On technical security issues in cloud computing

CLOUD 2009 - 2009 IEEE International Conference on Cloud Computing

Volumn , Issue , 2009, Pages 109-116

  Jensen, Meiko ^a   Schwenk, Jörg ^a   Gruschka, Nils ^b   Iacono, Luigi Lo ^b  

^a RUHR UNIVERSITY BOCHUM   (Germany)

^b NEC LABORATORIES EUROPE   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

CAPITAL EXPENDITURES; CLOUD COMPUTING; CROSS-DOMAIN; ECONOMIC BENEFITS; OPERATIONAL EXPENDITURES; TECHNICAL SECURITY;

INTERNET;

NETWORK SECURITY;

EID: 74349113474     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CLOUD.2009.60     Document Type: Conference Paper

References (24)

1. J. Heiser and M. Nicolett, "Assessing the security risks of cloud computing, " Gartner Report, 2009. [Online]. Available: http://www.gartner.com/DisplayDocument?id=685308.
2. T. Dierks and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2, " IETF RFC 5246, 2008, http://www.ietf.org/rfc/ rfc5246.txt.
3. R. Dhamija, J. D. Tygar, and M. A. Hearst, "Why phishing works, " in Proceedings of the 2006 Conference on Human Factors in Computing Systems (CHI), Montréal, Québec, Canada. ACM, 2006, pp. 581-590.
4. M. McIntosh and P. Austel, "XML signature element wrapping attacks and countermeasures, " in SWS '05: Proceedings of the 2005 workshop on Secure web services. ACM Press, 2005, pp. 20-27.
5. M. A. Rahaman, A. Schaad, and M. Rits, "Towards secure SOAP message exchange in a SOA, " in SWS '06: Proceedings of the 3rd ACM workshop on Secure Web Services. ACM Press, 2006, pp. 77-84.
6. S. Gajek, L. Liao, and J. Schwenk, "Breaking and fixing the inline approach, " in SWS '07: Proceedings of the 2007 ACM workshop on Secure web services. New York, NY, USA: ACM, 2007, pp. 37-43.
7. N. Gruschka and L. Lo Iacono, "Vulnerable Cloud: SOAP Message Security Validation Revisited, " in ICWS '09: Proceedings of the IEEE International Conference on Web Services. Los Angeles, USA: IEEE, 2009.
8. Google, "Browser security handbook, " 2009. [Online]. Available: http://code.google.com/p/browsersec/.
9. D. Kaminski, "Dns server+client cache poisoning, issues with ssl, breaking *forgot my password* systems, attacking autoupdaters and unhardened parsers, rerouting internal traffic; http://www.doxpara.com/DMKBO2K8. ppt, " -, 2008.
10. S. Stamm, Z. Ramzan, and M. Jakobsson, "Drive-by pharming, " Indiana University Computer Science, Tech. Rep. 641, 2006.
11. D. Kormann and A. Rubin, "Risks of the passport single signon protocol, " Computer Networks, vol. 33, no. 1-6, pp. 51-58, 2000.
12. M. Slemko, "Microsoft passport to trouble, " 2001, http://alive.znep.com/∼marcs/passport/.
13. T. Groß, "Security analysis of the SAML single signon browser/artifact profile, " in Proc. 19th Annual Computer Security Applications Conference, 2003.
14. S. Gajek, J. Schwenk, M. Steiner, and C. Xuan, "Risks of the cardspace protocol, " in ISC'09: Proceedings of the 12th Information Security Conference, LNCS. Springer, 2009.
15. X. Chen, S. Gajek, and J. Schwenk, "On the Insecurity of Microsoft's Identity Metasystem CardSpace, " Horst Görtz Institute for IT-Security, Tech. Rep. 3, 2008.
16. B. P. Bruegger, D. Hühnlein, and J. Schwenk, "TLSFederation - A secure and Relying-Party-friendly approach for Federated Identity Management, " in Proceedings of BIOSIG 2008: Biometrics and Electronic Signatures, LNI 137, 2008, pp. 93-104.
17. T. Scavo, "SAML V2.0 Holder-of-Key Assertion Profile, " Working Draft 09, 20.01.2009, 2009, http://www.oasis-open.org/apps/org/workgroup/ security/download.php/30782/sstc-saml2-holder-of-key-draft-09.pdf.
18. S. Gajek, T. Jager, M. Manulis, and J. Schwenk, "A Browser-based Kerberos Authentication Scheme, " in Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, LNCS 5283. Springer, 2008, pp. 115-129.
19. J. Schwenk, L. Liao, and S. Gajek, "Stronger Bindings for SAML Assertions and SAML Artifacts, " in Proceedings of the 5th ACM CCS Workshop on Secure Web Services (SWS'08). ACM Press, 2008.
20. M. Jensen, N. Gruschka, and R. Herkenhöner, "A survey of attacks on web services, " Computer Science - Research and Development (CSRD), Springer Berlin/Heidelberg, 2009.
21. L. Clement, A. Hately, C. von Riegen, and T. Rogers, "UDDI Version 3.0.2, " OASIS UDDI Spec Technical Committee Draft, 2004.
22. M. Jensen, N. Gruschka, and N. Luttenberger, "The Impact of Flooding Attacks on Network-based Services, " in Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES), 2008.
23. M. Jensen and N. Gruschka, "Flooding Attack Issues of Web Services and Service-Oriented Architectures, " in Proceedings of the Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA, held at GI Jahrestagung 2008), 2008, pp. 117-122.
24. M. Jensen and J. Schwenk, "The accountability problem of flooding attacks in service-oriented architectures, " in Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES), 2009.