Although the use of cloud computing platforms and applications has expanded rapidly, most books on the subject focus on high-level concepts. There has long been a need for a book that provides detailed guidance on how to develop secure clouds.
Filling this void, Developing and Securing the Cloud provides a comprehensive overview of cloud computing technology. Supplying step-by-step instruction on how to develop and secure cloud computing platforms and web services, it includes an easy-to-understand, basic-level overview of cloud computing and its supporting technologies.
Presenting a framework for secure cloud computing development, the book describes supporting technologies for the cloud such as web services and security. It details the various layers of the cloud computing framework, including the virtual machine monitor and hypervisor, cloud data storage, cloud data management, and virtual network monitor. It also provides several examples of cloud products and prototypes, including private, public, and U.S. government clouds.
Reviewing recent developments in cloud computing, the book illustrates the essential concepts, issues, and challenges in developing and securing today’s cloud computing platforms and applications. It also examines prototypes built on experimental cloud computing systems that the author and her team have developed at the University of Texas at Dallas.
This diverse reference is suitable for those in industry, government, and academia. Technologists will develop the understanding required to select the appropriate tools for particular cloud applications. Developers will discover alternative designs for cloud development, and managers will understand if it’s best to build their own clouds or contract them out.
Introduction
About This Book
Supporting Technologies
From Mainframe to the Cloud
Security Technologies
Data, Information, and Knowledge Management
Secure Services Technologies
Secure Services Technologies
Secure Semantic Services
Specialized Secure Services
Cloud Computing Concepts
Experimental Cloud Computing Systems
Secure Cloud Computing
Experimental Secure Cloud Computing Systems
Experimental Cloud Computing for Security Applications
Toward Trustworthy Clouds
Building an Infrastructure, Education Program, and a Research Program for a Secure Cloud
Organization of This Book
Next Steps
SUPPORTING TECHNOLOGIES
From Mainframe to the Cloud
Overview
Early Computing Systems
Distributed Computing
World Wide Web
Cloud Computing
Summary and Directions
References
Trustworthy Systems
Overview
Secure Systems
Overview
Access Control and Other Security Concepts
Types of Secure Systems
Secure Operating Systems
Secure Database Systems
Secure Networks
Emerging Trends
Impact of the Web
Steps to Building Secure Systems
Dependable Systems
Overview
Trust Management
Digital Rights Management
Privacy
Integrity, Data Quality, and High Assurance
Security Threats and Solutions
Building Secure Systems from Untrusted Components
Summary and Directions
References
Data, Information and Knowledge Management
Overview
Data Management
Data Management
Complex Data Management
Information Management
Data Warehousing and Data Mining
Information Retrieval
Search Engines
Knowledge Management
Activity Management
E-Business and E-Commerce
Collaboration and Workflow
Information Integration
Information Sharing
Social Networking
Supply Chain Management
Summary and Directions
References
Conclusion to Part I
SECURE SERVICES TECHNOLOGIES
Service-Oriented Computing and Security
Overview
Service-Oriented Computing
Services Paradigm
SOA and Web Services
Service-Oriented Analysis and Design
Secure Service-Oriented Computing
Secure Services Paradigm
Secure SOA and WS
Secure SOAD
Access Control for WS
Digital Identity Management
Security Models for WS
Summary and Directions
References
Semantic Web Services and Security
Overview
Semantic Web
Layered Technology Stack
eXtensible Markup Language
Resource Description Framework
Ontologies
Web Rules and SWRL
Semantic Web Services
Secure Semantic Web Services
Security for the Semantic Web
XML Security
RDF Security
Security and Ontologies
Secure Query and Rules Processing
Privacy and Trust for the Semantic Web
Secure Semantic Web and WS
Summary and Directions
References
Specialized Web Services and Security
Overview
Specialized Web Services
Overview
Web Services for Data Management
Web Services for Complex Data Management
Web Services for Information Management
Web Services for Knowledge Management
Web Services for Activity Management
Domain Web Services
Emerging Web Services
Secure Specialized Web Services
Overview
Web Services for Secure Data Management
Web Services for Secure Complex Data Management
Web Services for Secure Information Management
Web Services for Secure Knowledge Management
Secure Web Services for Activity Management
Secure Domain Web Services
Emerging Secure Web Services
Summary and Directions
References
Conclusion to Part II
CLOUD COMPUTING CONCEPTS
Cloud Computing Concepts
Overview
Preliminaries in Cloud Computing
Cloud Deployment Models
Service Models
Virtualization
Cloud Storage and Data Management
Summary and Directions
References
Cloud Computing Functions
Overview
Cloud Computing Framework
Cloud OSs and Hypervisors
Cloud Networks
Cloud Data and Storage Management
Cloud Applications
Cloud Policy Management, Back-Up, and Recovery
Summary and Directions
References
Cloud Data Management
Overview
Relational Data Model
Architectural Issues
DBMS Functions
Overview
Query Processing
Transaction Management
Storage Management
Metadata Management
Database Integrity
Fault Tolerance
Data Mining
Other Aspects
Summary and Directions
References
Specialized Clouds, Services, and Applications
Overview
Specialized Clouds
Mobile Clouds
Multimedia Clouds
Cloud Applications
Summary and Directions
References
Cloud Service Providers, Products, and Frameworks
Overview
Cloud Service Providers, Products, and Frameworks
Cloud Service Providers
Cloud Products
Cloud Frameworks
Summary and Directions
References
Conclusion to Part III
EXPERIMENTAL CLOUD COMPUTING SYSTEMS
Experimental Cloud Query Processing System
Overview
Our Approach
Related Work
Architecture
Data Generation and Storage
File Organization
Predicate Split
Split Using Explicit-Type Information of Object
Split Using Implicit-Type Information of Object
MapReduce Framework
Overview
Input Files Selection
Cost Estimation for Query Processing
Query Plan Generation
Breaking Ties by Summary Statistics
MapReduce Join Execution
Results
Data Sets, Frameworks, and Experimental Setup
Evaluation
Summary and Directions
References
Social Networking on the Cloud
Overview
Foundational Technologies for SNODSOC and SNODSOC++
SNOD
Location Extraction
Entity/Concept Extraction and Integration
Ontology Construction
Cloud Query Processing
Design of SNODSOC
Overview of the Modules
SNODSOC and Trend Analysis
Content-Driven Location Extraction
Categorization
Ontology Construction
Toward SNODSOC++
Benefits of SNOD++
Cloud-Based Social Network Analysis
Stream Processing
Twitter Storm for SNODSOC
Related Work
Summary and Directions
References
Experimental Semantic Web-Based Cloud Computing Systems
Overview
Jena-HBase: A Distributed, Scalable, and Efficient RDF Triple Store
StormRider: Harnessing "Storm" for Social Networks
Ontology-Driven Query Expansion Using Map/Reduce Framework
BET Calculation Using MapReduce Distributed Computing
Summary and Directions
References
Conclusion to Part IV
SECURE CLOUD COMPUTING CONCEPTS
Secure Cloud Computing Concepts
Overview
Secure Cloud Computing and Governance
Security Architecture
Identity Management and Access Control
Cloud Identity Administration
Cloud Storage and Data Security
Privacy, Compliance, and Forensics for the Cloud
Privacy
Regulations and Compliance
Cloud Forensics
Cryptogaphic Solutions
Network Security
Business Continuity Planning
Operations Management
Physical Security
Summary and Directions
References
Secure Cloud Computing Functions
Overview
Secure Cloud Computing Framework
Secure Cloud OSs and Hypervisors
Secure Cloud Networks
Secure Cloud Storage Management
Secure Cloud Data Management
Cloud Security and Integrity Management
Secure Cloud Applications
Summary and Directions
References
Secure Cloud Data Management
Overview
Secure Data Management
Access Control
Inference Problem
Secure Distributed/Heterogeneous Data Management
Secure Object Data Systems
Data Warehousing, Data Mining, Security, and Privacy
Secure Information Management
Secure Knowledge Management
Impact of the Cloud
Discretionary Security
Inference Problem
Secure Distributed and Heterogeneous Data Management
Secure Object Systems
Data Warehousing, Data Mining, Security, and Privacy
Secure Information Management
Secure Knowledge Management
Summary and Directions
References
Secure Cloud Computing Guidelines
Overview
The Guidelines
Summary and Directions
References
Security as a Service
Overview
Data Mining Services for Cyber Security Applications
Overview
Cyber Terrorism, Insider Threats, and External Attacks
Malicious Intrusions
Credit Card Fraud and Identity Theft
Attacks on Critical Infrastructures
Data Mining Services for Cyber Security
Current Research on Security as a Service
Other Services for Cyber Security Applications
Summary and Directions
References
Secure Cloud Computing Products
Overview
Overview of the Products
Summary and Directions
References
Conclusion to Part V
EXPERIMENTAL SECURE CLOUD COMPUTING SYSTEMS
Secure Cloud Query Processing with Relational Data
Overview
Related Work
System Architecture
The Web Application Layer
The ZQL Parser Layer
The XACML Policy Layer
Implementation Details and Results
Implementation Setup
Experimental Datasets
Implementation Results
Summary and Directions
References
Secure Cloud Query Processing with Semantic Web Data
Overview
Background
Related Work
Access Control
Model
AT Assignment
Conflicts
System Architecture
Overview of the Architecture
Policy Enforcement
Query Rewriting
Embedded Enforcement
Postprocessing Enforcement
Experimental Setup and Results
Summary and Directions
References
Secure Cloud-Based Information Integration
Overview
Integrating Blackbook with Amazon S3
Experiments
Summary and Directions
References
Conclusion to Part VI
EXPERIMENTAL CLOUD SYSTEMS FOR SECURITY APPLICATIONS
Cloud-Based Malware Detection for Evolving Data Streams
Overview
Malware Detection
Malware Detection as a Data Stream Classification Problem
Cloud Computing for Malware Detection
Our Contributions
Related Work
Design and Implementation of the System
Ensemble Construction and Updating
Error Reduction Analysis
Empirical Error Reduction and Time Complexity
Hadoop/MapReduce Framework
Malicious Code Detection
Ovverview
Nondistributed Feature Extraction and Selection
