一种安全风险可控的弹性移动云计算通用框架

摘要/Abstract

摘要： 弹性移动云计算(Elastic Mobile Cloud Computing,EMCC)中,移动设备按照当前需求将部分计算任务迁移到云端执行,无缝透明地利用云资源增强自身功能。首先,在总结现有EMCC方案的基础上,抽象出通用的EMCC框架；指出EMCC程序中敏感模块的迁移会给EMCC带来隐私泄露、信息流劫持等安全风险；然后设计了融合风险管理的弹性移动云计算通用框架,该框架将安全风险看作EMCC的一种成本,保证EMCC的使用对用户来说是有利的；最后,指出风险管理的难点在于风险量化以及敏感模块标注。对此,设计了风险量化算法,实现了Android程序敏感模块自动标注工具,并通过实验证明了自动标注的准确性。

关键词: 移动云计算,Android,模块分配,安全威胁,风险控制

Abstract: Elastic mobile cloud computing(EMCC) enables mobile devices to seamlessly and transparently use cloud resources to augment the capability by moving part of mobile devices’ execution tasks to cloud on demand.At first,based on the summary of existing EMCC programs,the common EMCC implementation framework was build.Then we poin-ted out that the execution of EMCC applications may lead to privacy leakage and information flow hijack.Then an EMCC framework was proposed in which security risks are seen as costs of EMCC,and this framework can ensure the use of EMCC makes benefits for the mobile device user.Since the major difficulties of the implement of this framework are risk quantification and security-sensitive modules annotation,at last,a modules of risk quantification was designed and a tool which can annotate security-sensitive methods automatically was implemented.The validity of this tool was proved by experiments.

Key words: Mobile cloud computing,Android,Module allocation,Security threats,Risk-controllable

李新国,李鹏伟,傅建明,丁笑一. 一种安全风险可控的弹性移动云计算通用框架[J]. 计算机科学, 2015, 42(Z11): 357-363. https://doi.org/

LI Xin-guo, LI Peng-wei, FU Jian-ming and DING Xiao-yi. Risk-controllable Common Elastic Mobile Cloud Computing Framework[J]. Computer Science, 2015, 42(Z11): 357-363. https://doi.org/

