Krishna Kant

Secure Cloud Computing

This book presents a range of cloud computing security challenges and promising solution paths. The first two chapters focus on practical considerations of cloud computing. In Chapter 1, Chandramouli, Iorga, and Chokani describe the evolution of cloud computing and the current state of practice, followed by the challenges of cryptographic key management in the cloud. In Chapter 2, Chen and Sion present a dollar cost model of cloud computing and explore the economic viability of cloud computing with and without security mechanisms involving cryptographic mechanisms. The next two chapters address security issues of the cloud infrastructure. In Chapter 3, Szefer and Lee describe a hardware-enhanced security architecture that protects the confidentiality and integrity of a virtual machines memory from an untrusted or malicious hypervisor. In Chapter 4, Tsugawa et al. discuss the security issues introduced when Software-Defined Networking (SDN) is deployed within and across clouds. Chapters 5-9 focus on the protection of data stored in the cloud. In Chapter 5, Wang et al. present two storage isolation schemes that enable cloud users with high security requirements to verify that their disk storage is isolated from some or all other users, without any cooperation from cloud service providers. In Chapter 6, De Capitani di Vimercati, Foresti, and Samarati describe emerging approaches for protecting data stored externally and for enforcing fine-grained and selective accesses on them, and illustrate how the combination of these approaches can introduce new privacy risks. In Chapter 7, Le, Kant, and Jajodia explore data access challenges in collaborative enterprise computing environments where multiple parties formulate their own authorization rules, and discuss the problems of rule consistency, enforcement, and dynamic updates. In Chapter 8, Smith et al. address key challenges to the practical realization of a system that supports query execution over remote encrypted data without exposing decryption keys or plaintext at the server. In Chapter 9, Sun et al. provide an overview of secure search techniques over encrypted data, and then elaborate on a scheme that can achieve privacy-preserving multi-keyword text search. The next three chapters focus on the secure deployment of computations to the cloud. In Chapter 10, Oktay el al. present a risk-based approach for workload partitioning in hybrid clouds that selectively outsources data and computation based on their level of sensitivity. The chapter also describes a vulnerability assessment framework for cloud computing environments. In Chapter 11, Albanese et al. present a solution for deploying a mission in the cloud while minimizing the missions exposure to known vulnerabilities, and a cost-effective approach to harden the computational resources selected to support the mission. In Chapter 12, Kontaxis et al. describe a system that generates computational decoys to introduce uncertainty and deceive adversaries as to which data and computation is legitimate. The last section of the book addresses issues related to security monitoring and system resilience. In Chapter 13, Zhou presents a secure, provenance-based capability that captures dependencies between system states, tracks state changes over time, and that answers attribution questions about the existence, or change, of a systems state at a given time. In Chapter 14, Wu et al. present a monitoring capability for multicore architectures that runs monitoring threads concurrently with user or kernel code to constantly check for security violations. Finally, in Chapter 15, Hasan Cam describes how to manage the risk and resilience of cyber-physical systems by employing controllability and observability techniques for linear and non-linear systems.

E-DARWIN: Energy Aware Disaster Recovery Network using WiFi Tethering

In this paper, we propose a novel architecture called Energy Aware Disaster Recovery Network using WiFi Tethering (E-DARWIN). The underlying idea is to make use of WiFi Tethering technology ubiquitously available on wireless devices, like smartphones and tablets, to set up an ad hoc network for data collection in disaster scenarios. To this end, we design novel mechanisms, which aid in autonomous creation of the ad hoc network, distribution of data capturing task among the devices, and collection of data with minimum delay. Specifically, we design and implement a distributed coalition formation game for distributing the data capturing task among wireless devices based on their capabilities, available energy, and network participation for higher network lifetime. Finally, we evaluate the performance of the proposed architecture using a prototype application implemented on Android platform and large-scale simulations.

Internet of Perishable Logistics

A novel networking model called the Internet of Perishable Logistics (IoPL) attempts to exploit the synergies between the cyber Internet carrying time-sensitive information packets and distribution logistics for perishable commodities such as fresh food. The article discusses the research challenges and opportunities brought about by the perishable commodity distribution logistics field and potential approaches that could enrich this domain as well as that of the cyber Internet.

Consistent Query Plan Generation in Secure Cooperative Data Access

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. We assume that each party stores its data in private relational databases, and is given a set of mutually agreed set of authorization rules that may involve joins over relations owned by one or more parties. Although the query planning problem in such an environment is similar to the one for distributed databases, the access restrictions introduce significant additional complexity that we address in this paper. We examine the problem of efficiently enforcing rules and generating query execution plans in this environment. Because of the exponential complexity of optimal query planning, our query planning algorithm is heuristics based but produces excellent, if not optimal, results in most of the practical cases.

