Developing and Securing the Cloud: 1st Edition (Paperback) book cover

Developing and Securing the Cloud

1st Edition

By Bhavani Thuraisingham

Auerbach Publications

730 pages | 290 B/W Illus.

Purchasing Options:$ = USD
New in Paperback: 9781138374539
pub: 2018-09-18
$71.00
x
Hardback: 9781439862919
pub: 2013-10-28
$86.95
x
eBook (VitalSource) : 9780429165795
pub: 2013-10-28
from $43.48


FREE Standard Shipping!

Description

Although the use of cloud computing platforms and applications has expanded rapidly, most books on the subject focus on high-level concepts. There has long been a need for a book that provides detailed guidance on how to develop secure clouds.

Filling this void, Developing and Securing the Cloud providesa comprehensive overview of cloud computing technology. Supplying step-by-step instruction on how to develop and secure cloud computing platforms and web services, it includes an easy-to-understand, basic-level overview of cloud computing and its supporting technologies.

Presenting a framework for secure cloud computing development, the book describes supporting technologies for the cloud such as web services and security. It details the various layers of the cloud computing framework, including the virtual machine monitor and hypervisor, cloud data storage, cloud data management, and virtual network monitor. It also provides several examples of cloud products and prototypes, including private, public, and U.S. government clouds.

Reviewing recent developments in cloud computing, the book illustrates the essential concepts, issues, and challenges in developing and securing today’s cloud computing platforms and applications. It also examines prototypes built on experimental cloud computing systems that the author and her team have developed at the University of Texas at Dallas.

This diverse reference is suitable for those in industry, government, and academia. Technologists will develop the understanding required to select the appropriate tools for particular cloud applications. Developers will discover alternative designs for cloud development, and managers will understand if it’s best to build their own clouds or contract them out.

Table of Contents

Introduction

About This Book

Supporting Technologies

From Mainframe to the Cloud

Security Technologies

Data, Information, and Knowledge Management

Secure Services Technologies

Secure Services Technologies

Secure Semantic Services

Specialized Secure Services

Cloud Computing Concepts

Experimental Cloud Computing Systems

Secure Cloud Computing

Experimental Secure Cloud Computing Systems

Experimental Cloud Computing for Security Applications

Toward Trustworthy Clouds

Building an Infrastructure, Education Program, and a Research Program for a Secure Cloud

