Security and privacy in cloud computing

IEEE Communications Surveys and Tutorials

Volumn 15, Issue 2, 2013, Pages 843-859

  Xiao, Zhifeng ^a   Xiao, Yang ^a  

^a Department of Computer Science   (United States)

Author keywords

accountability; availability; cloud computing; confidentiality; integrity; privacy; security; trust

Indexed keywords

ACCOUNTABILITY; CONFIDENTIALITY; INTEGRITY; SECURITY; TRUST;

AVAILABILITY; DATA PRIVACY; ELECTRICAL ENGINEERING; SURVEYS;

CLOUD COMPUTING;

EID: 84877272118     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2012.060912.00182     Document Type: Article

References (134)

1. I. Foster, Y. Zhao, I. Raicu, and S. Lu, "Cloud computing and grid computing 360-degree compared, " Grid Computing Environments Workshop, 2008. GCE'08, 2009, pp. 1-10.
2. J. Geelan. "Twenty one experts define cloud computing, " Virtual-ization, August 2008. Electronic Mag., article available at http://virtualization.sys-con.com/node/612375.
3. R. Buyya, C. S. Yeo, and S. Venugopal. "Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities, " CoRR, (abs/0808.3558), 2008.
4. Luis M. Vaquero, Luis Rodero-Merino and Daniel Morán, "Locking the sky: a survey on IaaS cloud security, " Computing, 2010, DOI:10.1007/s00607-010-0140-x.
5. Google Docs experienced data breach during March 2009. http://blogs.wsj.com/digits/2009/03/08/1214
6. Cloud Security Alliance (CSA). "Security Guidance for Critical Areas of Focus in Cloud Computing V2.1, " (Released December 17, 2009). http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
7. Cloud Security Alliance (CSA). "Top Threats to Cloud Computing V 1.0, " released March 2010.
8. The security-as-a-service model. http://cloudsecurity.trendmicro.com/the- security-as-a-service-model
9. S.D. Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "A data outsourcing architecture combining cryptography and access control, " Proc. 2007 ACM workshop on Computer security architecture, 2007, pp. 63-69.
10. P. Mell and T. Grance. The NIST Definition of Cloud Computing (Draft). [Online] Available: www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf., Jan. 2011.
11. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable data possession at untrusted stores, " In ACM CCS, pages 598-609, 2007.
12. A. Juels and B. S. Kaliski, "PORs: Proofs of retrievability for large files, " In ACM CCS, pages 584-597, 2007.
13. Y. Dodis, S. Vadhan, and D. Wichs, "Proofs of retrievability via hardness amplication, " In TCC, 2009.
14. G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, "Scalable and efficient provable data possession, " SecureComm, 2008.
15. C. Erway, A. Küpçü, C. Papamanthou, and R. Tamassia, "Dynamic provable data possession, " Proc. 16th ACM conference on Computer and communications security, 2009, pp. 213-222.
16. K.D. Bowers, A. Juels, and A. Oprea, "HAIL: A high-availability and integrity layer for cloud storage, " Proc. 16th ACM conference on Computer and communications security, 2009, pp. 187-198.
17. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, " Proc. 16th ACM conference on Computer and communications security, 2009, pp. 199-212.
18. V. Sekar and P. Maniatis, "Verifiable resource accounting for cloud computing services, " in Proc. 3rd ACM workshop on Cloud computing security workshop, 2011, pp. 21-26.
19. C. Hoff, "Cloud computing security: From DDoS (distributed denial of service) to EDoS (economic denial of sustainability), " [Online] Available: http://www.rationalsurvivability.com/blog/?p=66., 2008.
20. H. Liu, "A New Form of DOS Attack in a Cloud and Its Avoidance Mechanism", Cloud Computing Security Workshop 2010.
21. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-sale: Surviving organized ddos attacks that mimic flash crowds, " In Proc. NSDI (2005).
22. A. Yaar, A. Perrig, and D. Song, "Fit: Fast internet traceback, " In Proc. IEEE Infocom (March 2005).
23. S. Staniford, V. Paxson, and N.Weaver, "How to own the internet in your spare time, " In Proc. USENIX Security (2002).
24. Cisco data center infrastructure 2.5 design guide. http://www.cisco.com/ univercd/cc/td/doc/solution/dcidg21.pdf.
25. R. Carter, and M. Crovella, "Measuring bottleneck link speed in packet-switched networks, " Tech. rep., Performance Evaluation, 1996.
26. C. Dovrolis, P. Ramanathan, and D. Moore, "What do packet dispersion techniques measure?" In Proc. IEEE INFOCOM (2001), pp. 905-914.
27. K. Lai, and M. Baker, "Nettimer: a tool for measuring bottleneck link, bandwidth, " In USITS'01: Proc. 3rd conference on US ENIX Symposium on Internet Technologies and Systems (Berkeley, CA, USA, 2001), USENIX Association, pp. 11-11.
28. S. Pearson, "Taking account of privacy when designing cloud computing services, " Software Engineering Challenges of Cloud Computing, 2009. CLOUD '09. ICSE Workshop on, 2009, pp. 44-52.
29. N. Santos, K.P. Gummadi, and R. Rodrigues, "Towards trusted cloud computing, " Proc. 2009 conference on Hot topics in cloud computing, 2009.
30. B. D. Payne, M. Carbone, and W. Lee, "Secure and Flexible Monitoring of Virtual Machines, " In Proc. ACSAC'07, 2007.
31. A. Squicciarini, S. Sundareswaran, and D. Lin, "Preventing Information Leakage from Indexing in the Cloud, " 2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp. 188-195.
32. N. Gruschka, M. Jensen, "Attack Surfaces: A Taxonomy for Attacks on Cloud Services, " Cloud Computing, IEEE International Conference on, pp. 276-279, 2010 IEEE 3rd International Conference on Cloud Computing, 2010.
33. P. Saripalli, B. Walters, "QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security, " Cloud Computing, IEEE International Conference on, pp. 280-288, 2010 IEEE 3rd International Conference on Cloud Computing, 2010.
34. M. Jensen, J. Schwenk, N. Gruschka, and L.L. Iacono, "On technical security issues in cloud computing, " Cloud Computing, 2009. CLOUD'09. IEEE International Conference on, 2009, pp. 109-116.
35. M. Jensen and J. Schwenk, "The accountability problem of flooding attacks in service-oriented architectures, " in Proc. IEEE International Conference on Availability, Reliability and Security (ARES), 2009.
36. J. Oberheide, E. Cooke, and F. Jahanian, "Cloudav: N-version antivirus in the network cloud, " Proc. 17th conference on Security symposium, 2008, pp. 91-106.
37. F. Lombardi and R. Di Pietro, "Transparent security for cloud, " Proc. 2010 ACM Symposium on Applied Computing, 2010, pp. 414-415.
38. C. Henrich, M. Huber, C. Kempka, J. Müller-Quade, and M. Strefler, "Brief Announcement: Towards Secure Cloud Computing, " Stabilization, Safety, and Security of Distributed Systems, 2009, pp. 785-786.
39. S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing, " J. Network and Computer Applications, vol. 34, Jan. 2011, pp. 1-11.
40. M. Descher, P. Masser, T. Feilhauer, A. Tjoa, and D. Huemer, "Retaining Data Control to the Client in Infrastructure Clouds, " Availability, Reliability and Security, 2009. ARES '09. International Conference on, 2009, pp. 9-16.
41. R. Lu, X. Lin, X. Liang, and X.S. Shen, "Secure provenance: the essential of bread and butter of data forensics in cloud computing, " Proc. 5th ACM Symposium on Information, Computer and Communications Security, 2010, pp. 282-292.
42. S. Pearson, Y. Shen, and M. Mowbray, "A privacy manager for cloud computing, " Cloud Computing, 2009, pp. 90-106.
43. M. Mowbray and S. Pearson, "A client-based privacy manager for cloud computing, " Proc. Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, 2009, pp. 1-8.
44. W. Itani, A. Kayssi, and A. Chehab, "Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures, " IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, pp. 711-716.
45. C. Wang, Q. Wang, K. Ren, and W. Lou, "Privacy-preserving public auditing for data storage security in cloud computing, " IEEE INFO-COM 2010, San Diego, CA, March 2010.
46. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling public ver-ifiability and data dynamics for storage security in cloud computing, " in Proc. ESORICS'09, Saint Malo, France, Sep. 2009.
47. A. Haeberlen. "A Case for the Accountable Cloud, " 3rd ACM SIGOPS International Workshop on Large-Scale Distributed Systems and Middleware (LADIS '09), Big Sky, MT, October 2009
48. C. Wang and Y. Zhou, "A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable." Hotcloud 2010.
49. F. Li, M. Hadjieleftheriou, G. Kollios, and L. Reyzin, "Dynamic authenticated index structures for outsourced databases, " Proc. 2006 ACM SIGMOD international conference on Management of data, June, 2006, pp. 27-29.
50. A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel, "Accountable virtual machines, " 9th OSDI, 2010.
51. A. Haeberlen, P. Kuznetsov, and P. Druschel, "PeerReview: Practical accountability for distributed systems, " In Proc. ACM Symposium on Operating Systems Principles (SOSP), Oct. 2007.
52. S. Pearson and A. Charlesworth, "Accountability as a Way Forward for Privacy Protection in the Cloud, " Proc. 1st International Conference on Cloud Computing, Beijing, China: Springer-Verlag, 2009, pp. 131-144.
53. J. Dean and S. Ghemawat, "Mapreduce: simplified data processing on large clusters, " In OSDI'04: Proc. 6th conference on Symposium on Opearting Systems Design and Implementation. USENIX Association, Berkeley, CA, USA.
54. W. Wei, J. Du, T. Yu, and X. Gu, "SecureMR: A Service Integrity Assurance Framework for MapReduce, " Proc. 2009 Annual Computer Security Applications Conference, 2009, pp. 73-82.
55. M. Castro and B. Liskov, "Practical Byzantine fault tolerance, " Operating Systems Review, vol. 33, 1998, pp. 173-186.
56. D. Lin and A. Squicciarini, "Data protection models for service provisioning in the cloud, " Proceeding of the 15th ACM symposium on Access control models and technologies, 2010, pp. 183-192.
57. P. Rao, D. Lin, E. Bertino, N. Li, and J. Lobo, "An algebra for finegrained integration of xacml policies, " In Proc. ACM Symposium on Access Control Models and Technologies, pages 63-72, 2009.
58. A.R. Sadeghi, T. Schneider, and M. Winandy, "Token-Based Cloud Computing, " Trust and Trustworthy Computing, 2010, pp. 417-429
59. R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina, "Controlling data in the cloud: outsourcing computation without outsourcing control, " Proc. 2009 ACM workshop on Cloud computing security, 2009, pp. 85-90.
60. A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating timing channels in compute clouds, " In Proc. 2010 ACM workshop on Cloud computing security workshop (CCSW '10). ACM, New York, NY, USA, 103-108.
61. A. Lenk, M. Klems, J. Nimis, S. Tai, and T. Sandholm, "What's inside the Cloud? An architectural map of the Cloud landscape, " Software Engineering Challenges of Cloud Computing, 2009. CLOUD'09. ICSE Workshop on, 2009, pp. 23-31.
62. D. L. G. Filho and P. S. L. M. Baretto, "Demon-strating data possession and uncheatable data transfer, " IACR ePrint archive, 2006, Report 2006/150, http://eprint.iacr.org/2006/150.
63. M. Van Dijk and A. Juels, "On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing, " IACR ePrint 2010, vol. 305.
64. C. Gentry, "Fully homomorphic encryption using ideal lattices, " In STOC, pages 169-178, 2009.
65. Cloud computing infrastructure, available: http://en.wikipedia.org/wiki/ Cloud-computing.
66. Z. Xiao and Y. Xiao, "Accountable MapReduce in Cloud Computing, " Proc. The IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjunction with IEEE INFOCOM 2011.
67. M. Christodorescu, R. Sailer, D. Schales, D. Sgandurra, and D. Zamboni, "Cloud security is not (just) virtualization security: a short paper, " In Proc. 2009 ACM workshop on Cloud computing security (CCSW '09). ACM, New York, NY, USA, 97-102. DOI=10.1145/1655008.1655022 http://doi.acm.org/10. 1145/1655008.1655022.
