1st Edition

Developing and Securing the Cloud

By Bhavani Thuraisingham Copyright 2014
    730 Pages 290 B/W Illustrations
    by Auerbach Publications

    730 Pages 290 B/W Illustrations
    by Auerbach Publications

    Although the use of cloud computing platforms and applications has expanded rapidly, most books on the subject focus on high-level concepts. There has long been a need for a book that provides detailed guidance on how to develop secure clouds.

    Filling this void, Developing and Securing the Cloud provides a comprehensive overview of cloud computing technology. Supplying step-by-step instruction on how to develop and secure cloud computing platforms and web services, it includes an easy-to-understand, basic-level overview of cloud computing and its supporting technologies.

    Presenting a framework for secure cloud computing development, the book describes supporting technologies for the cloud such as web services and security. It details the various layers of the cloud computing framework, including the virtual machine monitor and hypervisor, cloud data storage, cloud data management, and virtual network monitor. It also provides several examples of cloud products and prototypes, including private, public, and U.S. government clouds.

    Reviewing recent developments in cloud computing, the book illustrates the essential concepts, issues, and challenges in developing and securing today’s cloud computing platforms and applications. It also examines prototypes built on experimental cloud computing systems that the author and her team have developed at the University of Texas at Dallas.

    This diverse reference is suitable for those in industry, government, and academia. Technologists will develop the understanding required to select the appropriate tools for particular cloud applications. Developers will discover alternative designs for cloud development, and managers will understand if it’s best to build their own clouds or contract them out.

    Introduction
    About This Book
    Supporting Technologies
         From Mainframe to the Cloud
         Security Technologies
         Data, Information, and Knowledge Management
    Secure Services Technologies
         Secure Services Technologies
         Secure Semantic Services
         Specialized Secure Services
    Cloud Computing Concepts
    Experimental Cloud Computing Systems
    Secure Cloud Computing
    Experimental Secure Cloud Computing Systems
    Experimental Cloud Computing for Security Applications
    Toward Trustworthy Clouds
    Building an Infrastructure, Education Program, and a Research Program for a Secure Cloud
    Organization of This Book
    Next Steps

    SUPPORTING TECHNOLOGIES

    From Mainframe to the Cloud
    Overview
    Early Computing Systems
    Distributed Computing
    World Wide Web
    Cloud Computing
    Summary and Directions
    References

    Trustworthy Systems
    Overview
    Secure Systems
         Overview
         Access Control and Other Security Concepts
         Types of Secure Systems
         Secure Operating Systems
         Secure Database Systems
         Secure Networks
         Emerging Trends
         Impact of the Web
         Steps to Building Secure Systems
    Dependable Systems
         Overview
         Trust Management
         Digital Rights Management
         Privacy
         Integrity, Data Quality, and High Assurance
    Security Threats and Solutions
    Building Secure Systems from Untrusted Components
    Summary and Directions
    References

    Data, Information and Knowledge Management
    Overview
    Data Management
         Data Management
         Complex Data Management
    Information Management
         Data Warehousing and Data Mining
         Information Retrieval
         Search Engines
    Knowledge Management
    Activity Management
         E-Business and E-Commerce
         Collaboration and Workflow
         Information Integration
         Information Sharing
         Social Networking
         Supply Chain Management
    Summary and Directions
    References

    Conclusion to Part I

    SECURE SERVICES TECHNOLOGIES

    Service-Oriented Computing and Security
    Overview
    Service-Oriented Computing
         Services Paradigm
         SOA and Web Services
         Service-Oriented Analysis and Design
    Secure Service-Oriented Computing
         Secure Services Paradigm
         Secure SOA and WS
         Secure SOAD
         Access Control for WS
         Digital Identity Management
         Security Models for WS
    Summary and Directions
    References

    Semantic Web Services and Security
    Overview
    Semantic Web
         Layered Technology Stack
         eXtensible Markup Language
         Resource Description Framework
         Ontologies
         Web Rules and SWRL
         Semantic Web Services
    Secure Semantic Web Services
         Security for the Semantic Web
         XML Security
         RDF Security
         Security and Ontologies
         Secure Query and Rules Processing
         Privacy and Trust for the Semantic Web
         Secure Semantic Web and WS
    Summary and Directions
    References

