Abstract
The proliferation of mobile devices, coupled by the increase in their capabilities, have enabled the establishment of a rich mobile computing platform that can be utilized in conjunction with cloud services. In this chapter, we overview the latest mobile computing models and architectures focusing on their security properties. In particular, we study a wide range of threats against the availability, privacy and integrity of mobile cloud computing architectures in which the mobile devices and the cloud jointly perform computation. We then present defense mechanisms that ensure the security of mobile cloud computing architectures and their applications. Throughout the chapter, we identify potential threats as well as possible opportunities for defenses.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Baliga, A., Chen, X., Coskun, B., de los Reyes, G., Lee, S., Mathur, S., Van der Merwe, J.E.: VPMN: virtual private mobile network towards mobility-as-a-service. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Washington, DC, pp. 7–12. ACM, New York (2011). doi:10.1145/1999732.1999735
Barrera, D., Kayacik, H.G., van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, pp. 73–84. ACM, New York (2010). doi:10.1145/1866307.1866317. http://doi.acm.org/10.1145/1866307.1866317
Barrera, D., Clark, J., McCarney, D., van Oorschot, P.C.: Understanding and improving app installation security mechanisms through empirical analysis of Android. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM’12, Raleigh, pp. 81–92. ACM, New York (2012). doi:10.1145/2381934.2381949
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP’11, Oakland, pp. 96–111. IEEE Computer Society, Washington, DC (2011). doi:10.1109/SP.2011.29
Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: Proceedings of the 1st USENIX Workshop on Hot Topics in Security, HOTSEC’06, Vancouver, pp. 37–43. USENIX Association, Berkeley (2006)
Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 93–102. ACM, New York (2010). doi:10.1145/1866835.1866853
Chaudhuri, A.: Language-based security on Android. In: Proceedings of the ACM SIGPLAN 4th Workshop on Programming Languages and Analysis for Security, PLAS’09, Dublin, pp. 1–7. ACM, New York (2009). doi:10.1145/1554339.1554341
Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. SIGOPS Oper. Syst. Rev. 41(6), 31–44 (2007). doi:10.1145/1323293.1294265
Chow, R., Jakobsson, M., Masuoka, R., Molina, J., Niu, Y., Shi, E., Song, Z.: Authentication in the clouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10, Chicago, pp. 1–6. ACM, New York (2010). doi:10.1145/1866835.1866837
Christensen, J.H.: Using RESTful web-services and cloud computing to create next generation mobile applications. In: Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications, OOPSLA’09, Orlando, pp. 627–634. ACM, New York (2009). doi:10.1145/1639950.1639958
Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 97–102. ACM, New York (2009). doi:10.1145/1655008.1655022
Chun, B.G., Maniatis, P.: Augmented smartphone applications through clone cloud execution. In: Proceedings of the 12th Conference on Hot Topics in Operating Systems, HotOS’09, Monte Verita, pp. 1–5. USENIX Association, Berkeley (2009)
Chun, B.G., Maniatis, P.: Dynamically partitioning applications between weak devices and clouds. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 7:1–7:5. ACM, New York (2010). doi:10.1145/1810931.1810938
Cuervo, E., Balasubramanian, A., Cho, D.k., Wolman, A., Saroiu, S., Chandra, R., Bahl, P.: MAUI: making smartphones last longer with code offload. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, MobiSys’10, San Francisco, pp. 49–62. ACM, New York (2010). doi:10.1145/1814433.1814441
Danezis, G., Livshits, B.: Towards ensuring client-side computational integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW’11, Chicago, pp. 125–130. ACM, New York (2011). doi:10.1145/2046660.2046683
Drimer, S., Murdoch, S.J., Anderson, R.: Thinking inside the box: system-level failures of tamper proofing. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, Oakland, pp. 281–295. IEEE Computer Society, Washington, DC (2008). doi:10.1109/SP.2008.16
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 235–245. ACM, New York (2009). doi:10.1145/1653662.1653691
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI’10, Vancouver, pp. 1–6. USENIX Association, Berkeley (2010)
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love Android: an analysis of Android SSL (in)security. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS’12, Raleigh, pp. 50–61. ACM, New York (2012). doi:10.1145/2382196.2382205
