Visible to the public Virtual Machines 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Virtual Machines



Arguably, virtual machines are more secure than actual machines. This idea is based on the notion that an attacker cannot jump the gap between the virtual and the actual. The growth of interest in cloud computing suggests it is time for a fresh look at the vulnerabilities in virtual machines. In the articles presented below, security concerns are addressed in some interesting ways. For the Science of Security community, virtualization is related to composability, resiliency, cyber physical systems, and cryptography. The articles cited here were presented in 2015.

S. Jin, J. Ahn, J. Seol, S. Cha, J. Huh, and S. Maeng, “H-SVM: Hardware-Assisted Secure Virtual Machines Under a Vulnerable Hypervisor,” in IEEE Transactions on Computers, vol.  64, no. 10, pp. 2833-2846, Oct. 1 2015. doi:10.1109/TC.2015.2389792
Abstract: With increasing demands on cloud computing, protecting guest virtual machines (VMs) from malicious attackers has become critical to provide secure services. The current cloud security model with software-based virtualization relies on the invulnerability of the software hypervisor and its trustworthy administrator with the root permission. However, compromising the hypervisor with remote attacks or root permission grants the attackers with a full access capability to the memory and context of a guest VM. This paper proposes a HW-based approach to protect guest VMs even under an untrusted hypervisor. With the proposed mechanism, memory isolation is provided by the secure hardware, which is much less vulnerable than the software hypervisor. The proposed mechanism extends the current hardware support for memory virtualization based on nested paging with a small extra hardware cost. The hypervisor can still flexibly allocate physical memory pages to virtual machines for efficient resource management. In addition to the system design for secure virtualization, this paper presents a prototype implementation using system management mode. Although the current system management mode is not intended for security functions and thus limits the performance and complete protection, the prototype implementation proves the feasibility of the proposed design.
Keywords: authorisation; cloud computing; invasive software; paged storage; virtual machines; virtualisation; H-SVM; HW-based approach; cloud computing; cloud security model; guest VM protection; hardware-assisted secure virtual machines; malicious attackers; memory isolation; memory virtualization; nested paging; physical memory page allocation; resource management; root permission; secure services; secure virtualization; software hypervisor; software hypervisor invulnerability; software-based virtualization; system design; system management mode; trustworthy administrator; untrusted hypervisor; virtual machine protection; vulnerable hypervisor; Context; Hardware; Memory management; Registers; Virtual machine monitors; Virtual machining; Virtualization; Cloud Computing; Cloud computing; Security; Virtualization; security; virtualization (ID#: 16-10459)


R. C. Chiang, S. Rajasekaran, N. Zhang, and H. H. Huang, “Swiper: Exploiting Virtual Machine Vulnerability in Third-Party Clouds with Competition for I/O Resources,” in IEEE Transactions on Parallel and Distributed Systems, vol. 26, no. 6,
pp. 1732-1742, June 1 2015. doi:10.1109/TPDS.2014.2325564
Abstract: The emerging paradigm of cloud computing, e.g., Amazon Elastic Compute Cloud (EC2), promises a highly flexible yet robust environment for large-scale applications. Ideally, while multiple virtual machines (VM) share the same physical resources (e.g., CPUs, caches, DRAM, and I/O devices), each application should be allocated to an independently managed VM and isolated from one another. Unfortunately, the absence of physical isolation inevitably opens doors to a number of security threats. In this paper, we demonstrate in EC2 a new type of security vulnerability caused by competition between virtual I/O workloads-i.e., by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware. In particular, we focus on I/O resources such as hard-drive throughput and/or network bandwidth-which are critical for data-intensive applications. We design and implement Swiper, a framework which uses a carefully designed workload to incur significant delays on the targeted application and VM with minimum cost (i.e., resource consumption). We conduct a comprehensive set of experiments in EC2, which clearly demonstrates that Swiper is capable of significantly slowing down various server applications while consuming a small amount of resources.
Keywords: cloud computing; security of data; virtual machines; Amazon elastic compute cloud; EC2; Swiper; VM; hard-drive throughput; network bandwidth; security threats; security vulnerability; third-party clouds; virtual I/O workloads; virtual machine vulnerability; Cloud computing; Delays; IP networks; Security; Synchronization; Throughput; Virtualization; Cloud computing; scheduling; virtualization (ID#: 16-10460)


P. Gaj, M. Skrzewski, J. Stój, and J. Flak, “Virtualization as a Way to Distribute PC-Based Functionalities,” in IEEE Transactions on Industrial Informatics, vol. 11, no. 3, pp. 763-770, June 2015. doi:10.1109/TII.2014.2360499
Abstract: Virtualization theory is well known and successfully used in the computer domain. Personal computer (PC) workstations, as well as their virtual counterparts, are popular for general purposes. PC stations are also popular in networked control systems (NCSs). They are used as system components to deliver user interfaces and to run many important services of the data processing, communication, and database type. In this paper, the usage of virtual PC machines (VMs) is considered in the context of interoperability with NCS. This specific application area requests answers whether virtualization is applicable and secure, and what are the expectations from the temporal characteristics of running services.
Keywords: control engineering computing; microcomputers; networked control systems; open systems; user interfaces; virtual machines; NCS; PC stations; data processing; distribute PC-based functionalities; interoperability; networked control system; personal computer; system components; user interface; virtual PC machine; virtual counterparts; virtualization; Hardware; Informatics; Security; Software; Virtual machine monitors; Virtual machining; Virtualization; Efficiency; OPC; Xen; efficiency; hypervisor; industrial communication; industrial distributed systems; networked control systems (NCSs); security; temporal characteristics; virtual machine; virtual machine (VM) (ID#: 16-10461)


