Developing and Securing the
Cloud
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
January – May 2016
Objective of the Unit
 This unit provides an overview of the course. The course describes
concepts, developments, challenges, and directions in
- Secure Web Services
- Secure Cloud Computing
 Reference Book: Bhavani Thuraisingham, Developing and Securing
the Cloud, CRC Press, November 2013
Outline of the Unit
 Outline of Course
 Course Work
 Course Rules
 Contact
 Papers to read for lectures after Spring Break
 Index to lectures and preparation for exams
 Acknowledgement:
- AFOSR for funding our research in assured cloud computing
- NSF for funding our capacity building effort in cloud computing
Topics Covered for Exam #1
 Secure Web Services
 Secure Cloud Computing
 Secure Virtualization and Hypervisor
 Access Control and Identity Management
 Secure Cloud Data Publishing
 Secure Cloud Query Processing
 Secure Information Sharing
 Secure Cloud Data Storage
 Cloud Data Forensics
 Secure Cloud Computing Tools
Topics Covered for Exam #2
 Selected Papers from Secure Cloud Computing Conferences
Course Work
 Two exams each worth 25 points (March 11, May 7)
 Programming project worth 20 points (April 29)
 Two homework assignments – 7 points each (February 19,
April 1)
 Two term papers – 8 points each (March 4, April 8)
 Programming Project Proposal – Due on March 25
Course Rules
 Course attendance is mandatory; unless permission is obtained
from instructor for missing a class with a valid reason
(documentation needed for medical emergency for student or a
close family member – e.g., spouse, parent, child). Attendance will
be collected every lecture. 3 points will be deducted out of 100 for
each lecture missed without approval.
 Each student will work individually
 Late assignments will not be accepted. All assignments have to be
turned in just after the lecture on the due date
 No make up exams unless student can produce a medical certificate
or give evidence of close family emergency
 Copying material from other sources will not be permitted unless the
source is properly referenced
 Any student who plagiarizes from other sources will be reported to
the appropriate UTD authroities
Term Paper
 Any topic we have discussed in class (e.g., web services, identity
management, secure cloud, secure cloud query processing, …)
 Survey different approaches
 Give your analysis of the approaches
 Organization
- Abstract
- Approaches
- Analysis
- Conclusion
- References
Programming Project
 Any topic related to cloud security and implement
 Learn the Hadoop/MapReduce Framework
 Example
- Query modification in the cloud
- Secure information sharing in the cloud
- Secure social network in the cloud
- Email filtering in the cloud
Contact
 For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:http://www.utdallas.edu/~bxt043000/
Papers to Read for Exam #1
 Paper 1: Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M.
Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution
of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004),
Up to Section 6
 Paper 2: Tyrone Cadenhead, Murat Kantarcioglu, Vaibhav Khadilkar, Bhavani
M. Thuraisingham: Design and Implementation of a Cloud-Based Assured
Information Sharing System. MMM-ACNS 2012: 36-50
 Paper 3: Arindam Khaled, Mohammad Farhan Husain, Latifur Khan, Kevin W.
Hamlen, Bhavani M. Thuraisingham: A Token-Based Access Control System
for RDF Data in the Clouds. CloudCom 2010: 104-111 – Section 1, 2, 3
 Paper 4: Bhavani M. Thuraisingham, Vaibhav Khadilkar, Anuj Gupta, Murat
Kantarcioglu, Latifur Khan: Secure data storage and retrieval in the cloud.
CollaborateCom 2010: 1-8
Papers to Read for Exam #1
 Paper 5: Kerim Yasin Oktay, Vaibhav Khadilkar, Bijit Hore, Murat
Kantarcioglu, Sharad Mehrotra, Bhavani M. Thuraisingham: Risk-Aware
Workload Distribution in Hybrid Clouds. IEEE CLOUD 2012: 229-236
 Paper 6: Yangchun Fu, Zhiqiang Lin: Space Traveling across VM:
Automatically Bridging the Semantic Gap in Virtual Machine Introspection via
Online Kernel Data Redirection. IEEE Symposium on Security and Privacy
2012: 586-600
Index to Lectures for Exam #1
 Lecture 1 – Cyber Security
 Lecture 2 – Secure Web Services
 Lecture 3 – Introduction to SOA, Secure SOA, Cloud Computing
 Lecture 4 – Comprehensive Overview of Cloud Computing
 Lecture 5 – Secure Document Publication
 Lecture 6 – Assignment #1
 Lecture 7 – NIST Guidelines
 Lecture 8 – Virtualization and Cloud Forensics
 Lecture 9 – Cloud Centric Assured Information Sharing
 Lecture 10 – Dr. Murat Lecture – Secure Cloud Data Storage
 Lecture 11 – Secure Virtualization
 Lecture 12 – Hypervisor Security
Index to Lectures for Exam #1
 Lecture 13 – Identity and Access Management
 Lecture 14 – Assignment #2
 Lecture 15 – Dr. Khan Lecture: Access Control for the Cloud
 Lecture 16 – Secure Cloud Computing Tools and Products
 Lecture 17: Guest Lecture: Virtual Machine Introspection
Programming Project
 Any topic related to cloud security and implement
 Learn the Hadoop/MapReduce Framework
 Example
- Query modification in the cloud
- Secure information sharing in the cloud
- Secure social network in the cloud
- Email filtering in the cloud
Papers to Read for Exam #2 – ACM CCS Cloud
Workshop 2011 (March 25, 2016)
 All Your Clouds are Belong to us - Security Analysis of Cloud
Management Interfaces
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk,
Nils Gruschka and Luigi Lo Iacono
 Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-
Hosted Applications
Andrew Brown and Jeff Chase
 Detecting Fraudulent Use of Cloud Resources
Joseph Idziorek, Mark Tannian and Doug Jacobson
 Managing Multi-Jurisdictional Requirements in the Cloud: Towards a
Computational Legal Landscape, David Gordon and Travis Breaux
Papers to Read for Exam #2 – ACM CCS Cloud
Workshop 2012 (April 1, 2016)
 Fast Dynamic Extracted Honeypots in Cloud Computing
Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser
 Unity: Secure and Durable Personal Cloud Storage
Beom Heyn Kim, Wei Huang, David Lie
 Exploiting Split Browsers for Efficiently Protecting User Data
Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis,
Angelos Keromytis
 CloudFilter: Practical Control of Sensitive Data Propagation to the
Cloud
Ioannis Papagiannis, Peter Pietzuch
Papers to Read for Exam #2 – ACM CCS Cloud
Workshop 2013 (April 1, 2016)
 Structural Cloud Audits that Protect Private Information
Hongda Xiao; Bryan Ford; Joan Feigenbaum
 Cloudoscopy: Services Discovery and Topology Mapping
Amir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl
 Cloudsweeper: Enabling Data-Centric Document Management for
Secure Cloud Archives
Chris Kanich; Peter Snyder
 Supporting complex queries and access policies for multi-user
encrypted databases, Muhammad Rizwan Asghar, Giovanni
Russello, Bruno Crispo, Mihaela Ion