Skip to main content
SpringerLink
Log in
Book cover

High Performance Cloud Auditing and Applications pp 65–90Cite as

Secure Mobile Cloud Computing and Security Issues

  • Chapter
  • First Online:

Abstract

The proliferation of mobile devices, coupled by the increase in their capabilities, have enabled the establishment of a rich mobile computing platform that can be utilized in conjunction with cloud services. In this chapter, we overview the latest mobile computing models and architectures focusing on their security properties. In particular, we study a wide range of threats against the availability, privacy and integrity of mobile cloud computing architectures in which the mobile devices and the cloud jointly perform computation. We then present defense mechanisms that ensure the security of mobile cloud computing architectures and their applications. Throughout the chapter, we identify potential threats as well as possible opportunities for defenses.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Baliga, A., Chen, X., Coskun, B., de los Reyes, G., Lee, S., Mathur, S., Van der Merwe, J.E.: VPMN: virtual private mobile network towards mobility-as-a-service. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Washington, DC, pp. 7–12. ACM, New York (2011). doi:10.1145/1999732.1999735

    Google Scholar 

  2. Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, pp. 73–84. ACM, New York (2010). doi:10.1145/1866307.1866317. http://doi.acm.org/10.1145/1866307.1866317

  3. Barrera, D., Clark, J., McCarney, D., van Oorschot, P.C.: Understanding and improving app installation security mechanisms through empirical analysis of Android. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM’12, Raleigh, pp. 81–92. ACM, New York (2012). doi:10.1145/2381934.2381949

    Google Scholar 

  4. Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP’11, Oakland, pp. 96–111. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SP.2011.29

    Google Scholar 

  5. Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC’06, Vancouver, pp. 37–43. USENIX Association, Berkeley (2006)

    Google Scholar 

  6. Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 93–102. ACM, New York (2010). doi:10.1145/1866835.1866853

    Google Scholar 

  7. Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security, PLAS’09, Dublin, pp. 1–7. ACM, New York (2009). doi:10.1145/1554339.1554341

    Google Scholar 

  8. Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. SIGOPS Oper. Syst. Rev. 41(6), 31–44 (2007). doi:10.1145/1323293.1294265

    Article  Google Scholar 

  9. Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., Shi, E., Song, Z.: Authentication in the clouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 1–6. ACM, New York (2010). doi:10.1145/1866835.1866837

    Google Scholar 

  10. Christensen, J.H.: Using RESTful web-services and cloud computing to create next generation mobile applications. In: Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications, OOPSLA’09, Orlando, pp. 627–634. ACM, New York (2009). doi:10.1145/1639950.1639958

    Google Scholar 

  11. Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 97–102. ACM, New York (2009). doi:10.1145/1655008.1655022

    Google Scholar 

  12. Chun, B.G., Maniatis, P.: Augmented smartphone applications through clone cloud execution. In: Proceedings of the 12th Conference on Hot Topics in Operating Systems, HotOS’09, Monte Verita, pp. 1–5. USENIX Association, Berkeley (2009)

    Google Scholar 

  13. Chun, B.G., Maniatis, P.: Dynamically partitioning applications between weak devices and clouds. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 7:1–7:5. ACM, New York (2010). doi:10.1145/1810931.1810938

    Google Scholar 

  14. Cuervo, E., Balasubramanian, A., Cho, D.k., Wolman, A., Saroiu, S., Chandra, R., Bahl, P.: MAUI: making smartphones last longer with code offload. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, MobiSys’10, San Francisco, pp. 49–62. ACM, New York (2010). doi:10.1145/1814433.1814441

    Google Scholar 

  15. Danezis, G., Livshits, B.: Towards ensuring client-side computational integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW’11, Chicago, pp. 125–130. ACM, New York (2011). doi:10.1145/2046660.2046683

    Google Scholar 

  16. Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, Oakland, pp. 281–295. IEEE Computer Society, Washington, DC (2008). doi:10.1109/SP.2008.16