Consistency and enforcement of access rules in cooperative data sharing environment

In this paper we consider the situation where a set of enterprises need to collaborate to provide rich services to their clients. An enterprise may need information from several other collaborating parties to satisfy its business requirements. Such collaboration often requires controlled access to one another’s data, which we assume is stored in standard relational form. We assume that a set of access rules is given to the parties to regulate the data sharing, and such rules are dened over the join operations over the relational data. It is expected that the access rules will be designed according to business needs of the involved enterprises and although some negotiation between them will be involved, only a comprehensive analysis of the rules can uncover all issues of consistency between rules and their adequacy in answering the authorized queries (which we call enforceability). In this paper, we provide such an analysis and provide algorithms for checking and removing inconsistency, checking for rule enforceability, and minimally updating the rules to ensure enforceability whenever possible using only the existing parties. The involvement of specialized third parties for consistency and enforcement purposes is not addressed in this paper.

Rule Enforcement with Third Parties in Secure Cooperative Data Access

In this paper, we consider the scenario where a set of parties need to cooperate with one another. To safely exchange the information, a set of authorization rules is given to the parties. In some cases, a trusted third party is required to perform the expected operations. Since interactions with the third party can be expensive and there maybe risk of data exposure/misuse, it is important to minimize their use. We formulate the minimization problem and show the problem is in NP-hard. We then propose a greedy algorithm to find close to optimal solutions.

Energy adaptive mechanism for p2p file sharing protocols

Peer to peer (P2P) file sharing applications have gained considerable popularity and are quite bandwidth and energy intensive. With the increased usage of P2P applications on mobile devices, its battery life has become of significant concern. In this paper, we propose a novel mechanism for energy adaptation in P2P file sharing protocols to significantly enhance the possibility of a client completing the file download before exhausting its battery. The underlying idea is to group mobile clients based on their energy budget and impose restrictions on bandwidth usage and hence on energy consumption. This allows us to provide favoured treatment to low energy devices, while still ensuring long-term fairness through a credit based mechanism and preventing free riding. Furthermore, we show how the proposed mechanism can be implemented in a popular P2P file sharing application, the BitTorrent protocol and analyze it through a comprehensive set of simulations.

Enhancing data center sustainability through energy-adaptive computing

The sustainability concerns of Information Technology (IT) go well beyond energy-efficient computing and require techniques for minimizing environmental impact of IT infrastructure over its entire life-cycle. Traditionally, IT infrastructure is overdesigned at all levels from chips to entire data centers and ecosystem; the paradigm explored in this article is to replace overdesign with rightsizing coupled with smarter control, henceforth referred to as Energy-Adaptive Computing or EAC. The article lays out the challenges of EAC in various environments in terms of the adaptation of the workload and the infrastructure to cope with energy and cooling deficiencies. The article then focuses on implementing EAC in a data center environment, and addresses the problem of simultaneous energy demand and energy supply regulation at multiple levels, work, from servers to the entire data center. The proposed control scheme adapts the assignments of tasks to servers in a way that can cope with the varying energy limitations. The article also presents some experimental results to show how the scheme can continue to meet Quality of Service (QoS) requirements of tasks under energy limitations.

SmartCon: SmartCon: Smart Context Switching for Fast Storage Devices

Handling of storage IO in modern operating systems assumes that such devices are slow and CPU cycles are valuable. Consequently, to effectively exploit the underlying hardware resources, for example, CPU cycles, storage bandwidth and the like, whenever an IO request is issued to such device, the requesting thread is switched out in favor of another thread that may be ready to execute. Recent advances in nonvolatile storage technologies and multicore CPUs make both of these assumptions increasingly questionable, and an unconditional context switch is no longer desirable. In this article, we propose a novel mechanism called SmartCon, which intelligently decides whether to service a given IO request in interrupt-driven manner or busy-wait--based manner based on not only the device characteristics but also dynamic parameters such as IO latency, CPU utilization, and IO size. We develop an analytic performance model to project the performance of SmartCon for forthcoming devices. We implement SmartCon mechanism on Linux 2.6 and perform detailed evaluation using three different IO devices: Ramdisk, low-end SSD, and high-end SSD. We find that SmartCon yields up to a 39p performance gain over the mainstream block device approach for Ramdisk, and up to a 45p gain for PCIe-based SSD and SATA-based SSDs. We examine the detailed behavior of TLB, L1, L2 cache and show that SmartCon achieves significant improvement in all cache misbehaviors.

A control scheme for batching DRAM requests to improve power efficiency

This paper introduces a closed-loop control algorithm to coordinate power management of memory ranks and thereby achieve power savings beyond independent rank power management while bounding the throughput degradation.