Imad M. Abbadi

Digital rights management using a mobile phone

This paper focuses on the problem of preventing illegal copying of digital assets without jeopardising the right of legitimate licence holders to transfer content between their own devices, which make up a domain. Our novel idea involves the use of a domain-specific mobile phone and the mobile phone network operator to authenticate the domain owner before devices can join a domain. This binds devices in a domain to a single owner, that, in turn, enables the binding of domain licences to the domain owner. In addition, the way in which we control domain membership, and the use of the domain-specific mobile phone that enables a domain owner to add devices wherever he/she is physically present, ensures that devices joining the domain are in physical proximity to the mobile phone, preventing illicit content proliferation.

A framework for establishing trust in the Cloud

Cloud infrastructure is expected to be able to support Internet scale critical applications (e.g. hospital systems and smart grid systems). Critical infrastructure services and organizations alike will not outsource their critical applications to a public Cloud without strong assurances that their requirements will be enforced. Central to this concern is that the user should be provided with evidence of the trustworthiness of the elements of the Cloud without getting involved into infrastructure details. In addition, users should be able to control their outsourced data at public Clouds. Establishing Clouds trust model is important but the Clouds infrastructure complexity and dynamism makes it difficult to address. This paper focuses on an important angle in this direction. We start by identifying the related challenges for establishing trust in the Cloud, and then propose a foundation framework which can help in addressing the identified challenges. Our focus is on IaaS Cloud type and on organizations as Cloud users.

A framework for establishing trust in Cloud provenance

Provenance is a vital requirement for the success of Clouds, and it is associated with many challenges that are difficult to deal with. In this paper, we explore this area, we identify the problems in current Cloud provenance, we identify the challenges of having trustworthy secure Cloud provenance, and we identify the requirements which could address the identified challenges. We then propose a foundation framework for establishing trust in Cloud provenance. Finally, we draw our research agenda in this direction.

Toward trustworthy clouds' internet scale critical infrastructure

Cloud computing is a new concept using old technologies that has emerged from industry to academia. This result in some confusion about Cloud potential capabilities by overestimating some features and underestimating the challenges, which we attempt to clarify in this paper. We present an overview of Cloud critical infrastructure focusing on what is known as IaaS (Infrastructure as a Service) Cloud type. We then discuss security challenges and requirements, which would hopefully contribute in moving current Cloud untrusted infrastructure to a trustworthy Internet-scale Cloud critical infrastructure. We are mainly focusing on: (a.) Cloud resource management for virtual infrastructure, (b.) security threats from Cloud insiders, (c.) Cloud user-centric security model, and (d.) Cloud infrastructure self-managed services. We have just start working on these areas as part of EU funded TCloud project.

Clouds’ Infrastructure Taxonomy, Properties, and Management Services

Moving current Clouds’ infrastructure to trustworthy Internet scale critical infrastructure requires supporting the infrastructure with automated management services. Thereby, the infrastructure provides, as described by NIST, “minimal management effort or service provider interaction” [11]. The initial step in this direction requires understanding how experts in the domain manage Clouds’ infrastructure, and how the infrastructural components are interlinked with each other. These are the main contribution in this paper; i.e. proposes a Cloud taxonomy focusing on infrastructure components interaction and management, provides a real life scenario of a critical application architecture using the proposed taxonomy, and then derive the management services using the provided scenario. Public Cloud model supports very limited features in comparison with other models, e.g. community Cloud. In this paper we analyze the management services at community Cloud to identify the ones which require automation to be adopted at public Cloud.

Preventing information leakage between collaborating organisations

Information sharing and protection against leakage is a critical problem especially for organisations having sensitive information. Sharing content between individuals in the same organisation extends to exchanging and sharing content between collaborating organisations. In this paper we propose a novel solution for preventing shared information between collaborating organisations from getting leaked to unauthorised users inside the distination organisation or out side it. In addition, once the content is in the hands of authorised users our solution prevents unethical authorised users from leaking such content to other users in the same organisation or third parties. In this paper we provide a mechanism for a source organisation to send content to another collaborating organisation in such a way the sent content is either accessed by a specific group of users performing a specific task or it could be accessed by all devices member in the destination organisation, which should be based on organisation policy and requirements. In the proposed solution we used trusted computing technology to provide a hardware-based root of trust for the master controller and organisation devices.

Towards Trustworthy Resource Scheduling in Clouds

Managing the allocation of cloud virtual machines at physical resources is a key requirement for the success of clouds. Current implementations of cloud schedulers do not consider the entire cloud infrastructure neither do they consider the overall user and infrastructure properties. This results in major security, privacy, and resilience concerns. In this paper, we propose a novel cloud scheduler which considers both user requirements and infrastructure properties. We focus on assuring users that their virtual resources are hosted using physical resources that match their requirements without getting users involved with understanding the details of the cloud infrastructure. As a proof-of-concept, we present our prototype which is built on OpenStack. The provided prototype implements the proposed cloud scheduler. It also provides an implementation of our previous work on cloud trust management which provides the scheduler with input about the trust status of the cloud infrastructure.

Sharing but Protecting Content Against Internal Leakage for Organisations

Dishonest employees, who have privileges to obtain corporate critical information and access internal resources, cause the problem of internal leakage. Employees, who have such privileges and know from where to obtain corporate sensitive information, are far more dangerous than outsiders. This paper proposes a mechanism for protecting information inside organisations against unauthorised disclosure by internal adversaries. It mainly focusses on sharing and simultaneously guarding information assets from one another. This paper proposes a novel solution for binding sensitive content to organisation devices, thereby preventing uncontrolled content leakage to other devices. In the proposed solution we used trusted computing technology to provide a hardware-based root of trust on client side.

Trustworthy middleware services in the cloud

Establishing trust in systems is a difficult problem to tackle. In the Cloud, establishing trust is even more complicated considering its dynamic nature and distributed resources. One of the Clouds potential feature is providing transparent management of resources at Clouds infrastructure. This would hide technical complexities from Clouds customers, which could be provided using middleware services. Establishing trustworthy middleware services would help in moving in the direction of establishing trust in the Cloud. In this paper we mainly focus on identifying the functions for establishing trustworthy middleware services for supporting home healthcare application. Specifically, we focus on the ones that are required to address the security, privacy, and resilience properties of home healthcare application.

Middleware Services at Cloud Application Layer

Cloud infrastructure is composed of enormous resources, which need to be securely and reliably coordinated and managed to provide end-to-end trusted services in the Cloud. Such coordination and management could be supported using a set of middleware. A middleware should provide a set of trustworthy automated management services. Such services would help in moving current untrusted Cloud to a trustworthy Clouds’ Internet scale critical infrastructure. The main contribution in this paper is identifying Cloud middleware types focusing on application layer management services and their interdependencies. To the best of our knowledge our paper is the first to identify middleware services and their interdependencies. We demonstrate services interdependencies and interactions using a multi-tier application architecture in Cloud computing context. Finally, we discuss the advantages of middleware services for establishing trust in the Cloud and provide our research agenda in this direction.