An analysis of security issues for cloud computing

Journal of Internet Services and Applications

Volumn 4, Issue 1, 2013, Pages 1-13

  Hashizume, Keiko ^a   Rosado, David G ^b   Fernández Medina, Eduardo ^b   Fernandez, Eduardo B ^a  

^a Florida Atlantic Univ   (United States)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Cloud computing; Countermeasures; Security; SPI model; Threats; Vulnerabilities

Indexed keywords

CLOUD COMPUTING; COST EFFECTIVENESS; RADAR COUNTERMEASURES;

COST EFFECTIVE; DATA SECURITY AND PRIVACY; ESSENTIAL SERVICES; SECURITY; SECURITY ISSUES; SERVICE AVAILABILITY; THREATS; VULNERABILITIES;

SECURITY OF DATA;

EID: 84887724123     PISSN: 18674828     EISSN: 18690238     Source Type: Journal    
DOI: 10.1186/1869-0238-4-5     Document Type: Article

References (79)

1. Gartner Inc Gartner identifies the Top 10 strategic technologies for 2011. Online. Available: http://www.gartner.com/it/page.jsp?id=1454221. Accessed: 15-Jul-2011
2. Zhao G, Liu J, Tang Y, Sun W, Zhang F, Ye X, Tang N (2009) Cloud Computing: A Statistics Aspect of Users. In: First International Conference on Cloud Computing (CloudCom), Beijing, China. Springer Berlin, Heidelberg, pp 347-358
3. Zhang S, Zhang S, Chen X, Huo X (2010) Cloud Computing Research and Development Trend. In: Second International Conference on Future Networks (ICFN'10), Sanya, Hainan, China. IEEE Computer Society, Washington, DC, USA, pp 93-97
4. Cloud Security Alliance (2011) Security guidance for critical areas of focus in Cloud Computing V3.0. Available: https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
5. st International Conference on Cloud Computing (CloudCom), Beijing, China. Springer-Verlag Berlin, Heidelberg
6. Centre for the Protection of National Infrastructure (2010) Information Security Briefing 01/2010 Cloud Computing. Available: http://www.cpni.gov.uk/Documents/Publications/2010/2010007-ISB_cloud_computing.pdf
7. Khalid A (2010) Cloud Computing: applying issues in Small Business. In: International Conference on Signal Acquisition and Processing (ICSAP'10), pp 278-281
8. KPMG (2010) From hype to future: KPMG's 2010 Cloud Computing survey. Available: http://www.techrepublic.com/whitepapers/from-hype-to-future-kpmgs-2010-cloud-computing-survey/2384291
9. Rosado DG, Gómez R, Mellado D, Fernández-Medina E (2012) Security analysis in the migration to cloud environments. Future Internet 4(2):469-487
10. Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. O'Reilly Media, Inc., Sebastopol, CA
11. Li W, Ping L (2009) Trust model to enhance Security and interoperability of Cloud environment. In: Proceedings of the 1st International conference on Cloud Computing. Springer Berlin Heidelberg, Beijing, China, pp 69-79
12. Rittinghouse JW, Ransome JF (2009) Security in the Cloud. In: Cloud Computing. Implementation, Management, and Security, CRC Press
13. Kitchenham B (2004) Procedures for perfoming systematic review, software engineering group. Department of Computer Scinece Keele University, United Kingdom and Empirical Software Engineering, National ICT Australia Ltd, Australia. TR/SE-0401
14. Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. Version 2.3 University of keele (software engineering group, school of computer science and mathematics) and Durham. Department of Conputer Science, UK
15. Brereton P, Kitchenham BA, Budgen D, Turner M, Khalil M (2007) Lessons from applying the systematic literature review process within the software engineering domain. J Syst Softw 80(4):571-583
16. Cloud Security Alliance (2010) Top Threats to Cloud Computing V1.0. Available: https://cloudsecurityalliance.org/research/top-threats
17. ENISA (2009) Cloud Computing: benefits, risks and recommendations for information Security. Available: http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment
18. Dahbur K, Mohammad B, Tarakji AB (2011) A survey of risks, threats and vulnerabilities in Cloud Computing. In: Proceedings of the 2011 International conference on intelligent semantic Web-services and applications. Amman, Jordan, pp 1-6
19. Ertaul L, Singhal S, Gökay S (2010) Security challenges in Cloud Computing. In: Proceedings of the 2010 International conference on Security and Management SAM'10. CSREA Press, Las Vegas, US, pp 36-42
20. Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE Security Privacy 9(2):50-57
21. Subashini S, Kavitha V (2011) A survey on Security issues in service delivery models of Cloud Computing. J Netw Comput Appl 34(1):1-11
22. Jensen M, Schwenk J, Gruschka N, Iacono LL (2009) On technical Security issues in Cloud Computing. In: IEEE International conference on Cloud Computing (CLOUD'09). 116, 116, pp 109-116
23. Onwubiko C (2010) Security issues to Cloud Computing. In: Antonopoulos N, Gillam L (ed) Cloud Computing: principles, systems & applications. 2010, Springer-Verlag
24. Morsy MA, Grundy J, Müller I (2010) An analysis of the Cloud Computing Security problem. In: Proceedings of APSEC 2010 Cloud Workshop. APSEC, Sydney, Australia
25. Jansen WA (2011) Cloud Hooks: Security and Privacy Issues in Cloud Computing. In: Proceedings of the 44th Hawaii International Conference on System Sciences, Koloa, Kauai, HI. IEEE Computer Society, Washington, DC, USA, pp 1-10
26. Zissis D, Lekkas D (2012) Addressing Cloud Computing Security issues. Futur Gener Comput Syst 28(3):583-592
27. Jansen W, Grance T (2011) Guidelines on Security and privacy in public Cloud Computing. NIST, Special Publication 800-144, Gaithersburg, MD
28. Mell P, Grance T (2011) The NIST definition of Cloud Computing. NIST, Special Publication 800-145, Gaithersburg, MD
29. Zhang Q, Cheng L, Boutaba R (2010) Cloud Computing: state-of-the-art and research challenges. Journal of Internet Services Applications 1(1):7-18
30. Ju J, Wang Y, Fu J, Wu J, Lin Z (2010) Research on Key Technology in SaaS. In: International Conference on Intelligent Computing and Cognitive Informatics (ICICCI), Hangzhou, China. IEEE Computer Society, Washington, DC, USA, pp 384-387
31. Owens D (2010) Securing elasticity in the Cloud. Commun ACM 53(6):46-51
32. OWASP (2010) The Ten most critical Web application Security risks. Available: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
33. Zhang Y, Liu S, Meng X (2009) Towards high level SaaS maturity model: methods and case study. In: Services Computing conference. APSCC, IEEE Asia-Pacific, pp 273-278
34. Chong F, Carraro G, Wolter R (2006) Multi-tenant data architecture. Online. Available: http://msdn.microsoft.com/en-us/library/aa479086.aspx. Accessed: 05-Jun-2011
35. Bezemer C-P, Zaidman A (2010) Multi-tenant SaaS applications: maintenance dream or nightmare? In: Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), Antwerp, Belgium. ACM New York, NY, USA, pp 88-92
36. Viega J (2009) Cloud Computing and the common Man. Computer 42 (8):106-108
37. Cloud Security Alliance (2012) Security guidance for critical areas of Mobile Computing. Available: https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance_v1.pdf
38. Keene C (2009) The Keene View on Cloud Computing. Online. Available: http://www.keeneview.com/2009/03/what-is-platform-as-service-paas.html. Accessed: 16-Jul-2011
39. Xu K, Zhang X, Song M, Song J (2009) Mobile Mashup: Architecture, Challenges and Suggestions. In: International Conference on Management and Service Science. MASS'09. IEEE Computer Society, Washington, DC, USA, pp 1-4
40. Chandramouli R, Mell P (2010) State of Security readiness. Crossroads 16 (3):23-25
41. Jaeger T, Schiffman J (2010) Outlook: cloudy with a chance of Security challenges and improvements. IEEE Security Privacy 8(1):77-80
42. Dawoud W, Takouna I, Meinel C (2010) Infrastructure as a service security: Challenges and solutions. In: the 7th International Conference on Informatics and Systems (INFOS), Potsdam, Germany. IEEE Computer Society, Washington, DC, USA, pp 1-8
43. Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. In: IEEE International Carnahan Conference on Security Technology (ICCST), KS, USA. IEEE Computer Society, Washington, DC, USA, pp 35-41
44. Garfinkel T, Rosenblum M (2005) When virtual is harder than real: Security challenges in virtual machine based computing environments. In: Proceedings of the 10th conference on Hot Topics in Operating Systems, Santa Fe, NM. volume 10. USENIX Association Berkeley, CA, USA, pp 227-229
45. Reuben JS (2007) A survey on virtual machine Security. Seminar on Network Security. http://www.tml.tkk.fi/Publications/C/25/papers/Reuben_final.pdf. Technical report, Helsinki University of Technology, October 2007
46. Hashizume K, Yoshioka N, Fernandez EB (2013) Three misuse patterns for Cloud Computing. In: Rosado DG, Mellado D, Fernandez-Medina E, Piattini M (ed) Security engineering for Cloud Computing: approaches and Tools. IGI Global, Pennsylvania, United States, pp 36-53
47. Venkatesha S, Sadhu S, Kintali S (2009) Survey of virtual machine migration techniques., Technical report, Dept. of Computer Science, University of California, Santa Barbara. http://www.academia.edu/760613/Survey_of_Virtual_Machine_Migration_Techniques
48. Ranjith P, Chandran P, Kaleeswaran S (2012) On covert channels between virtual machines. Journal in Computer Virology Springer 8:85-97
49. Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing Security of virtual machine images in a Cloud environment. In: Proceedings of the 2009 ACM workshop on Cloud Computing Security. ACM New York, NY, USA, pp 91-96
50. Owens K., Securing virtual compute infrastructure in the Cloud. SAVVIS. Available: http://www.savvis.com/en-us/info_center/documents/hos-whitepaper-securingvirutalcomputeinfrastructureinthecloud.pdf
51. Wu H, Ding Y, Winer C, Yao L (2010) Network Security for virtual machine in Cloud Computing. In: 5th International conference on computer sciences and convergence information technology (ICCIT). IEEE Computer Society Washington, DC, USA, pp 18-21
52. Xiaopeng G, Sumei W, Xianqin C (2010) VNSS: a Network Security sandbox for virtual Computing environment. In: IEEE youth conference on information Computing and telecommunications (YC-ICT). IEEE Computer Society, Washington DC, USA, pp 395-398
53. Popovic K, Hocenski Z (2010) Cloud Computing Security issues and challenges. In: Proceedings of the 33rd International convention MIPRO. IEEE Computer Society Washington DC, USA, pp 344-349
54. Carlin S, Curran K (2011) Cloud Computing Security. International Journal of Ambient Computing and Intelligence 3(1):38-46
55. Bisong A, Rahman S (2011) An overview of the Security concerns in Enterprise Cloud Computing. International Journal of Network Security & Its Applications (IJNSA) 3(1):30-45
56. Townsend M (2009) Managing a security program in a cloud computing environment. In: Information Security Curriculum Development Conference, Kennesaw, Georgia. ACM New York, NY, USA, pp 128-133
57. Winkler V (2011) Securing the Cloud: Cloud computer Security techniques and tactics. Elsevier Inc, Waltham, MA
58. Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA. ACM New York, NY, USA, pp 199-212
59. Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on Computer and communications security, New York, NY, USA. ACM New York, NY, USA, pp 305-316
60. Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the IEEE symposium on Security and privacy. IEEE Computer Society, Washington, DC, USA, pp 380-395
61. Wang C, Wang Q, Ren K, Lou W (2009) Ensuring data Storage Security in Cloud Computing. In: The 17th International workshop on quality of service. IEEE Computer Society, Washington, DC, USA, pp 1-9
62. Fernandez EB, Yoshioka N, Washizaki H (2009) Modeling Misuse Patterns. In: Proceedings of the 4th Int. Workshop on Dependability Aspects of Data Warehousing and Mining Applications (DAWAM 2009), in conjunction with the 4th Int.Conf. on Availability, Reliability, and Security (ARES 2009), Fukuoka, Japan. IEEE Computer Society, Washington, DC, USA, pp 566-571
63. Santos N, Gummadi KP, Rodrigues R (2009) Towards Trusted Cloud Computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing, San Diego, California. USENIX Association Berkeley, CA, USA
64. Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: Security Preserving VM Live Migration for Systems with VMM-enforced Protection. In: Trusted Infrastructure Technologies Conference, 2008. APTC'08, Third Asia-Pacific. IEEE Computer Society, Washington, DC, USA, pp 9-18
65. Cloud Security Alliance (2012) SecaaS implementation guidance, category 1: identity and Access managament. Available: https://downloads.cloudsecurityalliance.org/initiatives/secaas/SecaaS_Cat_1_IAM_Implementation_Guidance.pdf
66. Xiao S, Gong W (2010) Mobility Can help: protect user identity with dynamic credential. In: Eleventh International conference on Mobile data Management (MDM). IEEE Computer Society, Washington, DC, USA, pp 378-380
67. Wylie J, Bakkaloglu M, Pandurangan V, Bigrigg M, Oguz S, Tew K, Williams C, Ganger G, Khosla P (2001) Selecting the right data distribution scheme for a survivable Storage system. CMU-CS-01-120, Pittsburgh, PA
68. Somani U, Lakhani K, Mundra M (2010) Implementing digital signature with RSA encryption algorithm to enhance the data Security of Cloud in Cloud Computing. In: 1st International conference on parallel distributed and grid Computing (PDGC). IEEE Computer Society Washington, DC, USA, pp 211-216
69. Harnik D, Pinkas B, Shulman-Peleg A (2010) Side channels in Cloud services: deduplication in Cloud Storage. IEEE Security Privacy 8(6):40-47
70. Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption method applied to Cloud Computing. In: National Days of Network Security and Systems (JNS2). IEEE Computer Society, Washington, DC, USA, pp 86-89
71. Fong E, Okun V (2007) Web application scanners: definitions and functions. In: Proceedings of the 40th annual Hawaii International conference on system sciences. IEEE Computer Society, Washington, DC, USA
72. Goodin D (2009) Webhost hack wipes out data for 100,000 sites. The Register, 08-Jun-2009. [Online]. Available: http://www.theregister.co.uk/2009/06/08/webhost_attack/. Accessed: 02-Aug-2011
73. Berger S, Cáceres R, Pendarakis D, Sailer R, Valdez E, Perez R, Schildhauer W, Srinivasan D (2008) TVDc: managing Security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1):40-47
74. Berger S, Cáceres R, Goldman K, Pendarakis D, Perez R, Rao JR, Rom E, Sailer R, Schildhauer W, Srinivasan D, Tal S, Valdez E (2009) Security for the Cloud infrastructure: trusted virtual data center implementation. IBM J Res Dev 53 (4):560-571
75. Ormandy T (2007) An empirical study into the Security exposure to hosts of hostile virtualized environments. In: CanSecWest applied Security conference., Vancouver. http://taviso.decsystem.org/virtsec.pdf
76. Oberheide J, Cooke E, Jahanian F (2008) Empirical exploitation of Live virtual machine migration. In: Proceedings of Black Hat Security Conference, Washington, DC. http://www.eecs.umich.edu/fjgroup/pubs/blackhat08-migration.pdf
77. Naehrig M, Lauter K, Vaikuntanathan V (2011) Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on Cloud Computing Security workshop. ACM New York, NY, USA, pp 113-124
78. Han-zhang W, Liu-sheng H (2010) An improved trusted cloud computing platform model based on DAA and privacy CA scheme. In: International Conference on Computer Application and System Modeling (ICCASM), vol. 13, V13-39. IEEE Computer, Society, Washington, DC, USA, pp V13-33
79. Fernandez EB, Ajaj O, Buckley I, Delessy-Gassant N, Hashizume K, Larrondo-Petrie MM (2012) A survey of patterns for Web services Security and reliability standards. Future Internet 4(2):430-450