Developing and Securing the Cloud  book cover
SAVE
$14.79
1st Edition

Developing and Securing the Cloud





ISBN 9781138374539
Published September 18, 2018 by Auerbach Publications
730 Pages 290 B/W Illustrations

 
SAVE ~ $14.79
was $73.95
USD $59.16

Prices & shipping based on shipping country


Preview

Book Description

Although the use of cloud computing platforms and applications has expanded rapidly, most books on the subject focus on high-level concepts. There has long been a need for a book that provides detailed guidance on how to develop secure clouds.

Filling this void, Developing and Securing the Cloud provides a comprehensive overview of cloud computing technology. Supplying step-by-step instruction on how to develop and secure cloud computing platforms and web services, it includes an easy-to-understand, basic-level overview of cloud computing and its supporting technologies.

Presenting a framework for secure cloud computing development, the book describes supporting technologies for the cloud such as web services and security. It details the various layers of the cloud computing framework, including the virtual machine monitor and hypervisor, cloud data storage, cloud data management, and virtual network monitor. It also provides several examples of cloud products and prototypes, including private, public, and U.S. government clouds.

Reviewing recent developments in cloud computing, the book illustrates the essential concepts, issues, and challenges in developing and securing today’s cloud computing platforms and applications. It also examines prototypes built on experimental cloud computing systems that the author and her team have developed at the University of Texas at Dallas.

This diverse reference is suitable for those in industry, government, and academia. Technologists will develop the understanding required to select the appropriate tools for particular cloud applications. Developers will discover alternative designs for cloud development, and managers will understand if it’s best to build their own clouds or contract them out.

Table of Contents

Introduction
About This Book
Supporting Technologies
     From Mainframe to the Cloud
     Security Technologies
     Data, Information, and Knowledge Management
Secure Services Technologies
     Secure Services Technologies
     Secure Semantic Services
     Specialized Secure Services
Cloud Computing Concepts
Experimental Cloud Computing Systems
Secure Cloud Computing
Experimental Secure Cloud Computing Systems
Experimental Cloud Computing for Security Applications
Toward Trustworthy Clouds
Building an Infrastructure, Education Program, and a Research Program for a Secure Cloud
Organization of This Book
Next Steps

SUPPORTING TECHNOLOGIES

From Mainframe to the Cloud
Overview
Early Computing Systems
Distributed Computing
World Wide Web
Cloud Computing
Summary and Directions
References

Trustworthy Systems
Overview
Secure Systems
     Overview
     Access Control and Other Security Concepts
     Types of Secure Systems
     Secure Operating Systems
     Secure Database Systems
     Secure Networks
     Emerging Trends
     Impact of the Web
     Steps to Building Secure Systems
Dependable Systems
     Overview
     Trust Management
     Digital Rights Management
     Privacy
     Integrity, Data Quality, and High Assurance
Security Threats and Solutions
Building Secure Systems from Untrusted Components
Summary and Directions
References

Data, Information and Knowledge Management
Overview
Data Management
     Data Management
     Complex Data Management
Information Management
     Data Warehousing and Data Mining
     Information Retrieval
     Search Engines
Knowledge Management
Activity Management
     E-Business and E-Commerce
     Collaboration and Workflow
     Information Integration
     Information Sharing
     Social Networking
     Supply Chain Management
Summary and Directions
References

Conclusion to Part I

SECURE SERVICES TECHNOLOGIES

Service-Oriented Computing and Security
Overview
Service-Oriented Computing
     Services Paradigm
     SOA and Web Services
     Service-Oriented Analysis and Design
Secure Service-Oriented Computing
     Secure Services Paradigm
     Secure SOA and WS
     Secure SOAD
     Access Control for WS
     Digital Identity Management
     Security Models for WS
Summary and Directions
References