68. Y. Deswarte, J.-J. Quisquater, and A. Saidane, "Remote integrity checking, " in Proc. Conference on Integrity and Internal Control in Information Systems (IICIS'03), November 2003.
69. R.K.L. Ko, B.S. Lee, and S. Pearson, "Towards Achieving Accountability, Auditability and Trust in Cloud Computing, " Proc. International workshop on Cloud Computing: Architecture, Algorithms and Applications (CloudComp2011), Springer, 2011, pp.5.
70. B. Grobauer, T. Walloschek, and E. Stocker, "Understanding cloud computing vulnerabilities, " Security and Privacy, IEEE, vol. 9, no. 2, pp. 50-57, 2011.
71. Y. Xu, M. Bailey, F Jahanian, K. Joshi, M. Hiltunen, and R. Schlicht-ing, "An exploration of L2 cache covert channels in virtualized environments, " in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 29-40.
72. K. Okamura and Y. Oyama, "Load-based covert channels between Xen virtual machines, " in Proc. 2010 ACM Symposium on Applied Computing, New York, NY, USA, 2010, pp. 173-180.
73. B. C. Vattikonda, S. Das, and H. Shacham, "Eliminating fine grained timers in Xen, " in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 41-46.
74. B. Stone and A. Vance, "Companies slowly join cloud computing, " New York Times, 18 April 2010.
75. Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks, " In 34th International Symposium on Computer Architecture, pages 494-505, June 2007.
76. Z. Wang and R. B. Lee, "A novel cache architecture with enhanced performance and security, " In 41st IEEE/ACM International Symposium on Microarchitecture, pages 83-93, November 2008.
77. G. Keramidas, A. Antonopoulos, D. N. Serpanos, and S. Kaxiras, "Non deterministic caches: A simple and effective defense against side channel attacks, " Design Automation for Embedded Systems, 12(3):221-230, 2008.
78. J. Kong, O. Aciicmez, J.-P. Seifert, and H. Zhou, "Deconstructing new cache designs for thwarting software cache-based side channel attacks, " In 2nd ACM Workshop on Computer Security Architectures, pages 25-34, October 2008.
79. R. Könighofer, "A fast and cache-timing resistant implementation of the AES, " in Proc. 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology, Berlin, Heidelberg, 2008, pp. 187-202.
80. Yinqian Zhang, A. Juels, A. Oprea, and M. K. Reiter, "HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis, " in 2011 IEEE Symposium on Security and Privacy (SP), 2011, pp. 313-328.
81. K. Suzaki, K. Iijima, T. Yagi, and C. Artho, "Memory deduplication as a threat to the guest OS, " in Proc. Fourth European Workshop on System Security, New York, NY, USA, 2011, p. 1:1-1:6.
82. K. Suzaki, K. Iijima, T. Yagi, and C. Artho, "Software Side Channel Attack on Memory Deduplication, " in 23rd ACM Symposium on Operating Systems Principles, poster, 2011.
83. E. Keller, J. Szefer, J. Rexford, and R. B. Lee, "NoHype: virtualized cloud infrastructure without the virtualization, " in Proc. 37th annual international symposium on Computer architecture, New York, NY, USA, 2010, pp. 350-361.
84. J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud, " in Proc. 18th ACM conference on Computer and communications security, New York, NY, USA, 2011, pp. 401-412.
85. C. Wang, K. Ren, J. Wang, "Secure and Practical Outsourcing of Linear Programming in Cloud Computing, " In IEEE Trans. Cloud Computing April 10-15, 2011.
86. A. Baliga, P. Kamat, and L. Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data (Short Paper), " in 2007 IEEE Symposium on Security and Privacy, May 2007.
87. S. Setty, A. Blumberg, M. Walfish, "Toward practical and unconditional verification of remote computations, " in the 13th Workshop on Hot Topics in Operating Systems, Napa, CA, USA 2011.
88. K. Benson, R. Dowsley, and H. Shacham, "Do you know where your cloud files are?, " in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 73-82.