    Google Scholar 

  17. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 235–245. ACM, New York (2009). doi:10.1145/1653662.1653691

    Google Scholar 

  18. Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI’10, Vancouver, pp. 1–6. USENIX Association, Berkeley (2010)

    Google Scholar 

  19. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love Android: an analysis of Android SSL (in)security. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS’12, Raleigh, pp. 50–61. ACM, New York (2012). doi:10.1145/2382196.2382205

    Google Scholar 

  20. Florio, E.: symantec.com, when malware meets rootkits. http://goo.gl/WdznF

  21. forbes.com: Phone rootkit maker carrier IQ may have violated wiretap law in millions of cases. http://goo.gl/P3NJg

  22. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Network and Distributed Systems Security Symposium, NDSS’03, San Diego, pp. 191–206 (2003)

    Google Scholar 

  23. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC’09, Bethesda, pp. 169–178. ACM, New York (2009). doi:10.1145/1536414.1536440

    Google Scholar 

  24. Gentry, C.: Computing arbitrary functions of encrypted data. Commun. ACM 53(3), 97–105 (2010). doi:10.1145/1666420.1666444

    Article  Google Scholar 

  25. Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Bethesda, pp. 21–26. ACM, New York (2011). doi:10.1145/1999732.1999740

    Google Scholar 

  26. Giurgiu, I., Riva, O., Juric, D., Krivulev, I., Alonso, G.: Calling the cloud: enabling mobile phones as interfaces to cloud applications. In: Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware, Middleware’09, Urbana, vol. 5, pp. 5:1–5:20. Springer, New York (2009)

    Google Scholar 

  27. He, S., Guo, L., Guo, Y.: Elastic application container. In: Proceedings of the 12th IEEE/ACM International Conference on Grid Computing, GRID’11, Lyon, pp. 216–217. IEEE Computer Society, Washington, DC (2011). doi:10.1109/Grid.2011.35

    Google Scholar 

  28. Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 639–652. ACM, New York (2011). doi:10.1145/2046707.2046780

    Google Scholar 

  29. Huang, D., Zhang, X., Kang, M., Luo, J.: MobiCloud: building secure cloud framework for mobile computing and communication. In: Proceedings of 5th IEEE International Symposium on Service Oriented System Engineering, SOSE’10, Nanjing, pp. 27–34. IEEE Computer Society, Washington, DC (2010). doi:10.1109/SOSE.2010.20

    Google Scholar 

  30. Huang, D., Zhou, Z., Xu, L., Xing, T., Zhong, Y.: Secure data processing framework for mobile cloud computing. In: Proceedings of the IEEE Conference on Computer Communications Workshop, Shanghai, pp. 614–618 (2011). doi:10.1109/INFCOMW.2011.5928886

    Google Scholar 

  31. Huerta-Canepa, G., Lee, D.: A virtual cloud computing provider for mobile devices. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 6:1–6:5. ACM, New York (2010). doi:10.1145/1810931.1810937

    Google Scholar 

  32. Jack, B.: blackhat.com, exploiting embedded systems. http://goo.gl/oz7Vs (2006)

  33. Jiang, X.: ncsu.edu, GingerMaster: first Android malware utilizing a root exploit on Android 2.3 (Gingerbread). http://goo.gl/uvTFT

  34. Jiang, X.: ncsu.edu, security alert: new RootSmart Android malware utilizes the GingerBreak root exploit. http://goo.gl/ZTxpg

  35. Ko, S.Y., Jeon, K., Morales, R.: The HybrEx model for confidentiality and privacy in cloud computing. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, HotCloud’11, Portland, pp. 1–5. USENIX Association, Berkeley (2011)

    Google Scholar 

  36. Kupsch, J.A., Miller, B.P., Heymann, E., César, E.: First principles vulnerability assessment. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 87–92. ACM, New York (2010). doi:10.1145/1866835.1866852

