Jim Luo

MobiCloud: Building Secure Cloud Framework for Mobile Computing and Communication

Cloud services can greatly enhance the computing capability of mobile devices. Mobile users can rely on the cloud to perform computationally intensive operations such as searching, data mining, and multimedia processing. In this paper, we propose a new mobile cloud framework called MobiCloud. In addition to providing traditional computation services, MobiCloud also enhances the operation of the ad hoc network itself by treating mobile devices as service nodes. The MobiCloud framework will enhance communication by addressing trust management, secure routing, and risk management issues in the network. A new class of applications can be developed using the enhanced processing power and connectivity provided by MobiCloud. Open research issues for MobiCloud are also discussed to outline future research directions.

Security ontology for annotating resources

Annotation with security-related metadata enables discovery of resources that meet security requirements. This paper presents the NRL Security Ontology, which complements existing ontologies in other domains that focus on annotation of functional aspects of resources. Types of security information that could be described include mechanisms, protocols, objectives, algorithms, and credentials in various levels of detail and specificity. The NRL Security Ontology is more comprehensive and better organized than existing security ontologies. It is capable of representing more types of security statements and can be applied to any electronic resource. The class hierarchy of the ontology makes it both easy to use and intuitive to extend. We applied this ontology to a Service Oriented Architecture to annotate security aspects of Web service descriptions and queries. A refined matching algorithm was developed to perform requirement-capability matchmaking that takes into account not only the ontology concepts, but also the properties of the concepts.

Adding OWL-S Support to the Existing UDDI Infrastructure

Although universal description, discovery and integration (UDDI) is the de jure Web service registry standard, it is not suitable for handling semantic markups due to its flat data model and limited search capabilities. In this paper, we introduce an approach to support semantic service descriptions and queries using registries that conform to the UDDI version 3 specification. Specifically, we present a scheme that allows users to store OWL-S service descriptions in the UDDI data model and use that information to perform semantic query processing. Our approach does not require any modification to the existing UDDI registries. The add-on modules only reside on the client-side machines that wish to take advantage of the semantic capabilities. This approach is completely backward compatible and can integrate seamlessly into the existing service-oriented architecture (SOA) infrastructure

An approach for semantic query processing with UDDI

UDDI is not suitable for handling semantic markups for Web services due to its flat data model and limited search capabilities. In this paper, we introduce an approach to allow for support of semantic service descriptions and queries using registries that conforms to UDDI V3 specification. Specifically, we discuss how to store complex semantic markups in the UDDI data model and use that information to perform semantic query processing. Our approach does not require any modification to the existing UDDI registries. The add-on modules reside only on clients who wish to take advantage of semantic capabilities. This approach is completely backward compatible and can integrate seamlessly into existing infrastructure.

Security ontology to facilitate web service description and discovery

Annotation with security-related metadata enables discovery of resources that meet security requirements. This paper presents the NRL Security Ontology, which complements existing ontologies in other domains that focus on annotation of functional aspects of resources. Types of security information that could be described include mechanisms, protocols, objectives, algorithms, and credentials in various levels of detail and specificity. The NRL Security Ontology is more comprehensive and better organized than existing security ontologies. It is capable of representing more types of security statements and can be applied to any electronic resource. The class hierarchy of the ontology makes it both easy to use and intuitive to extend. We applied this ontology to a Service Oriented Architecture to annotate security aspects of Web service descriptions and queries. A refined matching algorithm was developed to perform requirement-capability matchmaking that takes into account not only the ontology concepts, but also the properties of the concepts.

Application Lockbox for Mobile Device Security

The security requirements for mobile devices are inherently different from stationary machines. Mobility exposes them to different threat environments and excludes them from relying on external physical security. Productive application from enterprise, government, and military will invariably deal with sensitive data. A risk management and security framework is needed to protect applications and data on mobile devices when they are lost. We propose an application lockbox concept that compartmentalizes mobile devices at the application level. It combines policy enforcement mechanisms and support for sophisticated access polices to mitigate the exposure when the device is lost. It is a practical approach that improves the security of mobile devices without requiring significant changes in the current mobile technology.

Risk Based Mobile Access Control (RiBMAC) policy framework

Mobile devices are increasingly being deployed by enterprises, governments, and the military. Protecting sensitive data that will invariably reside on them is critical. Mobile devices cannot be protected by physical security the same way as stationary systems. Therefore, they must deploy strong internal protection mechanisms for access control. Policies for access control must be driven by context and risk in the environmental in which they operate. This is inherently different from traditional policy models that focus on the multi-user access control. We propose the Risk Based Mobile Access Control (RiBMAC) policy framework for mobile device access control. It uses risk factor abstractions to break down the complexity in the specification, management and evaluation of risk based policies. Its agent-centric approach can effectively integrate a large number of onboard sensors and risk assessment components in different hardware and operational configurations. RiBMAC is a simple yet powerful policy framework that is expressive, practical and scalable. RiBMAC, in conjunction with the appropriate enforcement mechanisms, can greatly improve security for tactical mobile devices.

Infrastructure for multi-level secure service-oriented architecture (MLS-SOA)

Service-oriented architecture (SOA) is the premier application framework for integrating complex heterogeneous computing systems in business and government. To utilize SOA in sensitive military systems, however, the issue of multi-level security (MLS) must be addressed. MLS requirements call for strict separation and limit interaction between classification levels. However, many Web services and resources reside in the Low domains. Support services such as weather forecasting, mapping, and procurement typically reside in the Unclassified level. There is strong desire from High clients and applications to make use of those services. This paper presents a framework for adding MLS capabilities to SOA systems. Specifically, it will allow clients in High to securely and transparently utilize resources in Low. It addresses MLS requirements by minimizing the potential risks for information leak and thwart inference attacks. It also provides privilege control capabilities to limit and manage interaction between High and Low at the infrastructure level. Since an overt channel is created from High to Low, cross domain SOA has to be used with caution where the functional benefits outweigh the security risk. MLS-SOA is a practical solution that leverages the existing MLS infrastructure and augments security. Cross-domain solutions (CDS) already in place will mediate traffic across domain boundaries. MLS-SOA will provide additional safeguards and control for domains, applications, and users in High that need to invoke services across domain boundaries.