Together with an explosive growth of the mobile applications and emerging of cloud computing concept, mobile cloud computing (MCC) has been introduced to be a potential technology for mobile services. MCC integrates the cloud computing into the mobile environment and overcomes obstacles related to the performance (e.g., battery life, storage, and bandwidth), environment (e.g., heterogeneity, scalability, and availability), and security (e.g., reliability and privacy) discussed in mobile computing. This paper gives a survey of MCC, which helps general readers have an overview of the MCC including the definition, architecture, and applications. The issues, existing solutions, and approaches are presented. In addition, the future research directions of MCC are discussed. Copyright © 2011 John Wiley & Sons, Ltd.

A survey of mobile cloud computing: architecture, applications, and approaches

http://homepage.cs.latrobe.edu.au/sloke/papers/1-s2.0-S0167739X12001318-main.pdf

Mobile cloud computing

The current Internet architecture was founded upon a host-centric communication model, which was appropriate for coping with the needs of the early Internet users. Internet usage has evolved however, with most users mainly interested in accessing (vast amounts of) information, irrespective of its physical location. This paradigm shift in the usage model of the Internet, along with the pressing needs for, among others, better security and mobility support, has led researchers into considering a radical change to the Internet architecture. In this direction, we have witnessed many research efforts investigating Information-Centric Networking (ICN) as a foundation upon which the Future Internet can be built. Our main aims in this survey are: (a) to identify the core functionalities of ICN architectures, (b) to describe the key ICN proposals in a tutorial manner, highlighting the similarities and differences among them with respect to those core functionalities, and (c) to identify the key weaknesses of ICN proposals and to outline the main unresolved research challenges in this area of networking research.

A Survey of Information-Centric Networking Research

Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques. In this paper, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential properties of botnets. We define a botnet as a coordinated group of malware instances that are controlled via C&C communication channels. The essential properties of a botnet are that the bots communicate with some C&C servers/peers, perform malicious activities, and do so in a similar or correlated way. Accordingly, our detection framework clusters similar communication traffic and similar malicious traffic, and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts are thus bots in the monitored network. We have implemented our BotMiner prototype system and evaluated it using many real network traces. The results show that it can detect real-world botnets (IRC-based, HTTP-based, and P2P botnets including Nugache and Storm worm), and has a very low false positive rate.

/pdf/botminer-clustering-analysis-of-network-traffic-for-protocol-128yhq3sy0.pdf

BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection

We present SWAN, a system that boosts the utilization of inter-datacenter networks by centrally controlling when and how much traffic each service sends and frequently re-configuring the network's data plane to match current traffic demand. But done simplistically, these re-configurations can also cause severe, transient congestion because different switches may apply updates at different times. We develop a novel technique that leverages a small amount of scratch capacity on links to apply updates in a provably congestion-free manner, without making any assumptions about the order and timing of updates at individual switches. Further, to scale to large networks in the face of limited forwarding table capacity, SWAN greedily selects a small set of entries that can best satisfy current demand. It updates this set without disrupting traffic by leveraging a small amount of scratch capacity in forwarding tables. Experiments using a testbed prototype and data-driven simulations of two production networks show that SWAN carries 60% more traffic than the current practice.

/pdf/achieving-high-utilization-with-software-driven-wan-1eg0vtj3eu.pdf

Achieving high utilization with software-driven WAN

Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.

System and method for an integrity focused authentication service

A system and method that include collecting device version profiles from a plurality of device sources; classifying the device version profiles into a device profile repository; receiving a component version query request; querying the device profile repository according to the version query request; and responding to the query request with results of the query.

System and method for determining component version compatibility across a device ecosystem

A method comprising includes detecting, in response to a user access attempt on an electronic access device, a one-time passcode authentication event; receiving, at an electronic authenticating device, notification of the one-time passcode authentication event; retrieving, in response to the notification, a one-time passcode from the authenticating device; transmitting the one-time passcode from the authenticating device to a facilitator software instance operating on the access device; and enabling population, using the facilitator software instance, of a one-time passcode entry form with the one-time passcode.

System and method for converting one-time passcodes to app-based authentication

Software patches are designed to have a positive effect on the operation of software systems. However, these patches may cause incompatibilities, regressions, and other unintended negative impact on the reliability, performance, and security of software. In this paper, we propose PatchAdvisor, a technique to improve the manageability of the patching process for administrators by automatically inferring the impact of a patch or upgrade. PatchAdvisor inspects a software system and its patch using a combination of static control flow analysis, dynamic execution traces, and ranking heuristics to automatically infer the potential impact of the patch. To evaluate the feasibility of our approach, we implement an initial prototype of PatchAdvisor using the IDA and PaiMei frameworks and demonstrate its effectiveness on a real-world web application stack. Finally, we discuss the challenges and future research directions in this problem domain.

/pdf/if-it-ain-t-broke-don-t-fix-it-challenges-and-new-directions-470pvmcibh.pdf

If it ain't broke, don't fix it: challenges and new directions for inferring the impact of software patches

A system and method for authenticating a user that includes receiving an access-request of a network protocol at a challenge-response server; determining if an access-challenge message is required; delivering an active script component through a parameter of an access-challenge message of the network protocol when an access-challenge is required; receiving a challenge-response of a user; validating the challenge-response; and selectively sending an access-accept response for a valid challenge-response and sending an access-denied response for an invalid challenge-response.

Jon Oberheide

Papers

System and method for an integrity focused authentication service

System and method for determining component version compatibility across a device ecosystem

System and method for converting one-time passcodes to app-based authentication

If it ain't broke, don't fix it: challenges and new directions for inferring the impact of software patches

System and method for delivering a challenge response in an authentication protocol