Journal of Network and Computer Applications xxx (2017) 1–2
Contents lists available at ScienceDirect
Journal of Network and Computer Applications
journal homepage: www.elsevier.com/locate/jnca
Editorial
Special issue on security in cloud computing
Cloud computing describes highly scalable computing resources
provided as an external service via the internet on a pay-as-you-go basis.
With the rapid development of cloud computing technologies, an
increasing number of individual and organizations choose cloud plat-
forms to store and deal with their data of various kinds. Cloud computing
has appealing benefits including relief of the storage and computation
burden, fine-grained data sharing, and cost savings in terms of hardware
and software, etc. Nevertheless, there are many new security challenges
in cloud computing environment, which have never been addressed in
the traditional computing and network environments. Security and pri-
vacy issues have severely impeded the practical adoption of cloud tech-
nologies. To address these critical issues, it is indispensable to propose
and design new algorithms and methods for security in cloud computing.
In this special issue, we received 81 submissions in total. We finally
have selected 15 papers with 18.5% acceptance rate with vigorous re-
view process. Our selection is based on the relevance to the special issue
topics, paper quality, methods and research contributions. This special
issue has selected the following papers:
One of the important secure issues is authentication and authoriza-
tion protocols for secure cloud computing. In the paper entitled “Cloud-
Aided Lightweight Certificateless Authentication Protocol with Ano-
nymity for Wireless Body Area Networks” (Shen et al., 2018), the authors
design a protocol which provides a stronger security protection and en-
sures no one can obtain user's real identity. In the paper entitled “Dy-
namic Fully Homomorphic Encryption-based Merkle Tree for
Lightweight Streaming Authenticated Data Structures” (Xu et al., 2018a,
b), based on the novel technique fully homomorphic encryption-based
merkle tree (FHMT), the authors propose a new construction that it is
able to authenticate an unbounded number of data elements. For the
Android devices, the paper “A Root Privilege Management Scheme with
Revocable Authorization for Android Devices” (Tan et al., 2018) in-
troduces a root privilege management scheme (RPM), which adopts the
root privilege access control to guarantee the exclusive root access op-
portunity of the authenticated apps.
Another important security issue is access control on cloud data. In
the study entitled “Interoperable, Dynamic and Privacy-Preserving Ac-
cess Control for Cloud Data Storage when Integrating Heterogeneous
Organizations” (Christian et al., 2018), authors present an ontology--
based access control solution to solve the issues about efficiency and
privacy preservation during access. Due to the computation complexity,
in paper entitled “Practical Attribute-Based Encryption: Outsourcing
Decryption, Attribute Revocation and Policy Updating” (Liu et al., 2018),
authors propose a practical attribute-based encryption scheme (ABE) to
support flexible access control. Recently, quantum technique has been
used widely in cloud computing. In the paper entitled “Quantum
https://doi.org/10.1016/j.jnca.2018.03.016
Available online xxxx
1084-8045/© 2018 Published by Elsevier Ltd.
Please cite this article in press as: Li, J., et al., Special issue on security in cloud computing, Journal of Network and Computer Applications (2017),
https://doi.org/10.1016/j.jnca.2018.03.016
Technique for Access Control in Cloud Computing II: Encryption and Key
Distribution” (Zhou et al., 2018), authors study the application of
quantum encryption and quantum key distribution in the access control
problem.
Threat detection is also an effective means to against malicious attack
in cloud computing. The paper “An Improved Payload-Based Anomaly
Detector for Web Applications” (Jin et al., 2018) introduces a new
mapping algorithm for dimensionality reduction to improve the perfor-
mance based on the payload-based anomaly detection method. For the
decisions in attack-defense scenarios in cloud computing, the paper
“Stackelberg Games for Modeling Defense Scenarios Against Cloud Se-
curity Threats” (Agnieszka et al., 2018) introduce a model based on
Stackelberg games which enables automated decisions at the cloud
provider's level, supporting the selection of the set of possible security
control, assuming the security threats are known.
With the development of cloud computing, it is necessary to evaluate
and analyze the security and privacy in outsourcing data and computa-
tion. For the outsourced data, the paper “Outsourced Privacy-preserving
Classification Service over Encrypted Data” (Li et al., 2018) propose a
novel scheme to provide the privacy-preserving classification service for
users. In the study entitled “Failure Prediction by Relevance Vector
Regression with Improved Quantum-inspired Gravitational Search” (Lou
et al., 2018), authors present a hybrid model of relevance vector machine
(RVM) with improved quantum inspired binary gravitational search al-
gorithm (QBGSA) to predict the failure time of cloud services. In the
paper entitled “Model Driven Design and Evaluation of Security Level in
Orchestrated Cloud Services” (Flora et al., 2018), authors present a
model driven engineering method to address the validation and verifi-
cation of security requirements.