Organization of This Book

Next Steps

SUPPORTING TECHNOLOGIES

From Mainframe to the Cloud

Overview

Early Computing Systems

Distributed Computing

World Wide Web

Cloud Computing

Summary and Directions

References

Trustworthy Systems

Overview

Secure Systems

Overview

Access Control and Other Security Concepts

Types of Secure Systems

Secure Operating Systems

Secure Database Systems

Secure Networks

Emerging Trends

Impact of the Web

Steps to Building Secure Systems

Dependable Systems

Overview

Trust Management

Digital Rights Management

Privacy

Integrity, Data Quality, and High Assurance

Security Threats and Solutions

Building Secure Systems from Untrusted Components

Summary and Directions

References

Data, Information and Knowledge Management

Overview

Data Management

Data Management

Complex Data Management

Information Management

Data Warehousing and Data Mining

Information Retrieval

Search Engines

Knowledge Management

Activity Management

E-Business and E-Commerce

Collaboration and Workflow

Information Integration

Information Sharing

Social Networking

Supply Chain Management

Summary and Directions

References

Conclusion to Part I

SECURE SERVICES TECHNOLOGIES

Service-Oriented Computing and Security

Overview

Service-Oriented Computing

Services Paradigm

SOA and Web Services

Service-Oriented Analysis and Design

Secure Service-Oriented Computing

Secure Services Paradigm

Secure SOA and WS

Secure SOAD

Access Control for WS

Digital Identity Management

Security Models for WS

Summary and Directions

References

Semantic Web Services and Security

Overview

Semantic Web

Layered Technology Stack

eXtensible Markup Language

Resource Description Framework

Ontologies

Web Rules and SWRL

Semantic Web Services

Secure Semantic Web Services

Security for the Semantic Web

XML Security

RDF Security

Security and Ontologies

Secure Query and Rules Processing

Privacy and Trust for the Semantic Web

Secure Semantic Web and WS

Summary and Directions

References

Specialized Web Services and Security

Overview

Specialized Web Services

Overview

Web Services for Data Management

Web Services for Complex Data Management

Web Services for Information Management

Web Services for Knowledge Management

Web Services for Activity Management

Domain Web Services

Emerging Web Services

Secure Specialized Web Services

Overview

Web Services for Secure Data Management

Web Services for Secure Complex Data Management

Web Services for Secure Information Management

Web Services for Secure Knowledge Management

Secure Web Services for Activity Management

Secure Domain Web Services

Emerging Secure Web Services

Summary and Directions

References

Conclusion to Part II

CLOUD COMPUTING CONCEPTS

Cloud Computing Concepts

Overview

Preliminaries in Cloud Computing

Cloud Deployment Models

Service Models

Virtualization

Cloud Storage and Data Management

Summary and Directions

References

Cloud Computing Functions

Overview

Cloud Computing Framework

Cloud OSs and Hypervisors

Cloud Networks

Cloud Data and Storage Management

Cloud Applications

Cloud Policy Management, Back-Up, and Recovery

Summary and Directions

References

Cloud Data Management

Overview

Relational Data Model

Architectural Issues

DBMS Functions

Overview

Query Processing

Transaction Management

Storage Management

Metadata Management

Database Integrity

Fault Tolerance

Data Mining

Other Aspects

Summary and Directions

References

Specialized Clouds, Services, and Applications

Overview

Specialized Clouds

Mobile Clouds

Multimedia Clouds

Cloud Applications

Summary and Directions

References

Cloud Service Providers, Products, and Frameworks

Overview

Cloud Service Providers, Products, and Frameworks

Cloud Service Providers

Cloud Products

Cloud Frameworks

Summary and Directions

References

Conclusion to Part III

EXPERIMENTAL CLOUD COMPUTING SYSTEMS

Experimental Cloud Query Processing System

Overview

Our Approach

Related Work

Architecture

Data Generation and Storage

File Organization

Predicate Split

Split Using Explicit-Type Information of Object

Split Using Implicit-Type Information of Object

MapReduce Framework

Overview

Input Files Selection

Cost Estimation for Query Processing

Query Plan Generation

Breaking Ties by Summary Statistics

MapReduce Join Execution

Results

Data Sets, Frameworks, and Experimental Setup

Evaluation

Summary and Directions

References

Social Networking on the Cloud

Overview

Foundational Technologies for SNODSOC and SNODSOC++

SNOD

Location Extraction

Entity/Concept Extraction and Integration

Ontology Construction

Cloud Query Processing

Design of SNODSOC

Overview of the Modules

SNODSOC and Trend Analysis

Content-Driven Location Extraction

Categorization

Ontology Construction