A. Prakash, E. Venkataramani, H. Yin, and Z. Lin, “On the Trustworthiness of Memory Analysis—An Empirical Study from the Perspective of Binary Execution,” in IEEE Transactions on Dependable and Secure Computing, vol. 12, no. 5, pp. 557-570, Sept.-Oct. 1 2015. doi:10.1109/TDSC.2014.2366464
Abstract: Memory analysis serves as a foundation for many security applications such as memory forensics, virtual machine introspection and malware investigation. However, malware, or more specifically a kernel rootkit, can often tamper with kernel memory data, putting the trustworthiness of memory analysis under question. With the rapid deployment of cloud computing and increase of cyber attacks, there is a pressing need to systematically study and understand the problem of memory analysis. In particular, without ground truth, the quality of the memory analysis tools widely used for analyzing closed-source operating systems (like Windows) has not been thoroughly studied. Moreover, while it is widely accepted that value manipulation attacks pose a threat to memory analysis, its severity has not been explored and well understood. To answer these questions, we have devised a number of novel analysis techniques including (1) binary level ground-truth collection, and (2) value equivalence set directed field mutation. Our experimental results demonstrate not only that the existing tools are inaccurate even under a non-malicious context, but also that value manipulation attacks are practical and severe. Finally, we show that exploiting information redundancy can be a viable direction to mitigate value manipulation attacks, but checking information equivalence alone is not an ultimate solution.
Keywords: invasive software; storage management; trusted computing; binary execution perspective; binary level ground-truth collection; closed-source operating systems; cloud computing; cyber attacks; malware investigation; memory analysis; memory forensics; security applications; trustworthiness; value equivalence set directed field mutation; value manipulation attacks; virtual machine introspection; Context; Data structures; Kernel; Robustness; security; Semantics; Virtual machining; DKOM; Invasive Software; Kernel Rootkit; Memory Forensics; Memory forensics; Operating Systems Security; Virtual Machine Introspection; kernel rootkit; operating systems security  (ID#: 16-10462)


B. Jain, M. B. Baig, Dongli Zhang, D. E. Porter, and R. Sion, “Introspections on the Semantic Gap,” in IEEE Security & Privacy, vol. 13, no. 2, pp. 48-55, Mar.-Apr. 2015. doi:10.1109/MSP.2015.35
Abstract: An essential goal of virtual machine introspection is security policy enforcement in the presence of an untrustworthy OS. One obstacle to this goal is the difficulty in accurately extracting semantic meaning from the hypervisor’s hardware-level view of a guest OS.
Keywords: security of data; virtual machines; OS; security policy enforcement; virtual machine introspection; Computer security; Data structures; Kernel; Monitoring; Semantics; Trust management; Virtual machine monitors; Virtual machines; VM introspection; VMI; security; semantic gap; trust (ID#: 16-10463)


R. Tyagi, T. Paul, B. S. Manoj, and B. Thanudas, “Packet Inspection for Unauthorized OS Detection in Enterprises,” in IEEE Security & Privacy, vol. 13, no. 4, pp. 60-65, July-Aug. 2015. doi:10.1109/MSP.2015.86
Abstract: Many recent malware implementations employ virtual machines to carry out their malicious activities. These are hard to detect because their states can’t be accessed by antivirus software running in the native OS. An approach for OS fingerprinting using TCP SYN packets in an enterprise environment can detect the presence of unauthorized OSs.
Keywords: computer network security; invasive software; operating systems (computers); transport protocols; virtual machines; OS fingerprinting; TCP SYN packet inspection; antivirus software; enterprises; malicious activity; malware; unauthorized OS detection; virtual machine; Databases; Fingerprint recognition; IP networks; Linux; Malware; Virtual machining; OS; enterprise; fingerprinting; header; network; security; traffic packet (ID#: 16-10464)


C. Anderson, “Docker [Software engineering],” in IEEE Software, vol. 32, no. 3, pp. 102-c3, May-June 2015. doi:10.1109/MS.2015.62
Abstract: In episode 217 of Software Engineering Radio, host Charles Anderson talks with James Turnbull, a software developer and security specialist who’s vice president of services at Docker. Lightweight Docker containers are rapidly becoming a tool for deploying microservice-based architectures.
Keywords: Interviews; Software development; Software engineering; Virtual machining; Docker; Docker containers; James Turnbull; SE Radio; Software Engineering Radio; microservices (ID#: 16-10465)


Xuexiu Chen, Chi Chen, Yuan Tao, and Jiankun Hu, “A Cloud Security Assessment System Based on Classifying and Grading,” in IEEE Cloud Computing, vol. 2, no. 2, pp. 58-67, Mar.-Apr. 2015. doi:10.1109/MCC.2015.34
Abstract: Cloud security has become a key limitation on the development of cloud computing. To ensure the stability and reliability of cloud service, cloud security should be assessed regularly using a practical indicator system. Because cloud computing employs virtualization technology and a new delivery mode, the security assessment indicator system for traditional information systems is unsuitable for the cloud. This article proposes a complete cloud security assessment indicator system based on classifying and grading. It uses the comprehensive assessment method combining forward and feedback assessment to assess the security of an actual cloud, and verifies the rationality and practicability of the cloud security assessment indicator system.
Keywords: cloud computing; information systems; security of data; software reliability; virtualisation; cloud security assessment indicator system; cloud security assessment system; cloud service reliability; cloud service stability; delivery mode; feedback assessment; virtualization technology; Access control; Cloud computing; Communication networks; Information systems; Virtual machining; classifying and grading; cloud; cloud security; security assessment (ID#: 16-10466)


