Enabling secure multitenancy in cloud computing: Challenges and approaches

2012 2nd Baltic Congress on Future Internet Communications, BCFIC 2012

Volumn , Issue , 2012, Pages 72-79

  Takahashi, Takeshi ^a   Blanc, Gregory ^b   Kadobayashi, Youki ^b   Fall, Doudou ^b   Hazeyama, Hiroaki ^b   Matsuo, Shin'ichiro ^a  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

^b NARA INSTITUTE OF SCIENCE AND TECHNOLOGY   (Japan)

Author keywords

cloud computing; Multitenancy; resource isolation; security

Indexed keywords

COMPUTING SERVICES; ECONOMIC BENEFITS; ISOLATION TECHNIQUES; IT ASSETS; MANAGEMENT COSTS; MULTI TENANTS; MULTITENANCY; OPERATIONAL SECURITY; RESOURCE ISOLATION; SECURITY; SERVICE PROVIDER; TECHNICAL MATURITY; UTILIZATION RATES;

INTERNET; SURVEYS;

CLOUD COMPUTING;

EID: 84863704395     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/BCFIC.2012.6217983     Document Type: Conference Paper

References (67)

1. E. Metula, "Managed Code Rootkits: Hooking into Runtime Environments,"in BlackHat USA, 2009.
2. E. Metula, ".NET Framework Rootkits: Backdoors Inside Your Framework,"in BlackHat Europe, 2009.
3. A. Dabirsiaghi, "JavaSnoop: How to hack anything in Java," in BlackHat Las Vegas, 2010.
4. B. Ford and R. Cox, "Vx32: lightweight user-level sandboxing on the x86," in USENIX ATC, 2008.
5. C. Percival, "Cache missing for fun and profit," in BSDCan, 2005.
6. J. S. Robin and C. E. Irvine, "Analysis of the intel pentium's ability to support a secure virtual machine monitor," in USENIX Security Symposium, 2000.
7. T. Ormandy, "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments," in CanSecWest, 2007.
8. The MITRE Corporation, "Common Vulnerability and Exposures (CVE)," http://cve.mitre.org/, Mar. 2011.
9. S. King and P. Chen, "Subvirt: implementing malware with virtual machines," in IEEE Symposium on Security and Privacy, May 2006.
10. J. Rutkowska, "Subverting Vista kernel for fun and profit," 2006.
11. T. Garfinkel, et al., "Compatibility is not transparency: Vmm detection myths and realities," in HotOS, 2007.
12. J. Franklin, et al., "Remote detection of virtual machine monitors with fuzzy benchmarking," SIGOPS Oper. Syst. Rev., April 2008.
13. T. Garfinkel, et al., "Terra: a virtual machine-based platform for trusted computing," in SOSP, 2003.
14. Trusted Computing Group, http://www.trustedcomputinggroup.org/, June 2011.
15. S. Berger, et al., "vTPM: virtualizing the trusted platform module," in USENIX Security Symposium, 2006.
16. A. Azab, et al., "Hima: A hypervisor-based integrity measurement agent," in ACSAC, dec. 2009.
17. Moonsols, "LiveCloudKd," http://www.moonsols.com/2010/08/12/ livecloudkd/, Aug. 2011.
18. B. Hay and K. Nance, "Forensics examination of volatile system data using virtual introspection," SIGOPS Oper. Syst. Rev., April 2008.
19. R. Sailer, et al., "Building a mac-based security architecture for the xen open-source hypervisor," in ACSAC, 2005.
20. National Security Agency, "Security enhanced linux," http://www.nsa.gov/ research/ selinux/, May 2011.
21. Novell Inc., "Apparmor application security for linux," http://www.novell.com/ linux/ security/apparmor/, May 2011.
22. H. Chen, N. Li, and Z. Mao, "Analyzing and comparing the protection quality of security enhanced operating systems," in NDSS, 2009.
23. R. Watson, et al., "Capsicum: practical capabilities for unix," in USENIX Security, 2010.
24. R. Riley, X. Jiang, and D. Xu, "Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing," in RAID, 2008.
25. G. Zhao, et al., "Trusted data sharing over untrusted cloud storage providers," in CloudCom, Nov. 2010.
26. M. Masahiro and O. Eiji, "Proxy cryptosystems: Delegation of the power to decrypt ciphertexts," IEICE transactions on fundamentals of electronics, communications and computer sciences, Jan. 1997.
27. C. Gentry, "Fully homomorphic encryption using ideal lattices," in STOC, 2009.
28. C. Gentry, "Computing arbitrary functions of encrypted data," Commun. ACM, March 2010.
29. T. Schwarz and E. Miller, "Store, forget, and check: Using algebraic signatures to check remotely administered storage," 2006.
30. M. Lillibridge, et al., "A cooperative internet backup scheme," in USENIX ATC, 2003.
31. K. Bowers, A. Juels, and A. Oprea, "Hail: A high-availability and integrity layer for cloud storage," in CCS, 2009.
32. C. Wang, et al., "Ensuring data storage security in cloud computing,"in IWQoS, July 2009.
33. D. Harnik, B. Pinkas, and A. Shulman-Peleg, "Side channels in cloud services: Deduplication in cloud storage," Security Privacy, IEEE, Nov. 2010.
34. A. C. Myers and B. Liskov, "Protecting privacy using the decentralized label model," ACM Trans. Softw. Eng. Methodol., Oct. 2000.
35. I. Papagiannis et al., "Enforcing User Privacy in Web Applications using Erlang," in W2SP, 2009.
36. D. Boneh and M. K. Franklin, "Identity-based encryption from the weil pairing," in CRYPTO, 2001.
37. L. Kang and X. Zhang, "Identity-based authentication in cloud storage sharing," in MINES, Nov. 2010.
38. Q. Liu, G. Wang, and J. Wu, "Efficient sharing of secure cloud storage services," in CIT, June 2010.
39. C. Gentry and A. Silverberg, "Hierarchical ID-based cryptography,"Advances in Cryptology. ASIACRYPT, 2002.
40. J. Li et al., "Fine-grained Data Access Control Systems with User Accountability in Cloud Computing," in CloudCom, 2010.
41. A. Sahai and B. Waters, "Fuzzy identity-based encryption," in EUROCRYPT, 2005.
42. V. Goyal, et al., "Attribute-based encryption for fine-grained access control of encrypted data," in CCS, 2006.
43. J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," in IEEE Symposium on Security and Privacy, May 2007.
44. M. Chase, "Multi-authority attribute based encryption," Theory of Cryptography, 2007.
45. M. Chase and S. S. Chow, "Improving privacy and security in multi-authority attribute-based encryption," in CCS, 2009.
46. S. Yu, et al., "Achieving secure, scalable, and fine-grained data access control in cloud computing," in IEEE INFOCOM, Mar. 2010.
47. S. Kamara and K. Lauter, "Cryptographic cloud storage," in FC, 2010.
48. J. Calero, et al., "Toward a Multi-Tenancy Authorization System for Cloud Services," Security Privacy, IEEE, Nov. 2010.
49. W. Zhou, et al., "Towards a data-centric view of cloud security," in CloudDB, 2010.
50. L. Kagal and J. Pato, "Preserving Privacy Based on Semantic Policy Tools," IEEE Security & Privacy, 2010.
51. F. De Keukelaere, et al., "SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers," in WWW, 2008.
52. S. Crites, F. Hsu, and H. Chen, "OMash: Enabling Secure Web Mashups via Object Abstractions," in CCS, 2008.
53. S. Stamm, B. Sterne, and G. Markham, "Reining in the Web with Content Security Policy," in WWW, 2010.
54. A. Barth, C. Jackson, and J. C. Mitchell, "Robust Defenses for Cross-Site Request Forgery," in CCS, 2008.
55. M. Dalton, C. Kozyrakis, and N. Zeldovich, "Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications,"in USENIX Security Symposium, 2009.
56. P. Saxena, et al., "FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications," in NDSS, 2010.
57. C. Curtsinger, et al., "Zozzle: Low-overhead Mostly Static JavaScript Malware Detection," Microsoft Research, Tech. Rep., Nov. 2010.
58. Z. Li et al., "WebShield: Enabling Various Web Defense Techniques without Client Side Modifications," in NDSS, 2011.
59. C. Reis, et al., "Browsershield: vulnerability-driven filtering of dynamic html," in OSDI, 2006.
60. A. Moshchuk, et al., "Spyproxy: execution-based detection of malicious web content," in USENIX Security Symposium, 2007.
61. Mark Fossi, et al., Ed., Symantec Internet Security Threat Report, vol. 16, Symantec Corporation, Apr. 2011.
62. The OpenWeb Application Security Project, http://www.owasp.org, June 2011.
63. T. Takahashi, Y. Kadobayashi, and H. Fujiwara, "Ontological approach toward cybersecurity in cloud computing," in SIN, 2010.
64. A. Rutkowski, et al., "CYBEX - The Cybersecurity Information Exchange Framework (X.1500)," CCR, Oct. 2010.
65. T. Takahashi, et al., "IODEF-extension to support structured cybersecurity information," IETF Internet Draft (draft-ietf-mile-sci-03. txt), Feb. 2012.
66. ICASI, "The Common Vulnerability Reporting Framework (CVRF) v1.0," http://www.icasi.org/cvrf, Aug. 2011.
67. D. Waltermire, et al., "The Technical Specification for the Security Content Automation Protocol (SCAP) : SCAP Version 1.2," NIST Special Publication 800-126 Revision 2, Sept. 2011.