 UR - https://m2.mtmt.hu/api/publication/30866361 ID - 30866361 N1 - Export Date: 29 October 2019 Correspondence Address: Blasch, E.; Air Force Research Laboratory, Information DirectorateUnited States; email: erik.blasch1@us.af.mil LA - English DB - MTMT ER - TY - CHAP AU - Gkortzis, Antonios AU - Rizou, Stamatia AU - Spinellis, Diomidis TI - An empirical analysis of vulnerabilities in virtualization technologies T2 - 2016 8TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2016) PB - IEEE CY - New York, New York T3 - 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom), ISSN 2330-2194 PY - 2016 SP - 533 EP - 538 PG - 6 DO - 10.1109/CloudCom.2016.78 UR - https://m2.mtmt.hu/api/publication/30806868 ID - 30806868 N1 - Department of Management Science and Technology, Athens University of Economics and Business, Athens, Greece European Projects Department, Singular Logic S.A., Athens, Greece Cited By :3 Export Date: 29 October 2019 Correspondence Address: Gkortzis, A.; Department of Management Science and Technology, Athens University of Economics and BusinessGreece; email: antoniosgkortzis@aueb.gr AB - Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including hypervisor-based and container-based solutions is not present in the literature. In this paper, we present an overview of the existing known vulnerabilities for hypervisor and container solutions reported in the CVE database and classified under CWE categories. Given the vulnerability identification and categorization, we analyze our results with respect to different virtualization models and license schemes (open source/commercial). Our findings show among others that hypervisors and containers share common weaknesses with most of their vulnerabilities reported in the category of security features. LA - English DB - MTMT ER - TY - JOUR AU - Gomez, Beatriz Adriana AU - Evans, Kailash TI - A Practical Application of TrimCloud: Using TrimCloud as an Educational Technology in Developing Countries JF - INTERNATIONAL JOURNAL OF CLOUD APPLICATIONS AND COMPUTING J2 - IJCAC VL - 6 PY - 2016 IS - 2 SP - 37 EP - 48 PG - 12 SN - 2156-1834 DO - 10.4018/IJCAC.2016040104 UR - https://m2.mtmt.hu/api/publication/26227325 ID - 26227325 LA - English DB - MTMT ER - TY - CONF AU - Kolevski, D AU - Michael, K TI - Cloud computing data breaches a socio-technical review of literature T2 - Proceedings of the 2015 International Conference on Green Computing and Internet of Things, ICGCIoT 2015 PY - 2016 SP - 1486 EP - 1495 PG - 10 DO - 10.1109/ICGCIoT.2015.7380702 UR - https://m2.mtmt.hu/api/publication/26161436 ID - 26161436 LA - English DB - MTMT ER - TY - CHAP AU - Sablatura, Joshua AU - Karabiyik, Umit ED - Bayrak, C ED - Ozturk, Y ED - Varol, C TI - The Forensic Effectiveness of Virtual Disk Sanitization T2 - 2016 4TH INTERNATIONAL SYMPOSIUM ON DIGITAL FORENSIC AND SECURITY (ISDFS) PB - IEEE CY - New York, New York SN - 9781467398657 PB - IEEE PY - 2016 SP - 126 EP - 131 PG - 6 DO - 10.1109/ISDFS.2016.7473530 UR - https://m2.mtmt.hu/api/publication/26227326 ID - 26227326 N1 - Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - JOUR AU - Sgandurra, Daniele AU - Lupu, Emil TI - Evolution of attacks, threat models, and solutions for virtualized systems JF - ACM COMPUTING SURVEYS J2 - ACM COMPUT SURV VL - 48 PY - 2016 IS - 3 PG - 38 SN - 0360-0300 DO - 10.1145/2856126 UR - https://m2.mtmt.hu/api/publication/25797807 ID - 25797807 N1 - Cited By :31 Export Date: 29 October 2019 CODEN: ACSUE LA - English DB - MTMT ER - TY - CHAP AU - Badr, Y. AU - Hariri, S. AU - Al-Nashif, Y. AU - Blasch, E. ED - Sloot, P.M.A. ED - Krzhizhanovskaya, V.V. ED - Lees, M. ED - Leifsson, L. ED - Koziel, S. ED - Dongarra, J. TI - Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments T2 - International Conference On Computational Science, ICCS 2015 VL - 51 PB - Elsevier CY - Amsterdam T3 - Procedia Computer Science, ISSN 1877-0509 ; 51. PY - 2015 IS - 1 SP - 2623 EP - 2637 PG - 15 DO - 10.1016/j.procs.2015.05.370 UR - https://m2.mtmt.hu/api/publication/30866366 ID - 30866366 N1 - Cited By :8 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - CHAP AU - Gantikow, H. AU - Klingberg, S. AU - Reich, C. ED - Mendez, Munoz V. ED - Helfert, M. ED - Ferguson, D. TI - Container-based virtualization for HPC T2 - 5th International Conference on Cloud Computing and Services Science PB - SciTePress CY - Setubal SN - 9789897581045 PY - 2015 SP - 543 EP - 550 PG - 8 UR - https://m2.mtmt.hu/api/publication/30866365 ID - 30866365 N1 - Science and Computing AG, Tübingen, Germany Cloud Research Lab, Furtwangen University, Furtwangen, Germany Cited By :2 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - CONF AU - Saeed, A AU - Ahmadinia, A AU - Just, M TI - Hardware-assisted secure communication for FPGA-based embedded systems T2 - 2015 11th Conference on Ph.D. Research in Microelectronics and Electronics, PRIME 2015 PY - 2015 SP - 216 EP - 219 PG - 4 DO - 10.1109/PRIME.2015.7251373 UR - https://m2.mtmt.hu/api/publication/25478513 ID - 25478513 N1 - School of Engineering and Built Environment, Glasgow Caledonian University, Glasgow, United Kingdom School of Mathematical and Computer Sciences, Heriot-Watt University, Edinburgh, United Kingdom Cited By :1 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - CHAP AU - Santoso, GZ AU - Jung, Y-W AU - Kim, H-Y TI - Analysis of Virtual Machine Monitor as Trusted Dependable Systems T2 - 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops PB - IEEE CY - Piscataway (NJ) SN - 9781479976461 PY - 2015 SP - 603 EP - 608 PG - 6 DO - 10.1109/UIC-ATC-ScalCom.2014.32 UR - https://m2.mtmt.hu/api/publication/25478514 ID - 25478514 N1 - Cited By :2 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - CHAP AU - Tunc, C. AU - Fargo, F. AU - Al-Nashif, Y. AU - Hariri, S. AU - Hughes, J. ED - IEEE, null TI - Autonomic Resilient Cloud Management (ARCM) design and evaluation T2 - Proceedings - 2014 International Conference on Cloud and Autonomic Computing PB - Institute of Electrical and Electronics Engineers (IEEE) CY - Piscataway (NJ) SN - 9781479958412 PY - 2015 SP - 44 EP - 49 PG - 6 DO - 10.1109/ICCAC.2014.35 UR - https://m2.mtmt.hu/api/publication/30866363 ID - 30866363 N1 - Cited By :17 Export Date: 29 October 2019 LA - English DB - MTMT ER - TY - BOOK AU - Zhang, Z. AU - Meddahi, A. TI - Security in network functions virtualization PB - Elsevier CY - Amsterdam PY - 2015 SP - 1 EP - 272 SP - 272 SN - 9780081023716 DO - 10.1016/C2016-0-01121-X UR - https://m2.mtmt.hu/api/publication/30866351 ID - 30866351 N1 - Export Date: 29 October 2019 Correspondence Address: Zhang, Z.; IMT Lille Douai, Institut Mines-TélécomFrance LA - English DB - MTMT ER - TY - CHAP AU - Paolino, M. AU - Hamayun, M.M. AU - Raho, D. ED - Cleary, F. ED - Felici, M. TI - A performance analysis of ARM virtual machines secured using SELinux T2 - Cyber Security and Privacy. CSP 2014. VL - 470 PB - Springer Netherlands CY - Cham (Németország) SN - 9783319125732 T3 - Communications in Computer and Information Science, ISSN 1865-0929 ; 470. PY - 2014 SP - 28 EP - 36 PG - 9 DO - 10.1007/978-3-319-12574-9_3 UR - https://m2.mtmt.hu/api/publication/30866368 ID - 30866368 N1 - Export Date: 29 October 2019 Correspondence Address: Paolino, M.; Virtual Open SystemsFrance LA - English DB - MTMT ER - TY - CHAP AU - Pék, Gábor AU - Andrea, Lanzi AU - Abhinav, Srivastava AU - Davide, Balzarotti AU - Aurélien, Francillon AU - Christoph, Neumann TI - On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment T2 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security PB - Association for Computing Machinery (ACM) SN - 9781450328005 PY - 2014 SP - 305 EP - 316 PG - 12 DO - 10.1145/2590296.2590299 UR - https://m2.mtmt.hu/api/publication/2697765 ID - 2697765 N1 - CrySyS Lab, BME, Budapest, Hungary Univ. Degli Studi di Milano, Milan, Italy AT and T Labs ResearchNJ, United States Eurecom Sophia Anitpolis, France Technicolor, Rennes, France Cited By :11 Export Date: 29 October 2019 LA - English DB - MTMT ER -