Ensuring Service Integrity in Cloud Computing
Open Access
- Author:
- Yoon, Eunjung
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- October 02, 2019
- Committee Members:
- Peng Liu, Dissertation Advisor/Co-Advisor
Sencun Zhu, Committee Chair/Co-Chair
Gang Tan, Committee Member
Bhuvan Urgaonkar, Committee Member
Jia Li, Outside Member
Peng Liu, Committee Chair/Co-Chair
Chitaranjan Das, Program Head/Chair - Keywords:
- Security
Cloud Computing
Big Data
Intrusion Recovery
Computation Integrity
MapReduce - Abstract:
- The rapid growth of cloud computing has brought lots of security challenges for consumers and service providers. Although the adoption of cloud computing brings many benefits, security remains a major concern in cloud computing environments. Security concerns lead to many challenges when consumers move their computation and data to the cloud. When users outsource their data and computation to the cloud, their main concern would be whether (1) they can ensure their outsourced data is not having any security issues in the cloud. (2) they can ensure that the outsourced computation was honestly and correctly carried out by the cloud service provider. (3) they can ensure cloud service is always available in the event of the attack. To this end, we focus on ensuring the service integrity and reliability in the cloud computing environment, during normal operation and even after the compromise. This dissertation presents approaches to monitor, audit, verify, and restore the integrity of applications and services in a cloud computing environment, particularly, in Web services and Big data computing that are popular in a cloud computing environment. We first present a cross-layer intrusion recovery framework, called XLRF, that can efficiently and automatically restore the integrity of compromised workflow applications and data in Web services both at the workflow layer and at the OS layer. Second, we explore the vulnerabilities in MapReduce computation and propose the approach to carry out the semantic analysis of system calls collected from workers at runtime and Hadoop logs as a novel way of detecting cheating and malicious behavior of MapReduce applications. Lastly, we propose a new approach to the practical and efficient verification of computation integrity via partial re-execution, called V-MR. V-MR provides the computation audit that a client can ensure the computation results are correct. V-MR uses partial re-execution for verification and reduces re-execution costs by generating input data slices and program slices based on the control flow and data dependency analysis.