    Specialized Web Services and Security
    Overview
    Specialized Web Services
         Overview
         Web Services for Data Management
         Web Services for Complex Data Management
         Web Services for Information Management
         Web Services for Knowledge Management
         Web Services for Activity Management
         Domain Web Services
         Emerging Web Services
    Secure Specialized Web Services
         Overview
         Web Services for Secure Data Management
         Web Services for Secure Complex Data Management
         Web Services for Secure Information Management
         Web Services for Secure Knowledge Management
         Secure Web Services for Activity Management
         Secure Domain Web Services
         Emerging Secure Web Services
    Summary and Directions
    References

    Conclusion to Part II

    CLOUD COMPUTING CONCEPTS

    Cloud Computing Concepts
    Overview
    Preliminaries in Cloud Computing
         Cloud Deployment Models
         Service Models
    Virtualization
    Cloud Storage and Data Management
    Summary and Directions
    References

    Cloud Computing Functions
    Overview
    Cloud Computing Framework
    Cloud OSs and Hypervisors
    Cloud Networks
    Cloud Data and Storage Management
    Cloud Applications
    Cloud Policy Management, Back-Up, and Recovery
    Summary and Directions
    References

    Cloud Data Management
    Overview
    Relational Data Model
    Architectural Issues
    DBMS Functions
         Overview
         Query Processing
         Transaction Management
         Storage Management
         Metadata Management
         Database Integrity
         Fault Tolerance
    Data Mining
    Other Aspects
    Summary and Directions
    References

    Specialized Clouds, Services, and Applications
    Overview
    Specialized Clouds
         Mobile Clouds
         Multimedia Clouds
    Cloud Applications
    Summary and Directions
    References

    Cloud Service Providers, Products, and Frameworks
    Overview
    Cloud Service Providers, Products, and Frameworks
         Cloud Service Providers
         Cloud Products
         Cloud Frameworks
    Summary and Directions
    References

    Conclusion to Part III

    EXPERIMENTAL CLOUD COMPUTING SYSTEMS

    Experimental Cloud Query Processing System
    Overview
    Our Approach
    Related Work
    Architecture
         Data Generation and Storage
         File Organization
         Predicate Split
         Split Using Explicit-Type Information of Object
         Split Using Implicit-Type Information of Object
    MapReduce Framework
         Overview
         Input Files Selection
         Cost Estimation for Query Processing
         Query Plan Generation
         Breaking Ties by Summary Statistics
         MapReduce Join Execution
    Results
         Data Sets, Frameworks, and Experimental Setup
         Evaluation
    Summary and Directions
    References

    Social Networking on the Cloud
    Overview
    Foundational Technologies for SNODSOC and SNODSOC++
         SNOD
         Location Extraction
         Entity/Concept Extraction and Integration
         Ontology Construction
         Cloud Query Processing
    Design of SNODSOC
         Overview of the Modules
         SNODSOC and Trend Analysis
         Content-Driven Location Extraction
         Categorization
         Ontology Construction
    Toward SNODSOC++
         Benefits of SNOD++
    Cloud-Based Social Network Analysis
         Stream Processing
         Twitter Storm for SNODSOC
    Related Work
    Summary and Directions
    References

    Experimental Semantic Web-Based Cloud Computing Systems
    Overview
    Jena-HBase: A Distributed, Scalable, and Efficient RDF Triple Store
    StormRider: Harnessing "Storm" for Social Networks
    Ontology-Driven Query Expansion Using Map/Reduce Framework
         BET Calculation Using MapReduce Distributed Computing
    Summary and Directions
    References

    Conclusion to Part IV

    SECURE CLOUD COMPUTING CONCEPTS

    Secure Cloud Computing Concepts
    Overview
    Secure Cloud Computing and Governance
    Security Architecture
    Identity Management and Access Control
         Cloud Identity Administration
    Cloud Storage and Data Security
    Privacy, Compliance, and Forensics for the Cloud
         Privacy
         Regulations and Compliance
         Cloud Forensics
    Cryptogaphic Solutions
    Network Security
    Business Continuity Planning
    Operations Management
    Physical Security
    Summary and Directions
    References

    Secure Cloud Computing Functions
    Overview
    Secure Cloud Computing Framework
    Secure Cloud OSs and Hypervisors
    Secure Cloud Networks
    Secure Cloud Storage Management
    Secure Cloud Data Management
    Cloud Security and Integrity Management
    Secure Cloud Applications
    Summary and Directions
    References

    Secure Cloud Data Management
    Overview
    Secure Data Management
         Access Control
         Inference Problem
         Secure Distributed/Heterogeneous Data Management
         Secure Object Data Systems
         Data Warehousing, Data Mining, Security, and Privacy
         Secure Information Management
         Secure Knowledge Management
    Impact of the Cloud
         Discretionary Security
         Inference Problem
         Secure Distributed and Heterogeneous Data Management
         Secure Object Systems
         Data Warehousing, Data Mining, Security, and Privacy
         Secure Information Management
         Secure Knowledge Management
    Summary and Directions
    References

    Secure Cloud Computing Guidelines
    Overview
    The Guidelines
    Summary and Directions
    References

    Security as a Service
    Overview
    Data Mining Services for Cyber Security Applications
         Overview
         Cyber Terrorism, Insider Threats, and External Attacks
         Malicious Intrusions
         Credit Card Fraud and Identity Theft
         Attacks on Critical Infrastructures
         Data Mining Services for Cyber Security
    Current Research on Security as a Service
    Other Services for Cyber Security Applications
    Summary and Directions
    References

    Secure Cloud Computing Products
    Overview
    Overview of the Products
    Summary and Directions
    References

    Conclusion to Part V

    EXPERIMENTAL SECURE CLOUD COMPUTING SYSTEMS

    Secure Cloud Query Processing with Relational Data
    Overview
    Related Work
    System Architecture
         The Web Application Layer
         The ZQL Parser Layer
         The XACML Policy Layer
    Implementation Details and Results
         Implementation Setup
         Experimental Datasets
         Implementation Results
    Summary and Directions
    References

    Secure Cloud Query Processing with Semantic Web Data
    Overview
    Background
         Related Work
    Access Control
         Model
         AT Assignment
         Conflicts
    System Architecture
         Overview of the Architecture
    Policy Enforcement
         Query Rewriting
         Embedded Enforcement
         Postprocessing Enforcement
    Experimental Setup and Results
    Summary and Directions
    References

    Secure Cloud-Based Information Integration
    Overview
    Integrating Blackbook with Amazon S3
    Experiments
    Summary and Directions
    References

    Conclusion to Part VI

    EXPERIMENTAL CLOUD SYSTEMS FOR SECURITY APPLICATIONS

    Cloud-Based Malware Detection for Evolving Data Streams
    Overview
    Malware Detection
         Malware Detection as a Data Stream Classification Problem
         Cloud Computing for Malware Detection
         Our Contributions
    Related Work
    Design and Implementation of the System
         Ensemble Construction and Updating
         Error Reduction Analysis
         Empirical Error Reduction and Time Complexity
         Hadoop/MapReduce Framework
    Malicious Code Detection
         Ovverview
         Nondistributed Feature Extraction and Selection
         Distributed Feature Extraction and Selection
    Experiments
         Data Sets
         Baseline Methods
    Discussion
    Summary and Directions
    References

    Cloud-Based Data Mining for Insider Threat Detection
    Overview
    Challenges, Related Work, and Our Approach
    Data Mining for Insider Threat Detection
         Our Solution Architecture
         Feature Extraction and Compact Representation
         RDF Repository Architecture
         Data Storage
         Answering Queries Using Hadoop MapReduce
         Data Mining Applications
    Comprehensive Framework
    Summary and Directions
    References

    Cloud-Centric Assured Information Sharing
    Overview
    System Design
         Design of CAISS
         Design of CAISS++
         Formal Policy Analysis
         Implementation Approach
    Related Work
         Our Related Research
         Overall Related Research
         Commercial Developments
    Summary and Directions
    References

    Design and Implementation of a Semantic Cloud-Based Assured Information Sharing System
    Overview
    Architecture
         Overview
         Framework Configuration
         Modules in our Architecture
         Features of our Policy Engine Framework
    Summary and Directions
    References

    Conclusion to Part VII

    TOWARD A TRUSTWORTHY CLOUD

    Trust Management and the Cloud
    Overview
    Trust Management
         Trust Management and Negotiation
         Trust and Risk Management
         Reputation-Based Systems
    Trust and Cloud Services
         Trust Management as a Cloud Service
         Trust Management for Cloud Services
    Summary and Directions
    References

    Privacy and Cloud Services
    Overview
    Privacy Management
         Privacy Issues
         Privacy Problem through Inference
         Platform for Privacy Preferences
         Privacy Preserving Cloud Mining
    Privacy Management and the Cloud
         Cloud Services for Privacy Management
         Privacy for Cloud Services and Semantic Cloud Services
    Summary and Directions
    References

    Integrity Management, Data Provenance, and Cloud Services
    Overview
    Integrity, Data Quality, and Provenance
         Aspects of Integrity
         Inferencing, Data Quality, and Data Provenance
    Integrity Management and Cloud Services
         Cloud Services for Integrity Management
         Integrity for the Cloud and Semantic Cloud Services
    Summary and Directions
    References

    Conclusion to Part VIII

    BUILDING AN INFRASTRUCTURE, AN EDUCATION INITIATIVE, AND A RESEARCH PROGRAM FOR A SECURE CLOUD

    An Infrastructure for a Secure Cloud
    Overview
    Description of the Research Infrastructure
         Background
         Infrastructure Development
         Hardware Component of the Infrastructure
         Software Component of the Infrastructure
         Data Component of the Infrastructure
    Integrating the Cloud with Existing Infrastructures
    Sample Projects Utilizing the Cloud Infrastructure
    Education and Performance
         Education Enhancement
         Performance
    Summary and Directions
    References

    An Education Program for a Secure Cloud
    Overview
    IA Education at UTD
         Overview of UTD CS
         Course Offerings in IA
         Our Educational Programs in IA
         Equipment and Facilities for IA Education and Research
    Assured Cloud Computing Education Program
         Organization of the Capacity-Building Activities
         Curriculum Development Activities
         Course Programming Projects
         Instructional Cloud Computing Facility
    Evaluation Plan
    Summary and Directions
    References

    A Research Initiative for a Secure Cloud
    Overview
    Research Contributions
         Overview
         Secure Cloud Data and Information Management
         Cloud-Based Security Applications
         Security Models for the Cloud
         Toward Building Secure Social Networks in the Cloud
    Summary and Directions
    References

    Summary and Directions
    About This Chapter
    Summary of This Book
    Directions for Cloud Computing and Secure Cloud Computing.
         Secure Services
         Cloud Computing
         Secure Cloud Computing
    Our Goals on Securing the Cloud
    Where Do We Go from Here?

    Conclusion to Part IX

    Appendices:
    Data Management Systems—Developments and Trends
    Data Mining Techniques
    Access Control in Database Systems
    Assured Information Sharing Life Cycle

    Index

    Biography

    Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. I Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) since September 2010. She has unique experience working in the commercial industry, federal research laboratory, US government and academia, and her 30+ year career includes research and development, technology transfer, product development, program management, and consulting to the federal government.

    Dr. Thuraisingham joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center which conducts research in data security and privacy, secure systems, secure networks, secure languages, secure social media, data mining and semantic web. She is an elected Fellow of several prestigious organizations including the IEEE (Institute for Electrical and Electronics Engineers, 2002), the AAAS (American Association for the Advancement of Science, 2003), the BCS (British Computer Society, 2005), and the SPDS (Society for Design and Process Science - a society that promotes transdisciplinary research - 2011). She is the recipient of numerous awards including (i) the IEEE Computer Society's 1997 Technical Achievement Award for outstanding and innovative contributions to secure data management, (ii) the 2010 Research Leadership Award for Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics presented jointly by the IEEE Intelligent and Transportation Systems Society and the IEEE Systems, Man and Cybernetics Society (iii) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for seminal research contributions and leadership in data and applications security for over 25 years and (iv) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sus