Chia-Wei Wang, Michael Cheng Yi Cho, Chi-Wei Wang, and Shiuhpyng Winston Shieh, “Combating Software Piracy in Public Clouds,” in Computer, vol. 48, no. 10, pp. 88-91, Oct. 2015. doi:10.1109/MC.2015.317
Abstract: CodeMist is an innovative security framework that leverages both passive and active approaches to prevent piracy of cloud-based rental software.
Keywords: cloud computing; computer crime; CodeMist; cloud-based rental software; innovative security framework; public clouds; software piracy; Cloud computing; Computer crime; Runtime; Video recording; Virtual machine monitors; CodeMist; cloud; rental software; security; software piracy (ID#: 16-10467)


Huan Ke, Peng Li, Song Guo, and Ivan Stojmenovic, “Aggregation on the Fly: Reducing Traffic for Big Data in the Cloud,” in IEEE Network, vol. 29, no. 5, pp. 17-23, September-October 2015. doi:10.1109/MNET.2015.7293300
Abstract: As a leading framework for processing and analyzing big data, MapReduce is leveraged by many enterprises to parallelize their data processing on distributed computing systems. Unfortunately, the all-to-all data forwarding from map tasks to reduce tasks in the traditional MapReduce framework would generate a large amount of network traffic. The fact that the intermediate data generated by map tasks can be combined with significant traffic reduction in many applications motivates us to propose a data aggregation scheme for MapReduce jobs in cloud. Specifically, we design an aggregation architecture under the existing MapReduce framework with the objective of minimizing the data traffic during the shuffle phase, in which aggregators can reside anywhere in the cloud. Some experimental results also show that our proposal outperforms existing work by reducing the network traffic significantly.
Keywords: Big Data; cloud computing; data analysis; parallel processing; Big Data analysis; MapReduce; data aggregation scheme; data traffic minimization; distributed computing system; Bandwidth; Big data; Cloud computing; Distributed processing; Network security; Telecommunication traffic; Virtual machining (ID#: 16-10468)


D. Tao, Z. Lin, and C. Lu, “Cloud Platform Based Automated Security Testing System for Mobile Internet,” in Tsinghua Science and Technology, vol. 20, no. 6, pp. 537-544, December 2015. doi:10.1109/TST.2015.7349926
Abstract: With respect to security, the use of various terminals in the mobile Internet environment is problematic. Traditional terminal testing methods cannot simulate actual testing environments; thus, the test results do not accurately reflect the security of terminals. To address this problem, we designed and developed a cloud platform based automated testing system for the mobile Internet. In this system, virtualization and automation technology are utilized to integrate mobile terminals into the cloud platform as a resource, to achieve a novel cloud service called Testing as a Service (TaaS). The system consists of three functional modules: web front-end module, testing environment module, and automated testing module. We adopted the permeable automated testing tool Metasploit to perform security testing. In our test experiments, we selected 100 apps with diverse vulnerability levels, ranging from secure to vulnerable, to perform a series of functional tests. The experimental results show that this system can correctly test both the number of vulnerable apps and their corresponding vulnerability levels. As such, the designed system can flexibly configure various testing environments for different testing cases or projects, and thereby perform security testing automatically.
Keywords: Cloud computing; Mobile communication; Security; Testing; Virtual machining; Virtualization; automated security testing; cloud platform; virtualization; Metasploit (ID#: 16-10469)


K. Salah, M. Hammoud, and S. Zeadally, “Teaching Cybersecurity Using the Cloud,” in IEEE Transactions on Learning Technologies, vol. 8, no. 4, pp. 383-392, Oct.-Dec. 1 2015. doi:10.1109/TLT.2015.2424692
Abstract: Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our experience when using cloud computing to teach a senior course on cybersecurity across two campuses via a virtual classroom equipped with live audio and video. Furthermore, based on this teaching experience, we propose guidelines that can be applied to teach similar computer science and engineering courses. We demonstrate how cloud-based laboratory exercises can greatly help students in acquiring crucial cybersecurity skills as well as cloud computing ones, which are in high demand nowadays. The cloud we used for this course was the Amazon Web Services (AWS) public cloud. However, our presented use cases and approaches are equally applicable to other available cloud platforms such as Rackspace and Google Compute Engine, among others.
Keywords: Web services; cloud computing; computer science education; educational courses; security of data; teaching; virtual machines; AWS public cloud; Amazon Web Services public cloud; Google Compute Engine; Rackspace; cloud computing platforms; cloud-based laboratories; computer engineering courses; computer science courses; cybersecurity; teaching; virtual classroom; virtual machines; Cloud computing; Computer crime; Computer security; Education; Network security; Amazon AWS; Cloud Computing; Computer Security; Cybersecurity; Education; Network Security; computer security; education; network security (ID#: 16-10470)


