RUcore: Rutgers University Community Repository
Exploring security support for cloud-based applications
Descriptive
TitleInfo
Title
Exploring security support for cloud-based applications
Name
(type = personal)
NamePart
(type = family)
Nguyen
NamePart
(type = given)
Hai
NamePart
(type = date)
1985-
DisplayForm
Hai Nguyen
Role
RoleTerm
(authority = RULIB)
author
Name
(type = personal)
NamePart
(type = family)
Ganapathy
NamePart
(type = given)
Vinod
DisplayForm
Vinod Ganapathy
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
chair
Name
(type = personal)
NamePart
(type = family)
Nguyen
NamePart
(type = given)
Thu
DisplayForm
Thu Nguyen
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
internal member
Name
(type = personal)
NamePart
(type = family)
Bhattacharjee
NamePart
(type = given)
Abhishek
DisplayForm
Abhishek Bhattacharjee
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
internal member
Name
(type = personal)
NamePart
(type = family)
Jaeger
NamePart
(type = given)
Trent
DisplayForm
Trent Jaeger
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
outside member
Name
(type = corporate)
NamePart
Rutgers University
Role
RoleTerm
(authority = RULIB)
degree grantor
Name
(type = corporate)
NamePart
School of Graduate Studies
Role
RoleTerm
(authority = RULIB)
school
TypeOfResource
Text
Genre
(authority = marcgt)
theses
OriginInfo
DateCreated
(qualifier = exact)
2018
DateOther
(qualifier = exact);
(type = degree)
2018-10
CopyrightDate
(encoding = w3cdtf)
2018
Place
PlaceTerm
(type = code)
xx
Language
LanguageTerm
(authority = ISO639-2b);
(type = code)
eng
Abstract
(type = abstract)
Users are increasingly adopting cloud services for various purposes such as storing and processing data or using cloud-based software. However, this computing model poses cloud-specific security challenges to these cloud-based applications.
This dissertation describes novel solutions to three security problems of cloud-based applications. First, the introduction of hardware-based implementations of isolated execution such as Intel SGX makes it challenging to enforce security compliance of cloud applications. It is desirable to have a mechanism that allows cloud providers to inspect the code and data of cloud applications while still preserves the integrity and confidentiality offered by Intel SGX. Second, cloud services have increasingly become the target of ransomware attacks. However, current ransomware detection techniques are prone to false positives and some of them are unable to distinguish ransomware from benign programs that exhibit ransomware-like behaviors. Third, in today’s cloud platforms, clients do not have much power and flexibility to deploy security services. Clients often rely heavily on cloud providers for deployment of security measures such as intrusion detection systems (IDSs) or have to manually install and configure software stack with security tools.
This dissertation makes the following contributions. First, it implements EnGarde, an enclave inspection library that preserves the security and privacy benefits offered by Intel SGX and allows the cloud provider to verify the clients SGX-based enclave against predefined policies mutually agreed by the cloud provider and the client. Second, it builds HRD, a system that can detect ransomware in cloud-based environments with low false positives. HRD uses Hardware Performance Counters (HPCs) and machine learning to build classifiers that effectively detect ransomware with high accuracy. Third, it demonstrates the utility of a new cloud computing model where the client can make use of cloud apps, implemented as virtual machines (VMs), to implement security measures.
This dissertation describes novel solutions to three security problems of cloud-based applications. First, the introduction of hardware-based implementations of isolated execution such as Intel SGX makes it challenging to enforce security compliance of cloud applications. It is desirable to have a mechanism that allows cloud providers to inspect the code and data of cloud applications while still preserves the integrity and confidentiality offered by Intel SGX. Second, cloud services have increasingly become the target of ransomware attacks. However, current ransomware detection techniques are prone to false positives and some of them are unable to distinguish ransomware from benign programs that exhibit ransomware-like behaviors. Third, in today’s cloud platforms, clients do not have much power and flexibility to deploy security services. Clients often rely heavily on cloud providers for deployment of security measures such as intrusion detection systems (IDSs) or have to manually install and configure software stack with security tools.
This dissertation makes the following contributions. First, it implements EnGarde, an enclave inspection library that preserves the security and privacy benefits offered by Intel SGX and allows the cloud provider to verify the clients SGX-based enclave against predefined policies mutually agreed by the cloud provider and the client. Second, it builds HRD, a system that can detect ransomware in cloud-based environments with low false positives. HRD uses Hardware Performance Counters (HPCs) and machine learning to build classifiers that effectively detect ransomware with high accuracy. Third, it demonstrates the utility of a new cloud computing model where the client can make use of cloud apps, implemented as virtual machines (VMs), to implement security measures.
Subject
(authority = RUETD)
Topic
Computer Science
Subject
(authority = ETD-LCSH)
Topic
Cloud computing--Security measures
RelatedItem
(type = host)
TitleInfo
Title
Rutgers University Electronic Theses and Dissertations
Identifier
(type = RULIB)
ETD
Identifier
ETD_9295
PhysicalDescription
Form
(authority = gmd)
electronic resource
InternetMediaType
application/pdf
InternetMediaType
text/xml
Extent
1 online resource (100 pages) : illustrations
Note
(type = degree)
Ph.D.
Note
(type = bibliography)
Includes bibliographical references
Note
(type = statement of responsibility)
by Hai Nguyen
RelatedItem
(type = host)
TitleInfo
Title
School of Graduate Studies Electronic Theses and Dissertations
Identifier
(type = local)
rucore10001600001
Location
PhysicalLocation
(authority = marcorg);
(displayLabel = Rutgers, The State University of New Jersey)
NjNbRU
Identifier
(type = doi)
doi:10.7282/t3-dre3-gm67
Genre
(authority = ExL-Esploro)
ETD doctoral
Back to the top
Rights
RightsDeclaration
(ID = rulibRdec0006)
The author owns the copyright to this work.
RightsHolder
(type = personal)
Name
FamilyName
Nguyen
GivenName
Hai
Role
Copyright Holder
RightsEvent
Type
Permission or license
DateTime
(encoding = w3cdtf);
(qualifier = exact);
(point = start)
2018-09-30 23:41:15
AssociatedEntity
Name
Hai Nguyen
Role
Copyright holder
Affiliation
Rutgers University. School of Graduate Studies
AssociatedObject
Type
License
Name
Author Agreement License
Detail
I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.
Copyright
Status
Copyright protected
Availability
Status
Open
Reason
Permission or license
Back to the top
Technical
RULTechMD
(ID = TECHNICAL1)
ContentModel
ETD
OperatingSystem
(VERSION = 5.1)
windows xp
CreatingApplication
Version
1.5
ApplicationName
pdfTeX-1.40.17
DateCreated
(point = end);
(encoding = w3cdtf);
(qualifier = exact)
2018-09-30T23:21:25
DateCreated
(point = end);
(encoding = w3cdtf);
(qualifier = exact)
2018-09-30T23:21:25
Back to the top
Statistical Profile