Security issues in cloud environments: A survey

International Journal of Information Security

Volumn 13, Issue 2, 2014, Pages 113-170

  Fernandes, Diogo A B ^a   Soares, Liliana F B ^a   Gomes, João V ^a   Freire, Mário M ^a   Inácio, Pedro R M ^a  

^a UNIVERSITY OF BEIRA INTERIOR   (Portugal)

Author keywords

Cloud computing; Clouds; Issues; Security; Survey

Indexed keywords

CLOUD COMPUTING; CLOUDS; INTERNET; SURVEYING;

CLOUD DEPLOYMENTS; CLOUD ENVIRONMENTS; CLOUD SECURITIES; COMPUTING PARADIGM; ENTERPRISE COMPUTING; ISSUES; SECURITY; WEB TECHNOLOGIES;

SURVEYS;

EID: 84897106892     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-013-0208-7     Document Type: Article

References (313)

1. 57un Blog: A BIG Password Cracking Wordlist. https://57un. wordpress. com/2013/03/09/a-big-password-cracking-wordlist/. Accessed May 2013 (2013).
2. Aguiar, E., Zhang, Y., Blanton, M.: An Overview of Issues and Recent Developments in Cloud Computing and Storage Security, pp. 1-31. Springer, Berlin (2013).
3. Ahuja, S. P., Komathukattil, D.: A survey of the state of cloud security. Netw. Commun. Technol. 1(2), 66-75 (2012). doi: 10. 5539/nct. v1n2p66.
4. Aihkisalo, T., Paaso, T.: Latencies of service invocation and processing of the REST and SOAP web service interfaces. In: IEEE 8th World Congress on Services (SERVICES), pp. 100-107. Honolulu, HI, USA (2012). doi: 10. 1109/SERVICES. 2012. 55.
5. Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of IT security and compliance challenges in security-as-a-service for cloud computing. In: 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124-129. Shenzhen, Guangdong, China (2012). doi: 10. 1109/ISORCW. 2012. 31.
6. Alert Logic: State of Cloud Security Report: Targeted Attacks and Opportunistic Hacks. http://www. alertlogic. com/resources/security-intelligence-newsletter/download-cloud-security-report-spring2013/ (2013). Accessed Apr. 2013.
7. AlFardan, N., Bernstein, D., Paterson, K., Poettering, B., Schuldt, J.: On the Security of RC4 in TLS. http://www. isg. rhul. ac. uk/tls/index. html (2013). Accessed Apr. 2013.
8. AlienVault: OSSIM Website. https://aws. amazon. com/marketplace/pp/B00BIUQRGC/ (2013). Accessed May 2013.
9. Amazon: Amazon Web Services: Overview of Security Processes. http://s3. amazonaws. com/aws_blog/AWS_Security_Whitepaper_2008_09. pdf (2011). White Paper. Accessed Sept. 2012.
10. Amazon: Amazon Elastic Compute Cloud (Amazon EC2). https://aws. amazon. com/ec2/ (2012). Accessed Apr. 2013.
11. Amazon: Amazon Virtual Private Cloud (Amazon VPC). http://aws. amazon. com/vpc/ (2012). Accessed Sept. 2012.
12. Amazon Web Services Discussion Forums: Low Entropy on EC2 Instances- Problem for Anything Related to Security. https://forums. aws. amazon. com/thread. jspa?messageID=249079 (2011). Accessed Apr. 2013.
13. Amoroso, E.: From the enterprise perimeter to a mobility-enabled secure cloud. IEEE Secur. Priv. 11(1), 23-31 (2013). doi: 10. 1109/MSP. 2013. 8.
14. Anstee, D.: Q1 Key Findings from ATLAS. http://www. arbornetworks. com/corporate/blog/4855-q1-key-findings-from-atlas (2013). Accessed Apr. 2013.
15. Apache: CloudStack Website. https://cloudstack. apache. org/ (2013). Accessed May 2013.
16. Apprenda: Apprenda Website. http://apprenda. com (2013). Accessed Apr. 2013.
17. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50-58 (2010). doi: 10. 1145/1721654. 1721672.
18. Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R. H., Konwinski, A., Lee, G., Patterson, D. A., Rabkin, A., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28. Electrical Engineering and Computer Sciences University of California (2009).
19. Ateniese, G., Di Pietro, R., Mancini, L. V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 9: 1-9: 10. ACM, New York, NY, USA (2008).
20. Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating timing channels in compute clouds. In: Proceedings of the ACM Workshop on Cloud computing, Security, pp. 103-108 (2010). doi: 10. 1145/1866835. 1866854.
21. Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. SIGOPS Oper. Syst. Rev. 45(2), 38-53 (2011). doi: 10. 1145/2007183. 2007189.
22. Back, G., Hsieh, W. C.: The KaffeOS Java runtime system. ACM Trans. Program. Lang. Syst. 27(4), 583-630 (2005). doi: 10. 1145/1075382. 1075383.
23. Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou R3579X?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th International Conference on World Wide Web, pp. 181-190. ACM, New York, NY, USA (2007). doi: 10. 1145/1242572. 1242598.
24. Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: subverting virtual machine introspection for fun and profit. In: 29th IEEE Symposium on Reliable Distributed Systems, pp. 82-91. IEEE Computer Society, Washington, DC, USA (2010). doi: 10. 1109/SRDS. 2010. 39.
25. Banerjee, P., Friedrich, R., Bash, C., Goldsack, P., Huberman, B., Manley, J., Patel, C., Ranganathan, P., Veitch, A.: Everything as a service: powering the new information economy. Computer 44(3), 36-43 (2011). doi: 10. 1109/MC. 2011. 67.
26. Basak, D., Toshniwal, R., Maskalik, S., Sequeira, A.: Virtualizing networking and security in the cloud. SIGOPS Oper. Syst. Rev. 44(4), 86-94 (2010). doi: 10. 1145/1899928. 1899939.
27. Begum, S., Khan, M.: Potential of cloud computing architecture. In: International Conference on Information and Communication Technologies, pp. 1-5. IEEE (2011). doi: 10. 1109/ICICT. 2011. 5983572.
28. Behl, A.: Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation. In: World Congress on Information and Communication Technologies, pp. 217-222. IEEE (2011). doi: 10. 1109/WICT. 2011. 6141247.
29. Behl, A., Behl, K.: Security paradigms for cloud computing. In: 4th International Conference on Computational Intelligence, Communication Systems and Networks, pp. 200-205. IEEE (2012). doi: 10. 1109/CICSyN. 2012. 45.
30. Belqasmi, F., Singh, J., Glitho, R.: SOAP-based vs. RESTful web services: a case study for multimedia. IEEE Internet Comput. 16(4), 54-63 (2012). doi: 10. 1109/MIC. 2012. 62.
31. Bentounsi, M., Benbernou, S., Atallah, M.: Privacy-preserving business process outsourcing. In: IEEE 19th International Conference on Web Services, pp. 662-663. IEEE (2012). doi: 10. 1109/ICWS. 2012. 34.
32. Bernstein, D., Vij, D.: Intercloud security considerations. In: IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 537-544. IEEE Computer Society, Washington, DC, USA (2010).
33. Bin Mat Nor, F., Jalil, K., Manan, J. L.: An enhanced remote authentication scheme to mitigate man-in-the-browser attacks. In: International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 271-276. Kuala Lumpur, Malaysia (2012). doi: 10. 1109/CyberSec. 2012. 6246086.
34. Boampong, P. A., Wahsheh, L. A.: Different facets of security in the cloud. In: Proceedings of the 15th Communications and Networking Simulation Symposium, pp. 5: 1-5: 7. Society for Computer Simulation International, San Diego, CA, USA (2012).
35. Bowers, K. D., Juels, A., Oprea, A.: HAIL: a high-availability and integrity layer for cloud storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 187-198. ACM, New York, NY, USA (2009). doi: 10. 1145/1653662. 1653686.
36. Box: Box Website. https://www. box. com/ (2013). Accessed Apr. 2013.
37. Bradbury, D.: Shadows in the cloud: Chinese involvement in advanced persistent threats. Netw. Secur. 2010(5), 16-19 (2010). doi: 10. 1016/S1353-4858(10)70058-1.
38. Brito, H.: Pentagon Creating "Rules of Engagement" for Responding to Advanced Attackers. Mandiant M-Unition (2013).
39. Bugiel, S., Nürnberger, S., Pöppelmann, T., Sadeghi, A. R., Schneider, T.: AmazonIA: when elasticity snaps back. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 389-400. ACM, New York, NY, USA (2011). doi: 10. 1145/2046707. 2046753.
40. Carriço, P.: Low entropy on VMs. http://blog. pedrocarrico. net/post/17026199379/low-entropy-on-vms (2012). Accessed May 2013.
41. Carroll, M., Kotzé, P., van der Merwe, A. (2011). Secure virtualization-benefits, risks and controls. In: Leymann, F., Ivanov, I., van Sinderen, M., Shishkov, B. (eds.) CLOSER, pp. 15-23. SciTePress.
42. Casale, A.: The Dangers of Recycling in the Cloud. TheMakegood (2013).
43. Chen, C. C., Yuan, L., Greenberg, A., Chuah, C. N., Mohapatra, P.: Routing-as-a-Service (RaaS): a framework for tenant-directed route control in data center. In: Proceedings of the 30th IEEE International Conference on Computer Communications (INFOCOM), pp. 1386-1394 (2011) doi: 10. 1109/INFCOM. 2011. 5934924.
44. Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647-651. IEEE (2012). doi: 10. 1109/ICCSEE. 2012. 193.
45. Chen, T. H., lien Yeh, H., Shih, W. K.: An advanced ECC dynamic ID-based remote mutual authentication scheme for cloud computing. In: 5th FTRA International Conference on Multimedia and Ubiquitous Engineering (MUE), pp. 155-159. Crete, Greece (2011). doi: 10. 1109/MUE. 2011. 69.
46. Chen, X., Andersen, J., Mao, Z., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: IEEE International Conference on Dependable Systems and Networks (DNS) With FCTS and DCC, pp. 177-186. Anchorage, AK, USA (2008). doi: 10. 1109/DSN. 2008. 4630086.
47. Chen, Y., Paxson, V., Katz, R. H.: What's New About Cloud Computing Security? Technical Report UCB/EECS-2010-5. EECS Department, University of California, Berkeley (2010). http://www. eecs. berkeley. edu/Pubs/TechRpts/2010/EECS-2010-5. html.
48. Chonka, A., Xiang, Y., Zhou, W., Bonti, A.: Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J. Netw. Comput. Appli. 34(4), 1097-1107 (2011). doi: 10. 1016/j. jnca. 2010. 06. 004.
49. Choudhary, V.: Software as a service: implications for investment in software development. In: 40th Annual Hawaii International Conference on System Sciences, p. 209a. IEEE Computer Society, Washington, DC, USA (2007). doi: 10. 1109/HICSS. 2007. 493.
50. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 85-90. ACM, New York, NY, USA (2009). doi: 10. 1145/1655008. 1655020.
51. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the ACM Workshop on Cloud Computing Security (CCSW), pp. 97-102. ACM, Chicago, IL, USA (2009). doi: 10. 1145/1655008. 1655022.
52. Chung, H., Park, J., Lee, S., Kang, C.: Digital forensic investigation of cloud storage services. Digit. Investig. (2012). doi: 10. 1016/j. diin. 2012. 05. 015. Available online on 23 Jun. 2012.
53. Cisco: Cisco Data Center Infrastructure 2. 5 Design Guide. http://www. cisco. com/univercd/cc/td/doc/solution/dcidg21. pdf (2007). Accessed Oct. 2012.
54. Cisco: Data Center Power and Cooling. http://www. cisco. com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/white_paper_c11-680202. pdf (2011). White Paper. Accessed Sept. 2012.
55. Cisco: Cisco Global Cloud Index: Forecast and Methodology, 2011-2016. http://www. cisco. com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns1175/Cloud_Index_White_Paper. pdf (2012). White Paper. Accessed Apr. 2013.
56. Cisco: 2013 Cisco Annual Security Report. http://www. cisco. com/en/US/prod/vpndevc/annual_security_report. html (2013). Accessed Apr. 2013.
57. Cisco: Cisco Cloud Services Router 1000V Series. http://www. cisco. com/en/US/products/ps12559/index. html (2013). Accessed Jul. 2013.
58. Citrix: Citrix Website. https://www. citrix. com/products. html?ntref=hp_nav_us (2013). Accessed Jun. 2013.
59. CloudBees: CloudBees Website. http://www. cloudbees. com/ (2013). Accessed Apr. 2013.
60. Corbató, F. J., Vyssotsky, V. A.: Introduction and overview of the Multics system. In: Proceedings of the Fall Joint Computer Conference, pp. 185-196. ACM, New York, NY, USA (1965).
61. Coronado, C.: Blackhole Exploit Kit Leverages Margaret Thatcher's Death. Trend Micro (2013).
62. CSA: Top Threats to Cloud Computing. https://cloudsecurityalliance. org/topthreats/csathreats. v1. 0. pdf (2010). Accessed Sept. 2012.
63. CSA: Security Guidance for Critical Areas of Focus in Cloud Computing v3. 0. https://cloudsecurityalliance. org/guidance/csaguide. v3. 0. pdf (2011). Accessed Sept. 2012.
64. CSA: The Notorious Nine Cloud Computing Top Threats in 2013. https://downloads. cloudsecurityalliance. org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013. pdf (2013). Accessed Jul. 2013.
65. Cuckoo Website: Cuckoo. http://www. cuckoosandbox. org/ (2013). Accessed Apr. 2013.
66. Curran, K., Dougan, T.: Man in the browser attacks. Int. J. Ambient Comput. Intell. 4(1), 29-39 (2012). doi: 10. 4018/jaci. 2012010103.
67. Czajkowski, G., Daynàs, L.: Multitasking without compromise: a virtual machine evolution. ACM SIGPLAN Not. 47(4a), 60-73 (2012). doi: 10. 1145/2442776. 2442785.
68. Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with stateless authentication tokens. ACM Trans. Internet Technol. 12(1), 1: 1-1: 24 (2012). doi: 10. 1145/2220352. 2220353.
69. Dahbur, K., Mohammad, B., Tarakji, A. B.: A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the International Conference on Intelligent Semantic Web-Services and Applications, pp. 12: 1-12: 6. ACM, New York, NY, USA (2011).