Recently, privacy preservation in mobile cloud computing has
appealed much attention. In the paper entitled “A Remotely Keyed File
Encryption Scheme under Mobile Cloud Computing” (Yang et al., 2018a,
b), authors propose a new scheme file remotely keyed encryption and
data protection (RFEDP) to protect mobile terminal data security. For the
vehicular social networks (VSNs), the paper entitled “Location and Tra-
jectory Privacy Preservation in 5G-Enabled Vehicle Social Network Ser-
vices” (Liao et al., 2018) shows a 5G-based VSN framework incorporates
Mobile Femtocell (MFemtocell) technology.
There are also some other security studies in cloud computing such as
data deletion and covert communication. In the study entitled “Blcok-
chain-Based Publicly Verifiable Data Deletion Scheme for Cloud Storage”
(Yang et al., 2018a,b), authors propose a novel blockchain-based data
deletion scheme to make the deletion operation more transparent. For
the information leakage, the paper entitled “Hybrid Covert Channel in
LTE-A: Modeling and Analysis” (Xu et al., 2018a,b) constructs a covert
Editorial
channel in long term evolution advance (LTE-A) circumstance which can
ensure the accuracy and effectiveness of the covert communication.
This special issue presents the recent developments and works related
to the security in cloud computing.
References
Agnieszka, J., Francesco, P., Joanna, K., 2018. Stackelberg games for modeling defense
scenarios against cloud security threats. J. Netw. Comput. Appl. https://doi.org/
10.1016/j.jnca.2018.02.015 (in press).
Christian, E., 2018. Interoperable, dynamic and privacy-preserving access control for
cloud data storage when integrating heterogeneous organizations. J. Netw. Comput.
Appl. https://doi.org/10.1016/j.jnca.2018.01.017 (in press).
Flora, A., Nicola, M., Francesco, M., 2018. Model driven design and evaluation of security
level in orchestrated cloud services. J. Netw. Comput. Appl. 106, 78–89.
Jin, X., Cui, B., Li, D., Cheng, Z., Yin, C., 2018. An improved payload-based anomaly
detector for web applications. J. Netw. Comput. Appl. 106, 111–116.
Li, T., Huang, Z., Li, P., Liu, Z., Jia, C., 2018. Outsourced privacy-preserving classification
service over encrypted data. J. Netw. Comput. Appl. 106, 100–110.
Liao, D., Li, H., Sun, G., Zhang, M., Chang, V., 2018. Location and trajectory privacy
preservation in 5G-enabled Vehicle social network services. J. Netw. Comput. Appl.
https://doi.org/10.1016/j.jnca.2018.02.002 (in press).
Liu, Z., Jiang, Z., Wang, X., Yiu, S.M., 2018. Practical attribute-based encryption:
outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput.
Appl. https://doi.org/10.1016/j.jnca.2018.01.016 (in press).
Lou, J., Jiang, Y., Shen, Q., Wang, R., 2018. Failure prediction by relevance vector
regression with improved quantum-inspired gravitational search. J. Netw. Comput.
Appl. 103, 171–177.
Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., Tang, Y., 2018. Cloud-aided lightweight cer-
tificateless authentication protocol with anonymity for wireless body area networks.
J. Netw. Comput. Appl. 106, 117–123.
Journal of Network and Computer Applications xxx (2017) 1–2
Tan, Y., Xue, Y., Liang, C., Zheng, J., Zhang, Q., Zheng, J., Li, Y., 2018. A root privilege
management scheme with revocable authorization for Android devices. J. Netw.
Comput. Appl. 107, 69–82.
Xu, J., Wei, L., Zhang, Y., Wang, A., Zhou, F., Gao, C., 2018a. Dynamic fully homomorphic
encryption-based Merkle tree for lightweight streaming authenticated data struc-
tures. J. Netw. Comput. Appl. 107, 113–124.
Xu, G., Yang, W., Huang, L., 2018b. Hybrid covert channel in LTE-A: modeling and
analysis. J. Netw. Comput. Appl. https://doi.org/10.1016/j.jnca.2018.02.001 (in
press).
Yang, L., Han, Z., Huang, Z., Ma, J., 2018a. A remotely keyed file encryption scheme
under mobile cloud computing. J. Netw. Comput. Appl. 106, 90–99.
Yang, C., Chen, X., Xiang, Y., 2018b. Blcokchain-based publicly verifiable data deletion
scheme for cloud storage. J. Netw. Comput. Appl. 103, 185–193.
Zhou, L., Wang, Q., Sun, X., Piotr, K., Arcangelo, C., 2018. Quantum technique for access
control in cloud computing II: encryption and key distribution. J. Netw. Comput.
Appl. 103, 178–184.
Jin Li, Prof.*
School of Computer Science, Guangzhou University, Guangzhou, China
Aniello Castiglione, Prof.
Department of Computer Science, University of Salerno, Italy
E-mail address: castiglione@ieee.org.
Changyu Dong, Senior Lecturer
Newcastle University, UK
E-mail address: changyu.dong@newcastle.ac.uk.
*
Corresponding author.
E-mail address: jinli71@gmail.com (J. Li).