Date post: | 19-Jan-2017 |
Category: |
Technology |
Upload: | firzhan-naqash |
View: | 242 times |
Download: | 0 times |
Securing Elastic Applications on Mobile Devices
for Cloud Computing
Xinwen ZhangJoshua SchiffmanSimon GibbsAnugeetha KunjithapathamSangoh Jeong
Presenter :- M.S.F.NAQASH
Contents
• Introduction• Objective• Overview of Elastic Application• Key Terms• Challenges• ThreatModels • Related Works• Conclusion
Introduction
• Cloud Computing Utility computing where resources are
provided as a service over the internet.• Enterprise consumers – Real Benefiters• End Users - ??
Objective
Design elastic applications to augment the resource constrained platforms with elastic computing resources from the cloud.
Targeted for Consumer Electronic devices
Overview of Elastic Application
Key Terms
• Weblets - Partitions of an Elastic Application. - Functions Independently - Communicate with each other - Reasonable Amount of Data dependency - Migratable
Key Terms
• Device Elasticity Manager - Runs on the Device side. - Maintains the Configuration changes during Run Time. - Contains the Cost Module. - Contains Optimizer.
Key Terms
• Cloud Elasticity Service - Cloud Manager
– Oversee Resources. - Application Manager
– Install And Maintain Applications - Cloud Fabric Interface. - Node Manager.
Challenges
• New Application Model is needed.• Protocol for Run Time Communication• Cost Objective Functions • Framework has to be transparent• Security And Privacy
.
Elastic Framework Architecture
Threat Models• Threats to Mobile Devices. - Compromising DEM and Device• Threats to Cloud Platform And Application
Container.- Compromises CES
• Threats to Communication Channels.- Worm & Viruse Attacks
- MITM, Packet Injection, DDOS
• Framework has to be transparent• Security And Privacy
.
Security Objectives
• Trustworthy weblet containers.• Authentication And Secure Session Management• Authorization & Access Control• Logging And Auditing
.
Authentication And Secure Session Management
• Secure Installment of Elastic Applications- Binaries of Weblets.- UI Components.- Metadata encoded in to Manifest- SHA1 value of binaries
• Part of the weblets can be installed in CES..
Authentication Between Weblets
• Weblets residing in cloud and consumer device have to be authenticated prior to communication.
.
• Weblets residing in cloud and consumer device have to be authenticated prior to communication.
.
Secure Migration
Authorization of Weblets
• Deals with accessing the authorized web servers from the cloud.
• Two type of keys are obtained while logging in
- Application Session Key (ask)- Application Secret Key (ass)
• These keys are shared in 4 different ways.
Authorization of Weblets ….
• Shared User credential.• Shared Session Information• Use Session Information Only On device
weblet• oAuth-like
Related Works
• CloneCloud.• Trusted Cloud Computing Paltform• Cyber Foraging
Conclusion
• Proposes an elastic application framework with new application model and elasticity Infrastructure.
• Further analyses the impending threats to the framework and the alternatives to be considered.
• Another important aspect is about the authentication and secure communication between weblets.
Thank You