70. Darrow, B., Higginbothamm, S.: What We'll See in 2013 in Cloud Computing. GigaOM (2012).
71. de Borja, F.: Nebula One Seeks To Reinvent Cloud Computing. CloudTimes (2013).
72. Dhage, S. N., Meshram, B. B., Rawat, R., Padawe, S., Paingaokar, M., Misra, A.: Intrusion detection system in cloud computing environment. In: Proceedings of the International Conference & Workshop on Emerging Trends in Technology, pp. 235-239. ACM, New York, NY, USA (2011). doi: 10. 1145/1980022. 1980076.
73. Dinesha, H., Agrawal, V.: Multi-level authentication technique for accessing cloud services. In: International Conference on Computing, Communication and Applications, pp. 1-4. IEEE (2012). doi: 10. 1109/ICCCA. 2012. 6179130.
74. Ding, X., Zhang, L., Wan, Z., Gu, M.: De-anonymizing dynamic social networks. In: IEEE Global Telecommunications Conference, pp. 1-6. IEEE (2011). doi: 10. 1109/GLOCOM. 2011. 6133607.
75. Doel, K.: Scary Logins: Worst Passwords of 2012 and How to Fix Them. SplashData (2012).
76. Dong, T.: Android. Dropdialer. https://www. symantec. com/security_response/writeup. jsp?docid=2012-070909--0726-99 (2012). Accessed Apr. 2013.
77. Doroodchi, M., Iranmehr, A., Pouriyeh, S.: An investigation on integrating XML-based security into Web services. In: 5th IEEE GCC Conference Exhibition, pp. 1-5. IEEE (2009).
78. Ducklin, P.: HElib. SOPHOS Nakedsecurity (2013).
79. Duncan, A., Creese, S., Goldsmith, M.: Insider attacks in cloud computing. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 857-862. IEEE Computer Society, Washington, DC, USA (2012). doi: 10. 1109/TrustCom. 2012. 188.
80. Dykstra, J., Sherman, A. T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit. Investig. 9, Supplement(0), S90-S98 (2012). doi: 10. 1016/j. diin. 2012. 05. 001.
81. Electronic Frontier Foundation: HTTPS Everywhere Website. https://www. eff. org/https-everywhere (2013). Accessed Apr. 2013.
82. ENISA: Cloud Computing: Benefits, Risks and Recommendations for Infomarion Security. http://www. enisa. europa. eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment (2009). Accessed Sept. 2012.
83. Firdhous, M., Ghazali, O., Hassan, S.: A trust computing mechanism for cloud computing with multilevel thresholding. In: 6th IEEE International Conference on Industrial and Information Systems, pp. 457-461. IEEE (2011). doi: 10. 1109/ICIINFS. 2011. 6038113.
84. FireEye: FireEye Advanced Threat Report-2H 2012. http://www2. fireeye. com/rs/fireye/images/fireeye-advanced-threat-report-2h2012. pdf (2013). Accessed Apr. 2013.
85. Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, pp. 1-10. IEEE (2008). doi: 10. 1109/GCE. 2008. 4738445.
86. Garfinkel, T., Rosenblum, M.: When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proceedings of the 10th Conference on Hot Topics in Operating Systems, vol. 10, pp. 20-20. USENIX Association, Berkeley, CA, USA (2005).
87. Gartner: Assessing the Security Risks of Cloud Computing. http://cloud. ctrls. in/files/assessing-the-security-risks. pdf (2008). White Paper. Accessed Sept. 2012.
88. Gens, F.: IT Cloud Services User Survey, pt. 2: Top Benefits & Challenges. IDC (2008).
89. Gens, F.: New IDC IT Cloud Services Survey: Top Benefits and Challenges. IDC (2009).
90. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC), STOC '09, pp. 169-178. ACM, Bethesda, MD, USA (2009). doi: 10. 1145/1536414. 1536440.
91. Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frenot, S., Folliot, B.: I-JVM: a Java virtual machine for component isolation in OSGi. In: IEEE/IFIP Int. Conf. on Dependable Systems Networks (DSN), pp. 544-553. Estoril, Lisbon, Portugal (2009). doi: 10. 1109/DSN. 2009. 5270296.
92. Gomathisankaran, M., Tyagi, A., Namuduri, K.: HORNS: a homomorphic encryption scheme for cloud computing using Residue number system. In: 45th Annual Conference on Information Sciences and Systems (CISS), pp. 1-5. Baltimore, MD, USA (2011). doi: 10. 1109/CISS. 2011. 5766176.
93. Gong, C., Liu, J., Zhang, Q., Chen, H., Gong, Z.: The characteristics of cloud computing. In: 39th International Conference on Parallel Processing Workshop, pp. 275-279. IEEE Computer Society, Washington, DC, USA (2010). doi: 10. 1109/ICPPW. 2010. 45.
94. Gonzalez, N., Miers, C., Redigolo, F., Carvalho, T., Simplicio, M., Naslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. In: IEEE 3rd International Conference on Cloud Computing Technology and Science, pp. 231-238. IEEE Computer Society, Washington, DC, USA (2011).
95. Goodin, D.: Why Passwords have Never been Weaker-and Crackers have Never been Stronger. Ars Technica (2012).
96. Goodrich, R.: What Is Doxing? TechNewsDaily (2013).
97. Google: Google App Engine. https://developers. google. com/appengine/ (2013). Accessed Apr. 2013.
98. Green, M.: The threat in the cloud. IEEE Secur. Priv. 11(1), 86-89 (2013). doi: 10. 1109/MSP. 2013. 20.
99. Grispos, G., Glisson, W. B., Storer, T.: Using smartphones as a proxy for forensic evidence contained in cloud storage services. In: 46th Hawaii International Conference on System Sciences (HICSS), pp. 4910-4919. Maui, HI, USA (2013). doi: 10. 1109/HICSS. 2013. 592.
100. Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50-57 (2011). doi: 10. 1109/MSP. 2010. 115.
101. Grosse, E., Upadhyay, M.: Authentication at scale. IEEE Secur. Priv. 11(1), 15-22 (2013). doi: 10. 1109/MSP. 2012. 162.
102. Gruschka, N., Iacono, L.: Vulnerable cloud: SOAP message security validation revisited. In: IEEE International Conference on Web Services, pp. 625-631. IEEE Computer Society, Washington, DC, USA (2009). doi: 10. 1109/ICWS. 2009. 70.
103. Gul, I., Rehman, A., Islam, M.: Cloud computing security auditing. In: The 2nd International Conference on Next Generation Information Technology, pp. 143-148. IEEE (2011).
104. Habib, S., Ries, S., Muhlhauser, M.: Towards a trust management system for cloud computing. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 933-939. IEEE Computer Society, Washington, DC, USA (2011). doi: 10. 1109/TrustCom. 2011. 129.
105. Hale, C.: bcrypt. http://codahale. com/how-to-safely-store-a-password/ (2010). Accessed May 2013.
106. Hamada, J.: Japanese One-Click Fraud Campaign Comes to Google Play. Symantec Blog (2013).
107. Hart, J.: Remote working: managing the balancing act between network access and data security. Comput. Fraud Secur. 2009(11), 14-17 (2009). doi: 10. 1016/S1361-3723(09)70141-1.
108. Hayes, B.: Cloud computing. Commun. ACM 51(7), 9-11 (2008). doi: 10. 1145/1364782. 1364786.
109. Helland, P.: Condos and clouds. Commun. ACM 56(1), 50-59 (2013). doi: 10. 1145/2398356. 2398374.
110. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J. A.: Minding your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Security Symposium, pp. 205-220. USENIX, Bellevue, WA, USA (2012). doi: 10. 1109/ICCIAutom. 2011. 6183990.
111. Hodges, J., Jackson, C., Barth, A.: HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard) (2012). https://www. ietf. org/rfc/rfc6797. txt.
112. Honan, M.: How Apple and Amazon Security Flaws Led to My Epic Hacking. Wired (2012).
113. HP: HP 2012 Cyber Risk Report. http://www. hpenterprisesecurity. com/collateral/whitepaper/HP2012CyberRiskReport_0213. pdf (2013). Accessed Apr. 2013.
114. HP: HP ArcSight. http://www8. hp. com/us/en/software-solutions/software. html?compURI=1340477 (2013). Accessed Apr. 2013.
115. Hua, J., Sakurai, K.: Barrier: a lightweight hypervisor for protecting kernel integrity via memory isolation. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC), pp. 1470-1477. ACM, Trento, Italy (2012). doi: 10. 1145/2231936. 2232011.
116. Hunt, T.: 5 Ways to Implement HTTPS in an Insufficient Manner (and leak sensitive data). http://www. troyhunt. com/2013/04/5-ways-to-implement-https-in. html (2013). Accessed Apr. 2013.
117. Idziorek, J., Tannian, M.: Exploiting cloud utility models for profit and ruin. In: IEEE International Conference on Cloud Computing, pp. 33-40. IEEE Computer Society, Washington, DC, USA (2011).
118. Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 61-72. ACM, New York, NY, USA (2011). doi: 10. 1145/2046660. 2046676.
119. Infosecurity: Recycled phones retain their previous owners' data. Infosecurity Magazine (2013).
120. Intel: Intel Digital Random Number Generator (DRNG): Software Implementation Guide. http://software. intel. com/sites/default/files/m/d/4/1/d/8/441_Intel_R_DRNG_Software_Implementation_Guide_final_Aug7. pdf (2012). Accessed May 2013.
121. Jackson, C.: 8 Cloud Security Concepts You Should Know. Network World (2010).
122. Jackson, C., Barth, A.: ForceHTTPS: protecting high-security web sites from network attacks. In: Proceedings of the 17th International Conference on World Wide Web (WWW), pp. 525-534. ACM, Beijing, China (2008). doi: 10. 1145/1367497. 1367569.
123. Jasti, A., Shah, P., Nagaraj, R., Pendse, R.: Security in multi-tenancy cloud. In: IEEE International Carnahan Conference on Security Technology, pp. 35-41. IEEE (2010). doi: 10. 1109/CCST. 2010. 5678682.
124. Jenkins, Q.: Spamhaus: DDoS Update-March 2013. Spamhaus (2013).
125. Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24, 185-197 (2009). doi: 10. 1007/s00450-009-0092-6.
126. Jensen, M., Gruschka, N., Luttenberger, N.: The impact of flooding attacks on network-based services. In: 3rd International Conference on Availability, Reliability and Security, pp. 509-513. IEEE Computer Society, Washington, DC, USA (2008).
127. Jensen, M., Meyer, C.: Expressiveness considerations of XML signatures. In: IEEE 35th Annual Computer Software and Applications Conf. Workshop, pp. 392-397. IEEE Computer Society, Washington, DC, USA (2011).
128. Jensen, M., Schäge, S., Schwenk, J.: Towards an anonymous access control and accountability scheme for cloud computing. In: IEEE 3rd International Conference on Cloud Computing, pp. 540-541. IEEE Computer Society, Washington, DC, USA (2010). doi: 10. 1109/CLOUD. 2010. 61.
129. Jensen, M., Schwenk, J.: The accountability problem of flooding attacks in service-oriented architectures. In: International Conference on Availability, Reliability and Security, pp. 25-32. IEEE (2009).
130. Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.: On Technical security issues in cloud computing. In: IEEE International Conference on Cloud Computing, pp. 109-116. IEEE Computer Society, Washington, DC, USA (2009). doi: 10. 1109/CLOUD. 2009. 60.
131. Jin, B., Wang, Y., Liu, Z., Xue, J.: A trust model based on cloud model and Bayesian networks. Procedia Environ. Sci. 11, Part A, 452-459 (2011). doi: 10. 1016/j. proenv. 2011. 12. 072.
132. Kandukuri, B., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, pp. 517-520. IEEE (2009). doi: 10. 1109/SCC. 2009. 84.
133. Kant, K.: Data center evolution: a tutorial on state of the art, issues, and challenges. Comput. Netw. 53(17), 2939-2965 (2009). doi: 10. 1016/j. comnet. 2009. 10. 004.
134. Katsuki, T.: Crisis for Windows Sneaks onto Virtual Machines. Symantec Blog (2012).
135. Kaufman, L.: Data security in the world of cloud computing. IEEE Secur. Priv. 7(4), 61-64 (2009).
136. Kerrigan, B., Chen, Y.: A study of entropy sources in cloud computers: random number generation on cloud hosts. In: Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), pp. 286-298. Springer, St. Petersburg, Russia (2012). doi: 10. 1007/978-3-642-33704-8_24.
137. Khan, K., Malluhi, Q.: Establishing trust in cloud computing. IT Prof. 12(5), 20-27 (2010). doi: 10. 1109/MITP. 2010. 128.
138. Khorshed, M. T., Ali, A. S., Wasimi, S. A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833-851 (2012). doi: 10. 1016/j. future. 2012. 01. 006.
139. King, C. I.: Intel Rdrand Instruction Revisited. http://smackerelofopinion. blogspot. co. uk/2012/10/intel-rdrand-instruction-revisited. html (2012). Accessed May 2013.
140. King, S., Chen, P.: SubVirt: implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, pp. 14 pp.-327. IEEE Computer Society, Washington, DC, USA (2006). doi: 10. 1109/SP. 2006. 38.
141. Kirkland, D.: Entropy (or rather the lack thereof) in OpenStack instances... and how to improve that. http://www. openstack. org/summit/san-diego-2012/openstack-summit-sessions/presentation/entropy-or-lack-thereof-in-openstack-instances (2012). Accessed May 2013.
142. Kufel, L.: Security event monitoring in a distributed systems environment. IEEE Secur. Priv. 11(1), 36-43 (2013). doi: 10. 1109/MSP. 2012. 61.
143. Leder, F., Werner, T.: Know Your Enemy: Containing Conficker. http://www. honeynet. org/files/KYE-Conficker. pdf (2010). White Paper. Accessed May 2013.
144. Leder, F., Werner, T.: Containing Conficker. http://net. cs. uni-bonn. de/wg/cs/applications/containing-conficker/ (2011). Accessed May 2013.
145. Lee, J. H., Park, M. W., Eom, J. H., Chung, T. M.: Multi-level intrusion detection system and log management in cloud computing. In: 13th International Conference on Advanced Communication Technology, pp. 552-555. IEEE (2011).
146. Lemos, R.: Blue Security Folds Under Spammer's Wrath. SecurityFocus (2013).
147. Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What's inside the cloud? An architectural map of the cloud landscape. In: Proceedings of the ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 23-31. IEEE Computer Society, Washington, DC, USA (2009). doi: 10. 1109/CLOUD. 2009. 5071529.