89. F. Monrose, P. Wycko, and A. D. Rubin, "Distributed execution with remote audit, " In NDSS, 1999.
90. M. J. Atallah and K. B. Frikken, "Securely outsourcing linear algebra computations, " In ASIACCS, 2010.
91. R. Motwani and P. Raghavan, "Randomized Algorithms, " Cambridge University Press, 2007.
92. M. Blanton, Y. Zhang, and K. B. Frikken, "Secure and Verifiable Outsourcing of Large-Scale Biometric Computations, " in Privacy, Security, Risk and Trust (PASSAT), IEEE Third International Conference on Social Computing (SocialCom), 2011, pp. 1185-1191.
93. S. Goldwasser, S. Micali, and C. Rackoff, "The knowledge complexity of interactive proof systems, " SIAM Journal on Comp., 18(1):186-208, 1989.
94. S. Arora, C. Lund, R. Motwani, M. Sudan, and M. Szegedy, "Proof verification and the hardness of approximation problems, " J. ACM, 45(3):501-555, May 1998.
95. S. Setty, A. Blumberg, and M. Walfish, "Toward practical and unconditional verification of remote computations, " in the 13th Workshop on Hot Topics in Operating Systems, Napa, CA, USA 2011.
96. J. Idziorek, M. Tannian, and D. Jacobson, "Detecting fraudulent use of cloud resources, " in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 61-72.
97. J. Idziorek and M. Tannian, "Exploiting cloud utility models for profit and ruin, " in Cloud Computing (CLOUD), 2011 IEEE International Conference on, 2011, pp. 33-40.
98. M. Naehrig, K. Lauter, and V. Vaikuntanathan, "Can homomorphic encryption be practical?" in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 113-124.
99. T. Choi, H.B. Acharya, and M. G. Gouda, "Is that you? Authentication in a network without identities, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 181-190.
100. Q. Chai and G. Gong, "On the (in) security of two Joint Encryption and Error Correction schemes, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 191-200.
101. S. Tang and W. Li, "An epidemic model with adaptive virus spread control for Wireless Sensor Networks, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 201-210.
102. G. Luo and K.P. Subbalakshmi, "KL-sense secure image steganogra-phy, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 211-225.
103. W. Chang, J. Wu, and C. C. Tan, "Friendship-based location privacy in Mobile Social Networks, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 226-236.
104. X. Zhao, L. Li, and G. Xue, "Authenticating strangers in Online Social Networks, " International J. Security and Networks, Vol. 6, No. 4, 2011, pp. 237-248.
105. D. Walker and S. Latifi, "Partial Iris Recognition as a Viable Biometric Scheme, " International J. Security and Networks, Vol. 6 Nos. 2-3, 2011, pp. 147-152.
106. A. Desoky, "Edustega: An Education-Centric Steganography Methodology, " International J. Security and Networks, Vol. 6 Nos. 2-3, 2011, pp. 153-173.
107. N. Ampah, C. Akujuobi, S. Alam, and M. Sadiku, "An intrusion detection technique based on continuous binary communication channels, " International J. Security and Networks, Vol. 6 Nos. 2-3, 2011, pp. 174-180.
108. H. Chen and B. Sun, "Editorial, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 65-66.
109. M. Barua, X. Liang, R. Lu, X. Shen, "ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 67-76.
110. N. Jaggi, U. M. Reddy, and R. Bagai, "A Three Dimensional Sender Anonymity Metric, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 77-89.
111. M. J. Sharma and V. C. M. Leung, "Improved IP Multimedia Subsystem Authentication Mechanism for 3G-WLAN Networks, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 90-100.
112. N. Cheng, K. Govindan, and P. Mohapatra, "Rendezvous Based Trust Propagation to Enhance Distributed Network Security, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 101-111.
113. A. Fathy, T. ElBatt, and M. Youssef, "A Source Authentication Scheme Using Network Coding, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 112-122.
114. L. Liu, Y. Xiao, J. Zhang, A. Faulkner, and K. Weber, "Hidden Information in Microsoft Word, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 123-135.
115. S. S.M. Chow and S. Yiu, " Exclusion-Intersection Encryption, " International J. Security and Networks, Vol. 6 Nos. 2/3, 2011, pp. 136-146.
116. M. Yang, J. C.L. Liu, and Y. Tseng, "Editorial, " International J. Security and Networks, Vol. 5, No.1 pp. 1-3, 2010
117. S. Malliga and A. Tamilarasi, "A backpressure technique for filtering spoofed traffic at upstream routers, " International J. Security and Networks, Vol. 5, No.1 pp. 3-14, 2010.
118. S. Huang and S. Shieh, "Authentication and secret search mechanisms for RFID-aware wireless sensor networks, " International J. Security and Networks, Vol. 5, No.1 pp. 15-25, 2010.
119. Y. Hsiao and R. Hwang, "An efficient secure data dissemination scheme for grid structure Wireless Sensor Networks, " International J. Security and Networks, Vol. 5, No.1 pp. 26-34, 2010.
120. L. Xu, S. Chen, X. Huang, and Y. Mu, "Bloom filter based secure and anonymous DSR protocol in wireless ad hoc networks, " International J. Security and Networks, Vol. 5, No.1 pp. 35-44, 2010.
121. K. Tsai, C. Hsu, and T. Wu, "Mutual anonymity protocol with integrity protection for mobile peer-to-peer networks, " International J. Security and Networks, Vol. 5, No.1 pp. 45-52, 2010.
122. M. Yang, "Lightweight authentication protocol for mobile RFID networks, " International J. Security and Networks, Vol. 5, No.1 pp. 53-62, 2010.
123. J. Wang and G.L. Smith, "A cross-layer authentication design for secure video transportation in wireless sensor network, " International J. Security and Networks, Vol. 5, No.1 pp. 63-76, 2010.
124. Y. Xiao, "Accountability for Wireless LANs, Ad Hoc Networks, and Wireless Mesh Networks, " IEEE Commun. Mag., special issue on Security in Mobile Ad Hoc and Sensor Networks, Vol. 46, No. 4, Apr. 2008, pp. 116-126.
125. Y. Xiao, "Flow-Net Methodology for Accountability in Wireless Networks, " IEEE Network, Vol. 23, No. 5, Sept./Oct. 2009, pp. 30-37.
126. J. Liu, and Y. Xiao, "Temporal Accountability and Anonymity in Medical Sensor Networks, " ACM/Springer Mobile Networks and Applications (MONET), Vol. 16, No. 6, pp. 695-712, Dec. 2011.
127. Y. Xiao, K. Meng, and D. Takahashi, "Accountability using Flow-net: Design, Implementation, and Performance Evaluation, " (Wiley Journal of) Security and Communication Networks, Vol.5, No. 1, pp. 29-49, Jan. 2012.
128. Y. Xiao, S. Yue, B. Fu, and S. Ozdemir, "GlobalView: Building Global View with Log Files in a Distributed/Networked System for Accountability, " (Wiley Journal of) Security and Communication Networks, DOI: 10.1002/sec.374.
129. D. Takahashi, Y. Xiao, and K. Meng, "Virtual Flow-net for Accountability and Forensics of Computer and Network Systems, " (Wiley Journal of) Security and Communication Networks, 2011, DOI: 10.1002/sec.407.
130. Z. Xiao and Y. Xiao, "PeerReview Re-evaluation for Accountability in Distributed Systems or Networks, " International J. Security and Networks (IJSN), 2010, Vo. 7. No. 1, in press.
131. Z. Xiao, N. Kathiresshan, and Y. Xiao, "A Survey of Accountability in Computer Networks and Distributed Systems, " (Wiley Journal of) Security and Communication Networks, accepted.
132. J. Liu, Y. Xiao, S. Li, W. Liang, C. L. P. Chen, "Cyber Security and Privacy Issues in Smart Grids, " IEEE Commun. Surveys Tuts., DOI: 10.1109/SURV.2011.122111.00145, in press.
133. Y. Xiao, X. Shen, B. Sun, and L. Cai, "Security and Privacy in RFID and Applications in Telemedicine, " IEEE Commun. Mag., Vol. 44. No. 4, Apr. 2006, pp. 64-72.
134. H. Chen, Y. Xiao, X. Hong, F. Hu, J. Xie, "A Survey of Anonymity in Wireless Communication Systems, " (Wiley Journal) Security and Communication Networks, Vol. 2 No. 5, Sept./Oct., 2009, pp. 427-444.