    Google Scholar 

  37. Law, Y.W., Palaniswami, M., Hoesel, L.V., Doumen, J., Hartel, P., Havinga, P.: Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols. Trans. Sens. Netw. 5(1), 6:1–6:38 (2009). doi:10.1145/1464420.1464426

    Google Scholar 

  38. Lee, W., Rotoloni, B.: Emerging cyber threats report 2013. Technical report, Georgia Institute of Technology (2012)

    Google Scholar 

  39. Lessard, J., Kessler, G.: Android forensics: simplifying cell phone examinations. Small Scale Digit. Device Forensics J. 4(1), 1–12 (2010)

    Google Scholar 

  40. linuxsleuthing.blogspot.com, Linux Sleuthing: iPhone forensics tools. http://goo.gl/Wc31M

  41. Liu, H.: A new form of DoS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 65–76. ACM, New York (2010). doi:10.1145/1866835.1866849

    Google Scholar 

  42. Marforio, C., Francillon, A., Capkun, S.: osti.gov, application collusion attack on the permission-based security model and its implications for modern smartphone systems. http://goo.gl/0Csm2

  43. Micciancio, D.: A first glimpse of cryptography’s holy grail. Commun. ACM 53(3), 96–96 (2010). doi:10.1145/1666420.1666445

    Article  Google Scholar 

  44. omtp.org: OMTP advanced trusted environment. http://goo.gl/Nzf6p (2009)

  45. Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC’10, Austin, pp. 221–230. ACM, New York (2010). doi:10.1145/1920261.1920295

    Google Scholar 

  46. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. Secur. Commun. Netw. 5(6), 658–673 (2012). doi:10.1002/sec.360

    Article  Google Scholar 

  47. Pelechrinis, K., Iliofotou, M., Krishnamurthy, V.: Denial of service attacks in wireless networks: the case of jammers. IEEE Commun. Surv. Tutor. 13(2) (2011). doi:10.1109/SURV.2011.041110.00022

    Google Scholar 

  48. Portnoy, A.: tippingpoint.com, Pwn2POwn 2010. http://goo.gl/XLJN

  49. Quynh, N.A., Takefuji, Y.: Towards a tamper-resistant Kernel rootkit detector. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC’07, Seoul, pp. 276–283. ACM, New York (2007). doi:10.1145/1244002.1244070

    Google Scholar 

  50. Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Proceedings of the Information Security, Valparaíso, pp. 1–18 (2007)

    Google Scholar 

  51. Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 77–84. ACM, New York (2009). doi:10.1145/1655008.1655019

    Google Scholar 

  52. Ramsey, R.: tmcnet.com, as users shift to mobile and cloud, so will attackers: cybercrime in 2013. http://goo.gl/MLeuk (2012)

  53. Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of Kernel rootkits with VMM-based memory shadowing. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID’08, Cambridge, pp. 1–20. Springer, Berlin/Heidelberg (2008). doi:10.1007/978-3-540-87403-4_1

    Google Scholar 

  54. Rosenfeld, K., Karri, R.: Attacks and defenses for JTAG. IEEE Des. Test 27(1), 36–47 (2010). doi:10.1109/MDT.2010.9

    Article  Google Scholar 

  55. Sang, L., Arora, A.: Capabilities of low-power wireless jammers. In: Proceedings of INFOCOM, Rio de Janeiro (2009). doi:10.1109/INFCOM. 2009.5062185

    Google Scholar 

  56. Satyanarayanan, M.: Mobile computing: the next decade. SIGMOBILE Mobile Comput. Commun. Rev. 15(2), 2–10 (2011). doi:10.1145/ 2016598.2016600

    Article  Google Scholar 

  57. Satyanarayanan, M., Bahl, P., Caceres, R., Davies, N.: The case for VM-based cloudlets in mobile computing. IEEE Pervasive Comput. 8(4), 14–23 (2009). doi:10.1109/MPRV.2009.82

    Article  Google Scholar 

  58. Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 21–26. ACM, New York (2011). doi:10.1145/2046660.2046666