Toward SNODSOC++

Benefits of SNOD++

Cloud-Based Social Network Analysis

Stream Processing

Twitter Storm for SNODSOC

Related Work

Summary and Directions

References

Experimental Semantic Web-Based Cloud Computing Systems

Overview

Jena-HBase: A Distributed, Scalable, and Efficient RDF Triple Store

StormRider: Harnessing "Storm" for Social Networks

Ontology-Driven Query Expansion Using Map/Reduce Framework

BET Calculation Using MapReduce Distributed Computing

Summary and Directions

References

Conclusion to Part IV

SECURE CLOUD COMPUTING CONCEPTS

Secure Cloud Computing Concepts

Overview

Secure Cloud Computing and Governance

Security Architecture

Identity Management and Access Control

Cloud Identity Administration

Cloud Storage and Data Security

Privacy, Compliance, and Forensics for the Cloud

Privacy

Regulations and Compliance

Cloud Forensics

Cryptogaphic Solutions

Network Security

Business Continuity Planning

Operations Management

Physical Security

Summary and Directions

References

Secure Cloud Computing Functions

Overview

Secure Cloud Computing Framework

Secure Cloud OSs and Hypervisors

Secure Cloud Networks

Secure Cloud Storage Management

Secure Cloud Data Management

Cloud Security and Integrity Management

Secure Cloud Applications

Summary and Directions

References

Secure Cloud Data Management

Overview

Secure Data Management

Access Control

Inference Problem

Secure Distributed/Heterogeneous Data Management

Secure Object Data Systems

Data Warehousing, Data Mining, Security, and Privacy

Secure Information Management

Secure Knowledge Management

Impact of the Cloud

Discretionary Security

Inference Problem

Secure Distributed and Heterogeneous Data Management

Secure Object Systems

Data Warehousing, Data Mining, Security, and Privacy

Secure Information Management

Secure Knowledge Management

Summary and Directions

References

Secure Cloud Computing Guidelines

Overview

The Guidelines

Summary and Directions

References

Security as a Service

Overview

Data Mining Services for Cyber Security Applications

Overview

Cyber Terrorism, Insider Threats, and External Attacks

Malicious Intrusions

Credit Card Fraud and Identity Theft

Attacks on Critical Infrastructures

Data Mining Services for Cyber Security

Current Research on Security as a Service

Other Services for Cyber Security Applications

Summary and Directions

References

Secure Cloud Computing Products

Overview

Overview of the Products

Summary and Directions

References

Conclusion to Part V

EXPERIMENTAL SECURE CLOUD COMPUTING SYSTEMS

Secure Cloud Query Processing with Relational Data

Overview

Related Work

System Architecture

The Web Application Layer

The ZQL Parser Layer

The XACML Policy Layer

Implementation Details and Results

Implementation Setup

Experimental Datasets

Implementation Results

Summary and Directions

References

Secure Cloud Query Processing with Semantic Web Data

Overview

Background

Related Work

Access Control

Model

AT Assignment

Conflicts

System Architecture

Overview of the Architecture

Policy Enforcement

Query Rewriting

Embedded Enforcement

Postprocessing Enforcement

Experimental Setup and Results

Summary and Directions

References

Secure Cloud-Based Information Integration

Overview

Integrating Blackbook with Amazon S3

Experiments

Summary and Directions

References

Conclusion to Part VI

EXPERIMENTAL CLOUD SYSTEMS FOR SECURITY APPLICATIONS

Cloud-Based Malware Detection for Evolving Data Streams

Overview

Malware Detection

Malware Detection as a Data Stream Classification Problem

Cloud Computing for Malware Detection

Our Contributions

Related Work

Design and Implementation of the System

Ensemble Construction and Updating

Error Reduction Analysis

Empirical Error Reduction and Time Complexity

Hadoop/MapReduce Framework

Malicious Code Detection

Ovverview

Nondistributed Feature Extraction and Selection

Distributed Feature Extraction and Selection

Experiments

Data Sets

Baseline Methods

Discussion

Summary and Directions

References

Cloud-Based Data Mining for Insider Threat Detection

Overview

Challenges, Related Work, and Our Approach

Data Mining for Insider Threat Detection

Our Solution Architecture

Feature Extraction and Compact Representation

RDF Repository Architecture

Data Storage

Answering Queries Using Hadoop MapReduce

Data Mining Applications

Comprehensive Framework

Summary and Directions

References

Cloud-Centric Assured Information Sharing

Overview

System Design

Design of CAISS

Design of CAISS++

Formal Policy Analysis

Implementation Approach

Related Work

Our Related Research

Overall Related Research

Commercial Developments

Summary and Directions

References

Design and Implementation of a Semantic Cloud-Based Assured Information Sharing System