Semantic Web Services and Security
Overview
Semantic Web
     Layered Technology Stack
     eXtensible Markup Language
     Resource Description Framework
     Ontologies
     Web Rules and SWRL
     Semantic Web Services
Secure Semantic Web Services
     Security for the Semantic Web
     XML Security
     RDF Security
     Security and Ontologies
     Secure Query and Rules Processing
     Privacy and Trust for the Semantic Web
     Secure Semantic Web and WS
Summary and Directions
References

Specialized Web Services and Security
Overview
Specialized Web Services
     Overview
     Web Services for Data Management
     Web Services for Complex Data Management
     Web Services for Information Management
     Web Services for Knowledge Management
     Web Services for Activity Management
     Domain Web Services
     Emerging Web Services
Secure Specialized Web Services
     Overview
     Web Services for Secure Data Management
     Web Services for Secure Complex Data Management
     Web Services for Secure Information Management
     Web Services for Secure Knowledge Management
     Secure Web Services for Activity Management
     Secure Domain Web Services
     Emerging Secure Web Services
Summary and Directions
References

Conclusion to Part II

CLOUD COMPUTING CONCEPTS

Cloud Computing Concepts
Overview
Preliminaries in Cloud Computing
     Cloud Deployment Models
     Service Models
Virtualization
Cloud Storage and Data Management
Summary and Directions
References

Cloud Computing Functions
Overview
Cloud Computing Framework
Cloud OSs and Hypervisors
Cloud Networks
Cloud Data and Storage Management
Cloud Applications
Cloud Policy Management, Back-Up, and Recovery
Summary and Directions
References

Cloud Data Management
Overview
Relational Data Model
Architectural Issues
DBMS Functions
     Overview
     Query Processing
     Transaction Management
     Storage Management
     Metadata Management
     Database Integrity
     Fault Tolerance
Data Mining
Other Aspects
Summary and Directions
References

Specialized Clouds, Services, and Applications
Overview
Specialized Clouds
     Mobile Clouds
     Multimedia Clouds
Cloud Applications
Summary and Directions
References

Cloud Service Providers, Products, and Frameworks
Overview
Cloud Service Providers, Products, and Frameworks
     Cloud Service Providers
     Cloud Products
     Cloud Frameworks
Summary and Directions
References

Conclusion to Part III

EXPERIMENTAL CLOUD COMPUTING SYSTEMS

Experimental Cloud Query Processing System
Overview
Our Approach
Related Work
Architecture
     Data Generation and Storage
     File Organization
     Predicate Split
     Split Using Explicit-Type Information of Object
     Split Using Implicit-Type Information of Object
MapReduce Framework
     Overview
     Input Files Selection
     Cost Estimation for Query Processing
     Query Plan Generation
     Breaking Ties by Summary Statistics
     MapReduce Join Execution
Results
     Data Sets, Frameworks, and Experimental Setup
     Evaluation
Summary and Directions
References

Social Networking on the Cloud
Overview
Foundational Technologies for SNODSOC and SNODSOC++
     SNOD
     Location Extraction
     Entity/Concept Extraction and Integration
     Ontology Construction
     Cloud Query Processing
Design of SNODSOC
     Overview of the Modules
     SNODSOC and Trend Analysis
     Content-Driven Location Extraction
     Categorization
     Ontology Construction
Toward SNODSOC++
     Benefits of SNOD++
Cloud-Based Social Network Analysis
     Stream Processing
     Twitter Storm for SNODSOC
Related Work
Summary and Directions
References

Experimental Semantic Web-Based Cloud Computing Systems
Overview
Jena-HBase: A Distributed, Scalable, and Efficient RDF Triple Store
StormRider: Harnessing "Storm" for Social Networks
Ontology-Driven Query Expansion Using Map/Reduce Framework
     BET Calculation Using MapReduce Distributed Computing
Summary and Directions
References

Conclusion to Part IV

SECURE CLOUD COMPUTING CONCEPTS

Secure Cloud Computing Concepts
Overview
Secure Cloud Computing and Governance
Security Architecture
Identity Management and Access Control
     Cloud Identity Administration
Cloud Storage and Data Security
Privacy, Compliance, and Forensics for the Cloud
     Privacy
     Regulations and Compliance
     Cloud Forensics
Cryptogaphic Solutions
Network Security
Business Continuity Planning
Operations Management
Physical Security
Summary and Directions
References

