An efficient approach based on trust and reputation for secured selection of grid resources

Security is a principal concern in offering an infrastructure for the formation of general-purpose computational grids. A number of grid implementations have been devised to deal with the security concerns by authenticating the users, hosts and their interactions in an appropriate fashion. Resource management systems that are sophisticated and secured are inevitable for the efficient and beneficial deployment of grid computing services. The chief factors that can be problematic in the secured selection of grid resources are the wide range of selection and the high degree of strangeness. Moreover, the lack of a higher degree of confidence relationship is likely to prevent efficient resource allocation and utilisation. In this paper, we present an efficient approach for the secured selection of grid resources, so as to achieve secure execution of the jobs. This approach utilises trust and reputation for securely selecting the grid resources. To start with, the self-protection capability and reputation weightage of all the entities are computed, and based on those values, the trust factor (TF) of all the entities are determined. The reputation weightage of an entity is the measure of both the user’s feedback and other entities’ feedback. Those entities with higher TF values are selected for the secured execution of jobs. To make the proposed approach more comprehensive, a novel method is employed for evaluating the user’s feedback on the basis of the existing feedbacks available regarding the entities. This approach is proved to be scalable for an increased number of user jobs and grid entities. The experimentation portrays that this approach offers desirable efficiency in the secured selection of grid resources.

A generic framework for three-factor authentication : preserving security and privacy in distributed systems

As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. The conversion not only significantly improves the information assurance at low cost but also protects client privacy in distributed systems. In addition, our framework retains several practice-friendly properties of the underlying two-factor authentication, which we believe is of independent interest.

Dealing with rogue virtual machines in a cloud services environment

In current cloud services hosting solutions, various mechanisms have been developed to minimize the possibility of hosting staff from breaching security. However, while functions such as replicating and moving machines are legitimate actions in clouds, we show that there are risks in administrators being able to perform them. We describe three threat scenarios related to hosting staff on the cloud architecture and indicate how an appropriate accountability architecture can mitigate these risks in the sense that the attacks can be detected and the perpetrators identified. We identify requirements and future research and development needed to protect cloud service environments from these attacks.

Security framework for mobile agents-based applications

Mobile agents have been proposed for key applications such as forensics analysis, intrusion detection, e-commerce, and resource management. Yet, they are vulnerable to various security threats by malicious hosts or intruders. Conversely, genuine platforms may run malicious agents. It is essential to establish a truly secure framework for mobile agents to gain trust of clients in the system. Failure to accomplish a trustworthy secured framework for Mobile Agent System (MAS) will limit their deployment into the key applications. This chapter presents a comprehensive taxonomy of various security threats to Mobile Agent System and the existing implemented security mechanisms. Different mechanisms are discussed, and the related security deficiencies are highlighted. The various security properties of the agent and the agent platform are described. The chapter also introduces the properties, advantages, and roles of agents in various applications. It describes the infrastructure of the system and discusses several mobile agent frameworks and the accomplished security level.

Trust/worthiness and accountability

Based on recent research with Indigenous people in south eastern Australia and non-Indigenous supporters of their struggles, this paper explores the question of trust: something that recurred in non-Indigenous people's thinking about their work. It looks at different approaches to working in a context in which distrust is well-founded. The paper suggests a revisiting of key works on accountability as a possible resource for transformative relationships.

Generating repudiable, memorizable and privacy preserving security questions using the Propp Theory of Narrative

 Security questions are often based on personal information that is limited in variety, available in the public record and very difficult to change if compromised. A personalized folktale shared only by the communicating parties provides memorizable basis for individualized security questions that can be readily replaced in the event of a security breach. We utilize the Propp theory of narrative to provide a basis of abstraction for story generation systems. We develop a proof-of-concept system based on placeholder replacement to demonstrate the generation of repudiate and memorizable questions and answers suitable for online security questions. A 3-component protocol is presented that demonstrates the use of this process to derive a shared secret key through privacy amplification. This combination of story generation and communication security provides the basis for improvements in current security question practice.

Security and privacy of users' personal Information on smartphones

 This research investigated the proliferation of malicious applications on smartphones and a framework that can efficiently detect and classify such applications based on behavioural patterns was proposed. Additionally the causes and impact of unauthorised disclosure of personal information by clean applications were examined and countermeasures to protect smartphone users’ privacy were proposed.

Adaptable, model-driven security engineering for SaaS cloud-based applications

Software-as-a-service (SaaS) multi-tenancy in cloud-based applications helps service providers to save cost, improve resource utilization, and reduce service customization and maintenance time. This is achieved by sharing of resources and service instances among multiple "tenants" of the cloud-hosted application. However, supporting multi-tenancy adds more complexity to SaaS applications required capabilities. Security is one of these key requirements that must be addressed when engineering multi-tenant SaaS applications. The sharing of resources among tenants - i.e. multi-tenancy - increases tenants' concerns about the security of their cloud-hosted assets. Compounding this, existing traditional security engineering approaches do not fit well with the multi-tenancy application model where tenants and their security requirements often emerge after the applications and services were first developed. The resultant applications do not usually support diverse security capabilities based on different tenants' needs, some of which may change at run-time i.e. after cloud application deployment. We introduce a novel model-driven security engineering approach for multi-tenant, cloud-hosted SaaS applications. Our approach is based on externalizing security from the underlying SaaS application, allowing both application/service and security to evolve at runtime. Multiple security sets can be enforced on the same application instance based on different tenants' security requirements. We use abstract models to capture service provider and multiple tenants' security requirements and then generate security integration and configurations at runtime. We use dependency injection and dynamic weaving via Aspect-Oriented Programming (AOP) to integrate security within critical application/service entities at runtime. We explain our approach, architecture and implementation details, discuss a usage example, and present an evaluation of our approach on a set of open source web applications.