148. Leopando, J.: World Backup Day: The 3-2-1 Rule. Trend Micro TrendLabs (2013).
149. Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102-109. Fajardo, PR, USA (2011). doi: 10. 1109/MALWARE. 2011. 6112333.
150. Li, H. C., Liang, P. H., Yang, J. M., Chen, S. J.: Analysis on cloud-based security vulnerability assessment. In: IEEE 7th International Conference on e-Business Engineering, pp. 490-494. IEEE (2010). doi: 10. 1109/ICEBE. 2010. 77.
151. Li, Q., Clark, G.: Mobile security: a look ahead. IEEE Secur. Priv. 11(1), 78-81 (2013). doi: 10. 1109/MSP. 2013. 15.
152. Li, X., Loh, P., Tan, F.: Mechanisms of polymorphic and metamorphic viruses. In: European Intelligence and Security Informatics Conference (EISIC), pp. 149-154. Berkeley/Oakland, CA, USA (2011). doi: 10. 1109/EISIC. 2011. 77.
153. Liu, F., Su, X., Liu, W., Shi, M.: The design and application of Xen-based host system firewall and its extension. In: International Conference on Electronic Computer Technology, pp. 392-395. Macau, China (2009). doi: 10. 1109/ICECT. 2009. 83.
154. Liu, H.: A new form of DoS attack in a cloud and its avoidance mechanism. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 65-76. ACM, New York, NY, USA (2010). doi: 10. 1145/1866835. 1866849.
155. LivingSocial: LivingSocial Security Notice. https://livingsocial. com/createpassword (2013). Accessed May 2013.
156. Luo, S., Lin, Z., Chen, X., Yang, Z., Chen, J.: Virtualization security for cloud computing service. In: International Conference on Cloud and Service Computing, pp. 174-179. IEEE Computer Society, Washington, DC, USA (2011).
157. Mandiant: APT1: Exposing One of China's Cyber Espionage Units. http://intelreport. mandiant. com/Mandiant_APT1_Report. pdf (2013). Accessed Apr. 2013.
158. Mansfield-Devine, S.: Danger in the clouds. Netw. Secur. 2008(12), 9-11 (2008). doi: 10. 1016/S1353-4858(08)70140-5.
159. Marlinspike, M.: New tricks for defeating SSL in practice. https://www. blackhat. com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL. pdf (2009). Accessed Apr. 2013.
160. Marlinspike, M.: sslstrip. http://www. thoughtcrime. org/software/sslstrip/ (2009). Accessed Apr. 2013.
161. Martin, D.: Implementing effective controls in a mobile, agile, cloud-enabled enterprise. IEEE Secur. Priv. 11(1), 13-14 (2013). doi: 10. 1109/MSP. 2013. 1.
162. Mathisen, E.: Security challenges and solutions in cloud computing. In: Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies, pp. 208-212. IEEE (2011). doi: 10. 1109/DEST. 2011. 5936627.
163. McAfee: McAfee Threats Report-Fourth Quarter 2012. http://www. mcafee. com/us/resources/reports/rp-quarterly-threat-q4-2012. pdf (2013). Accessed Apr. 2013.
164. McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: IEEE Symposium on Security and Privacy (SP), pp. 143-158. Oakland, CA, USA (2010). doi: 10. 1109/SP. 2010. 17.
165. McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80-83 (2004). doi: 10. 1109/MSECP. 2004. 1281254.
166. McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: Proceedings of the Workshop on Secure Web Services, pp. 20-27. ACM, New York, NY, USA (2005). doi: 10. 1145/1103022. 1103026.
167. McKendrick, J.: 7 Predictions for Cloud Computing in 2013 That Make Perfect Sense. Forbes (2012).
168. MEGA: The MEGA API. https://mega. co. nz/#developers (2013). Accessed Apr. 2013.
169. Microsoft: Microsoft Hyper-V Server 2012 Website. https://www. microsoft. com/en-us/server-cloud/hyper-v-server/ (2013). Accessed Jun. 2013.
170. Microsoft: Microsoft Security Intelligence Report: Volume 14. http://www. microsoft. com/security/sir/default. aspx (2013). Accessed Apr. 2013.
171. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appli. (2012). doi: 10. 1016/j. jnca. 2012. 05. 003. Available online 2 June 2012.
172. Mohamed, E., Abdelkader, H., El-Etriby, S.: Enhanced data security model for cloud computing. In: 8th International Conference on Informatics and Systems, pp. CC-12-CC-17. IEEE (2012).
173. Mohan, V., Hamlen, K. W.: Frankenstein: stitching malware from benign binaries. In: Proceedings of the 6th USENIX Conference on Offensive Technologies, pp. 8-8. USENIX Association, Bellevue, WA, USA (2012).
174. Monfared, A., Jaatun, M.: Monitoring intrusions and security breaches in highly distributed cloud environments. In: IEEE 3rd International Conference on Cloud Computing Technology and Science, pp. 772-777. IEEE Computer Society, Washington, DC, USA (2011). doi: 10. 1109/CloudCom. 2011. 119.
175. Morsy, M. A., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. In: Proceedings of Asia Pacific Software Engineering Conference Cloud Workshop, pp. 1-6. IEEE Computer Society, Washington, DC, USA (2010).
176. Moser, S.: Change I7d8c1f9b: add 'random _seed' entry to instance metadata. https://review. openstack. org/#c/14550/ (2012). Accessed May 2013.
177. MPICH: MPICH Website. http://www. mpich. org/ (2013). Accessed Apr. 2013.
178. Musthaler, L.: DDoS-as-a-Service? You Betcha! It's Cheap, It's Easy, and It's Available to Anyone. Security Bistro (2012).
179. Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 30th IEEE Symposium on Security and Privacy, pp. 173-187. IEEE Computer Society, Washington, DC, USA (2009). doi: 10. 1109/SP. 2009. 22.
180. Nathoo, N.: Cloud Wars-The Fall of Cloud Storage. CloudTimes (2013). Accessed Apr. 2013.
181. Nebula: Introducing Nebula One. https://www. nebula. com/nebula-one (2013). Accessed Apr. 2013.
182. Network-Tools: Network-Tools Website. http://network-tools. com/ (2013). Accessed Apr. 2013.
183. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, pp. 226-241. Athens, Greece (2005). doi: 10. 1109/SP. 2005. 15.
184. NIST: NIST Cloud Computing Reference Architecture. http://www. nist. gov/customcf/get_pdf. cfm?pub_id=909505 (2011). Accessed Jul. 2013.
185. NIST: The NIST Definition of Cloud Computing. http://csrc. nist. gov/publications/nistpubs/800-145/SP800-145. pdf (2011). Accessed Sept. 2012.
186. NIST: NIST Cloud Computing Program. http://www. nist. gov/itl/cloud/ (2012). Accessed Sept. 2012.
187. NIST: NIST Cloud Computing Security Reference Architecture. http://collaborate. nist. gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013. 05. 15_v1. 0. pdf (2013). Accessed Jul. 2013.
188. Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of the Black Hat Convention (2008). doi: 10. 1109/ICCIAutom. 2011. 6183990.
189. OCCI: OCCI Website. http://occi-wg. org/ (2013). Accessed Apr. 2013.
190. Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of the ACM Symposium on Applied Computing, pp. 173-180. ACM, New York, NY, USA (2010). doi: 10. 1145/1774088. 1774125.
191. O'Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41-47 (2011). doi: 10. 1109/MSP. 2011. 98.
192. O'Neill, M.: Cloud APIs-the Next Battleground for Denial-of-Service Attacks. CSA Blog (2013).
193. Open Cloud Initiative (OCI): OCI Website. http://www. opencloudinitiative. org/ (2013). Accessed May 2013.
194. OpenNebula: OpenNebula Website. http://opennebula. org/ (2013). Accessed Apr. 2013.
195. OpenStack: OpenStack Website. http://www. openstack. org/ (2013). Accessed Apr. 2013.
196. Oracle: Oracle Java SE Critical Patch Update Advisory-April 2013. http://www. oracle. com/technetwork/topics/security/javacpuapr2013-1928497. html (2013). Accessed Apr. 2013.
197. Oracle: VirtualBox Website. https://www. virtualbox. org/ (2013). Accessed Jun. 2013.
198. Ortega, A.: Your Malware Shall Not Fool Us With Those Anti Analysis Tricks. AlienVault Labs (2012).
199. OSVDB: The Open Source Vulnerability Database Website. http://www. osvdb. org/ (2013). Accessed Apr. 2013.
200. OWASP: The Then Most Critical Web Application Security Risks. http://owasptop10. googlecode. com/files/OWASP (2010). Accessed Oct. 2012.
201. OWASP: The Then Most Critical Web Application Security Risks. https://www. owasp. org/index. php/Top_10_2013 (2013). Accessed Apr. 2013.
202. Oyama, Y., Giang, T. T. D., Chubachi, Y., Shinagawa, T., Kato, K.: Detecting malware signatures in a thin hypervisor. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC), pp. 1807-1814. ACM, Trento, Italy (2012). doi: 10. 1145/2231936. 2232070.
203. Panah, A., Panah, A., Panah, O., Fallahpour, S.: Challenges of security issues in cloud computing layers. Rep. Opin. 4(10), 25-29 (2012).
204. Parallels: Oracle VM Server Website. http://www. oracle. com/us/technologies/virtualization/oraclevm/ (2013). Accessed Jun. 2013.
205. Parallels: Parallels Website. http://www. parallels. com/eu/products/ (2013). Accessed Jun. 2013.
206. Patel, A., Taghavi, M., Bakhtiyari, K., Júnior, J. C.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appli. (2012). doi: 10. 1016/j. jnca. 2012. 08. 007. Available online 31 Aug. 2012.
207. Patel, P.: Solution: FUTEX \_WAIT hangs Java on Linux / Ubuntu in vmware or virtual box. http://www. springone2gx. com/blog/pratik_patel/2010/01/solution_futex_wait_hangs_java_on_linux_ubuntu_in_vmware_or_virtual_box(2010). Accessed May 2013.
208. Patidar, S., Rane, D., Jain, P.: A survey paper on cloud computing. In: 2nd International Conference on Advanced Computing Communication Technologies, pp. 394-398. IEEE (2012). doi: 10. 1109/ACCT. 2012. 15.
209. PCI Security Standards: PCI SSC Data Security Standards Overview. https://www. pcisecuritystandards. org/security_standards/index. php (2012). Accessed Oct. 2012.
210. Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 1: 71-1: 739 (2013). doi: 10. 1145/2431211. 2431216.
211. Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, pp. 3-42. Springer London (2013). doi: 10. 1007/978-1-4471-4189-1_1.
212. Perez-Botero, D., Szefer, J., Lee, R. B.: Characterizing hypervisor vulnerabilities in cloud computing servers. In: Proceedings of the 2013 International Workshop on Security in Cloud Computing (SCC), pp. 3-10. ACM, New York, NY, USA (2013). doi: 10. 1145/2484402. 2484406.
213. Pfaff, B., Pettit, J., Koponen, T., Amidon, K., Casado, M., Shenker, S.: Extending networking into the virtualization layer. In: Proceedings of the 8th ACM Workshop on Hot Topics in Networks. ACM SIGCOMM (2009).
214. Prandini, M., Ramilli, M., Cerroni, W., Callegati, F.: Splitting the HTTPS stream to attack secure web connections. IEEE Secur. Priv. 8(6), 80-84 (2010). doi: 10. 1109/MSP. 2010. 190.
215. Prince, M.: The DDoS That Almost Broke the Internet. CloudFlare (2013).
216. Prince, M.: The DDoS That Knocked Spamhaus Offline (And How We Mitigated It). CloudFlare (2013).
217. Prolexic: Prolexic Quarterly Global DDoS Attack Report Q1 2013. https://www. prolexic. com/knowledge-center-ddos-attack-report-2013-q1. html (2013). Accessed Apr. 2013.
218. Rahaman, M. A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, pp. 77-84. ACM, New York, NY, USA (2006). doi: 10. 1145/1180367. 1180382.
219. Ramgovind, S., Eloff, M., Smith, E.: The management of security in cloud computing. In: Information Security for South Africa, pp. 1-7. IEEE (2010). doi: 10. 1109/ISSA. 2010. 5588290.
220. Rasmusson, L., Aslam, M.: Protecting private data in the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), pp. 5-12. Porto, Portugal (2012).
221. Rauti, S., Leppänen, V.: Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures. In: Proceedings of the 13th International Conference on Computer Systems and Technologies (CompSysTech), pp. 251-258. ACM, Ruse, Bulgaria (2012) doi: 10. 1145/2383276. 2383314.
222. RedHat: KVM Website. http://www. linux-kvm. org/ (2013). Accessed Jun. 2013.
223. RepoCERT: Botnet Using Plesk Vulnerability and Takedown. Seclists Website (2013).
224. Rimal, B. P., Jukan, A., Katsaros, D., Goeleven, Y.: Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3-26 (2011). doi: 10. 1007/s10723-010-9171-y.
225. Ripe, NCC: Database Query. http://apps. db. ripe. net/search/query. html (2013). Accessed Apr. 2013.
226. Riquet, D., Grimaud, G., Hauspie, M.: Large-scale coordinated attacks: impact on the cloud security. In: 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 558-563. IEEE (2012). doi: 10. 1109/IMIS. 2012. 76.
227. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199-212. ACM, New York, NY, USA (2009).
228. Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: Proceedings of Network and Distributed Security Symposium (NDSS), pp. 1-18. The Internet Society, San Diego, CA, USA (2010).
229. Roberts II, J. C., Al-Hamdani, W.: Who can you trust in the cloud?: a review of security issues within cloud computing. In: Proceedings of the Information Security Curriculum Development Conference, pp. 15-19. ACM, New York, NY, USA (2011). doi: 10. 1145/2047456. 2047458.
230. Rocha, F., Abreu, S., Correia, M.: The final Frontier: confidentiality and privacy in the cloud. Computer 44(9), 44-50 (2011). doi: 10. 1109/MC. 2011. 223.
231. Rocha, F., Correia, M.: Lucy in the sky without diamonds: stealing confidential data in the cloud. In: IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, pp. 129-134. IEEE (2011). doi: 10. 1109/DSNW. 2011. 5958798.
232. Rodero-Merino, L., Vaquero, L. M., Caron, E., Desprez, F., Muresan, A.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96-108 (2012). doi: 10. 1016/j. cose. 2011. 10. 006.
233. Rong, C., Nguyen, S. T., Jaatun, M. G.: Beyond lightning: a survey on security challenges in cloud computing. Comput. Electr. Eng. (2012). doi: 10. 1016/j. compeleceng. 2012. 04. 015 Available online 19 May 2012.
234. Roy, I., Setty, S. T. V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, pp. 20-20. USENIX Association, Berkeley, CA, USA (2010).
235. RSA: RSA SecurID Website. http://sweden. emc. com/security/rsa-securid. htm (2013). Accessed Jun. 2013.
236. RSA FirstWatch: Tales from the Darkside: Another Mule Recruitment Site. RSA Blog (2013).
237. Rutkowska, J.: Subverting VistaTM Kernel for fun and profit. Black Hat Conv. (2008).
238. Sabahi, F.: Cloud computing security threats and responses. In: IEEE 3rd International Conference on Communication Software and Networks, pp. 245-249. IEEE (2011). doi: 10. 1109/ICCSN. 2011. 6014715.
239. Sadashiv, N., Kumar, S.: Cluster, grid and cloud computing: a detailed comparison. In: 6th International Conference on Computer Science Education, pp. 477-482. IEEE (2011). doi: 10. 1109/ICCSE. 2011. 6028683.
240. Salah, K., Alcaraz, Calero J.: Using cloud computing to implement a security overlay network. IEEE Secur. Priv. 11(1), 44-53 (2013). doi: 10. 1109/MSP. 2012. 88.
241. SAML v2. 0: OASIS Website. https://www. oasis-open. org/standards#samlv2. 0 (2005). Accessed Apr. 2013.
242. Santos, N., Gummadi, K. P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009).
243. Schloesser, M., Guarnieri, C.: Vaccinating Systems Against VM-aware Malware. Rapid7 Labs (2013).
244. Schloesser, M., Guarnieri, C.: Vaccinating Systems Against VM-aware Malware. https://github. com/rapid7/vaccination (2013). Accessed May 2013.
245. Schneier, B.: Homomorphic Encryption Breakthrough. https://www. schneier. com/blog/archives/2009/07/homomorphic_enc. html (2009). Accessed May 2013.
246. SecurityFocus: Xen CVE-2013-1920 Local Memory Corruption Vulnerability. SecurityFocus (2013).
247. Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 21-26. ACM, New York, NY, USA (2011). doi: 10. 1145/2046660. 2046666.
248. Sengupta, S., Kaulgud, V., Sharma, V.: Cloud computing security-trends and research directions. In: IEEE World Congress on Services, pp. 524-531. IEEE Computer Society, Washington, DC, USA (2011). doi: 10. 1109/SERVICES. 2011. 20.
249. Shin, S., Gu, G.: CloudWatcher: network security monitoring using OpenFlow in dynamic cloud networks (or: how to provide security monitoring as a service in clouds?). In: 20th IEEE International Conference on Network Protocols (ICNP), pp. 1-6. Austin, TX, USA (2012). doi: 10. 1109/ICNP. 2012. 6459946.
250. Shinotsuka, H.: Malware Authors Using New Techniques to Evade Automated Threat Analysis Systems. Symantec Blog (2012).
251. Singh, A.: Don't Click the Left Mouse Button: Introducing Trojan UpClicker. FireEye Blog (2012).
252. Sloan, K.: Security in a virtualised world. Netw. Secur. 2009(8), 15-18 (2009). doi: 10. 1016/S1353-4858(09)70077-7.
253. SNIA: Cloud Data Management Interface (CDMI). http://www. snia. org/cdmi (2013). Accessed Apr. 2013.
254. Somorovsky, J., Mayer, A., Schwenk, J., Kampmann, M., Jensen, M.: On breaking SAML: be whoever you want to be. In: Proceedings of the 21st USENIX Security Symposium, pp. 21-21. USENIX Association, Bellevue, WA, USA (2012).
255. Songjie, Yao, J., Wu, C.: Cloud computing and its key techniques. In: International Conference on Electronic and Mechanical Engineering and Information Technology, vol. 1, pp. 320-324. IEEE (2011). doi: 10. 1109/EMEIT. 2011. 6022935.
256. Sood, A., Enbody, R.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54-61 (2013). doi: 10. 1109/MSP. 2012. 90.
257. Sood, S. K.: A combined approach to ensure data security in cloud computing. J. Netw. Comput. Appli. 35(6), 1831-1838 (2012). doi: 10. 1016/j. jnca. 2012. 07. 007.
258. Spoon Website: Browser Sandbox. http://spoon. net/browsers (2013). Accessed Apr. 2013.
259. Stamos, A., Becherer, A., Wilcox, N.: Cloud Computing Security: Raining on the Trendy New Parade. https://www. blackhat. com/html/bh-usa-09/bh-usa-09-archives. html (2009).
260. Staten, J.: 2013 Cloud Predictions: We'll Finally Get Real About Cloud. Forrester Blog (2012).
261. Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appli. 34(1), 1-11 (2011). doi: 10. 1016/j. jnca. 2010. 07. 006.
262. Sun, D., Chang, G., Sun, L., Wang, X.: Surveying and analyzing security, privacy and trust issues in cloud computing environments. Procedia Eng. 15, 2852-2856 (2011). doi: 10. 1016/j. proeng. 2011. 08. 537.
263. Sun, K., Li, Y., Hogstrom, M., Chen, Y.: Sizing multi-space in heap for application isolation. In: Companion to the 21st ACM SIGPLAN Symposium on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pp. 647-648. ACM, Portland, OR, USA (2006). doi: 10. 1145/1176617. 1176654.
264. Sun, M. K., Lin, M. J., Chang, M., Laih, C. S., Lin, H. T.: Malware virtualization-resistant behavior detection. In: IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), pp. 912-917. Tainan, Taiwan (2011). doi: 10. 1109/ICPADS. 2011. 78.
265. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the 4th European Workshop on System Security, pp. 1: 1-1: 6. ACM, Salzburg, Austria (2011). doi: 10. 1145/1972551. 1972552.
266. Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Software side channel attack on memory deduplication. In: 23rd ACM Symposium on Operating Systems Principles. ACM, Cascais, Portugal (2011). Poster.
267. Symantec: Internet Security Threat Report 2013. https://www. symantec. com/security_response/publications/threatreport. jsp (2013). Accessed Apr. 2013.
268. Symantec Security Response: Internet Explorer Zero-Day Used in Watering Hole Attack: Q &A. Symantec Blog (2012).
269. Szefer, J., Keller, E., Lee, R. B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 401-412. ACM, Chicago, IL, USA (2011). doi: 10. 1145/2046707. 2046754.
270. Takabi, H., Joshi, J., Ahn, G.: Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 8(6), 24-31 (2010).
271. Tang, M., Lv, Q., Lu, Z., Zhao, Q., Song, Y.: Dynamic virtual switch protocol using Openflow. In: 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel Distributed Computing (SNPD), pp. 603-608. Kyoto, Japan (2012). doi: 10. 1109/SNPD. 2012. 129.
272. Tanvi: Mixed Content Blocking Enabled in Firefox 23! Firefox Blog (2013).
273. Taylor, G., Cox, G.: Digital randomness. IEEE Spectr. 48(9), 32-58 (2011). doi: 10. 1109/MSPEC. 2011. 5995897.
274. Taylor, M., Haggerty, J., Gresty, D., Lamb, D.: Forensic investigation of cloud computing systems. Netw. Secur. 2011(3), 4-10 (2011). doi: 10. 1016/S1353-4858(11)70024-1.
275. The Linux Foundation: Xen Website. http://http://www. xenproject. org/ (2013). Accessed Jun. 2013.
276. Thompson, H.: The human element of information security. IEEE Secur. Priv. 11(1), 32-35 (2013). doi: 10. 1109/MSP. 2012. 161.
277. Thorsheim, P.: The Final Word on the LinkedIn Leak. http://securitynirvana. blogspot. pt/2012/06/final-word-on-linkedin-leak. html (2012). Accessed May 2013.
278. Toubiana, V., Nissenbaum, H.: Analysis of Google logs retention policies. J. Priv. Confid. 3(1), 3-26 (2011).
279. Townsend, M.: Managing a security program in a cloud computing environment. In: Information Security Curriculum Development Conference, pp. 128-133. ACM, New York, NY, USA (2009). doi: 10. 1145/1940976. 1941001.
280. Trader, T.: GPU Monster Shreds Password Hashes. HPCwire (2012).
281. Tripathi, A., Mishra, A.: Cloud computing security considerations. In: IEEE International Conference on Signal Processing, Communications and Computing, pp. 1-5. IEEE (2011). doi: 10. 1109/ICSPCC. 2011. 6061557.
282. Tsai, H. Y., Siebenhaar, M., Miede, A., Huang, Y., Steinmetz, R.: Threat as a service?: virtualization's impact on cloud security. IT Prof. 14(1), 32-37 (2012). doi: 10. 1109/MITP. 2011. 117.
283. Tseng, H. M., Lee, H. L., Hu, J. W., Liu, T. L., Chang, J. G., Huang, W. C.: Network virtualization with cloud virtual switch. In: IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), pp. 998-1003. Tainan, Taiwan (2011). doi: 10. 1109/ICPADS. 2011. 159.
284. Vaquero, L. M., Rodero-Merino, L., Morán, D.: Locking the sky: a survey on IaaS cloud security. Computing 91(1), 93-118 (2011). doi: 10. 1007/s00607-010-0140-x.
285. Viega, J.: Cloud computing and the common man. Computer 42(8), 106-108 (2009). doi: 10. 1109/MC. 2009. 252.
286. VMware: VMware vSphere. https://www. vmware. com/support/product-support/vsphere/ (2013). Accessed Apr. 2013.
287. VMware: VMware Website. https://www. vmware. com/products/ (2013). Accessed Jun. 2013.
288. VMware: What is OVF? https://www. vmware. com/technical-resources/virtualization-topics/virtual-appliances/ovf. html (2013). Accessed Apr. 2013.
289. VMware Community Forums: Low/proc/sys/kernel/random/entr opy_avail causes exim to stop sending mail. http://communities. vmware. com/message/530909 (2006). Accessed May 2013.
290. Vu, Q. H., Pham, T. V., Truong, H. L., Dustdar, S., Asal, R.: DEMODS: a description model for data-as-a-service. In: IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), pp. 605-612. Fukuoka, Japan (2012). doi: 10. 1109/AINA. 2012. 91.
291. Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19-24 (2010). doi: 10. 1109/MNET. 2010. 5510914.
292. Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in cloud computing. In: 17th International Workshop on Quality of Service, pp. 1-9. IEEE (2009). doi: 10. 1109/IWQoS. 2009. 5201385.
293. Wang, G., Ng, T.: The impact of virtualization on network performance of Amazon EC2 data center. In: Proceedings of the IEEE INFOCOM, pp. 1-9. Sand Diego, CA, USA (2010). doi: 10. 1109/INFCOM. 2010. 5461931.
294. Ward, M.: Facebook Users Suffer Viral Surge. BBC News (2009).
295. Websense: 2013 Threat Report. https://www. websense. com/content/websense-2013-threat-report. aspx (2013). Accessed Apr. 2013.
296. Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 91-96. ACM, New York, NY, USA (2009). doi: 10. 1145/1655008. 1655021.
297. Wu, H., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: 5th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), pp. 18-21. Seoul, South Korea (2010). doi: 10. 1109/ICCIT. 2010. 5711022.
298. Wu, H., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: 5th International Conference on Computer Sciences and Convergence Information Technology, pp. 18-21. IEEE (2010). doi: 10. 1109/ICCIT. 2010. 5711022.
299. Wueest, C.: Mobile Scam: Winning Without Playing. Symantec Blog (2013).
300. Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tuts. 15(2), 843-859 (2013). doi: 10. 1109/SURV. 2012. 060912. 00182.
301. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 29-40. ACM, New York, NY, USA (2011). doi: 10. 1145/2046660. 2046670.
302. Yang, J., Chen, Z.: Cloud computing research and security issues. In: International Conference on Computational Intelligence and Software Engineering, pp. 1-3. IEEE (2010). doi: 10. 1109/CISE. 2010. 5677076.
303. Yasinsac, A., Irvine, C.: Help! Is There a Trustworthy-Systems Doctor in the House? IEEE Secur. Priv. 11(1), 73-77 (2013). doi: 10. 1109/MSP. 2013. 10.
304. Yilek, S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Proceedings of the International Conference on Topics in Cryptology, CT-RSA'10, pp. 41-56. Springer-Verlag, San Francisco, CA, USA (2010). doi: 10. 1007/978-3-642-11925-5_4.
305. Yu, A., Sathanur, A., Jandhyala, V.: A partial homomorphic encryption scheme for secure design automation on public clouds. In: IEEE 21st Conference on Electrical Performance of Electronic Packaging and Systems (EPEPS), pp. 177-180. Tempe, AZ, USA (2012). doi: 10. 1109/EPEPS. 2012. 6457871.
306. Yu, H., Powell, N., Stembridge, D., Yuan, X.: Cloud computing and security challenges. In: Proceedings of the 50th Annual Southeast Regional Conference, pp. 298-302. ACM, New York, NY, USA (2012). doi: 10. 1145/2184512. 2184581.
307. Zabidi, M., Maarof, M., Zainal, A.: Malware analysis with multiple features. In: UKSim 14th International Conference on Computer Modelling and Simulation, pp. 231-235. Cambridge, London (2012). doi: 10. 1109/UKSim. 2012. 40.
308. Zhang, F., Huang, Y., Wang, H., Chen, H., Zang, B.: PALM: security preserving VM live migration for systems with VMM-enforced protection. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference, pp. 9-18. IEEE Computer Society, Washington, DC, USA (2008). doi: 10. 1109/APTC. 2008. 15.
309. Zhang, Y., Juels, A., Reiter, M. K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pp. 305-316. ACM, Raleigh, NC, USA (2012). doi: 10. 1145/2382196. 2382230.
310. Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 6th International Conference on Semantics Knowledge and Grid, pp. 105-112. IEEE Computer Society, Washington, DC, USA (2010).
311. Zieg, M.: Separating fact from fiction in cloud computing. Data Center J. (2012).
312. Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583-592 (2010). doi: 10. 1016/j. future. 2010. 12. 006.
313. Zou, B., Zhang, H.: Toward enhancing trust in cloud computing environment. In: 2nd International Conference on Control, Instrumentation and Automation, pp. 364-366 (2011). doi: 10. 1109/ICCIAutom. 2011. 6183990.