Florio, E.: symantec.com, when malware meets rootkits. http://goo.gl/WdznF
forbes.com: Phone rootkit maker carrier IQ may have violated wiretap law in millions of cases. http://goo.gl/P3NJg
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Network and Distributed Systems Security Symposium, NDSS’03, San Diego, pp. 191–206 (2003)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC’09, Bethesda, pp. 169–178. ACM, New York (2009). doi:10.1145/1536414.1536440
Gentry, C.: Computing arbitrary functions of encrypted data. Commun. ACM 53(3), 97–105 (2010). doi:10.1145/1666420.1666444
Gilbert, P., Chun, B.G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the 2nd International Workshop on Mobile Cloud Computing and Services, MCS’11, Bethesda, pp. 21–26. ACM, New York (2011). doi:10.1145/1999732.1999740
Giurgiu, I., Riva, O., Juric, D., Krivulev, I., Alonso, G.: Calling the cloud: enabling mobile phones as interfaces to cloud applications. In: Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware, Middleware’09, Urbana, vol. 5, pp. 5:1–5:20. Springer, New York (2009)
He, S., Guo, L., Guo, Y.: Elastic application container. In: Proceedings of the 12th IEEE/ACM International Conference on Grid Computing, GRID’11, Lyon, pp. 216–217. IEEE Computer Society, Washington, DC (2011). doi:10.1109/Grid.2011.35
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 639–652. ACM, New York (2011). doi:10.1145/2046707.2046780
Huang, D., Zhang, X., Kang, M., Luo, J.: MobiCloud: building secure cloud framework for mobile computing and communication. In: Proceedings of 5th IEEE International Symposium on Service Oriented System Engineering, SOSE’10, Nanjing, pp. 27–34. IEEE Computer Society, Washington, DC (2010). doi:10.1109/SOSE.2010.20
Huang, D., Zhou, Z., Xu, L., Xing, T., Zhong, Y.: Secure data processing framework for mobile cloud computing. In: Proceedings of the IEEE Conference on Computer Communications Workshop, Shanghai, pp. 614–618 (2011). doi:10.1109/INFCOMW.2011.5928886
Huerta-Canepa, G., Lee, D.: A virtual cloud computing provider for mobile devices. In: Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond, MCS’10, San Francisco, pp. 6:1–6:5. ACM, New York (2010). doi:10.1145/1810931.1810937
Jack, B.: blackhat.com, exploiting embedded systems. http://goo.gl/oz7Vs (2006)
Jiang, X.: ncsu.edu, GingerMaster: first Android malware utilizing a root exploit on Android 2.3 (Gingerbread). http://goo.gl/uvTFT
Jiang, X.: ncsu.edu, security alert: new RootSmart Android malware utilizes the GingerBreak root exploit. http://goo.gl/ZTxpg
Ko, S.Y., Jeon, K., Morales, R.: The HybrEx model for confidentiality and privacy in cloud computing. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, HotCloud’11, Portland, pp. 1–5. USENIX Association, Berkeley (2011)
Kupsch, J.A., Miller, B.P., Heymann, E., César, E.: First principles vulnerability assessment. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 87–92. ACM, New York (2010). doi:10.1145/1866835.1866852
Law, Y.W., Palaniswami, M., Hoesel, L.V., Doumen, J., Hartel, P., Havinga, P.: Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols. Trans. Sens. Netw. 5(1), 6:1–6:38 (2009). doi:10.1145/1464420.1464426
Lee, W., Rotoloni, B.: Emerging cyber threats report 2013. Technical report, Georgia Institute of Technology (2012)
Lessard, J., Kessler, G.: Android forensics: simplifying cell phone examinations. Small Scale Digit. Device Forensics J. 4(1), 1–12 (2010)
linuxsleuthing.blogspot.com, Linux Sleuthing: iPhone forensics tools. http://goo.gl/Wc31M
Liu, H.: A new form of DoS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW’10, Chicago, pp. 65–76. ACM, New York (2010). doi:10.1145/1866835.1866849
Marforio, C., Francillon, A., Capkun, S.: osti.gov, application collusion attack on the permission-based security model and its implications for modern smartphone systems. http://goo.gl/0Csm2
Micciancio, D.: A first glimpse of cryptography’s holy grail. Commun. ACM 53(3), 96–96 (2010). doi:10.1145/1666420.1666445
omtp.org: OMTP advanced trusted environment. http://goo.gl/Nzf6p (2009)
Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in Android. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC’10, Austin, pp. 221–230. ACM, New York (2010). doi:10.1145/1920261.1920295
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. Secur. Commun. Netw. 5(6), 658–673 (2012). doi:10.1002/sec.360
Pelechrinis, K., Iliofotou, M., Krishnamurthy, V.: Denial of service attacks in wireless networks: the case of jammers. IEEE Commun. Surv. Tutor. 13(2) (2011). doi:10.1109/SURV.2011.041110.00022
Portnoy, A.: tippingpoint.com, Pwn2POwn 2010. http://goo.gl/XLJN
Quynh, N.A., Takefuji, Y.: Towards a tamper-resistant Kernel rootkit detector. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC’07, Seoul, pp. 276–283. ACM, New York (2007). doi:10.1145/1244002.1244070
Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Proceedings of the Information Security, Valparaíso, pp. 1–18 (2007)
Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 77–84. ACM, New York (2009). doi:10.1145/1655008.1655019
Ramsey, R.: tmcnet.com, as users shift to mobile and cloud, so will attackers: cybercrime in 2013. http://goo.gl/MLeuk (2012)
Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of Kernel rootkits with VMM-based memory shadowing. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, RAID’08, Cambridge, pp. 1–20. Springer, Berlin/Heidelberg (2008). doi:10.1007/978-3-540-87403-4_1
Rosenfeld, K., Karri, R.: Attacks and defenses for JTAG. IEEE Des. Test 27(1), 36–47 (2010). doi:10.1109/MDT.2010.9
Sang, L., Arora, A.: Capabilities of low-power wireless jammers. In: Proceedings of INFOCOM, Rio de Janeiro (2009). doi:10.1109/INFCOM. 2009.5062185
Satyanarayanan, M.: Mobile computing: the next decade. SIGMOBILE Mobile Comput. Commun. Rev. 15(2), 2–10 (2011). doi:10.1145/ 2016598.2016600
Satyanarayanan, M., Bahl, P., Caceres, R., Davies, N.: The case for VM-based cloudlets in mobile computing. IEEE Pervasive Comput. 8(4), 14–23 (2009). doi:10.1109/MPRV.2009.82
Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 21–26. ACM, New York (2011). doi:10.1145/2046660.2046666
Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, CCSW’11, Chicago, pp. 3–14. ACM, New York (2011). doi:10.1145/2046660.2046664
Song, Z., Molina, J., Lee, S., Lee, H., Kotani, S., Masuoka, R.: Trustcube: an infrastructure that builds trust in client. In: Proceedings of the 1st International Conference Future of Trust in Computing, Berlin, pp. 68–79. Vieweg+Teubner (2009). doi:10.1007/978-3-8348-9324-6_8
symantec.com: W32.Fanbot.A@mm. http://goo.gl/NkX5h
Szeliski, R.: Image alignment and stitching: a tutorial. Found. Trends Comput. Graph. Vis. 2(1), 1–104 (2006). doi:10.1561/0600000009
Thuente, D.J., Acharya, M.: Intelligent jamming in wireless networks with applications to 802.11b and other networks. In: Proceedings of the 2006 IEEE Conference on Military Communications, MILCOM’06, Washington, DC, pp. 1075–1081. IEEE Press, Piscataway (2006)
Verbelen, T., Simoens, P., De Turck, F., Dhoedt, B.: Cloudlets: bringing the cloud to the mobile user. In: Proceedings of the 3rd ACM Workshop on Mobile Cloud Computing and Services, MCS’12, Low Wood Bay, pp. 29–36. ACM, New York (2012). doi:10.1145/2307849.2307858
Walls, R.J., Learned-Miller, E., Levine, B.N.: Forensic triage for mobile phones with DEC0DE. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, San Francisco, pp. 1–14. USENIX Association, Berkeley (2011)
Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 91–96. ACM, New York (2009). doi:10.1145/1655008.1655021
Wilhelm, M., Martinovic, I., Schmitt, J.B., Lenders, V.: Short paper: reactive jamming in wireless networks: how realistic is the threat? In: Proceedings of the 4th ACM Conference on Wireless Network Security, WiSec’11, Hamburg, pp. 47–52. ACM, New York (2011). doi:10.1145/ 1998412.1998422
Xu, W., Ma, K., Trappe, W., Zhang, Y.: Jamming sensor networks: attack and defense strategies. Netw. Mag. Glob. Internetwkg. 20(3), 41–47 (2006). doi:10.1109/MNET.2006.1637931
Zhang, X., Schiffman, J., Gibbs, S., Kunjithapatham, A., Jeong, S.: Securing elastic applications on mobile devices for cloud computing. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW’09, Chicago, pp. 127–134. ACM, New York (2009). doi:10.1145/1655008.1655026
Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, pp. 515–526. ACM, New York (2011). doi:10.1145/2046707. 2046767
Acknowledgements
This material is based upon work partially supported by the One-Time Research Support Program at Texas State University-San Marcos, the National Science Foundation (NSF) grant CNS-1149397, the Air Force Office of Scientific Research (AFOSR)/the Air Force Research Laboratory (AFRL) Visiting Faculty Research Program (VFRP) extension grant LRIR 11RI01COR.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Gu, Q., Guirguis, M. (2014). Secure Mobile Cloud Computing and Security Issues. In: Han, K., Choi, BY., Song, S. (eds) High Performance Cloud Auditing and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-3296-8_3
Download citation
DOI: https://doi.org/10.1007/978-1-4614-3296-8_3
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-3295-1
Online ISBN: 978-1-4614-3296-8
eBook Packages: EngineeringEngineering (R0)