Abstract
Mobile offloading systems have been proposed to migrate complex computations from mobile devices to powerful servers. While this may be beneficial from the performance and energy perspective, it certainly exhibits new challenges in terms of security due to increased data transmission over networks with potentially unknown threats. Among possible security issues are timing attacks which are not prevented by traditional cryptographic security. Metrics on which offloading decisions are based must include security aspects in addition to performance and energy-efficiency. This paper aims at quantifying the security attributes of mobile offloading systems. The offloading system is modeled as a stochastic process. The security quantification analysis is carried out for steady-state behaviour as to optimise a combined security and cost trade-off measure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(1), 1–11 (2011)
Kumar, K., Liu, J., Lu, Y.-H., Bhargava, B.: A survey of computation offloading for mobile systems. Mobile Networks and Applications 18(1), 129–140 (2013)
Cuervo, E., Balasubramanian, A., Cho, D.-K., Wolman, A., Saroiu, S., Chandra, R., Bahl, P.: Maui: making smartphones last longer with code offload. In: Proceedings of the 8th International Conference on Mobile Systems, Applications, and Services, pp. 49–62. ACM (2010)
Wu, H., Wolter, K.: Tradeoff analysis for mobile cloud offloading based on an additive energy-performance metric. In: 8th International Conference on Performance Evaluation Methodologies and Tools (2014)
Wang, Q., Wolter, K.: Reducing task completion time in mobile offloading systems through online adaptive local restart. In: Proceedings of the 6th ACM/SPEC International Conference on Performance Engineering, pp. 3–13. ACM (2015)
Khan, A.N., Kiah, M.M., Khan, S.U., Madani, S.A.: Towards secure mobile cloud computing: A survey. Future Generation Computer Systems 29(5), 1278–1299 (2013)
Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J., Gollmann, D.: Towards operational measures of computer security. Journal of Computer Security 2(2), 211–229 (1993)
Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)
Zhang, J.-F., Liu, F., Zheng, L.-M., Jia, Y., Zou, P.: Using network security index system to evaluate network security. In: Qi, E., Shen, J., Dou, R. (eds.) The 19th International Conference on Industrial Engineering and Engineering Management, pp. 989–1000. Springer, Heidelberg (2013)
Lenkala, S.R., Shetty, S., Xiong, K.: Security risk assessment of cloud carrier. In: 2013 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 442–449. IEEE (2013)
Rebeiro, C., Mukhopadhyay, D., Bhattacharya, S.: An introduction to timing attacks. In: Timing Channels in Cryptography, pp. 1–11. Springer (2015)
Limnios, N., Oprisan, G.: Semi-Markov processes and reliability. Springer Science & Business Media (2001)
Köpf, B., Basin, D.: Automatically deriving information-theoretic bounds for adaptive side-channel attacks. Journal of Computer Security 19(1), 1–31 (2011)
Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)
Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)
Weiß, Michael, Heinz, Benedikt, Stumpf, Frederic: A cache timing attack on aes in virtualization environments. In: Keromytis, Angelos D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)
Palanisamy, B., Liu, L.: Mobimix: protecting location privacy with mix-zones over road networks. In: 2011 IEEE 27th International Conference on Data Engineering (ICDE), pp. 494–505. IEEE (2011)
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004)
Trivedi, K.S.: Probability & statistics with reliability, queuing and computer science applications. John Wiley & Sons (2008)
Frank, P.M.: Introduction to system sensitivity theory, vol. 11. Academic press, New York (1978)
Matos, R., Araujo, J., Oliveira, D., Maciel, P., Trivedi, K.: Sensitivity analysis of a hierarchical model of mobile cloud computing. Simulation Modelling Practice and Theory 50, 151–164 (2015). Special Issue on Resource Management in Mobile Clouds
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Meng, T., Wang, Q., Wolter, K. (2015). Model-Based Quantitative Security Analysis of Mobile Offloading Systems Under Timing Attacks. In: Gribaudo, M., Manini, D., Remke, A. (eds) Analytical and Stochastic Modelling Techniques and Applications. ASMTA 2015. Lecture Notes in Computer Science(), vol 9081. Springer, Cham. https://doi.org/10.1007/978-3-319-18579-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-18579-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18578-1
Online ISBN: 978-3-319-18579-8
eBook Packages: Computer ScienceComputer Science (R0)