Change search
Refine search result
1 - 15 of 15
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS. School of Innovation, Design and Engineering, Embedded Systems.
    Bringing Visibility in the Clouds : using Security, Transparency and Assurance Services2014Doctoral thesis, monograph (Other academic)
    Abstract [en]

    The evolution of cloud computing allows the provisioning of IT resources over the Internet and promises many benefits for both - the service users and providers. Despite various benefits offered by cloud based services, many users hesitate in moving their IT systems to the cloud mainly due to many new security problems introduced by cloud environments. In fact, the characteristics of cloud computing become basis of new problems, for example, support of third party hosting introduces loss of user control on the hardware; similarly, on-demand availability requires reliance on complex and possibly insecure API interfaces; seamless scalability relies on the use of sub-providers; global access over public Internet exposes to broader attack surface; and use of shared resources for better resource utilization introduces isolation problems in a multi-tenant environment. These new security issues in addition to existing security challenges (that exist in today's classic IT environments) become major reasons for the lack of user trust in cloud based services categorized in Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS). The focus of this thesis is on IaaS model which allows users to lease IT resources (e.g. computing power, memory, storage, etc.) from a public cloud to create Virtual Machine (VM) instances. The public cloud deployment model considered in this thesis exhibits most elasticity (i.e. degree of freedom to lease/release IT resources according to user demand) but is least secure as compared to private or hybrid models. As a result, public clouds are not trusted for many use cases which involve processing of security critical data such as health records, financial data, government data, etc. However, public IaaS clouds can also be made trustworthy and viable for these use cases by providing better transparency and security assurance services for the user. In this thesis, we consider such assurance services and identify security aspects which are important for making public clouds trustworthy. Based upon our findings, we propose solutions which promise to improve cloud transparency thereby realizing trustworthy clouds. The solutions presented in this thesis mainly deal with the secure life cycle management of the user VM which include protocols and their implementation for secure VM launch and migration. The VM launch and migration solutions ensure that the user VM is always hosted on correct cloud platforms which are setup according to a profile that fulfills the use case relevant security requirements. This is done by using an automated platform security audit and certification mechanism which uses trusted computing and security automation techniques in an integrated solution. In addition to provide the assurance about the cloud platforms, we also propose a solution which provides assurance about the placement of user data in correct and approved geographical locations which is critical from many legal aspects and usually an important requirement of the user. Finally, the assurance solutions provided in this thesis increase cloud transparency which is important for user trust and to realize trustworthy clouds.

  • 2.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS. School of Innovation, Design and Engineering.
    Secure Service Provisioning in a Public Cloud2012Licentiate thesis, monograph (Other academic)
    Abstract [en]

    The evolution of cloud technologies which allows the provisioning of IT resources over the Internet promises many benefits for the individuals and enterprises alike. However, this new resource provisioning model comes with the security challenges which did not exist in the traditional resource procurement mechanisms. We focus on the possible security concerns of a cloud user (e.g. an organization, government department, etc.) to lease cloud services such as resources in the form of Virtual Machines (VM) from a public Infrastructure-as-a-Service (IaaS) provider. There are many security critical areas in the cloud systems, such as data confidentiality, resource integrity, service compliance, security audits etc. In this thesis, we focus on the security aspects which result in the trust deficit among the cloud stakeholders and hence hinder a security sensitive user to benefit from the opportunities offered by the cloud computing. Based upon our findings from the security requirements analysis,we propose solutions that enable user trust in the public IaaS clouds. Our solutions mainly deal with the secure life cycle management of the user VM which include mechanisms for VM launch and migration. The VM launch and migration solutions ensure that the user VM is always protected in the cloud by only allowing it to run on the user trusted platforms. This is done by using trusted computing techniques that allow the users to remotely attest and hence rate the cloud platforms trusted or untrusted. We also provide a prototype implementation to prove the implementation feasibility of the proposed trust enabling principles used in the VM launch and migration solutions.