Overview

Architecture

Overview

Framework Configuration

Modules in our Architecture

Features of our Policy Engine Framework

Summary and Directions

References

Conclusion to Part VII

TOWARD A TRUSTWORTHY CLOUD

Trust Management and the Cloud

Overview

Trust Management

Trust Management and Negotiation

Trust and Risk Management

Reputation-Based Systems

Trust and Cloud Services

Trust Management as a Cloud Service

Trust Management for Cloud Services

Summary and Directions

References

Privacy and Cloud Services

Overview

Privacy Management

Privacy Issues

Privacy Problem through Inference

Platform for Privacy Preferences

Privacy Preserving Cloud Mining

Privacy Management and the Cloud

Cloud Services for Privacy Management

Privacy for Cloud Services and Semantic Cloud Services

Summary and Directions

References

Integrity Management, Data Provenance, and Cloud Services

Overview

Integrity, Data Quality, and Provenance

Aspects of Integrity

Inferencing, Data Quality, and Data Provenance

Integrity Management and Cloud Services

Cloud Services for Integrity Management

Integrity for the Cloud and Semantic Cloud Services

Summary and Directions

References

Conclusion to Part VIII

BUILDING AN INFRASTRUCTURE, AN EDUCATION INITIATIVE, AND A RESEARCH PROGRAM FOR A SECURE CLOUD

An Infrastructure for a Secure Cloud

Overview

Description of the Research Infrastructure

Background

Infrastructure Development

Hardware Component of the Infrastructure

Software Component of the Infrastructure

Data Component of the Infrastructure

Integrating the Cloud with Existing Infrastructures

Sample Projects Utilizing the Cloud Infrastructure

Education and Performance

Education Enhancement

Performance

Summary and Directions

References

An Education Program for a Secure Cloud

Overview

IA Education at UTD

Overview of UTD CS

Course Offerings in IA

Our Educational Programs in IA

Equipment and Facilities for IA Education and Research

Assured Cloud Computing Education Program

Organization of the Capacity-Building Activities

Curriculum Development Activities

Course Programming Projects

Instructional Cloud Computing Facility

Evaluation Plan

Summary and Directions

References

A Research Initiative for a Secure Cloud

Overview

Research Contributions

Overview

Secure Cloud Data and Information Management

Cloud-Based Security Applications

Security Models for the Cloud

Toward Building Secure Social Networks in the Cloud

Summary and Directions

References

Summary and Directions

About This Chapter

Summary of This Book

Directions for Cloud Computing and Secure Cloud Computing.

Secure Services

Cloud Computing

Secure Cloud Computing

Our Goals on Securing the Cloud

Where Do We Go from Here?

Conclusion to Part IX

Appendices:

Data Management Systems—Developments and Trends

Data Mining Techniques

Access Control in Database Systems

Assured Information Sharing Life Cycle

Index

About the Author

Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. I Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) since September 2010. She has unique experience working in the commercial industry, federal research laboratory, US government and academia, and her 30+ year career includes research and development, technology transfer, product development, program management, and consulting to the federal government.

Dr. Thuraisingham joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center which conducts research in data security and privacy, secure systems, secure networks, secure languages, secure social media, data mining and semantic web. She is an elected Fellow of several prestigious organizations including the IEEE (Institute for Electrical and Electronics Engineers, 2002), the AAAS (American Association for the Advancement of Science, 2003), the BCS (British Computer Society, 2005), and the SPDS (Society for Design and Process Science – a society that promotes transdisciplinary research – 2011). She is the recipient of numerous awards including (i) the IEEE Computer Society’s 1997 Technical Achievement Award for "outstanding and innovative contributions to secure data management", (ii) the 2010 Research Leadership Award for "Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics" presented jointly by the IEEE Intelligent and Transportation Systems Society and the IEEE Systems, Man and Cybernetics Society (iii) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for "seminal research contributions and leadership in data and applications security for over 25 years" and (iv) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sustained Professional Excellence in Communications, Electronics, Intelligence and Information Systems and Service to the Association. She is a Distinguished Scientist of ACM, was an IEEE Distinguished Lecturer between 2002 and 2005, and was also featured by Silicon India magazine as one of the seven leading technology innovators of South Asian origin in the USA in 2002. She received the prestigious earned higher doctorate degree of Doctor of Engineering from the University of Bristol, England for her thesis consisting of her published works on secure dependable data management.