    Google Scholar 

  59. Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 3–14. ACM, New York (2011). doi:10.1145/2046660.2046664

    Google Scholar 

  60. Song, Z., Molina, J., Lee, S., Lee, H., Kotani, S., Masuoka, R.: Trustcube: an infrastructure that builds trust in client. In: Proceedings of the 1st International Conference Future of Trust in Computing, Berlin, pp. 68–79. Vieweg+Teubner (2009). doi:10.1007/978-3-8348-9324-6_8

    Google Scholar 

  61. symantec.com: W32.Fanbot.A@mm. http://goo.gl/NkX5h

  62. Szeliski, R.: Image alignment and stitching: a tutorial. Found. Trends Comput. Graph. Vis. 2(1), 1–104 (2006). doi:10.1561/0600000009

    Article  Google Scholar 

  63. Thuente, D.J., Acharya, M.: Intelligent jamming in wireless networks with applications to 802.11b and other networks. In: Proceedings of the 2006 IEEE Conference on Military Communications, MILCOM’06, Washington, DC, pp. 1075–1081. IEEE Press, Piscataway (2006)

    Google Scholar 

  64. Verbelen, T., Simoens, P., De Turck, F., Dhoedt, B.: Cloudlets: bringing the cloud to the mobile user. In: Proceedings of the 3rd ACM Workshop on Mobile Cloud Computing and Services, MCS’12, Low Wood Bay, pp. 29–36. ACM, New York (2012). doi:10.1145/2307849.2307858

    Google Scholar 

  65. Walls, R.J., Learned-Miller, E., Levine, B.N.: Forensic triage for mobile phones with DEC0DE. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, San Francisco, pp. 1–14. USENIX Association, Berkeley (2011)

    Google Scholar 

  66. Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 91–96. ACM, New York (2009). doi:10.1145/1655008.1655021

    Google Scholar 

  67. Wilhelm, M., Martinovic, I., Schmitt, J.B., Lenders, V.: Short paper: reactive jamming in wireless networks: how realistic is the threat? In: Proceedings of the 4th ACM Conference on Wireless Network Security, WiSec’11, Hamburg, pp. 47–52. ACM, New York (2011). doi:10.1145/ 1998412.1998422

    Google Scholar 

  68. Xu, W., Ma, K., Trappe, W., Zhang, Y.: Jamming sensor networks: attack and defense strategies. Netw. Mag. Glob. Internetwkg. 20(3), 41–47 (2006). doi:10.1109/MNET.2006.1637931

    Google Scholar 

  69. Zhang, X., Schiffman, J., Gibbs, S., Kunjithapatham, A., Jeong, S.: Securing elastic applications on mobile devices for cloud computing. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 127–134. ACM, New York (2009). doi:10.1145/1655008.1655026

    Google Scholar 

  70. Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 515–526. ACM, New York (2011). doi:10.1145/2046707. 2046767

    Google Scholar 

Download references

Acknowledgements

This material is based upon work partially supported by the One-Time Research Support Program at Texas State University-San Marcos, the National Science Foundation (NSF) grant CNS-1149397, the Air Force Office of Scientific Research (AFOSR)/the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP) extension grant LRIR 11RI01COR.

Author information

Authors and Affiliations

  1. Texas State University-San Marcos, San Marcos, TX, USA

    Qijun Gu & Mina Guirguis

Authors
  1. Qijun Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mina Guirguis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qijun Gu .

Editor information

Editors and Affiliations

  1. Air Force Research Laboratory, Rome, New York, USA

    Keesook J. Han

  2. School of Computing and Engineering, University of Missouri - Kansas City, Kansas City, Missouri, USA

    Baek-Young Choi

  3. Department of Engineering Technology The Dwight Look College of Engineering, Texas A&M University, College Station, Texas, USA

    Sejun Song

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Gu, Q., Guirguis, M. (2014). Secure Mobile Cloud Computing and Security Issues. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-3296-8_3

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-3295-1

  • Online ISBN: 978-1-4614-3296-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation