Abstract
The evolution of cloud computing and advancement of its services has motivated the organizations and enterprises to move towards the cloud, in order to provide their services to their customers, with greater ease and higher efficiency. Utilizing the cloud-based services, on one hand has brought along numerous compelling benefits and, on the other hand, has raised concerns regarding the security and privacy of the data on the cloud, which is still an ongoing challenge. In this regard, there has been a large body of research on improving the security and privacy in cloud computing. In this chapter, we first study the status of security and privacy in cloud computing. Then among all the existing security techniques, we narrow our focus on obfuscation and diversification techniques. We present the state-of-the-art review in this field of study, how these two techniques have been used in cloud computing to improve security. Finally, we propose an approach that uses these two techniques with the aim of improving the security in cloud computing environment and preserve the privacy of its users.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This book chapter is a re-written extended version of our previous study (Hosseinzadeh et al. 2015).
References
Browserify (2016). http://browserify.org. Accessed 08 Apr 2016
Cloud Security Alliance (CSA) (2016). https://cloudsecurityalliance.org/. Accessed 08 Apr 2016
Free JavaScript obfuscator Protect JavaScript code from stealing and shrink size (2016). https://javascriptobfuscator.com. Accessed 08 Apr 2016
Getting started–Less.js (2016). http://lesscss.org. Accessed 08 Apr 2016
Gulp-js-obfuscator (2016a). https://www.npmjs.com/package/gulp-js-obfuscator. Accessed 08 Apr 2016
Gulp.js The streaming build system (2016b). http://gulpjs.com. Accessed 08 Apr 2016
js-obfuscator (2016). https://www.npmjs.com/package/js-obfuscator. Accessed 08 Apr 2016
Laverna Keep your notes private (2016). https://laverna.cc. Accessed 08 Apr 2016
NMP (2016). https://www.npmjs.com. Accessed 08 Apr 2016
Source Map Revision 3 Proposal (2016). https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-2gc6fAH0KY0k. Accessed 08 Apr 2016
The International Information Systems Security Certification Consortium (ISC)2 (2016). https://www.isc2.org/. Accessed 08 Apr 2016
Agir, B., Papaioannou, T., Narendula, R., Aberer, K., Hubaux, J.-P.: User-side adaptive protection of location privacy in participatory sensing. GeoInformatica 18(1), 165–191 (2014)
Arockiam, L., Monikandan, S.: Efficient cloud storage confidentiality to ensure data security. In: 2014 International Conference on Computer Communication and Informatics (ICCCI), pp. 1–5 (2014)
Baudry, B., Monperrus, M.: The multiple facets of software diversity: recent developments in year 2000 and beyond. ACM Comput. Surv, 48(1), 16:1–16:26 (2015)
Bertholon, B., Varrette, S., Bouvry, P.: JShadObf: a JavaScript obfuscator based on multi-objective optimization algorithms. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 336–349. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_25
Bertholon, B., Varrette, S., Bouvry, P.: Comparison of multi-objective optimization algorithms for the Jshadobf JavaScript obfuscator. In: 2014 IEEE International, Parallel Distributed Processing Symposium Workshops (IPDPSW), pp. 489–496 (2014)
Bertholon, B., Varrette, S., Martinez, S.: Shadobf: A c-source obfuscator based on multi-objective optimization algorithms. In: 2013 IEEE 27th International Parallel and Distributed Processing Symposium Workshops PhD Forum (IPDPSW), pp. 435–444 (2013b)
Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In: Proceedings of the 8th Annual International Conference on Privacy, Security and Trust (PST), pp. 31–38. IEEE (2010)
Celesti, A., Fazio, M., Villari, M., Puliafito, A.: Adding long-term availability, obfuscation, and encryption to multi-cloud storage systems. J. Netw. Comput. Appl. (2014)
Chang, V.: Towards a big data system disaster recovery in a private cloud. Ad Hoc Netw. 35, 65–82 (2015). Special Issue on Big Data Inspired Data Sensing, Processing and Networking Technologies
Chang, V., Kuo, Y.-H., Ramachandran, M.: Cloud computing adoption framework: a security framework for business clouds. Future Gener. Comput. Syst. 57, 24–41 (2016)
Chang, V., Ramachandran, M.: Towards achieving data securCloud computing adoption framework: a security framework for business cloudsity with the cloud computing adoption framework. IEEE Trans. Serv. Comput. 9(1), 138–151 (2016)
Chen, T.M., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44(4), 91–93 (2011)
Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand (1997)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1998, pp. 184–196. ACM, New York (1998)
Dierks, T.: The Transport Layer Security (TLS) protocol version 1.2 (2008)
Drape, S., Majumdar, A.: Design and evaluation of slicing obfuscation. Technical report, Department of Computer Science, The University of Auckland, New Zealand (2007)
Furukawa, R., Takenouchi, T., Mori, T.: Behavioral tendency obfuscation framework for personalization services. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds.) DEXA 2013. LNCS, vol. 8056, pp. 289–303. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40173-2_24
Gao-xiang, G., Zheng, Y., Xiao, F.: The homomorphic encryption scheme of security obfuscation. In: Tan, T., Ruan, Q., Chen, X., Ma, H., Wang, L. (eds.) IGTA 2013. CCIS, vol. 363, pp. 127–135. Springer, Heidelberg (2013). doi:10.1007/978-3-642-37149-3_16
Govinda, K., Sathiyamoorthy, E.: Agent based security for cloud computing using obfuscation. Procedia Eng. 38, 125–129 (2012)
Gühring, P.: Concepts against Man-in-the-Browser Attacks (2006). www.cacert.at/svn/sourcerer/CAcert/SecureClient.pdf
Guo, M., Bhattacharya, P.: Diverse virtual replicas for improving intrusion tolerance in cloud. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, pp. 41–44. ACM, New York (2014)
Hataba, M., El-Mahdy, A.: Cloud protection by obfuscation: techniques and metrics. In: 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 369–372 (2012)
Hosseinzadeh, S., Hyrynsalmi, S., Conti, M., Leppänen, V.: Security and privacy in cloud computing via obfuscation and diversification: a survey. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 529–535 (2015)
Kansal, K., Mohanty, M., Atrey, Pradeep, K.: Scaling and cropping of wavelet-based compressed images in hidden domain. In: He, X., Luo, S., Tao, D., Xu, C., Yang, J., Hasan, M.A. (eds.) MMM 2015. LNCS, vol. 8935, pp. 430–441. Springer, Heidelberg (2015). doi:10.1007/978-3-319-14445-0_37
Karuppanan, K., AparnaMeenaa, K., Radhika, K., Suchitra, R.: Privacy adaptation for secured associations in a social cloud. In: 2012 International Conference on Advances in Computing and Communications (ICACC), pp. 194–198 (2012)
Kuzu, M., Islam, M. S., Kantarcioglu, M.: Efficient privacy-aware search over encrypted databases. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, pp. 249–256. ACM, New York (2014)
Lamanna, D.D., Lodi, G., Baldoni, R.: How not to be seen in the cloud: a progressive privacy solution for desktop-as-a-service. In: Meersman, R., Panetto, H., Dillon, T., Rinderle-Ma, S., Dadam, P., Zhou, X., Pearson, S., Ferscha, A., Bergamaschi, S., Cruz, I.F. (eds.) OTM 2012. LNCS, vol. 7566, pp. 492–510. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33615-7_4
Laperdrix, P., Rudametkin, W., Baudry, B.: Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification. In: 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), pp. 98–108 (2015)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 276–291 (2014)
Laurén, S., Mäki, P., Rauti, S., Hosseinzadeh, S., Hyrynsalmi, S., Leppänen, V.: Symbol diversification of Linux binaries. In: Proceedings of World Congress on Internet Security (WorldCIS-2014) (2014)
Li, L., Li, Q., Shi, Y., Zhang, K.: A new privacy-preserving scheme DOSPA for SaaS. In: Gong, Z., Luo, X., Chen, J., Lei, J., Wang, F. (eds.) Web Information Systems and Mining. LNCS, vol. 6987, pp. 328–335. Springer, Berlin Heidelberg (2011)
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 290–299. ACM, New York (2003)
Liu, X., Yuan, D., Zhang, G., Li, W., Cao, D., He, Q., Chen, J., Yang, Y.: Cloud workow system quality of service. In: The Design of Cloud Workow Systems, Springer Briefs in Computer Science, pp. 27–50. Springer, New York (2012)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance Theory in Practice. O’Reilly Media Inc., Sebastopol (2009)
Mell, P., Grance, T.: The NIST definition of cloud computing. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (2011)
Mowbray, M., Pearson, S.: A client-based privacy manager for cloud computing. In: Proceedings of the Fourth International ICST Conference on Communication System software and middleware, COMSWARE 2009, pp. 5:1–5:8. ACM, New York (2009)
Mowbray, M., Pearson, S., Shen, Y.: Enhancing privacy in cloud computing via policy-based obfuscation. J. Supercomput. 61(2), 267–291 (2012)
Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, Upper Saddle River (2009)
Omar, R., El-Mahdy, A., Rohou, E.: Arbitrary control-ow embedding into multiple threads for obfuscation: a preliminary complexity and performance analysis. In: Proceedings of the 2nd International Workshop on Security in Cloud Computing, SCC 2014, pp. 51–58. ACM, New York (2014)
Padilha, R., Pedone, F.: Confidentiality in the cloud. Secur. Privacy IEEE 13(1), 57–60 (2015)
Palanques, M., DiPietro, R., del Ojo, C., Malet, M., Marino, M., Felguera, T.: Secure cloud browser: model and architecture to support secure web navigation. In: 2012 IEEE 31st Symposium on Reliable Distributed Systems (SRDS), pp. 402–403 (2012)
Patibandla, R.,S.,M.,Lakshmi, Kurra, S.S., Mundukur, N.B.: A study on scalability of services and privacy issues in cloud computing. In: Ramanujam, R., Ramaswamy, S. (eds.) ICDCIT 2012. LNCS, vol. 7154, pp. 212–230. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28073-3_19
Pearson, S., Shen, Y., Mowbray, M.: A privacy manager for cloud computing. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) CloudCom 2009. LNCS, vol. 5931, pp. 90–106. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10665-1_9
Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: USENIX Security (2007)
Prasadreddy, P., Rao, T., Venkat, S.: A threat free architecture for privacy assurance in cloud computing. In: 2011 IEEE World Congress on Services (SERVICES), pp. 564–568 (2011)
Qin, Y., Shen, S., Kong, J., Dai, H.: Cloud-oriented SAT solver based on obfuscating CNF formula. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 188–199. Springer, Heidelberg (2014). doi:10.1007/978-3-319-11119-3_18
Rauti, S., Laurén, S., Hosseinzadeh, S., Mäkelä, J.-M., Hyrynsalmi, S., Leppänen, V.: Diversification of system calls in Linux binaries. In: Proceedings of the 6th International Conference on Trustworthy Systems (In Trust 2014) (2014)
Reiss, C., Wilkes, J., Hellerstein, J.: Obfuscatory obscanturism: making workload traces of commercially-sensitive systems safe to release. In: 2012 IEEE Network Operations and Management Symposium (NOMS), pp. 1279–1286 (2012)
Rhoton, J., de Clercq, J., Graves, D.: Cloud Computing Protected: Security Assessment Handbook. Recursive Limited, London (2013)
Ryan, P., Falvey, S.: Trust in the clouds. Comput. Law Secur. Rev. 28(5), 513–521 (2012)
Skoudis, E.: Malware: Fighting Malicious Code. Prentice Hall Professional, Upper Saddle River (2004)
Skvortsov, P., Dürr, F., Rothermel, K.: Map-aware position sharing for location privacy in non-trusted systems. In: Kay, J., Lukowicz, P., Tokuda, H., Olivier, P., Krüger, A. (eds.) Pervasive 2012. LNCS, vol. 7319, pp. 388–405. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31205-2_24
