http://www.computer.org/tdsc The IEEE Transactions on Dependable and Secure Computing is a new quarterly that will publish archival research results focusing on research into foundations, methodologies, and mechanisms that support the achievement_through design, modeling, and evaluation_of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus also includes measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. en-us Fri, 17 May 2013 10:00:05 GMT http://csdl.computer.org/common/images/logos/tdsc.gif List of recently published journal articles http://www.computer.org/tdsc http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.12 Cloud-oriented Content Delivery Networks (CCDNs) constitute a promising alternative to traditional CDNs. Exploiting the advantages and principles of the cloud, such as the pay as you go business model and geographical dispersion of resources, CCDN can provide a viable and cost effective solution for realizing content delivery networks and services. In this paper a hierarchical framework is proposed and evaluated towards an efficient and scalable solution of content distribution over a multi-provider networked cloud environment, where inter and intra cloud communication resources are simultaneously considered along with traditional cloud computing resources. To efficiently deal with the CCDN deployment problem in this emerging and challenging computing paradigm, the problem is decomposed to graph partitioning and replica placement problems while appropriate cost models are introduced/adapted. Novel approaches on the replica placement problem within the cloud are proposed while the limitations of the physical substrate are taken into consideration. The performance of the proposed hierarchical CCDN framework is assessed via modeling and simulation, while appropriate metrics are defined/adopted associated with and reflecting the interests of the different identified involved key players. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.12 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.4 Worldwide interest in the delivery of computing and storage capacity as a service continues to grow at a rapid pace. The complexities of such cloud computing centers require advanced resource management solutions that are capable of dynamically adapting the cloud platform while providing continuous service and performance guarantees. The goal of this paper is to devise resource allocation policies for virtualized cloud environments that satisfy performance and availability guarantees and minimize energy costs in very large cloud service centers. We present a scalable distributed hierarchical framework based on a mixed-integer non-linear optimization for resource management acting at multiple time-scales. Extensive experiments across a wide variety of configurations demonstrate the efficiency and effectiveness of our approach. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.4 http://opac.ieeecomputersociety.org/opac?year=2013&volume=12&issue=07&acronym=tdsc IEEE Transactions on Dependable and Secure Computing http://www.computer.org/portal/site/tdsc/ http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.21 A frequent assumption in the domain of cyber security is that cyber intrusions follow the properties of a Poisson process, i.e., that the number of intrusions are well modeled by a Poisson distribution and that the time between intrusions is exponentially distributed. This paper studies this property by analyzing all cyber intrusions that have been detected across more than 260,000 computer systems over a period of almost three years. The results show that the assumption of a Poisson process model might be unoptimal -- the log-normal distribution is a significantly better fit in terms of modeling both the number of detected intrusions and the time between intrusions, and the Pareto distribution is a significantly better fit in terms of modeling the time to first intrusion. The paper also analyzes whether time to compromise increase for each successful intrusion of a computer system. The results regarding this property suggest that time to compromise decrease along the number of intrusions of a system. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.21 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.20 Semantic models help in achieving semantic interoperability among sources of data and applications. The necessity to efficiently manage these types of objects has increased the number of specialized repositories, usually referred to as semantic databases. Due to the various sensitivities of data, suitable access control mechanisms pertaining to the semantic repository should be put in place in order to ensure that only authorized users can obtain access to the information in its entirety. In fact, deciding what can be made available to the user without revealing confidential information is made even more difficult because the user may be able to apply logic and reasoning to infer confidential information from the knowledge being provided. In this paper, we design an authorization security model enforced on a semantic model's entities and also propagate on their individuals in the OWL database through an inference policy engine. We provide TBox access control for the construction of a TBox family and propagate this based on the construction of concept taxonomies. We also provide ABox Label-Based Access Control for facts in the domain knowledge and report experiments in order to evaluate the effects of access control on reasoning and modularization. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.20 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.19 Encounter-based social networks link users who share a location at the same time, as opposed to traditional social network paradigms of linking users who have an offline friendship. This approach presents fundamentally different challenges from those tackled by previous designs. In this paper, we explore functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks. We examine one recently proposed encounter-based social network design and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible framework for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees. We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called MeetUp. Experiments highlight the potential of our system. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.19 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.18 Emerging computing technologies such as Web services, service-oriented architecture, and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services while providing more convenient services to Internet users through such a cutting-edge technological growth. Furthermore, designing and managing Web access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly analysis approach for Web access control policies, focusing on XACML (eXtensible Access Control Markup Language) policy. We introduce a policy-based segmentation technique to accurately identify policy anomalies and derive effective anomaly resolutions, along with an intuitive visualization representation of analysis results. We also discuss a proof-of-concept implementation of our method called XAnalyzer and demonstrate how our approach can efficiently discover and resolve policy anomalies. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.18 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.14 A key challenge in MapReduce environments is to increase the utilization of MapReduce clusters to minimize their cost. For a set of production jobs that are executed periodically on new data, we can perform an off-line analysis for evaluating performance benefits of different optimization techniques. In this work, we consider a subset of production workloads that consists of MapReduce jobs with no dependencies. We observe that the order in which these jobs are executed can have a significant impact on their overall completion time and the cluster resource utilization. We evaluate the performance benefits of the constructed schedule through an extensive set of simulations over a variety of realistic workloads. The results are workload and cluster-size dependent, but it is typical to achieve up to 10%-25% of makespan improvements by simply processing the jobs in the right order. However, in some cases, the simplified abstraction assumed by Johnson's algorithm may lead to a suboptimal job schedule. We design a novel heuristic, called BalancedPools, that significantly improves Johnson's schedule results (up to 15%-38%), exactly in the situations when it produces suboptimal makespan. Overall, we observe up to 50% in the makespan improvements with the new BalancedPools algorithm. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.14 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.9 Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using searchable symmetric encryption (SSE). For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-k multi-keyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.9 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.8 Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multi-phase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.8 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.7 MapReduce is often used for critical data processing, e.g., in the context of scientific or financial simulation. However, there is evidence in the literature that there are arbitrary (or Byzantine) faults that may corrupt the results of MapReduce without being detected. We present a Byzantine fault-tolerant MapReduce framework that can run in two modes: non-speculative and speculative. We thoroughly evaluate experimentally the performance of these two versions of the framework, showing that they use around twice more resources than Hadoop MapReduce, instead of the three times more of alternative solutions. We believe this cost is acceptable for many critical applications. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.7 http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.6 Security challenges are still amongst the biggest obstacles when considering the adoption of cloud services. This triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues the cloud paradigm comes with a new set of unique features which open the path towards novel security approaches, techniques and architectures. This paper provides a survey on the achievable security merits by making use of multiple distinct clouds simultaneously. Various distinct architectures are introduced and discussed according to their security and privacy capabilities and prospects. http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.6 http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.83 To enable more effective malware analysis, forensics and reverse engineering, we have developed CipherXRay - a novel binary analysis framework that can automatically identify and recover the cryptographic operations and transient secrets from the execution of potentially obfuscated binary executables. Based on the avalanche effect of cryptographic functions, CipherXRay is able to accurately pinpoint the boundary of cryptographic operation and recover truly transient cryptographic secrets that only exist in memory for one instant in between multiple nested cryptographic operations. CipherXRay can further identify certain operation modes (e.g., ECB, CBC, CFB) of the identified block cipher and tell whether the identified block cipher operation is encryption or decryption in certain cases. We have empirically validated CipherXRay with OpenSSL, popular password safe KeePassX, the ciphers used by malware Stuxnet, Kraken and Agobot, and a number of third party softwares with built-in compression and checksum. CipherXRay is able to identify various cryptographic operations and recover cryptographic secrets that exist in memory for only a few microseconds. Our results demonstrate that current software implementations of cryptographic algorithms hardly achieve any secrecy if their execution can be monitored. http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.83