Huaizhe Zhou

RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing

While cloud customers can benefit from migrating applications to the cloud, they are concerned about the security of the hosted applications. This is complicated by the customers not knowing whether their cloud applications are working as expected. Although memory-safety Java Virtual Machine (JVM) can alleviate their anxiety due to the control flow integrity, their applications are prone to a violation of bytecode integrity. The analysis of some Java exploits indicates that the violation results primarily from the given excess sandbox permission, loading flaws in Java class libraries and third-party middlewares and the abuse of sun.misc.UnsafeAPI. To such an end, we design an architecture, called RIM4J, to enforce a runtime integrity measurement of Java bytecode within a cloud system, with the ability to attest this to a cloud customer in an unforgeable manner. Our RIM4J architecture is portable, such that it can be quickly deployed and adopted for real-world purposes, without requiring modifications to the underlying systems and access to application source code. Moreover, our RIM4J architecture is the first to measure dynamically-generated bytecode. We apply our runtime measurement architecture to a messaging server application where we show how RIM4J can detect undesirable behaviors, such as uploading arbitrary files and remote code execution. This paper also reports the experimental evaluation of a RIM4J prototype using both a macroand a micro-benchmark; the experimental results indicate that RIM4J is a practical solution for real-world applications.

Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing

Abstract Due to the structure of fog systems, ciphertext-policy attribute-based encryption (CP-ABE) is regarded as a promising technique to address certain security problems present in the fog. Unfortunately, in most traditional CP-ABE systems, a user can deliberately leak his attribute keys to others or use his private key to build a decryption device and provide a decryption service with little risk of being caught (untraceable). We refer to this behavior as privilege abuse. The privilege abuse problem will seriously hinder the adoption of CP-ABE. To address the problem, we propose a novel black-box traceable CP-ABE scheme that is much simpler than the existing white-box traceable schemes. A malicioususer who builds a decryption black-box can be tracked and exposed by our scheme. Due to its scalability and relatively high efficiency, the scheme could be practical for fog systems. Furthermore, we point out that, if the adversary can distinguish the tracing ciphertext from the normal ciphertext, he can frustrate tracking by outputting incorrect decryption results. Thus, the traceability must be compulsory, so as to ensure that the adversary cannot distinguish between the tracing ciphertext and the normal ciphertext. Therefore, we present a formal definition of compulsory traceability with a new security game, and our scheme is proved to be secure and compulsory traceable under the generic group model.

jMonAtt: Integrity Monitoring and Attestation of JVM-Based Applications in Cloud Computing

Cloud computing has expanded rapidly as a promising technology in the recent years and has drastically altered the majority of opinions about computing mode and application deployment. While the cloud has been proved to improve efficiency and earn benefit for a great number of various services providers, yet a good few enterprises still hesitate to move to the cloud because of security threats. In this paper, we present jMonAtt architecture to provide robust trustworthy guarantees for high-level cloud applications through the enforcement of the trustworthiness evaluation and dynamic attestation with the assistance of HotSpot virtual machine. Moreover, it has less impact on the execution of an attested target when our architecture is deployed in the cloud application system.

Application-Assisted Dynamic Attestation for JVM-Based Cloud

In the recent years, cloud computing has expanded rapidly and improved the working efficiency for a number of cloud users, however, a few enterprises hesitate to move to the cloud because of the runtime security challenges of applications although cloud vendors promise to provide a trustworthy execution platform. In this paper, we propose Trusted Cloud Root Broker to give robust trustworthy guarantees to those JVM-Based applications. The broker as the application-root of the trust is to make the evaluation of the runtime trustworthiness and support dynamic attestation about the integrity state of an application with the assistance of Java virtual machine. It could not just prove the authenticity but also offer the availability for these targeting applications. What is more, our broker has less performance overheads.

JVM-Based Dynamic Attestation in Cloud Computing

Cloud computing has brought academic and industry tremendous benefits and improved computing efficiency compared with the traditional model, however, the adoption of this unique model also exacerbates security challenges and raises trust risks. And existing security solutions have less effectiveness and efficiency upon these unchartered cloud threats. We introduce trusted computing into current cloud platform to address the above issues and design JVM-based Dynamic Attestation Architecture, DTEM, to support application services with robust security guarantee. This framework gives trusted-degree estimate for the deployment and runtime status of an application as well as dynamically responds remote attestation with integrity proof of running applications.

Practical, Provably Secure, and Black-Box Traceable CP-ABE for Cryptographic Cloud Storage

Cryptographic cloud storage (CCS) is a secure architecture built in the upper layer of a public cloud infrastructure. In the CCS system, a user can define and manage the access control of the data by himself without the help of cloud storage service provider. The ciphertext-policy attribute-based encryption (CP-ABE) is considered as the critical technology to implement such access control. However, there still exists a large security obstacle to the implementation of CP-ABE in CCS. That is, how to identify the malicious cloud user who illegally shares his private keys with others or applies his keys to construct a decryption device/black-box, and provides the decryption service. Although several CP-ABE schemes with black-box traceability have been proposed to address the problem, most of them are not practical in CCS systems, due to the absence of scalability and expensive computation cost, especially the cost of tracing. Thus, we present a new black-box traceable CP-ABE scheme that is scalable and high efficient. To achieve a much better performance, our work is designed on the prime order bilinear groups that results in a great improvement in the efficiency of group operations, and the cost of tracing is reduced greatly to O(N) or O(1), where N is the number of users of a system. Furthermore, our scheme is proved secure in a selective standard model. To the best of our knowledge, this work is the first such practical and provably secure CP-ABE scheme for CCS, which is black-box traceable.

Astrape: An Efficient Concurrent Cloud Attestation with Ciphertext-Policy Attribute-Based Encryption

Cloud computing emerges as a change in the business paradigm that offers pay-as-you-go computing capability and brings enormous benefits, but there are numerous organizations showing hesitation for the adoption of cloud computing due to security concerns. Remote attestation has been proven to boost confidence in clouds to guarantee hosted cloud applications’ integrity. However, the state-of-the-art attestation schemes do not fit that multiple requesters raise their challenges simultaneously, thereby leading to larger performance overheads on the attester side. To address that, we propose an efficient and trustworthy concurrent attestation architecture under multi-requester scenarios, Astrape, to improve efficiency in the integrity and confidentiality protection aspects to generate an unforgeable and encrypted attestation report. Specifically, we propose two key techniques in this paper. The first one—aggregated attestation signature—reliably protects the attestation content from being compromised even in the presence of adversaries who have full control of the network, therefore successfully providing attestation integrity. The second one—delegation-based controlled report—introduces a third-party service to distribute the attestation report to requesters in order to save computation and communication overload on the attested party. The report is encrypted with an access policy by using attribute-based encryption and accessed by a limited number of qualified requesters, hence supporting attestation confidentiality. The experimental results show that Astrape can take no more than 0.4 s to generate an unforgeable and encrypted report for 1000 requesters and deliver a throughput speedup of approximately 30× in comparison to the existing attestation systems.

Runtime Measurement Architecture for Bytecode Integrity in JVM-Based Cloud

While Java Virtual Machine can provide applications with safety property to avoid memory corruption bugs, it continues to encounter some security flaws. Real world exploits show that the current sandbox model can be bypassed. In this paper, we focus our work on bytecode integrity measurement in clouds to identify malicious execution and propose J-IMA architecture to provide runtime measurement and remote attestation for bytecode integrity. To the best of our knowledge, our work is the first measurement approach for dynamically-generated bytecode integrity. Moreover, J-IMA has no need for any modification to host systems and any access to source code.

Decoupling Security Services from IaaS Cloud Through Remote Virtual Machine Introspection

Security and privacy concern is still one of the major issues that prevent users from moving to public clouds. Introduction of security services based on virtual machine introspection into cloud does not relieve this situation, because these services are inflexible and untrusted by tenants. The root cause of the problem is that the cloud administrator has more privilege over the security services, which leaves no options for the tenants to protect their virtual machines. In this paper, we propose a technique to decouple security services from cloud platform via remote virtual machine introspection. It enables remote trusted managed security services to protect tenants’ virtual machines stealthily. We have implemented a proof-of-concept prototype with Xen hypervisor, called SE-Cloud. With the separation of introspection and security-business code, the security services can not be abused by administrators and have little impact on the management virtual machine. Our preliminary experimental results show that SE-Cloud can provide more robust and flexible protections for tenant virtual machines with acceptable overhead.

OBC Based Optimization of Re-encryption for Cryptographic Cloud Storage

In a cryptographic cloud storage system, it’s still very inefficient to revoke a user’s access right to a large file. This is because the ciphertext of the file, which is stored in the cloud, has to be decrypted and encrypted again under a new key (re-encryption), in order to prevent the revoked user from accessing the file with the previous key. For improving the performance of re-encryption operation, we propose orderly block chaining (OBC) encryption mode. In the decryption of a ciphertext produced by OBC, all blocks of ciphertext must be set in the correct position. Without the information about correct permutation order, it is infeasible for a user to decrypt any one of the blocks, even if he holds the encryption key. Thus, the file, which is encrypted by OBC, can be re-encrypted by just re-permuting the sequence of ciphertext blocks in another order. Experimental results show that OBC based optimization can sharply cut down the cost of re-encryption, while keeping the security of the data.