Over her 30+ year career, Dr. Thuraisingham’s pioneering research contributions include (i) proving that the inference problem is unsolvable and finding solutions to solvable classes of the problem, which has been quoted by the National Security Agency as the significant development in database security in 1990, (ii) novel approaches to designing and developing multilevel secure relational distributed and object systems, (iii) incorporating security into real-time systems and analyzing the tradeoffs, (iv) developing solutions to semantic web-based policy management and incentives for information sharing among organizations and (iv) the development of data mining tools for malware and insider threat detection.

During her seven years at UTD, Dr. Thuraisingham has established and leads a strong research program in Intelligence and Security Informatics which now includes 6 core professors and the team has generated over $16 million in research funding from agencies such as NSF, AFOSR, IARPA, NGA, NASA, ONR, ARMY, NIH and DARPA as well as multiple corporations. The research projects include two NSF Career Grants, an AFOSR Young Investigator Program Award, DoD MURI Award on Assured Information Sharing, a large NSF Trustworthy Computing grant on data provenance, and multiple NSF medium grants (Cyber Trust, Trustworthy Computing and NeTS programs) on policy management, inline reference monitors and data integrity and multiple AFOSR grants on topics such as assured cloud computing and reactively adaptive malware. Her current focus includes three activities: (i) studying how terrorists and hackers function so that effective and improved solutions can be provided, (ii) initiating interdisciplinary programs integrating social sciences and information sciences and (iii) transferring the technologies developed at the university to commercial development efforts. She is also instrumental in establishing UTD’s undergraduate certificate program as well as the MS Track in Information Assurance and is a Co-PI of the $1.8 million NSF Scholarship for Service Award in Cyber Security and PI on a capacity building grant from NSF on assured cloud computing. She teaches courses in data and applications security, trustworthy semantic services, digital forensics, biometrics, information security analytics, and secure cloud computing. Her team collaborates with the North Texas Regional Computer Forensics Laboratory for student projects, researchers from AFRL Rome, NY on assured cloud computing, and industrial research laboratories.

Prior to joining UTD, Dr. Thuraisingham was an IPA (Intergovernmental Personnel Act) at the National Science Foundation (NSF) in Arlington, VA, from the MITRE Corporation for three years. At NSF, she established the Data and Applications Security Program and co-founded the Cyber Trust theme and was involved in interagency activities in data mining for counter-terrorism. She worked at MITRE in Bedford, MA between January 1989 and September 2001, first in the Information Security Center and later as a department head in Data and Information Management as well as Chief Scientist in Data Management in the Intelligence and Air Force centers. At MITRE, she led team research and development efforts on secure data management and real-time data management for NSA, AFRL, SPAWAR, CECOM and CIA.

She also served as a technical consultant in information security and data management to the Department of Defense and the Intelligence Community for over 10 years and established research programs in data security and data mining. She has continued to serve as an expert consultant to the Department of Treasury since 1999 on software research credit and also advised the Department of Justice in 2001.

Thuraisingham’s industry experience includes six years of research and product development as well as technology transfer at Control Data Corp. and Honeywell Inc. in Minneapolis, MN. While in industry and at MITRE, she was an adjunct professor of computer science and member of the graduate faculty, first at the University of Minnesota and later at Boston University between 1984 and 2001. She also worked as visiting professor soon after her PhD, first at the New Mexico Institute of Technology and later at the University of Minnesota between 1980 and 1983.

