Monitoring intrusions and security breaches in highly distributed cloud environments

Proceedings - 2011 3rd IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2011

Volumn , Issue , 2011, Pages 772-777

  Monfared, Aryan Taheri ^a   Jaatun, Martin Gilje ^b  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b SINTEF ICT   (Norway)

Author keywords

Cloud architecture; Experiences and lessons; Interoperable and federated cloud security and trust

Indexed keywords

COMPUTING MODEL; EXPERIENCES AND LESSONS; NEW MODEL; SECURITY BREACHES; SECURITY MONITORING;

CLOUD COMPUTING;

EID: 84857187859     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CloudCom.2011.119     Document Type: Conference Paper

References (33)

1. P. Mell and T. Grance, "The NIST Definition of Cloud Computing," National Institute of Standards and Technology, Information Technology Laboratory, Tech. Rep., January 2011. [Online]. Available: http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145 cloud-definition.pdf
2. C. Pettey and H. Stevens, "Gartner Highlights Key Predictions for IT Organizations and Users in 2010 and Beyond," January 2010.
3. "Hackers see opportunities in the cloud according to def con survey," August 2010.
4. M. Swanson, J. Hash, and P. Bowen, "Guide for developing security plans for federal information systems," The Internet Engineering Task Force, SP, February 2006, http://csrc.nist.gov/publications/nistpubs/800-18- Rev1/sp800-18-Rev1-final.pdf.
5. M. N. Chris Fry, Security Monitoring: Proven Methods for Incident Detection on Enterprise Networks, 1st ed. O'Reilly Media, February 2009.
6. "Amazon CloudWatch Developer Guide," http://aws.amazon.com/ cloudwatch/, May 2009, amazon WebServices.
7. "AWS Security Center," http://aws.amazon.com/security/, October 2010.
8. "AWS Security Bulletin: Amazon Payments Signature Validation," http://aws.amazon.com/security/security-bulletins/amazon-payments-signature- validation/, September 2010.
9. Google's Security Team, "Security whitepaper: Google apps messaging and collaboration products," Google's Security Team.
10. A. Chen, "Gcreep: Google engineer stalked teens, spied on chats," http://gawker.com/5637234/gcreep-google-engineer-/stalked-teens- spied-on-chats.
11. "Openstack, open source software to build private and public clouds," http://www.openstack.org/, Nov 2010.
12. J. Meier and P. Enfield, "Azure security notes," exploring Microsoft Azure and the Cloud Security Space.
13. C. Hoff, "Incomplete thought: Why we need open source security solutions more than ever." http://www.rationalsurvivability.com/blog/?p= 2173, July 2010.
14. C. Hoff, S. Johnston, G. Reese, and B. Sapiro, "Cloudaudit 1.0 - automated audit, assertion, assessment, and assurance api (a6),"Internet Engineering Task Force, Internet-Draft draft-hoff-cloudaudit-00, 2010, experimental. [Online]. Available: https://tools.ietf.org/html/draft-hoff- cloudaudit-00
15. "Cloud security alliance," http://www.cloudsecurityalliance. org/, Nov 2010.
16. "Interoperable clouds - a white paper from the open cloud standards incubator," Distributed Management Task Force, DMTF Informational DSP-IS0101, 2009.
17. "Architecture for managing clouds - a white paper from the open cloud standards incubator," Distributed Management Task Force, DMTF Informational DSP-IS0102, 2010.
18. "Oasis identity in the cloud (idcloud) tc," http://www.oasis-open.org/ committees/tc home.php?wg abbrev=id-cloud, Nov 2010.
19. "Eucalyptus," http://www.eucalyptus.com/, Nov 2010.
20. "Opennebula, the open source toolkit for cloud computing," http://www. opennebula.org/, Nov 2010.
21. "Zenoss," http://www.zenoss.com/, Nov 2010.
22. Cloud Security Alliance, "Top threats to cloud computing," 2010.
23. Y. Chen, V. Paxson, and R. H. Katz, "What is new about cloud computing security?" EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-5, Jan 2010. [Online]. Available: http://www.eecs. berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
24. "The onion routing project," http://www.torproject.org/, Nov 2010.
25. P. Balboni, K. Mccorry, and P. W. David Snead, "Cloud computing - benefits, risks and recommendations for information security," European Network and Information Security Agency, Tech. Rep., November 2009, http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- assessment/.
26. FinCEN, "Usa patriot act," http://www.fincen.gov/statutes regs/patriot/index.html.
27. "Personal information protection and electronic documents act," http://laws.justice.gc.ca/en/P-8.6/.
28. "Data privacy protection directive," http://ec.europa.eu/ justice/policies/privacy/index en.htm.
29. "In the United States district court for the northern district of Texas Dallas division," April 2009, Liquid Motors, Inc. v. Allyn Lynd and United States.
30. B. Schneier, "The battle is on against facebook and co to regain control of our files," http://www.guardian.co.uk/technology/2009/sep/09/ bruce-schneier-file-deletion, Nov 2010.
31. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds." in ACM Conference on Computer and Communications Security, E. Al-Shaer, S. Jha, and A. D. Keromytis, Eds. ACM, 2009, pp. 199-212. [Online]. Available:http://dblp.uni-trier.de/db/conf/ccs/ccs2009.html#RistenpartTSS09
32. M. Govshteyn, "Top 5 reasons why traditional managed security services will fail in the cloud," http://securecloudreview.com/2010/ 08/top-5-reasons-why-traditional-/managed-security-services-will-fail/ -in-the-cloud/, August 2010.
33. C. Hoff, "What's The Problem With Cloud Security? There's Too Much Of It ," http://www.rationalsurvivability.com/blog/?p=2693, October 2010.