  • 3.
    Aslam, Mudassar
    et al.
    RISE Research Institutes of Sweden, Digital Systems. COMSATS University Islamabad, Pakistan.
    Bouget, Simon
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Raza, Shahid
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    Security and trust preserving inter- and intra-cloud VM migrations2020In: International Journal of Network Management, ISSN 1055-7148, E-ISSN 1099-1190, article id e2103Article in journal (Refereed)
    Abstract [en]

    This paper focus on providing a secure and trustworthy solution for virtual machine (VM) migration within an existing cloud provider domain, and/or to the other federating cloud providers. The infrastructure-as-a-service (IaaS) cloud service model is mainly addressed to extend and complement the previous Trusted Computing techniques for secure VM launch and VM migration case. The VM migration solution proposed in this paper uses a Trust_Token based to guarantee that the user VMs can only be migrated and hosted on a trustworthy and/or compliant cloud platforms. The possibility to also check the compliance of the cloud platforms with the pre-defined baseline configurations makes our solution compatible with an existing widely accepted standards-based, security-focused cloud frameworks like FedRAMP. Our proposed solution can be used for both inter- and intra-cloud VM migrations. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party; that is, the trusted third party only performs the platform certification and is not involved in the actual VM migration process. We use the Tamarin solver to realize a formal security analysis of the proposed migration protocol and show that our protocol is safe under the Dolev-Yao intruder model. Finally, we show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments. 

  • 4.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Deploying Virtual Machines on Shared Platforms2011Report (Other academic)
    Abstract [en]

    In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials.

    Download full text (pdf)
    FULLTEXT01
  • 5.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Security Considerations for Virtual Platform Provisioning2011Conference paper (Refereed)
    Abstract [en]

    The concept of virtualization is not new but leveraging virtualization in different modes and at different layers has revolutionized its usage scenarios. Virtualization can be applied at application layer to create sandbox environment, operating system layer to virtualize shared system resources (e.g. memory, CPU), at platform level or in any other useful possible hybrid scheme. When virtualization is applied at platform level, the resulting virtualized platform can run multiple virtual machines as if they were physically separated real machines. Provisioning virtualized platforms in this way is often also referred to as Infrastructure-as-a-Service or Platform-as-a-Service when full hosting and application support is also offered. Different business models, like datacenters or telecommunication providers and operators, can get business benefits by using platform virtualization due to the possibility of increased resource utilization and reduced upfront infrastructure setup expenditures. This opportunity comes together with new security issues. An organization that runs services in form of virtual machine images on an offered platform needs security guarantees. In short, it wants evidence that the platforms it utilizes are trustworthy and that sensitive information is protected. Even if this sounds natural and straight forward, few attempts have been made to analyze in details what these expectations means from a security technology perspective in a realistic deployment scenario. In this paper we present a telecommunication virtualized platform provisioning scenario with two major stakeholders, the operator who utilizes virtualized telecommunication platform resources and the service provider, who offers such resources to operators. We make threats analysis for this scenario and derive major security requirements from the different stakeholders’ perspectives. Through investigating a particular virtual machine provisioning use case, we take the first steps towards a better understanding of the major security obstacles with respect to platform service offerings. The last couple of years we have seen increased activities around security for clouds regarding different usage and business models. We contribute to this important area through a thorough security analysis of a concrete deployment scenario. Finally, we use the security requirements derived through the analysis to make a comparison with contemporary related research and to identify future research challenges in the area.

  • 6.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    TCG based approach for secure management of virtualized platforms: state-of-the-art2010Report (Other academic)
    Abstract [en]

    There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms.

    Download full text (pdf)
    FULLTEXT01
  • 7.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS. Mälardalen University, Sweden; COMSATS Institute of Information Technology, Pakistan.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Mälardalen University, Sweden.
    ASArP: Automated Security Assessment & Audit of Remote Platforms using TCG-SCAP synergies2015In: Journal of Information Security and Applications, ISSN 2214-2134, E-ISSN 2214-2126, Vol. 22, p. 28-39Article in journal (Refereed)
    Abstract [en]

    Many enterprise solutions today are built upon complex distributed systems which are accessible to the users globally. Due to this global access, the security of the host platforms becomes critical. The platform administrators use security automation techniques such as those provided by Security Content Automation Protocol (SCAP) standards to protect the systems from the vulnerabilities that are reported daily; furthermore, they are responsible for keeping their systems compliant to the relevant security recommendations (governmental or industrial). Additionally, third party audit and certification processes are used to increase user trust in enterprise solutions. However, traditional audit and certification mechanisms are not continuous , that is, not frequent enough to deal with the daily reported vulnerabilities, and for that matter even auditors expect platform administrators to keep the systems updated. As a result, the end user is also forced to trust the platform administrators about the latest state of the platform. In this paper we develop an automated security audit and certification system (ASArP)(ASArP) which can be used by platform users or by third party auditors. We use security automation techniques for continuous monitoring of the platform security posture and make the results trustworthy by using trusted computing (TCG) techniques. The prototype development of ASArPASArP validates the implementation feasibility; it also provides performance benchmarks which show that the ASArPASArP based audit and certification can be done much more frequently (e.g. daily or weekly). The feasibility of ASArPASArP based continuous audits is significantly better than traditional platform audits which are dependent on the physical presence of the auditors, thus making frequent audits much more expensive and operationally infeasible.