参考文献

[1] 中国移动互联网用户行为统计报告2015[EB/OL] http://mt.sohu.com/20150318/n409959259.shtml
[2] Barbera M V,Kosta S,Mei A,et al.To Offload or Not to Offload? The Bandwidth and Energy Costs of Mobile Cloud Computing[C]∥Proc.of IEEE INFOCOM.2013
[3] Rahimi M R,Ren J,Liu C H,et al.Mobile Cloud Computing:A Survey,State of Art and Future Directions[J].Mobile Networks and Applications,2014,19(2):133-143
[4] The mobile cloud market outlook to 2017[R].Reading Real World Research,2013
[5] Huang D,Xing T,Wu H.Mobile Cloud Computing ServiceModels:A User-Centric Approach[J].IEEE Network,2013,27(5):6-11
[6] Zhang X,Kunjithapatham A,Jeong S,et al.Towards an elastic application model for augmenting the computing capabilities of mobile devices with cloud computing[J].Mobile Networks and Applications,2011,16(3):270-284
[7] Chun B G,Ihm S,Maniatis P,et al.Clonecloud:elastic execution between mobile device and cloud[C]∥Proceedings of the Sixth Conference on Computer Systems.ACM,2011:301-314
[8] Kosta S,Aucinas A,Hui P,et al.Thinkair:Dynamic resource allocation and parallel execution in the cloud for mobile code offloading[C]∥2012 Proceedings IEEE INFOCOM.IEEE,2012:945-953
[9] Cuervo E,Balasubramanian A,Cho D,et al.MAUI:making smartphones last longer with code offload[C]∥Proceedings of the 8th International Conference on Mobile Systems,Applications,and Services.ACM,2010:49-62
[10] Yang L,Cao J,Yuan Y,et al.A framework for partitioning and execution of data stream applications in mobile cloud computing[J].ACM SIGMETRICS Performance Evaluation Review,2013,40(4):23-32
[11] Rellermeyer J S,Riva O,Alonso G.AlfredO:an architecture for flexible interaction with electronic devices[C]∥Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware.Springer-Verlag New York,2008:22-41
[12] Petitprez N,Rouvoy R,Filip K,et al.Opportunistic Offloading of Mobile Applications in Pervasive Environments[C]∥29th Symposium on Applied Computing(SAC).2014:1-6
[13] Shiraz M,Gani A.A lightweight active service migration framework for computational offloading in mobile cloud computing[J].The Journal of Supercomputing,2014,68(2):1-18
[14] Ren K,Wang C,Wang Q.Security challenges for the publiccloud[J].IEEE Internet Computing,2012,16(1):69-73
[15] Satyanarayanan M,Bahl P,Caceres R,et al.The case for vm-based cloudlets in mobile computing[J].IEEE Pervasive Computing,2009,8(4):14-23
[16] Chen E Y,Itoh M.Virtual smartphone over IP[C]∥2010 IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks(WoWMoM).IEEE,2010:1-6
[17] Huerta-Canepa G,Lee D.A virtual cloud computing provider for mobile devices[C]∥Proceedings of the 1st ACM Workshop on Mobile Cloud Computing & Services:Social Networks and Beyond.ACM,2010:6
[18] Marinelli E E.Hyrax:cloud computing on mobile devices using MapReduce[D].Carnegie-Mellon Univ,Pittsburgh PA,2009
[19] Kaewpuang R,Niyato D,Wang P,et al.A Framework for Co-operative Resource Management in Mobile Cloud Computing[J].IEEE Journal on Selected Areas in Communications,2013,31(12):2685-2700
[20] Suo H,Liu Z,Wan J,et al.Security and Privacy in Mobile Cloud Computing[C]∥International Wireless Communications & Mobile Computing Conference.2013:655-659
[21] Pelechrinis K,Iliofotou M,Krishnamurthy S V.Denial of service attacks in wireless networks:The case of jammers[J].IEEE Communications Surveys & Tutorials,2011,13(2):245-257
[22] Enck W,Ongtang M,McDaniel P.On lightweight mobile phone application certification[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.ACM,2009:235-245
[23] Enck W,Gilbert P,Chun B G,et al.TaintDroid:An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]∥OSDI.2010:255-270
[24] Bugiel S,Davi L,Dmitrienko A,et al.XmAndroid:A new Android evolution to mitigate privilege escalation attacks: TR-2011-04[R].Technische Universitt Darmstadt,2011
[25] Zhang X,Schiffman J,Gibbs S,et al.Securing elastic applications on mobile devices for cloud computing[C]∥Proceedings of the 2009 ACM workshop on Cloud Computing Security.ACM,2009:127-134
[26] Theoharidou M,Mylonas A,Gritzalis D.A Risk AssessmentMethod for Smartphones[M]∥Information Security and Privacy Research.Springer Berlin Heidelberg,2012:443-456
[27] Mylonas A,Theoharidou M,Gritzalis D.Assessing privacy risks in Android:A user-centric approach[M]∥ Risk Assessment and Risk-Driven Testing.Springer Berlin Heidelberg,2013:21-37
[28] Google Inc.androguard [EB/OL].https://code.google.com/p/androguard/,2012
[29] Felt A P,Chin E,Hanna S,et al.Android permissions demystified [C]∥Proceedings of the 18th ACM Conference on Computerand Communications Security.ACM,2011:627-638
[30] Zhou X,Demetriou S,He D,et al.Identity,location,disease and more:inferring your secrets from Android public resources[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security(CCS2013).ACM,2013:1017-1028
[31] Hassan M A,Chen S.An investigation of different computing sources for mobile application outsourcing on the road[M]∥Mobile Wireless Middleware,Operating Systems,and Applications.Springer Berlin Heidelberg,2012:153-166
[32] Flores Macario H R,Srirama S.Adaptive code offloading formobile cloud applications:Exploiting fuzzy sets and evidence-based learning[C]∥Proceeding of the fourth ACM Workshop on Mobile Cloud Computing and Services.ACM,2013:9-16
[33] Gu Q,Guirguis M.Secure Mobile Cloud Computing and Security Issues[M]∥High Performance Cloud Auditing and Applications.Springer New York,2014:65-90
[34] Zhang Y,Yang M,Xu B,et al.Vetting undesirable behaviors in Android apps with permission use analysis[C]∥Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications security(CCS2013).ACM,2013:611-622
[35] 李瑞轩,董新华,辜希武,等.移动云服务的数据安全与隐私保护综述[J],通信学报,2013,34(12):158-166
[36] Wei F,Roy S,Ou X.Amandroid:A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps[C]∥Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.ACM,2014:1329-1341
[37] DroidBench[EB/OL].http://sseblog.ec-spride.de/tools/droidbench/
[38] Rasthofer S,Arzt S,Bodden E.A machine-learning approach for classifying and categorizing android sources and sinks[C]∥2014 Network and Distributed System Security Symposium(NDSS).2014

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed