skip to main content


Search for: All records

Award ID contains: 1423481

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. A major challenge in Infrastructure as a Service (IaaS) clouds is its exposure to malware. Malware can spread rapidly within a datacenter and can cause major disruption to a cloud service provider and its clients. This paper introduces and discusses an effective malware detection approach in cloud infrastructure using Convolutional Neural Network (CNN), a deep learning approach. We initially employ a standard 2d CNN by training on metadata available for each of the processes in a virtual machine (VM) obtained by means of the hypervisor. We enhance the CNN classifier accuracy by using a novel 3d CNN (where an input is a collection of samples over a time interval), which greatly helps reduce mislabelled samples during data collection and training. Our experiments are performed on data collected by running various malware (mostly Trojans and Rootkits) on VMs. The malware used in our experiments are randomly selected. This reduces the selection bias of known-to-be highly active malware for easy detection. We demonstrate that our 2d CNN model reaches an accuracy of ' 79%, and our 3d CNN model significantly improves the accuracy to ' 90%. 
    more » « less
  2. Internet of Things has become a predominant phenomenon in every sphere of smart life. Connected Cars and Vehicular Internet of Things, which involves communication and data exchange between vehicles, traffic infrastructure or other entities are pivotal to realize the vision of smart city and intelligent transportation. Vehicular Cloud offers a promising architecture wherein storage and processing capabilities of smart objects are utilized to provide on-the-fly fog platform. Researchers have demonstrated vulnerabilities in this emerging vehicular IoT ecosystem, where data has been stolen from critical sensors and smart vehicles controlled remotely. Security and privacy is important in Internet of Vehicles (IoV) where access to electronic control units, applications and data in connected cars should only be authorized to legitimate users, sensors or vehicles. In this paper, we propose an authorization framework to secure this dynamic system where interactions among entities is not pre-defined. We provide an extended access control oriented (E-ACO) architecture relevant to IoV and discuss the need of vehicular clouds in this time and location sensitive environment. We outline approaches to different access control models which can be enforced at various layers of E-ACO architecture and in the authorization framework. Finally, we discuss use cases to illustrate access control requirements in our vision of cloud assisted connected cars and vehicular IoT, and discuss possible research directions. 
    more » « less
  3. The concept of Internet of Things (IoT) has received considerable attention and development in recent years. There have been significant studies on access control models for IoT in academia, while companies have already deployed several cloud-enabled IoT platforms. However, there is no consensus on a formal access control model for cloud-enabled IoT. The access-control oriented (ACO) architecture was recently proposed for cloud-enabled IoT, with virtual objects (VOs) and cloud services in the middle layers. Building upon ACO, operational and administrative access control models have been published for virtual object communication in cloud-enabled IoT illustrated by a use case of sensing speeding cars as a running example. In this paper, we study AWS IoT as a major commercial cloud- IoT platform and investigate its suitability for implementing the afore-mentioned academic models of ACO and VO communication control. While AWS IoT has a notion of digital shadows closely analogous to VOs, it lacks explicit capability for VO communication and thereby for VO communication control. Thus there is a significant mismatch between AWS IoT and these academic models. The principal contribution of this paper is to reconcile this mismatch by showing how to use the mechanisms of AWS IoT to effectively implement VO communication models. To this end, we develop an access control model for virtual objects (shadows) communication in AWS IoT called AWS-IoT-ACMVO. We develop a proof-of-concept implementation of the speeding cars use case in AWS IoT under guidance of this model, and provide selected performance measurements. We conclude with a discussion of possible alternate implementations of this use case in AWS IoT. 
    more » « less
  4. Apache Hadoop is a predominant software framework for distributed compute and storage with capability to handle huge amounts of data, usually referred to as Big Data. This data collected from different enterprises and government agencies often includes private and sensitive information, which needs to be secured from unauthorized access. This paper proposes extensions to the current authorization capabilities offered by Hadoop core and other ecosystem projects, specifically Apache Ranger and Apache Sentry. We present a fine-grained attribute-based access control model, referred as HeABAC, catering to the security and privacy needs of multi-tenant Hadoop ecosystem. The paper reviews the current multi-layered access control model used primarily in Hadoop core (2.x), Apache Ranger (version 0.6) and Sentry (version 1.7.0), as well as a previously proposed RBAC extension (OT-RBAC). It then presents a formal attribute-based access control model for Hadoop ecosystem, including the novel concept of cross Hadoop services trust. It further highlights different trust scenarios, presents an implementation approach for HeABAC using Apache Ranger and, discusses the administration requirements of HeABAC operational model. Some comprehensive, real-world use cases are also discussed to reflect the application and enforcement of the proposed HeABAC model in Hadoop ecosystem. 
    more » « less
  5. Abstract—Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing subfield of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems. 
    more » « less