  • 8.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Mälardalen University, Sweden.
    Continuous Security Evaluation and Auditing of Remote Platforms by Combining Trusted Computing and Security Automation Techniques2013Conference paper (Refereed)
    Abstract [en]

    In new distributed systems paradigms like cloud computing, the security of the host platforms is very critical. The platform administrators use security automation techniques to ensure that the outsourced platforms are set up correctly and follow the security recommendations. However, the remote platform users still have to trust the platform owner. The third party security audits, used to shift the required user trust from the platform owner to a trusted entity, are scheduled and are not very frequent to deal with the daily reported vulnerabilities. In this paper we propose a continuous remote platform evaluation mechanism to be used by the remote entity to increase the platform user trust. We analyze the existing SCAP and trusted computing (TCG) standards for our solution, identify their shortcomings, and suggest ways to integrate them. Our proposed platform security evaluation framework uses the TCG-SCAP synergy to address the limitations of each technology when used separately.

  • 9.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Björkman, Mats
    Security and Trust Preserving VM Migrations in Public Clouds2012Conference paper (Refereed)
    Abstract [en]

    In this paper we consider the security and trust implications of virtual machine (VM) migration from one cloud platform to the other in an Infrastructure-as-a-Service (IaaS) cloud service model. We show how to extend and complement previous Trusted Computing techniques for secure VM launch to also cover the VM migration case. In particular, we propose a Trust_Token based VM migration protocol which guarantees that the user VM can only be migrated to a trustworthy cloud platform. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party. We show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.

  • 10.
    Aslam, Mudassar
    et al.
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Rasmusson, Lars
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Björkman, Mats
    Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud2012Conference paper (Refereed)
    Abstract [en]

    In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis.

    Download full text (pdf)
    FULLTEXT01
  • 11.
    Aslam, Mudassar
    et al.
    RISE Research Institutes of Sweden, Digital Systems, Data Science. COMSATS University Islamabad, Pakistan.
    Mohsin, Bushra
    COMSATS University Islamabad, Pakistan.
    Nasir, Abdul
    COMSATS University Islamabad, Pakistan.
    Raza, Shahid
    RISE Research Institutes of Sweden, Digital Systems, Data Science.
    FoNAC - An automated Fog Node Audit and Certification scheme2020In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 93, article id 101759Article in journal (Refereed)
    Abstract [en]

    Meeting the security and privacy needs for IoT data becomes equally important in the newly introduced intermediary Fog Computing layer, as it was in its former technological layer - Cloud; but the accomplishment of such security is critical and challenging. While security assurance of the fog layer devices is imperative due to their exposure to the public Internet, it becomes even more complex, than the cloud layer, as it involves a large number of heterogeneous devices deployed hierarchically. Manual audit and certification schemes are unsuitable for large number of fog nodes thereby inhibiting the involved stakeholders to use manual security assurance schemes altogether. However, scalable and feasible security assurance can be provided by introducing automated and continuous monitoring and auditing of fog nodes to ensure a trusted, updated and vulnerability free fog layer. This paper presents such an solution in the form of an automated Fog Node Audit and Certification scheme (FoNAC) which guarantees a secure fog layer through the proposed fog layer assurance mechanism. FoNAC leverages Trusted Platform Module (TPM 2.0) capabilities to evaluate/audit the platform integrity of the operating fog nodes and grants certificate to the individual node after a successful security audit. FoNAC security is also validated through its formal security analysis performed using AVISPA under Dolev-Yao intruder model. The security analysis of FoNAC shows its resistance against cyber-attacks like impersonation, replay attack, forgery, Denial of Service(DoS) and MITM attack.