Secure Cloud Computing Functions
Overview
Secure Cloud Computing Framework
Secure Cloud OSs and Hypervisors
Secure Cloud Networks
Secure Cloud Storage Management
Secure Cloud Data Management
Cloud Security and Integrity Management
Secure Cloud Applications
Summary and Directions
References

Secure Cloud Data Management
Overview
Secure Data Management
     Access Control
     Inference Problem
     Secure Distributed/Heterogeneous Data Management
     Secure Object Data Systems
     Data Warehousing, Data Mining, Security, and Privacy
     Secure Information Management
     Secure Knowledge Management
Impact of the Cloud
     Discretionary Security
     Inference Problem
     Secure Distributed and Heterogeneous Data Management
     Secure Object Systems
     Data Warehousing, Data Mining, Security, and Privacy
     Secure Information Management
     Secure Knowledge Management
Summary and Directions
References

Secure Cloud Computing Guidelines
Overview
The Guidelines
Summary and Directions
References

Security as a Service
Overview
Data Mining Services for Cyber Security Applications
     Overview
     Cyber Terrorism, Insider Threats, and External Attacks
     Malicious Intrusions
     Credit Card Fraud and Identity Theft
     Attacks on Critical Infrastructures
     Data Mining Services for Cyber Security
Current Research on Security as a Service
Other Services for Cyber Security Applications
Summary and Directions
References

Secure Cloud Computing Products
Overview
Overview of the Products
Summary and Directions
References

Conclusion to Part V

EXPERIMENTAL SECURE CLOUD COMPUTING SYSTEMS

Secure Cloud Query Processing with Relational Data
Overview
Related Work
System Architecture
     The Web Application Layer
     The ZQL Parser Layer
     The XACML Policy Layer
Implementation Details and Results
     Implementation Setup
     Experimental Datasets
     Implementation Results
Summary and Directions
References

Secure Cloud Query Processing with Semantic Web Data
Overview
Background
     Related Work
Access Control
     Model
     AT Assignment
     Conflicts
System Architecture
     Overview of the Architecture
Policy Enforcement
     Query Rewriting
     Embedded Enforcement
     Postprocessing Enforcement
Experimental Setup and Results
Summary and Directions
References

Secure Cloud-Based Information Integration
Overview
Integrating Blackbook with Amazon S3
Experiments
Summary and Directions
References

Conclusion to Part VI

EXPERIMENTAL CLOUD SYSTEMS FOR SECURITY APPLICATIONS

Cloud-Based Malware Detection for Evolving Data Streams
Overview
Malware Detection
     Malware Detection as a Data Stream Classification Problem
     Cloud Computing for Malware Detection
     Our Contributions
Related Work
Design and Implementation of the System
     Ensemble Construction and Updating
     Error Reduction Analysis
     Empirical Error Reduction and Time Complexity
     Hadoop/MapReduce Framework
Malicious Code Detection
     Ovverview
     Nondistributed Feature Extraction and Selection
     Distributed Feature Extraction and Selection
Experiments
     Data Sets
     Baseline Methods
Discussion
Summary and Directions
References

Cloud-Based Data Mining for Insider Threat Detection
Overview
Challenges, Related Work, and Our Approach
Data Mining for Insider Threat Detection
     Our Solution Architecture
     Feature Extraction and Compact Representation
     RDF Repository Architecture
     Data Storage
     Answering Queries Using Hadoop MapReduce
     Data Mining Applications
Comprehensive Framework
Summary and Directions
References

Cloud-Centric Assured Information Sharing
Overview
System Design
     Design of CAISS
     Design of CAISS++
     Formal Policy Analysis
     Implementation Approach
Related Work
     Our Related Research
     Overall Related Research
     Commercial Developments
Summary and Directions
References

Design and Implementation of a Semantic Cloud-Based Assured Information Sharing System
Overview
Architecture
     Overview
     Framework Configuration
     Modules in our Architecture
     Features of our Policy Engine Framework
Summary and Directions
References

Conclusion to Part VII

TOWARD A TRUSTWORTHY CLOUD

Trust Management and the Cloud
Overview
Trust Management
     Trust Management and Negotiation
     Trust and Risk Management
     Reputation-Based Systems
Trust and Cloud Services
     Trust Management as a Cloud Service
     Trust Management for Cloud Services
Summary and Directions
References

Privacy and Cloud Services
Overview
Privacy Management
     Privacy Issues
     Privacy Problem through Inference
     Platform for Privacy Preferences
     Privacy Preserving Cloud Mining
Privacy Management and the Cloud
     Cloud Services for Privacy Management
     Privacy for Cloud Services and Semantic Cloud Services
Summary and Directions
References

Integrity Management, Data Provenance, and Cloud Services
Overview
Integrity, Data Quality, and Provenance
     Aspects of Integrity
     Inferencing, Data Quality, and Data Provenance
Integrity Management and Cloud Services
     Cloud Services for Integrity Management
     Integrity for the Cloud and Semantic Cloud Services
Summary and Directions
References

Conclusion to Part VIII

BUILDING AN INFRASTRUCTURE, AN EDUCATION INITIATIVE, AND A RESEARCH PROGRAM FOR A SECURE CLOUD

An Infrastructure for a Secure Cloud
Overview
Description of the Research Infrastructure
     Background
     Infrastructure Development
     Hardware Component of the Infrastructure
     Software Component of the Infrastructure
     Data Component of the Infrastructure
Integrating the Cloud with Existing Infrastructures
Sample Projects Utilizing the Cloud Infrastructure
Education and Performance
     Education Enhancement
     Performance
Summary and Directions
References

An Education Program for a Secure Cloud
Overview
IA Education at UTD
     Overview of UTD CS
     Course Offerings in IA
     Our Educational Programs in IA
     Equipment and Facilities for IA Education and Research
Assured Cloud Computing Education Program
     Organization of the Capacity-Building Activities
     Curriculum Development Activities
     Course Programming Projects
     Instructional Cloud Computing Facility
Evaluation Plan
Summary and Directions
References

A Research Initiative for a Secure Cloud
Overview
Research Contributions
     Overview
     Secure Cloud Data and Information Management
     Cloud-Based Security Applications
     Security Models for the Cloud
     Toward Building Secure Social Networks in the Cloud
Summary and Directions
References

Summary and Directions
About This Chapter
Summary of This Book
Directions for Cloud Computing and Secure Cloud Computing.
     Secure Services
     Cloud Computing
     Secure Cloud Computing
Our Goals on Securing the Cloud
Where Do We Go from Here?

Conclusion to Part IX

Appendices:
Data Management Systems—Developments and Trends
Data Mining Techniques
Access Control in Database Systems
Assured Information Sharing Life Cycle

Index

...
View More

Author(s)

Biography

Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. I Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) since September 2010. She has unique experience working in the commercial industry, federal research laboratory, US government and academia, and her 30+ year career includes research and development, technology transfer, product development, program management, and consulting to the federal government.

Dr. Thuraisingham joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center which conducts research in data security and privacy, secure systems, secure networks, secure languages, secure social media, data mining and semantic web. She is an elected Fellow of several prestigious organizations including the IEEE (Institute for Electrical and Electronics Engineers, 2002), the AAAS (American Association for the Advancement of Science, 2003), the BCS (British Computer Society, 2005), and the SPDS (Society for Design and Process Science – a society that promotes transdisciplinary research – 2011). She is the recipient of numerous awards including (i) the IEEE Computer Society’s 1997 Technical Achievement Award for "outstanding and innovative contributions to secure data management", (ii) the 2010 Research Leadership Award for "Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics" presented jointly by the IEEE Intelligent and Transportation Systems Society and the IEEE Systems, Man and Cybernetics Society (iii) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for "seminal research contributions and leadership in data and applications security for over 25 years" and (iv) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sustained Professional Excellence in Communications, Electronics, Intelligence and Information Systems and Service to the Association. She is a Distinguished Scientist of ACM, was an IEEE Distinguished Lecturer between 2002 and 2005, and was also featured by Silicon India magazine as one of the seven leading technology innovators of South Asian origin in the USA in 2002. She received the prestigious earned higher doctorate degree of Doctor of Engineering from the University of Bristol, England for her thesis consisting of her published works on secure dependable data management.

Over her 30+ year career, Dr. Thuraisingham’s pioneering research contributions include (i) proving that the inference problem is unsolvable and finding solutions to solvable classes of the problem, which has been quoted by the National Security Agency as the significant development in database security in 1990, (ii) novel approaches to designing and developing multilevel secure relational distributed and object systems, (iii) incorporating security into real-time systems and analyzing the tradeoffs, (iv) developing solutions to semantic web-based policy management and incentives for information sharing among organizations and (iv) the development of data mining tools for malware and insider threat detection.

During her seven years at UTD, Dr. Thuraisingham has established and leads a strong research program in Intelligence and Security Informatics which now includes 6 core professors and the team has generated over $16 million in research funding from agencies such as NSF, AFOSR, IARPA, NGA, NASA, ONR, ARMY, NIH and DARPA as well as multiple corporations. The research projects include two NSF Career Grants, an AFOSR Young Investigator Program Award, DoD MURI Award on Assured Information Sharing, a large NSF Trustworthy Computing grant on data provenance, and multiple NSF medium grants (Cyber Trust, Trustworthy Computing and NeTS programs) on policy management, inline reference monitors and data integrity and multiple AFOSR grants on topics such as assured cloud computing and reactively adaptive malware. Her current focus includes three activities: (i) studying how terrorists and hackers function so that effective and improved solutions can be provided, (ii) initiating interdisciplinary programs integrating social sciences and information sciences and (iii) transferring the technologies developed at the university to commercial development efforts. She is also instrumental in establishing UTD’s undergraduate certificate program as well as the MS Track in Information Assurance and is a Co-PI of the $1.8 million NSF Scholarship for Service Award in Cyber Security and PI on a capacity building grant from NSF on assured cloud computing. She teaches courses in data and applications security, trustworthy semantic services, digital forensics, biometrics, information security analytics, and secure cloud computing. Her team collaborates with the North Texas Regional Computer Forensics Laboratory for student projects, researchers from AFRL Rome, NY on assured cloud computing, and industrial research laboratories.

Prior to joining UTD, Dr. Thuraisingham was an IPA (Intergovernmental Personnel Act) at the National Science Foundation (NSF) in Arlington, VA, from the MITRE Corporation for three years. At NSF, she established the Data and Applications Security Program and co-founded the Cyber Trust theme and was involved in interagency activities in data mining for counter-terrorism. She worked at MITRE in Bedford, MA between January 1989 and September 2001, first in the Information Security Center and later as a department head in Data and Information Management as well as Chief Scientist in Data Management in the Intelligence and Air Force centers. At MITRE, she led team research and development efforts on secure data management and real-time data management for NSA, AFRL, SPAWAR, CECOM and CIA.

She also served as a technical consultant in information security and data management to the Department of Defense and the Intelligence Community for over 10 years and established research programs in data security and data mining. She has continued to serve as an expert consultant to the Department of Treasury since 1999 on software research credit and also advised the Department of Justice in 2001.

Thuraisingham’s industry experience includes six years of research and product development as well as technology transfer at Control Data Corp. and Honeywell Inc. in Minneapolis, MN. While in industry and at MITRE, she was an adjunct professor of computer science and member of the graduate faculty, first at the University of Minnesota and later at Boston University between 1984 and 2001. She also worked as visiting professor soon after her PhD, first at the New Mexico Institute of Technology and later at the University of Minnesota between 1980 and 1983.

Dr. Thuraisingham’s current research interests include data security and privacy and data mining for counter-terrorism. Her work has resulted in over 100 journal articles, over 200 refereed conference papers and workshops, five US patents (two pending) and several IP disclosures. She is the author of eleven books in data management, data mining and data security including on data mining for counter-terrorism, Database and Applications Security, and Data Mining Tools for Malware Detection and is completing her twelfth book on Building and Securing the Cloud. She is also the editor of twelve books. She has given over 90 keynote presentations at various technical conferences and has also given invited talks at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. She serves (or has served) on editorial and advisory boards of leading research and industry journals including several IEEE and ACM Transactions, the VLDB Journal, and also served as the Editor in Chief of Computer Standards and Interfaces Journal. She has contributed to multiple standards activities including Navy’s Next Generation Interface efforts, Object Management Group’s Real-time Computing and C4I efforts, and more recently the Open Geospatial Consortium’s semantic web efforts. In addition, she has been an instructor at AFCEA’s (Armed Forces Communications and Electronics Association) Professional Development Center since 1998 and has served on panels for the Air Force Scientific Advisory Board and the National Academy of Sciences. She is a member of several professional organizations including the IFIP 11.3 Working Group in Data and Applications Security. She has chaired 10+ conferences and has served in 100+ conference program committees. She served on the advisory board of the Computer Science Department of Purdue University from 2005 to 2006.

Dr. Thuraisingham received her BS degree in Mathematics and Physics with first class at the University of Ceylon, her M.Sc degree in Mathematical Logic at the University of Bristol, UK and her PhD degree in Theory of Computation at the University of Wales, UK. She strongly believes in continuing education and has also received a number of professional qualifications to enhance her 30 year career since 1980 including an MS in Computer Science focusing in computer systems and networks at the University of Minnesota, Java Development Certification from Learning Tree International, the Certificate in Terrorism Studies at St. Andrews University, Scotland and CISSP (Certified Information Systems Security Professional) certification with ISC2.

Dr. Thuraisingham is the founding president of "Bhavani Security Consulting, LLC", a company providing services in consulting and training in Cyber Security and Information Technology. She is also the founder of "Knowledge and Security Analytics, LLC", a spin-off company from UTD developing tools in assured information sharing and "Evolving Malware Security, LLC" a second spinoff company from UTD developing malware detection tools. She also serves on the inaugural corporate board of Accuvant Corporation since 2011.

Dr. Thuraisingham promotes Math and Science to high school students as well as to women and underrepresented minorities, and is a member of the Society of Women Engineers (SWE). She has participated in panels at CRA-W and has given featured addresses at conferences sponsored by WITI (Women in Technology International) and SWE. Her additional awards include the 2001 Woman of Color Research Leadership Award from Career Communications Inc. and the Fellow of the Society of Information Reuse and Integration (subcommittee of IEEE Systems, Man and Cybernetics Society). She has been involved with IEEE Computer Society activities for over 10 years first serving on the conferences and tutorial board and later on the awards board. She also serves on the ACM Policy Council advising about policy issues on privacy and intellectual property and on the ACM-W council promoting women in computing. She is a strong advocate for safeguarding children and has participated in a National Academy panel on protecting children from inappropriate content on the Internet chaired by the Hon. Dick Thornburgh in 2000 and is continuing with these efforts and recently participated in the EastWest Institute’s 1st Worldwide Security Summit panel on protecting our children in cyberspace. She also writes motivational articles including one on CS Careers in the Global Economy and another on an 8E framework for promoting women in science and engineering. Articles on her efforts and her vision, as well as her team’s research, have appeared in multiple media outlets including the Dallas Morning News, The Boston Globe, ABC News, D Magazine, MITRE Matters, the DFW Metroplex Technology magazine and Raytheon Technology Magazine, as well as press releases published by UTD, MITRE, the United States Air Force, and IBM Research Zurich among others. She has also appeared on DFW television giving her views on cyber security.