Distributed Feature Extraction and Selection
Experiments
Data Sets
Baseline Methods
Discussion
Summary and Directions
References
Cloud-Based Data Mining for Insider Threat Detection
Overview
Challenges, Related Work, and Our Approach
Data Mining for Insider Threat Detection
Our Solution Architecture
Feature Extraction and Compact Representation
RDF Repository Architecture
Data Storage
Answering Queries Using Hadoop MapReduce
Data Mining Applications
Comprehensive Framework
Summary and Directions
References
Cloud-Centric Assured Information Sharing
Overview
System Design
Design of CAISS
Design of CAISS++
Formal Policy Analysis
Implementation Approach
Related Work
Our Related Research
Overall Related Research
Commercial Developments
Summary and Directions
References
Design and Implementation of a Semantic Cloud-Based Assured Information Sharing System
Overview
Architecture
Overview
Framework Configuration
Modules in our Architecture
Features of our Policy Engine Framework
Summary and Directions
References
Conclusion to Part VII
TOWARD A TRUSTWORTHY CLOUD
Trust Management and the Cloud
Overview
Trust Management
Trust Management and Negotiation
Trust and Risk Management
Reputation-Based Systems
Trust and Cloud Services
Trust Management as a Cloud Service
Trust Management for Cloud Services
Summary and Directions
References
Privacy and Cloud Services
Overview
Privacy Management
Privacy Issues
Privacy Problem through Inference
Platform for Privacy Preferences
Privacy Preserving Cloud Mining
Privacy Management and the Cloud
Cloud Services for Privacy Management
Privacy for Cloud Services and Semantic Cloud Services
Summary and Directions
References
Integrity Management, Data Provenance, and Cloud Services
Overview
Integrity, Data Quality, and Provenance
Aspects of Integrity
Inferencing, Data Quality, and Data Provenance
Integrity Management and Cloud Services
Cloud Services for Integrity Management
Integrity for the Cloud and Semantic Cloud Services
Summary and Directions
References
Conclusion to Part VIII
BUILDING AN INFRASTRUCTURE, AN EDUCATION INITIATIVE, AND A RESEARCH PROGRAM FOR A SECURE CLOUD
An Infrastructure for a Secure Cloud
Overview
Description of the Research Infrastructure
Background
Infrastructure Development
Hardware Component of the Infrastructure
Software Component of the Infrastructure
Data Component of the Infrastructure
Integrating the Cloud with Existing Infrastructures
Sample Projects Utilizing the Cloud Infrastructure
Education and Performance
Education Enhancement
Performance
Summary and Directions
References
An Education Program for a Secure Cloud
Overview
IA Education at UTD
Overview of UTD CS
Course Offerings in IA
Our Educational Programs in IA
Equipment and Facilities for IA Education and Research
Assured Cloud Computing Education Program
Organization of the Capacity-Building Activities
Curriculum Development Activities
Course Programming Projects
Instructional Cloud Computing Facility
Evaluation Plan
Summary and Directions
References
A Research Initiative for a Secure Cloud
Overview
Research Contributions
Overview
Secure Cloud Data and Information Management
Cloud-Based Security Applications
Security Models for the Cloud
Toward Building Secure Social Networks in the Cloud
Summary and Directions
References
Summary and Directions
About This Chapter
Summary of This Book
Directions for Cloud Computing and Secure Cloud Computing.
Secure Services
Cloud Computing
Secure Cloud Computing
Our Goals on Securing the Cloud
Where Do We Go from Here?
Conclusion to Part IX
Appendices:
Data Management Systems—Developments and Trends
Data Mining Techniques
Access Control in Database Systems
Assured Information Sharing Life Cycle
Index
Biography
Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. I Distinguished Professor in the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) since September 2010. She has unique experience working in the commercial industry, federal research laboratory, US government and academia, and her 30+ year career includes research and development, technology transfer, product development, program management, and consulting to the federal government.
Dr. Thuraisingham joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research Center which conducts research in data security and privacy, secure systems, secure networks, secure languages, secure social media, data mining and semantic web. She is an elected Fellow of several prestigious organizations including the IEEE (Institute for Electrical and Electronics Engineers, 2002), the AAAS (American Association for the Advancement of Science, 2003), the BCS (British Computer Society, 2005), and the SPDS (Society for Design and Process Science - a society that promotes transdisciplinary research - 2011). She is the recipient of numerous awards including (i) the IEEE Computer Society's 1997 Technical Achievement Award for outstanding and innovative contributions to secure data management, (ii) the 2010 Research Leadership Award for Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics presented jointly by the IEEE Intelligent and Transportation Systems Society and the IEEE Systems, Man and Cybernetics Society (iii) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for seminal research contributions and leadership in data and applications security for over 25 years and (iv) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sus