W. Chen, L. Xu, G. Li, and Y. Xiang, “A Lightweight Virtualization Solution for Android Devices,” in IEEE Transactions on Computers, vol. 64, no. 10, pp. 2741-2751, Oct. 1 2015. doi:10.1109/TC.2015.2389791
Abstract: Mobile virtualization has emerged fairly recently and is considered a valuable way to mitigate security risks on Android devices. However, major challenges in mobile virtualization include runtime, hardware, resource overhead, and compatibility. In this paper, we propose a lightweight Android virtualization solution named Condroid, which is based on container technology. Condroid utilizes resource isolation based on namespaces feature and resource control based on cgroups feature. By leveraging them, Condroid can host multiple independent Android virtual machines on a single kernel to support multiple Android containers. Furthermore, our implementation presents both a system service sharing mechanism to reduce memory utilization and a filesystem sharing mechanism to reduce storage usage. The evaluation results on Google Nexus 5 demonstrate that Condroid is feasible in terms of runtime, hardware resource overhead, and compatibility. Therefore, we find that Condroid has a higher performance than other virtualization solutions.
Keywords: Android (operating system); mobile computing; security of data; smart phones; virtual machines; virtualisation; Android devices; Android virtual machines; Condroid; Google Nexus 5; compatibility; container technology; filesystem sharing mechanism; hardware resource overhead; lightweight Android virtualization solution; memory utilization; mobile virtualization; namespace feature; resource isolation; security risks; system service sharing mechanism; Androids; Containers; Humanoid robots; Kernel; Linux; Smart phones; Virtualization; Android; Container; Security; android; security; virtualization (ID#: 16-10471)


L. M. Vaquero, A. Celorio, F. Cuadrado, and R. Cuevas, “Deploying Large-Scale Datasets On-Demand in the Cloud: Treats and Tricks on Data Distribution,” in IEEE Transactions on Cloud Computing, vol. 3, no. 2, pp. 132-144, April-June 1 2015. doi:10.1109/TCC.2014.2360376
Abstract: Public clouds have democratised the access to analytics for virtually any institution in the world. Virtual machines (VMs) can be provisioned on demand to crunch data after uploading into the VMs. While this task is trivial for a few tens of VMs, it becomes increasingly complex and time consuming when the scale grows to hundreds or thousands of VMs crunching tens or hundreds of TB. Moreover, the elapsed time comes at a price: the cost of provisioning VMs in the cloud and keeping them waiting to load the data. In this paper we present a big data provisioning service that incorporates hierarchical and peer-to-peer data distribution techniques to speed-up data loading into the VMs used for data processing. The system dynamically mutates the sources of the data for the VMs to speed-up data loading. We tested this solution with 1000 VMs and 100 TB of data, reducing time by at least 30 percent over current state of the art techniques. This dynamic topology mechanism is tightly coupled with classic declarative machine configuration techniques (the system takes a single high-level declarative configuration file and configures both software and data loading). Together, these two techniques simplify the deployment of big data in the cloud for end users who may not be experts in infrastructure management.
Keywords: Big Data; cloud computing; peer-to-peer computing; virtual machines; VM; big data provisioning service; classic declarative machine configuration techniques; data loading; data processing; dynamic topology mechanism; high-level declarative configuration file; infrastructure management; large-scale datasets on-demand; peer-to-peer data distribution techniques; public clouds; Big data; Cloud computing; Distributed databases; Loading; Relays; Servers; BitTorrent; Large-scale data transfer; big data; big data distribution; flash crowd; p2p everyday; p2p overlay; provisioning (ID#: 16-10472)


Z. Wu, Z. Xu, and H. Wang, “Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud,” in IEEE/ACM Transactions on Networking, vol. 23, no. 2, pp. 603-614, April 2015. doi:10.1109/TNET.2014.2304439
Abstract: Privacy and information security in general are major concerns that impede enterprise adaptation of shared or public cloud computing. Specifically, the concern of virtual machine (VM) physical co-residency stems from the threat that hostile tenants can leverage various forms of side channels (such as cache covert channels) to exfiltrate sensitive information of victims on the same physical system. However, on virtualized x86 systems, covert channel attacks have not yet proven to be practical, and thus the threat is widely considered a “potential risk.” In this paper, we present a novel covert channel attack that is capable of high-bandwidth and reliable data transmission in the cloud. We first study the application of existing cache channel techniques in a virtualized environment and uncover their major insufficiency and difficulties. We then overcome these obstacles by: (1) redesigning a pure timing-based data transmission scheme, and (2) exploiting the memory bus as a high-bandwidth covert channel medium. We further design and implement a robust communication protocol and demonstrate realistic covert channel attacks on various virtualized x86 systems. Our experimental results show that covert channels do pose serious threats to information security in the cloud. Finally, we discuss our insights on covert channel mitigation in virtualized environments.
Keywords: cloud computing; computer network security; cryptographic protocols; virtual machines; virtualisation; VM physical co-residency stems; cache channel techniques; cache covert channels; overt channel mitigation; data privacy; high-bandwidth covert channel medium; high-bandwidth reliable data transmission; high-bandwidth-reliable covert channel attacks; hostile tenants; hyper-space; information security; memory bus; physical system; public cloud computing; robust communication protocol; sensitive information exfiltration; shared cloud computing; side channel leveraging; threat tenants; timing-based data transmission scheme; virtual machine physical co-residency stems; virtualized environment; virtualized environments; virtualized systems; Bandwidth; Data communication; processor scheduling; Receivers; Security; Uncertainty; Virtualization; Cloud; covert channel; network security (ID#: 16-10473)


Xinhua Dong, Ruixuan Li, Heng He, Wanwan Zhou, Zhengyuan Xue, and Hao Wu, “Secure Sensitive Data Sharing on a Big Data Platform,” in Tsinghua Science and Technology, vol. 20, no. 1, pp. 72-80, Feb. 2015. doi:10.1109/TST.2015.7040516
Abstract: Users store vast amounts of sensitive data on a big data platform. Sharing sensitive data will help enterprises reduce the cost of providing users with personalized services and provide value-added data services. However, secure data sharing is problematic. This paper proposes a framework for secure sensitive data sharing on a big data platform, including secure data delivery, storage, usage, and destruction on a semi-trusted big data sharing platform. We present a proxy re-encryption algorithm based on heterogeneous ciphertext transformation and a user process protection method based on a virtual machine monitor, which provides support for the realization of system functions. The framework protects the security of users’ sensitive data effectively and shares these data safely. At the same time, data owners retain complete control of their own data in a sound environment for modern Internet information security.
Keywords: Big Data; Internet; cryptography; trusted computing; virtual machines; data owners; heterogeneous ciphertext transformation; modern Internet information security; personalized services; proxy reencryption algorithm; secure data delivery; secure sensitive data sharing; semitrusted big data sharing platform; system functions; user process protection method; value-added data services; virtual machine monitor; Access control; Big data; Cloud computing; Encryption; Secure storage; big data; private space; proxy re-encryption; secure sharing; sensitive data (ID#: 16-10474)


Ruozhou Yu, Guoliang Xue, Vishnu Teja Kilari, and Xiang Zhang, “Network Function Virtualization in the Multi-Tenant Cloud,” in IEEE Network, vol. 29, no. 3, pp. 42-47, May-June 2015. doi:10.1109/MNET.2015.7113224
Abstract: With more and more tenants launching their applications on the cloud, various requirements have been posed regarding the cloud’s performance, security, and management. In the face of tenant demands, the cloud provider deploys different hardware middleboxes, carrying out different network functions, and enhancing the cloud’s capability in serving tenant requirements. While middleboxes are crucial to the cloud, concerns have been raised regarding their costs, manageability, and performance overhead. To tackle these problems, researchers have proposed an alternative to hardware middleboxes: network function virtualization. Software applications are deployed in place of hardware middleboxes, offering equivalent functionalities while greatly improving flexibility, manageability, and cost-efficiency. In this paper we discuss opportunities and challenges that network function virtualization brings to the multi-tenant cloud. We also propose a cloud architecture that exploits virtual network functions. Our contributions can serve as an enlightener for future efforts in this area.
Keywords: cloud computing; computer network security; virtual machines; virtualisation; Software applications; cloud architecture; cloud capability enhancement; cloud management; cloud performance; cloud provider; cloud security; cost-efficiency improvement; flexibility improvement; hardware middleboxes; manageability improvement; multitenant cloud; network function virtualization; performance overhead; tenant requirements; Cloud computing; Computer architecture; Middleboxes; Network architecture; Network topology; Telecommunication network topology; Virtualization (ID#: 16-10475)


N. G. Tsoutsos and M. Maniatakos, “The HEROIC Framework: Encrypted Computation Without Shared Keys,” in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp. 875-888, June 2015. doi:10.1109/TCAD.2015.2419619
Abstract: Outsourcing computation to the cloud has recently become a very attractive option for enterprises and consumers, due to mostly reduced cost and extensive scalability. At the same time, however, concerns about the privacy of the data entrusted to cloud providers keeps rising. To address these concerns and thwart potential attackers, cloud providers today resort to numerous security controls as well as data encryption. Since the actual computation is still unencrypted inside cloud microprocessor chips, it is only a matter of time until new attacks and side channels are devised to leak sensitive information. To address the challenge of securing general-purpose computation inside microprocessor chips, we propose a novel computer architecture, and present a complete framework for general-purpose encrypted computation without shared keys, enabling secure data processing. This new architecture, called homomophically encrypted one instruction computation, contrary to the previous work in the area does not require a secret key installed inside the microprocessor chip. Instead, it leverages the powerful properties of homomorphic encryption combined with the simplicity of one instruction set computing. The proposed framework introduces: (1) a RTL implementation for reconfigurable hardware and (2) a ready-to-deploy virtual machine, which can be readily ported to existing server processor architectures.
Keywords: computer architecture; cryptography; data privacy; microprocessor chips; outsourcing; HEROIC framework; RTL; cloud microprocessor chips; cloud providers; data encryption; general-purpose computation; general-purpose encrypted computation; homomorphic encryption; homomorphically encrypted one instruction computation architecture; instruction set computing; outsourcing computation; secure data processing; security controls; server processor architectures; side channels; virtual machine; Computers; Encryption; Memory management; Microprocessor chips; Cloud computing; Encrypted processor; Paillier; cloud computing; encrypted processor; one instruction set computer; one instruction set computer (OISC); virtualization (ID#: 16-10476)


A. Moeini and H. Moeini, “Real-World and Rapid Face Recognition Toward Pose and Expression Variations via Feature Library Matrix,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 5, pp. 969-984, May 2015. doi:10.1109/TIFS.2015.2393553
Abstract: In this paper, a novel method for face recognition under pose and expression variations is proposed from only a single image in the gallery. A 3D probabilistic facial expression recognition generic elastic model is proposed to reconstruct a 3D model from real-world human face using only a single 2D frontal image with/without facial expressions. Then, a feature library matrix (FLM) is generated for each subject in the gallery from all face poses by rotating the 3D reconstructed models and extracting features in the rotated face pose. Therefore, each FLM is subsequently rendered for each subject in the gallery based on triplet angles of face poses. In addition, before matching the FLM, an initial estimate of triplet angles is obtained from the face pose in probe images using an automatic head pose estimation approach. Then, an array of the FLM is selected for each subject based on the estimated triplet angles. Finally, the selected arrays from FLMs are compared with extracted features from the probe image by iterative scoring classification using the support vector machine. Convincing results are acquired to handle pose and expression changes on the Bosphorus, Face Recognition Technology (FERET), Carnegie Mellon University-Pose, Illumination, and Expression (CMU-PIE), and Labeled Faces in the Wild (LFW) face databases compared with several state-of-the-art methods in pose-invariant face recognition. The proposed method not only demonstrates an excellent performance by obtaining high accuracy on all four databases but also outperforms other approaches realistically.
Keywords: face recognition; feature extraction; image classification; image reconstruction; matrix algebra; support vector machines; 3D model reconstruction; 3D probabilistic facial expression recognition generic elastic model; CMU-PIE; FERET; FLM; LFW; expression variations; face databases; face recognition technology; feature extraction; feature library matrix; iterative scoring classification; labeled faces in the wild; pose variations; pose-invariant face recognition; rapid face recognition; real-world human face; rotated face pose; single 2D frontal image; support vector machine; Face; Face recognition; Feature extraction; Hidden Markov models; Image reconstruction; Solid modeling; Three-dimensional displays; 3D face reconstruction; Pose-invariant face recognition;  probabilistic facial expression recognition (ID#: 16-10477)


A. Czajka, “Pupil Dynamics for Iris Liveness Detection,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 726-735, April 2015. doi:10.1109/TIFS.2015.2398815
Abstract: The primary objective of this paper is to propose a complete methodology for eye liveness detection based on pupil dynamics. This method may serve as a component of presentation attack detection in iris recognition systems, making them more secure. Due to a lack of public databases that would support this paper, we have built our own iris capture device to register pupil size changes under visible light stimuli, and registered 204 observations for 26 subjects (52 different irides), each containing 750 iris images taken every 40 ms. Each measurement registers the spontaneous pupil oscillations and its reaction after a sudden increase of the intensity of visible light. The Kohn and Clynes pupil dynamics model is used to describe these changes; hence we convert each observation into a feature space defined by model parameters. To answer the question whether the eye is alive (that is, if it reacts to light changes as a human eye) or the presentation is suspicious (that is, if it reacts oddly or no reaction is observed), we use linear and nonlinear support vector machines to classify natural reaction and spontaneous oscillations, simultaneously investigating the goodness of fit to reject bad modeling. Our experiments show that this approach can achieve a perfect performance for the data we have collected. All normal reactions are correctly differentiated from spontaneous oscillations. We investigated the shortest observation time required to model the pupil reaction, and found that time periods not exceeding 3 s are adequate to offer a perfect performance.
Keywords: computer crime; feature extraction; image classification; iris recognition; support vector machines; eye liveness detection; feature space; iris capture device; iris images; iris liveness detection; iris recognition systems; model parameters; natural reaction classification; nonlinear support vector machines; presentation attack detection; pupil dynamics; pupil oscillations; pupil size changes; spontaneous oscillations; visible light intensity; visible light stimuli; Cameras; Databases; Iris recognition; Lenses; Motion pictures; Oscillators; Liveness detection; biometrics; Iris recognition; (ID#: 16-10478)


M. Fairhurst, M. Erbilek, and M. Da Costa-Abreu, “Selective Review and Analysis of Aging Effects in Biometric System Implementation,” in IEEE Transactions on Human-Machine Systems, vol. 45, no. 3, pp. 294-303, June 2015. doi:10.1109/THMS.2014.2376874
Abstract: As biometric systems are deployed in increasingly diverse applications, it becomes correspondingly important to understand the impact which human aging has on system performance. Aging directly affects those physiological and behavioral traits which are characterized in biometric measurements, and a practical biometric system must be designed to account for age-induced changes. However, age can also have very positive implications, for example as a source of further identification information. This paper reviews research to understand how age factors impinge on biometric systems and uses this to synthesize a system infrastructure to unify implementation principles. We present new results to show how multiagent structures can provide an effective framework for this purpose, enhancing performance in both identification and predictive scenarios.
Keywords: biometrics (access control); human factors; multi-agent systems; ge factors; age-induced changes; behavioral traits; biometric measurements; biometric system implementation; identification scenarios; multiagent structures; physiological traits; predictive scenarios; system infrastructure; Aging; Bioinformatics; Face; Iris recognition; Sociology; Statistics; Aging effects; biometrics; fingerprint; handwritten signature; intelligent agent; security; usability (ID#: 16-10479)


D. Wen, H. Han, and A. K. Jain, “Face Spoof Detection with Image Distortion Analysis,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 746-761, April 2015. doi:10.1109/TIFS.2015.2400395
Abstract: Automatic face recognition is now widely used in applications ranging from deduplication of identity to authentication of mobile payment. This popularity of face recognition has raised concerns about face spoof attacks (also known as biometric sensor presentation attacks), where a photo or video of an authorized person’s face could be used to gain access to facilities or services. While a number of face spoof detection techniques have been proposed, their generalization ability has not been adequately addressed. We propose an efficient and rather robust face spoof detection algorithm based on image distortion analysis (IDA). Four different features (specular reflection, blurriness, chromatic moment, and color diversity) are extracted to form the IDA feature vector. An ensemble classifier, consisting of multiple SVM classifiers trained for different face spoof attacks (e.g., printed photo and replayed video), is used to distinguish between genuine (live) and spoof faces. The proposed approach is extended to multiframe face spoof detection in videos using a voting-based scheme. We also collect a face spoof database, MSU mobile face spoofing database (MSU MFSD), using two mobile devices (Google Nexus 5 and MacBook Air) with three types of spoof attacks (printed photo, replayed video with iPhone 5S, and replayed video with iPad Air). Experimental results on two public-domain face spoof databases (Idiap REPLAY-ATTACK and CASIA FASD), and the MSU MFSD database show that the proposed approach outperforms the state-of-the-art methods in spoof detection. Our results also highlight the difficulty in separating genuine and spoof faces, especially in cross-database and cross-device scenarios.
Keywords: face recognition; mobile computing; pattern classification; support vector machines; ideo signal processing; visual databases; Google Nexus 5; IDA feature vector; MSU MFSD; MSU MFSD database; MSU mobile face spoofing database; MacBook Air; automatic face recognition; cross-database scenarios; cross-device scenarios; ensemble classifier; face spoof attacks; identity deduplication; image distortion analysis; mobile devices; mobile payment authentication; multiframe face spoof detection; multiple SVM classifiers; public-domain face spoof databases; spoof attacks; videos; voting-based scheme; Cameras; Databases; Face; Face recognition; Feature extraction; image color analysis; Testing; cross-database; cross-device; spoof detection (ID#: 16-10480)


Jia Li, Ling-Yu Duan, Xiaowu Chen, Tiejun Huang, and Yonghong Tian, “Finding the Secret of Image Saliency in the Frequency Domain,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 37, no. 12, pp. 2428-2440, Dec. 1 2015. doi:10.1109/TPAMI.2015.2424870
Abstract: There are two sides to every story of visual saliency modeling in the frequency domain. On the one hand, image saliency can be effectively estimated by applying simple operations to the frequency spectrum. On the other hand, it is still unclear which part of the frequency spectrum contributes the most to popping-out targets and suppressing distractors. Toward this end, this paper tentatively explores the secret of image saliency in the frequency domain. From the results obtained in several qualitative and quantitative experiments, we find that the secret of visual saliency may mainly hide in the phases of intermediate frequencies. To explain this finding, we reinterpret the concept of discrete Fourier transform from the perspective of template-based contrast computation and thus develop several principles for designing the saliency detector in the frequency domain. Following these principles, we propose a novel approach to design the saliency detector under the assistance of prior knowledge obtained through both unsupervised and supervised learning processes. Experimental results on a public image benchmark show that the learned saliency detector outperforms 18 state-of-the-art approaches in predicting human fixations.
Keywords: discrete Fourier transforms; frequency-domain analysis; image processing; object detection; security of data; unsupervised learning; discrete Fourier transform; distractor suppression; frequency domain; frequency spectrum; image saliency; saliency detector; supervised learning process; template-based contrast computation; unsupervised learning process; visual saliency modeling; Artificial intelligence; Computational modeling; Discrete Fourier transforms; Discrete cosine transforms; Fourier transforms; Frequency-domain analysis; Prediction models; Fourier transform; Image saliency; experimental study; fixation prediction; learning-based; spectral analysis (ID#: 16-10481)


A. W. K. Kong, “A Statistical Analysis of IrisCode and Its Security Implications,” in IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 37, no. 3, pp. 513-528, March 1 2015. doi:10.1109/TPAMI.2014.2343959
Abstract: IrisCode has been used to gather iris data for 430 million people. Because of the huge impact of IrisCode, it is vital that it is completely understood. This paper first studies the relationship between bit probabilities and a mean of iris images (The mean of iris images is defined as the average of independent iris images.) and then uses the Chi-square statistic, the correlation coefficient and a resampling algorithm to detect statistical dependence between bits. The results show that the statistical dependence forms a graph with a sparse and structural adjacency matrix. A comparison of this graph with a graph whose edges are defined by the inner product of the Gabor filters that produce IrisCodes shows that partial statistical dependence is induced by the filters and propagates through the graph. Using this statistical information, the security risk associated with two patented template protection schemes that have been deployed in commercial systems for producing application-specific IrisCodes is analyzed. To retain high identification speed, they use the same key to lock all IrisCodes in a database. The belief has been that if the key is not compromised, the IrisCodes are secure. This study shows that even without the key, application-specific IrisCodes can be unlocked and that the key can be obtained through the statistical dependence detected.
Keywords: Databases; Gabor filters; Iris; Iris recognition; Probability; Security; Vectors; Biometrics; Daugman algorithm; iris recognition; statistical dependence; template protection (ID#: 16-10482)


W. Kim, S. Suh, and J. J. Han, “Face Liveness Detection from a Single Image via Diffusion Speed Model,” in IEEE Transactions on Image Processing, vol. 24, no. 8, pp. 2456-2465, Aug. 2015. doi:10.1109/TIP.2015.2422574
Abstract: Spoofing using photographs or videos is one of the most common methods of attacking face recognition and verification systems. In this paper, we propose a real-time and nonintrusive method based on the diffusion speed of a single image to address this problem. In particular, inspired by the observation that the difference in surface properties between a live face and a fake one is efficiently revealed in the diffusion speed, we exploit antispoofing features by utilizing the total variation flow scheme. More specifically, we propose defining the local patterns of the diffusion speed, the so-called local speed patterns, as our features, which are input into the linear SVM classifier to determine whether the given face is fake or not. One important advantage of the proposed method is that, in contrast to previous approaches, it accurately identifies diverse malicious attacks regardless of the medium of the image, e.g., paper or screen. Moreover, the proposed method does not require any specific user action. Experimental results on various data sets show that the proposed method is effective for face liveness detection as compared with previous approaches proposed in studies in the literature.
Keywords: face recognition; support vector machines; diffusion speed model; face liveness detection; face verification systems; linear SVM classifier; malicious attacks; Face; Feature extraction; Lighting; Security; Smart phones; TV; Videos; Spoofing; diffusion speed; local speed pattern; total variation flow (ID#: 16-10483)


I. Chingovska and A. R. dos Anjos, “On the Use of Client Identity Information for Face Antispoofing,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 787-796, April 2015. doi:10.1109/TIFS.2015.2400392
Abstract: With biometrics playing the role of a password which cannot be replaced if stolen, the necessity of establishing counter-measures to biometric spoofing attacks has been recognized. Regardless of the biometric mode, the typical approach of antispoofing systems is to classify the biometric evidence based on features discriminating between real accesses and spoofing attacks. For the first time, to the best of our knowledge, this paper studies the amount of client-specific information within these features and how it affects the performance of antispoofing systems. We make use of this information to build two client-specific antispoofing solutions, one relying on a generative and another one on a discriminative paradigm. The proposed methods, tested on a set of state-of-the-art antispoofing features for the face mode, outperform the client-independent approaches with up to 50% relative improvement and exhibit better generalization capabilities on unseen types of spoofing attacks.
Keywords: authorisation; face recognition; antispoofing system; biometric spoofing attack; client identity information; face antispoofing; Biological system modeling; Computational modeling; Face; Feature extraction; Special issues and sections; Support vector machines; Training; Biometric Verification; Counter-Measures; Counter-Spoofing; Liveness Detection; Replay; Spoofing Attack; Spoofing attack; biometric verification; counter-measures; counter-spoofing; liveness detection; replay (ID#: 16-10484)


S. Tirunagari, N. Poh, D. Windridge, A. Iorliam, N. Suki, and A. T. S. Ho, “Detection of Face Spoofing Using Visual Dynamics,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 762-777, April 2015. doi:10.1109/TIFS.2015.2406533
Abstract: Rendering a face recognition system robust is vital in order to safeguard it against spoof attacks carried out using printed pictures of a victim (also known as print attack) or a replayed video of the person (replay attack). A key property in distinguishing a live, valid access from printed media or replayed videos is by exploiting the information dynamics of the video content, such as blinking eyes, moving lips, and facial dynamics. We advance the state of the art in facial antispoofing by applying a recently developed algorithm called dynamic mode decomposition (DMD) as a general purpose, entirely data-driven approach to capture the above liveness cues. We propose a classification pipeline consisting of DMD, local binary patterns (LBPs), and support vector machines (SVMs) with a histogram intersection kernel. A unique property of DMD is its ability to conveniently represent the temporal information of the entire video as a single image with the same dimensions as those images contained in the video. The pipeline of DMD + LBP + SVM proves to be efficient, convenient to use, and effective. In fact only the spatial configuration for LBP needs to be tuned. The effectiveness of the methodology was demonstrated using three publicly available databases: (1) print-attack; (2) replay-attack; and (3) CASIA-FASD, attaining comparable results with the state of the art, following the respective published experimental protocols.
Keywords: face recognition; image classification; support vector machines; video signal processing; CASIA-FASD database; DMD; LBP; SVM; classification pipeline; data-driven approach; dynamic mode decomposition; eye blinking; face recognition system; face spoofing detection; facial antispoofing; facial dynamics; histogram intersection kernel; image dimensions; information dynamics; lip motion; liveness cue capture; local binary patterns; print attack; printed media; printed pictures; publicly available database; rendering; replay attack; replayed video; spatial configuration; spoof attacks; support vector machines; temporal information; video content; visual dynamics; Biometrics (access control); Databases; Face; Face recognition; Feature extraction; Optical imaging; Principal component analysis; CASIA-FASD; print-attack; replay-attack; spoofing (ID#: 16-10485)


R. Raghavendra and C. Busch, “Robust Scheme for Iris Presentation Attack Detection Using Multiscale Binarized Statistical Image Features,” in IEEE Transactions on Information Forensics and Security, vol. 10, no. 4, pp. 703-715, April 2015. doi:10.1109/TIFS.2015.2400393
Abstract: Vulnerability of iris recognition systems remains a challenge due to diverse presentation attacks that fail to assure the reliability when adopting these systems in real-life scenarios. In this paper, we present an in-depth analysis of presentation attacks on iris recognition systems especially focusing on the photo print attacks and the electronic display (or screen) attack. To this extent, we introduce a new relatively large scale visible spectrum iris artefact database comprised of 3300 iris normal and artefact samples that are captured by simulating five different attacks on iris recognition system. We also propose a novel presentation attack detection (PAD) scheme based on multiscale binarized statistical image features and linear support vector machines. Extensive experiments are carried out on four different publicly available iris artefact databases that have revealed the outstanding performance of the proposed PAD scheme when benchmarked with various well-established state-of-the-art schemes.
Keywords: iris recognition; security of data; support vector machines; visual databases; PAD scheme; diverse presentation attacks; electronic display attack; iris artefact databases; iris presentation attack detection; iris recognition systems; linear support vector machines; multiscale binarized statistical image features; photo print attacks; presentation attack detection scheme; robust scheme; visible spectrum iris artefact database; Databases; Feature extraction; Hardware; Image segmentation; Iris recognition; Support vector machines; Tablet computers; Anti-spoofing; Biometrics; Iris Recognition; Presentation Attacks; anti-spoofing; presentation attacks (ID#: 16-10486)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.