  • 12.
    Khalid, Tauqeer
    et al.
    COMSATS Institute of Information Technology, Pakistan.
    Abbasi, Muhammad
    COMSATS Institute of Information Technology, Pakistan.
    Zuraiz, Maria
    COMSATS Institute of Information Technology, Pakistan.
    Khan, Abdul
    COMSATS Institute of Information Technology, Pakistan.
    Ali, Mazhar
    COMSATS Institute of Information Technology, Pakistan.
    Ahmad, Raja
    COMSATS Institute of Information Technology, Pakistan.
    Rodrigues, Joel
    Federal University of Piauí, Brazil; Instituto de Telecomunicações, Portugal.
    Aslam, Mudassar
    RISE - Research Institutes of Sweden (2017-2019), ICT, SICS. COMSATS Institute of Information Technology, Pakistan.
    A survey on privacy and access control schemes in fog computing2019In: International Journal of Communication Systems, ISSN 1074-5351, E-ISSN 1099-1131, article id e4181Article in journal (Refereed)
    Abstract [en]

    To provide reliable data storage and retrieval services to the end users, the cloud service provider implements secure data storage, sharing, and retrieval mechanisms. However, the aforesaid services provided by cloud have certain pitfalls, such as decision latency and real-time data computation. To address these aforementioned problems, fog computing was introduced for the purpose of providing cloud services at the network's edge. While this migration of the cloud services to the network's edge raises various security concerns, such as trust, authentication, mobility, intrusion, network security, and secure data computation. Among these concerns, the most critical issues that need immediate attention of researchers and practitioners are of privacy and access control in fog computing which are in direct relation to secure data storage and retrieval purposes. So, in order to highlight their importance for research community, this survey embodies to discuss, explain, and compare various privacy preserving and access control schemes in the context of fog computing for classifying and analyzing similarities and variances with respect to other researchers. Moreover, upon classification and analysis of these schemes, various open issues and future directions are also presented for researchers and practitioners for the purpose of enhancing security algorithms to address privacy and access control issues in fog computing.

  • 13.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Trusted Geolocation-Aware Data Placement in Infrastructure Clouds2014Conference paper (Refereed)
    Abstract [en]

    Data geolocation in the cloud is becoming an increasingly pressing problem, aggravated by incompatible legislation in different jurisdictions and compliance requirements of data owners. In this work we present a mechanism allowing cloud users to control the geographical location of their data, stored or processed in plaintext on the premises of Infrastructure-as-a-Service cloud providers. We use trusted computing principles and remote attestation to establish platform state. We enable cloud users to confine plaintext data exclusively to the jurisdictions they specify, by sealing decryption keys used to obtain plaintext data to the combination of cloud host geolocation and platform state. We provide a detailed description of the implementation as well as performance measurements on an open source cloud infrastructure platform using commodity hardware.

    Download full text (pdf)
    fulltext
  • 14.
    Paladi, Nicolae
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Morenius, Fredric
    Ericsson, Sweden.
    Trusted Launch of Virtual Machine Instances in Public IaaS Environments2013In: Lecture Notes in Computer Science, Vol. 7839, p. 309-323Article in journal (Refereed)
    Abstract [en]

    Cloud computing and Infrastructure-as-a-Service (IaaS) are emerging and promising technologies, however their adoption is hampered by data security concerns. At the same time, Trusted Computing (TC) is experiencing an increasing interest as a security mechanism for IaaS. In this paper we present a protocol to ensure the launch of a virtual machine (VM) instance on a trusted remote compute host. Relying on Trusted Platform Module operations such as binding and sealing to provide integrity guarantees for clients that require a trusted VM launch, we have designed a trusted launch protocol for VM instances in public IaaS environments. We also present a proof-of-concept implementation of the protocol based on OpenStack, an open-source IaaS platform. The results provide a basis for the use of TC mechanisms within IaaS platforms and pave the way for a wider applicability of TC to IaaS security.

    Download full text (pdf)
    fulltext
  • 15.
    Rasmusson, Lars
    et al.
    RISE, Swedish ICT, SICS, Computer Systems Laboratory.
    Aslam, Mudassar
    RISE, Swedish ICT, SICS.
    Protecting Private Data in the Cloud2012In: Proceedings of The 2nd International Conference on Cloud Computing and Services Science, CLOSER 2012, 2012, 16, p. 5-12Conference paper (Refereed)
    Abstract [en]

    Companies that process business critical and secret data are reluctant to use utility and cloud computing for the risk that their data gets stolen by rogue system administrators at the hosting company. We describe a system organization that prevents host administrators from directly accessing or installing eaves-dropping software on the machine that holds the client's valuable data. Clients are monitored via machine code probes that are inlined into the clients' programs at runtime. The system enables the cloud provider to install and remove software probes into the machine code without stopping the client's program, and it prevents the provider from installing probes not granted by the client.

    Download full text (pdf)
    FULLTEXT01
1 - 15 of 15
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf