Security threats in cloud computing environments

International Journal of Security and its Applications

Volumn 6, Issue 4, 2012, Pages 25-32

  Lee, Kangchan ^a  

^a Electronics and Telecommunications Research Institute (ETRI)   (South Korea)

Author keywords

Cloud computing; Cloud service provider; Cloud service user; Security treats

Indexed keywords

CLOUD SERVICES; COMPUTING ENVIRONMENTS; CONFIGURABLE COMPUTING; NETWORK ACCESS; SECURITY THREATS; SECURITY TREATS;

CLOUD COMPUTING; DISTRIBUTED DATABASE SYSTEMS; UBIQUITOUS COMPUTING;

COMPUTER SYSTEMS;

EID: 84872832227     PISSN: 17389976     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Article

References (26)

1. Recommendation ITU-T X.1500, "Overview of cybersecurity".
2. Recommendation ITU-T E.409, "Incident organization and security incident handling: Guidelines for telecommunication organizations".
3. FG Deliverable (Introduction to the cloud ecosystem: definitions, taxonomies, use cases, high level requirements and capabilities).
4. Introduction to Global Inter-Cloud Technology Forum (GICTF) and its Roadmaps (Cloud-i-0026).
5. OASIS Identity in the Cloud Technical Committee, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=id-cloud.
6. Architecture for Managing Clouds White Paper (DSP-IS0102), http://www.dmtf.org/sites/default/files/standards/documents/DSP-IS0102_1.0.0.pdf.
7. Special Publication 800-53, Recommended Security Controls for Federal Information Systems, (2006) December.
8. Special Publication 800-125, "Guide to Security for Full Virtualization Technologies".
9. Draft Special Publication 800-144, "Guidelines on Security and Privacy in Public Cloud Computing", http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf.
10. Draft Special Publication 800-145, "Definition of Cloud Computing", http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf, (2011) January.
11. Draft Special Publication 800-146, "Cloud Computing Synopsis and Recommendation", http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf, (2011) January.
12. Proposed Security Assessment & Authorization for U.S. Government Cloud Computing, http://www.cio.gov/pages.cfm/page/Federal-Risk-and-Authorization-Management-Program-FedRAMP.
13. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, https://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf, (2009) December.
14. Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, https://cloudsecurityalliance.org/research/security-guidance/, (2011) November.
15. Top Threats to Cloud Computing V1.0, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf.
16. SaaS, PaaS, and IaaS: a Security Checklist for Cloud Models, http://www.csoonline.com/article/print/660065.
17. The Open Web Application Security Project, "10 Risks with Cloud IT Foundation Tier", https://www.owasp.org/index.php/Cloud-10_Risks_with_Cloud_IT_Foundation_Tier, (2009).
18. Cloud Computing and Security, A Natural Match, http://www.trustedcomputinggroup.org/files/resource_files/1F4DEE3D-1A4B-B294-D0AD0742BA449E07/Cloud%20Computing%20and%20Security%20Whitepaper_July29.2010.pdf, (2010).
19. P. A. Karger, "Multi-Level Security Requirements for Hypervisors", ISBN: 0-7695-2461-3, 21st Annual Computer Security Applications Conference, (2005) December 5-9, pp. - 275.
20. RSA Office of the CTO, "A Proposed Security Architecture for Next-Generation Data Center", (2010) January 29.
21. T. Ormandy, "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments", Whitepaper, (2008).
22. T. Garfinkel, M. Rosenblum, "A Virtual Machine Introspection Based Architecture for Intrusion Detection", In Proc. Network and Distributed Systems Security Symposium, (2003), pp. 191-206.
23. O. Gerstel and G. Sasaki, "Quality of Protection (QoP): A Quantitative Unifying Paradigm to Protection Service Grades", Proceedings of SPIE, vol. 4599 (1), SPIE - (2001) August 9.
24. O. Gerstel and G. Sasaki, "A General Framework for Service Availability for Bandwidth-Efficient Connection-Oriented Networks", IEEE/ACM Transactions on Networking, vol. 18, Issue 3, (2010) June, pp. 985-995.
25. W. Li and L. Ping, "Trust Model to Enhance Security and Interoperability of Cloud Environment", Cloud Computing, Proceedings on First International Conference, CloudCom 2009, Beijing, China, December 1-4, 2009, Lecture Notes in Computer Science, vol. 5931, (2009), pp. 69-79.
26. D. Xu, Y. Li, M. Chiang and A. R. Calderbank, "Elastic Service Availability: Utility Framework and Optimal Provisioning", IEEE Journal on Selected Areas in Communications, vol. 26, no. 6, (2008) August.