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Tapiador, J., Hernandez-Castro, J., Peris-Lopez, P.: Online randomization strategies to obfuscate user behavioral patterns. J. Netw. Syst. Manag. 20(4), 561–578 (2012)
Tian, Y., Song, B., Huh, E.-N.: Towards the development of personal cloud computing for mobile thin-clients. In: International Conference Information Science and Applications (ICISA), pp. 1–5 (2011)
Top Threats Working Group: The notorious nine: cloud computing top threats in 2013. Cloud Security Alliance (2013)
Tunc, C., Fargo, F., Al-Nashif, Y., Hariri, S., Hughes, J.: Autonomic resilient cloud management (ARCM) design and evaluation. In: 2014 International Conference on Cloud and Autonomic Computing (ICCAC), pp. 44–49 (2014)
Varadharajan, V., Tupakula, U.: Security as a service model for cloud environment. IEEE Trans. Netw. Serv. Manag. 11(1), 60–75 (2014)
Villari, M., Celesti, A., Tusa, F., Puliafito, A.: Data reliability in multi-provider cloud storage service with RRNS. In: Canal, C., Villari, M. (eds.) Advances in Service-Oriented and Cloud Computing. Communications in Computer and Information Science, vol. 393, pp. 83–93. Springer, Heidelberg (2013)
Vleju, M.B.: A client-centric ASM-based approach to identity management in cloud computing. In: Castano, S., Vassiliadis, P., Lakshmanan, Laks, V., Lee, M.L. (eds.) ER 2012. LNCS, vol. 7518, pp. 34–43. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33999-8_5
Yang, P., Gui, X., Tian, F., Yao, J., Lin, J.: A privacy-preserving data obfuscation scheme used in data statistics and data mining. In: High Performance Computing and Communications 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC-EUC), pp. 881–887 (2013)
Yang, Q., Cheng, C., Che, X.: A cost-aware method of privacy protection for multiple cloud service requests. In: 2014 IEEE 17th International Conference on Computational Science and Engineering (CSE), pp. 583–590 (2014)
Yau, S.S., An, H.G.: Protection of users’ data confidentiality in cloud computing. In: Proceedings of the Second Asia-Pacific Symposium on Internetware, Internetware 2010, pp. 11:1–11:6. ACM, New York (2010)
Zhang, G., Liu, X., Yang, Y.: Time-series pattern based effective noise generation for privacy protection on cloud. IEEE Trans. Comput. 64(5), 1456–1469 (2015)
Zhang, G., Yang, Y., Chen, J.: A historical probability based noise generation strategy for privacy protection in cloud computing. J. Comput. Syst. Sci. 78(5), 1374–1381 (2012a). {JCSS} Special Issue: Cloud Computing 2011
Zhang, G., Yang, Y., Chen, J.: A privacy-leakage-tolerance based noise enhancing strategy for privacy protection in cloud computing. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1–8 (2013)
Zhang, G., Yang, Y., Liu, X., Chen, J.: A time-series pattern based noise generation strategy for privacy protection in cloud computing. In: 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), pp. 458–465 (2012b)
Zhang, G., Yang, Y., Yuan, D., Chen, J.: A trust-based noise injection strategy for privacy protection in cloud. Softw.: Pract. Exp., 42(4), 431–445 (2012c)
Zhang, G., Zhang, X., Yang, Y., Liu, C., Chen, J.: An association probability based noise generation strategy for privacy protection in cloud computing. In: Liu, C., Ludwig, H., Toumani, F., Yu, Q. (eds.) ICSOC 2012. LNCS, vol. 7636, pp. 639–647. Springer, Heidelberg (2012b). doi:10.1007/978-3-642-34321-6_50
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hosseinzadeh, S., Laurén, S., Rauti, S., Hyrynsalmi, S., Conti, M., Leppänen, V. (2017). Obfuscation and Diversification for Securing Cloud Computing. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-54380-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54379-6
Online ISBN: 978-3-319-54380-2
eBook Packages: Computer ScienceComputer Science (R0)