Dr. Thuraisingham’s current research interests include data security and privacy and data mining for counter-terrorism. Her work has resulted in over 100 journal articles, over 200 refereed conference papers and workshops, five US patents (two pending) and several IP disclosures. She is the author of eleven books in data management, data mining and data security including on data mining for counter-terrorism, Database and Applications Security, and Data Mining Tools for Malware Detection and is completing her twelfth book on Building and Securing the Cloud. She is also the editor of twelve books. She has given over 90 keynote presentations at various technical conferences and has also given invited talks at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. She serves (or has served) on editorial and advisory boards of leading research and industry journals including several IEEE and ACM Transactions, the VLDB Journal, and also served as the Editor in Chief of Computer Standards and Interfaces Journal. She has contributed to multiple standards activities including Navy’s Next Generation Interface efforts, Object Management Group’s Real-time Computing and C4I efforts, and more recently the Open Geospatial Consortium’s semantic web efforts. In addition, she has been an instructor at AFCEA’s (Armed Forces Communications and Electronics Association) Professional Development Center since 1998 and has served on panels for the Air Force Scientific Advisory Board and the National Academy of Sciences. She is a member of several professional organizations including the IFIP 11.3 Working Group in Data and Applications Security. She has chaired 10+ conferences and has served in 100+ conference program committees. She served on the advisory board of the Computer Science Department of Purdue University from 2005 to 2006.

Dr. Thuraisingham received her BS degree in Mathematics and Physics with first class at the University of Ceylon, her M.Sc degree in Mathematical Logic at the University of Bristol, UK and her PhD degree in Theory of Computation at the University of Wales, UK. She strongly believes in continuing education and has also received a number of professional qualifications to enhance her 30 year career since 1980 including an MS in Computer Science focusing in computer systems and networks at the University of Minnesota, Java Development Certification from Learning Tree International, the Certificate in Terrorism Studies at St. Andrews University, Scotland and CISSP (Certified Information Systems Security Professional) certification with ISC2.

Dr. Thuraisingham is the founding president of "Bhavani Security Consulting, LLC", a company providing services in consulting and training in Cyber Security and Information Technology. She is also the founder of "Knowledge and Security Analytics, LLC", a spin-off company from UTD developing tools in assured information sharing and "Evolving Malware Security, LLC" a second spinoff company from UTD developing malware detection tools. She also serves on the inaugural corporate board of Accuvant Corporation since 2011.

Dr. Thuraisingham promotes Math and Science to high school students as well as to women and underrepresented minorities, and is a member of the Society of Women Engineers (SWE). She has participated in panels at CRA-W and has given featured addresses at conferences sponsored by WITI (Women in Technology International) and SWE. Her additional awards include the 2001 Woman of Color Research Leadership Award from Career Communications Inc. and the Fellow of the Society of Information Reuse and Integration (subcommittee of IEEE Systems, Man and Cybernetics Society). She has been involved with IEEE Computer Society activities for over 10 years first serving on the conferences and tutorial board and later on the awards board. She also serves on the ACM Policy Council advising about policy issues on privacy and intellectual property and on the ACM-W council promoting women in computing. She is a strong advocate for safeguarding children and has participated in a National Academy panel on protecting children from inappropriate content on the Internet chaired by the Hon. Dick Thornburgh in 2000 and is continuing with these efforts and recently participated in the EastWest Institute’s 1st Worldwide Security Summit panel on protecting our children in cyberspace. She also writes motivational articles including one on CS Careers in the Global Economy and another on an 8E framework for promoting women in science and engineering. Articles on her efforts and her vision, as well as her team’s research, have appeared in multiple media outlets including the Dallas Morning News, The Boston Globe, ABC News, D Magazine, MITRE Matters, the DFW Metroplex Technology magazine and Raytheon Technology Magazine, as well as press releases published by UTD, MITRE, the United States Air Force, and IBM Research Zurich among others. She has also appeared on DFW television giving her views on cyber security.

Subject Categories

BISAC Subject Codes/Headings:
COM032000
COMPUTERS / Information Technology
COM051230
COMPUTERS / Software Development & Engineering / General
COM053000
COMPUTERS / Security / General
COM060000
COMPUTERS / Internet / General