Thunder in the Clouds: Security challenges and solutions for federated Clouds

CloudCom 2012 - Proceedings: 2012 4th IEEE International Conference on Cloud Computing Technology and Science

Volumn , Issue , 2012, Pages 113-120

  Bernsmed, Karin ^a   Jaatun, Martin Gilje ^a   Meland, Per Hakon ^a   Undheim, Astrid ^b  

^a SINTEF ICT   (Norway)

^b Telenor Research and Future Studies   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

CLOUD COMPUTING SECURITIES; CLOUD FEDERATIONS; CUSTOMER REQUIREMENTS; DIFFERENT SERVICES; FEDERATED CLOUDS; FURTHER WORKS; PAPER SURVEYS; SECURITY CHALLENGES; SECURITY RISKS; STATE OF THE ART;

CLOUD COMPUTING;

EID: 84874283233     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CloudCom.2012.6427547     Document Type: Conference Paper

References (56)

1. E. R. Gomes, Q. B. Vo, and R. Kowalczyk, "Pure exchange markets for resource sharing in federated clouds," Concurrency and Computation: Practice and Experience, pp. n/a-n/a, 2010. [Online]. Available: http://dx.doi.org/10.1002/cpe.1659
2. K. Subramanian. Research Report: Cloud Trends In 2011 And Beyond. [Online]. Available: http://www.cloudave.com/9587/research-report-cloud-trends- in-2011-and-beyond/
3. B. Rochwerger, D. Breitgand, E. Levy, A. Galis, K. Nagin, I. M. Llorente, R. Montero, Y. Wolfsthal, E. Elmroth, J. Cáceres, M. Ben-Yehuda, W. Emmerich, and F. Galán, "The RESERVOIR model and architecture for open federated cloud computing," IBM J. Res. Dev., vol. 53, pp. 535-545, July 2009. [Online]. Available: http://portal.acm.org/citation.cfm?id=1850659. 1850663
4. K. Salmon, "Demystifying the Cloud." [Online]. Available: http://www.kurtsalmon.com/publications/demystifying-the-cloud/
5. E. Network and I. S. Agency, "The Future of Cloud Computing. Opportunities for European Cloud Computing Beyond 2010."
6. M. Vouk, "Cloud computing-issues, research and implementations, " in Information Technology Interfaces, 2008. ITI 2008. 30th International Conference on, june 2008, pp. 31-40.
7. P. H. Meland, "Service injection: A threat to self-managed complex systems," in Dependable, Autonomic and Secure Computing, IEEE International Symposium on. Los Alamitos, CA, USA: IEEE Computer Society, 2011, pp. 1-6.
8. K. Bernsmed, M. G. Jaatun, P. H. Meland, and A. Undheim, "Security SLAs for Federated Cloud Services," in Proceedings of the Sixth International Conference on Availability, Reliability and Security (AReS 2011), 2011.
9. (2011) Cloud Security Survey Global Executive Summary. Trend Micro Inc. [Online]. Available: http://us.trendmicro.com/imperia/md/content/us/trendwatch/ cloud/global cloud survey exec summary final.pdf
10. Y. Chen, V. Paxson, and R. H. Katz, "What's New About Cloud Computing Security?" EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2010-5, Jan 2010. [Online]. Available: http://www.eecs. berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
11. W. Jansen and T. Grance., "Guidelines on security and privacy in public cloud computing," NIST, Draft Special Publication 800-144, Jan 2011.
12. European Network and Information Security Agency (ENISA), "Cloud Computing: Benefits, risks and recommendations for information security," Nov. 2009.
13. "Security Guidance for Critical Areas of Focus in Cloud Computing," 2010. [Online]. Available: https://cloudsecurityalliance.org/ guidance/
14. W. M. H. and D. J. Buller, "Cloud computing: Emerging legal issues for access to data, anywhere, anytime," Journal of Internet Law, July 2010.
15. L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, "A break in the clouds: towards a cloud definition," SIGCOMM Comput. Commun. Rev., vol. 39, pp. 50-55, December 2008. [Online]. Available: http://doi.acm.org/10.1145/1496091.1496100
16. E. Doyle, "Who Is Carrying The Can For Cloud Data Security?" March 28th 2011. [Online]. Available: http://www.eweekeurope.co.uk/comment/who- is-taking-responsibility-for-cloud-data-security-25023
17. "Trusted computing group-home," 2011, http://www. trustedcomputinggroup.org/.
18. S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn, "vtpm: virtualizing the trusted platform module," in Proceedings of the 15th conference on USENIX Security Symposium-Volume 15. Berkeley, CA, USA: USENIX Association, 2006. [Online]. Available: http://portal.acm.org/citation.cfm?id=1267336.1267357
19. N. Santos, K. P. Gummadi, and R. Rodrigues, "Towards trusted cloud computing," in HOTCLOUD. USENIX, 2009.
20. F. J. Krautheim, "Private virtual infrastructure for cloud computing," in Proceedings of the 2009 conference on Hot topics in cloud computing, ser. HotCloud'09. Berkeley, CA, USA: USENIX Association, 2009, pp. 5-5. [Online]. Available: http://portal.acm.org/citation.cfm?id=1855533. 1855538
21. B. Schneier, Applied Cryptography, 2nd ed. John Wiley & Sons, 1996.
22. D. Chaum, C. Crépeau, and I. Damgard, "Multiparty unconditionally secure protocols," in Proceedings of the twentieth annual ACM symposium on Theory of computing. ACM, 1988, pp. 11-19.
23. D. Bogdanov, S. Laur, and J. Willemson, "Sharemind: a framework for fast privacy-preserving computations," Cryptology ePrint Archive, Report 2008/289, 2008, http://eprint.iacr.org/.
24. C. Gentry, "Fully homomorphic encryption using ideal lattices," in Proceedings of the 41st annual ACM symposium on Theory of computing. ACM, 2009, pp. 169-178.
25. N. Smart and F. Vercauteren, "Fully homomorphic encryption with relatively small key and ciphertext sizes," in Proceedings of Public Key Cryptography-PKC 2010. Springer, 2010, pp. 420-443.
26. M. Mowbray, S. Pearson, and Y. Shen, "Enhancing privacy in cloud computing via policy-based obfuscation," The Journal of Supercomputing, pp. 1-25, 2010, 10.1007/s11227-010-0425-z. [Online]. Available: http://dx.doi.org/10.1007/s11227-010-0425-z
27. M. G. Jaatun, A. A. Nyre, S. Alapnes, and G. Zhao, "A Farewell to Trust: An Approach to Confidentiality Control in the Cloud," in Proceedings of the 2nd International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless Vitae Chennai 2011), 2011.
28. M. G. Jaatun, G. Zhao, A. Vasilakos, A. A. Nyre, S. Alapnes, and Y. Tang, "The design of a redundant array of independent net-storages for improved confidentiality in cloud computing," Journal of Cloud Computing: Advances, Systems and Applications, vol. 1, no. 1, p. 13, 2012. [Online]. Available: http://www.journalofcloudcomputing.com/content/1/1/13
29. R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The secondgeneration onion router," in Proceedings of the 13th conference on USENIX Security Symposium-Volume 13. USENIX Association, 2004, pp. 21-21.
30. D. Chaum, "The dining cryptographers problem: Unconditional sender and recipient untraceability," Journal of Cryptology, vol. 1, pp. 65-75, 1988, 10.1007/BF00206326. [Online]. Available: http://dx.doi.org/10.1007/ BF00206326
31. D. L. Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms," Commun. ACM, vol. 24, pp. 84-90, February 1981. [Online]. Available: http://doi.acm.org/10.1145/358549.358563
32. K. D. Bowers, A. Juels, and A. Oprea, "Hail: a high-availability and integrity layer for cloud storage," in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS '09. New York, NY, USA: ACM, 2009, pp. 187-198. [Online]. Available: http://doi.acm.org/10.1145/ 1653662.1653686
33. H. Abu-Libdeh, L. Princehouse, and H. Weatherspoon, "Racs: a case for cloud storage diversity," in Proceedings of the 1st ACM symposium on Cloud computing, ser. SoCC '10. New York, NY, USA: ACM, 2010, pp. 229-240. [Online]. Available: http://doi.acm.org/10.1145/1807128.1807165
34. R. R. Henning, "Security service level agreements: quantifiable security for the enterprise?" in Proceedings of the 1999 workshop on New security paradigms, ser. NSPW '99. New York, NY, USA: ACM, 2000, pp. 54-60.
35. V. Casola, A. Mazzeo, N. Mazzocca, and M. Rak, "A SLA evaluation methodology in Service Oriented Architectures," in Quality of Protection, ser. Advances in Information Security, D. Gollmann, F. Massacci, and A. Yautsiukhin, Eds. Springer US, 2006, vol. 23, pp. 119-130.
36. G. Frankova and A. Yautsiukhin, "Service and protection level agreements for business processes," in Young Researchers Workshop on Service, 2007.
37. S. A. de Chaves, C. B. Westphall, and F. R. Lamin, "SLA Perspective in Security Management for Cloud Computing," in Proceeding of the 2010 Sixth International Conference on Networking and Services. IEEE, March 2010, pp. 212-217.
38. R. R. Righi, D. L. Kreutz, and C. B. Westphall, "Sec-mon: An architecture for monitoring and controlling security service level agreements," in XI Workshop on Managing and Operating Networks and Services, 2006.
39. K. Bernsmed, M. G. Jaatun, and A. Undheim, "'Security in Service Level Agreements for Cloud Computing," in Proceedings of the 1st International Conference on Cloud Computing and Services Science (CLOSER 2011), 2011.
40. P. Bhoj, S. Singhal, and S. Chutani, "SLA management in federated environments," Comput. Netw., vol. 35, pp. 5-24, January 2001. [Online]. Available: http://portal.acm.org/citation.cfm?id=370802. 370805
41. OGF, "Web Services Agreement Specification (WS-Agreement)," Tech. Rep., 2007.
42. H. Ludwig, A. Keller, A. Dan, R. P. King, and R. Franck, "Web Service Level Agreement (WSLA) Language Specification," IBM, Tech. Rep., 2003.
43. P. Patel, A. Ranabahu, and A. Sheth, "'Service Level Agreement in Cloud Computing," in Proceedings of OOPSLA 2009), 2009.
44. M. Comuzzi, C. Kotsokalis, C. Rathfelder, W. Theilmann, U. Winkler, and G. Zacco, "A framework for multi-level sla management," in Proceedings of the 2009 international conference on Service-oriented computing, ser. ICSOC/ServiceWave'09. Springer-Verlag, 2009, pp. 187-196.
45. W. Theilmann, J. Happe, C. Kotsokalis, A. Edmonds, K. Kearney, and J. Lambea, "A Reference Architecture for Multi-Level SLA Management," Journal of Internet Engineering, vol. 4, no. 1, pp. 289-298, 2010.
46. "Aniketos: Ensuring Trustworthiness and Security in Service Composition," 2011. [Online]. Available: http://www.aniketos.eu/
47. "The TClouds project," http://www.tclouds-project.eu/.
48. "The Optimis project," http://www.optimis-project.eu/.
49. "RESERVOIR: Resources and Services Virtualization without Barriers," http://www.reservoir-fp7.eu/.
50. "VISION Cloud," http://www.visioncloud.eu/.
51. D.-H. Xu, Y. Qi, D. Hou, G.-Z. Wang, and Y. Chen, "An improved calculus for secure dynamic services composition," in Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference. Washington, DC, USA: IEEE Computer Society, 2008, pp. 686-691. [Online]. Available: http://portal.acm.org/citation.cfm?id=1444455.1446065
52. A. Singhal, "Web services security: Challenges and techniques," in Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks. Washington, DC, USA: IEEE Computer Society, 2007, pp. 282-. [Online]. Available: http://portal.acm.org/citation.cfm?id= 1263544.1263904
53. Q. Zhang, L. Cheng, and R. Boutaba, "Cloud computing: state-ofthe-art and research challenges," Journal of Internet Services and Applications, vol. 1, no. 1, pp. 7-18, 2010. [Online]. Available: http://www.springerlink.com/index/10.1007/s13174-010-0007-6
54. R. Buyya, C. S. Yeo, and S. Venugopal, "Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities," in High Performance Computing and Communications, 2008. HPCC '08. 10th IEEE International Conference on, sept. 2008, pp. 5-13.
55. J. Honeyball, "The truth about microsoft azure-and where your data will be kept," PC Pro, August 2009.
56. P. H. Meland, K. Bernsmed, M. G. Jaatun, H. Castejon, and A. Undheim, "Expressing Cloud Security Requirements in Deontic Contract Languages," in Proceedings of the 1st International Conference on Cloud Computing and Services Science (CLOSER 2012), 2012.