From security to assurance in the cloud: A survey

ACM Computing Surveys

Volumn 48, Issue 1, 2015, Pages

  Ardagna, Claudio A ^a   Asal, Rasool ^b   Damiani, Ernesto ^a,b   Vu, Quang Hieu ^b  

^a UNIVERSITY OF MILAN   (Italy)

^b KHALIFA UNIVERSITY   (United Arab Emirates)

Author keywords

Assurance; Cloud computing; Security; Survey; Transparency

Indexed keywords

CLOUD COMPUTING; SURVEYING; SURVEYS; TRANSPARENCY;

ASSURANCE; BUSINESS PROCESS; INFRASTRUCTURE MANAGEMENTS; NON FUNCTIONAL PROPERTIES; NON-FUNCTIONAL ASPECTS; RESEARCH COMMUNITIES; SECURITY; SOFTWARE SERVICES;

INFRASTRUCTURE AS A SERVICE (IAAS);

EID: 84938346780     PISSN: 03600300     EISSN: 15577341     Source Type: Journal    
DOI: 10.1145/2767005     Document Type: Review

References (310)

1. G. Aceto, A. Botta, W. De Donato, and A. Pescapè. 2013. Cloud monitoring: A survey. Computer Networks 57, 9 (June 2013), 2093-2115.
2. Advanced Security Service cERTificate for SOA. 2010. Advanced Security Service cERTificate for SOA. Retrieved from http://assert4soa.eu/.
3. E. Aguiar, Y. Zhang, and M. Blanton. 2013. An overview of issues and recent developments in cloud computing and storage security. In High Performance Semantic Cloud Auditing, B.-Y. Choi, K. Han, and S. Song (Eds.). Springer.
4. M. Ahmed, Q. H. Vu, R. Asal, H. Al Muhairi, and C. Y. Yeun. July 2012. SECRESO: A secure storage model for cloud data based on reed-solomon code. In Proc. of AIM 2012.
5. M. Al Morsy, J. Grundy, and I.Müller. November-December 2010. An analysis of the cloud computing security problem. In Proc. of APSEC-CLOUD 2010.
6. K. Alhamazani, R. Ranjan, K. Mitra, F. Rabhi, S.U. Khan, A. Guabtni, and V. Bhatnagar. 2013. An overview of the commercial cloud monitoring tools: Research dimensions, design issues, and state-of-the-art. CoRR abs/1312.6170 (2013).
7. S. A. Almulla and C. Y. Yeun. March-April 2010. Cloud computing security management. In Proc. of ICESMA 2010. Sharjah, UAE.
8. S. Andreozzi, N. De Bortoli, S. Fantinel, A. Ghiselli, G. Rubini, G. Tortone, and M. C. Vistoli. 2005. GridICE: A monitoring service for grid systems. Future Generation Computer Systems 21, 4 (April 2005), 559-571.
9. Aniketos, ASSERT4SOA, CUMULUS, SecCord. 2013. Specifications identification & gap analysis Use cases 43, 78, 80. Retrieved from http://csc.etsi.org/Application/documentapp/downloadimmediate/?docId=123.
10. M. Anisetti, C. A. Ardagna, and E. Damiani. June 2012. A low-cost security certification scheme for evolving services. In Proc. of IEEE ICWS 2012.
11. M. Anisetti, C. A. Ardagna, and E. Damiani. June-July 2013a. Security certification of composite services: A test-based approach. In Proc. of IEEE ICWS 2013.
12. M. Anisetti, C. A. Ardagna, E. Damiani, P. A. Bonatti, M. Faella, C. Galdi, and L. Sauro. 2014. e-Auctions for multi-cloud service provisioning. In Proc. of IEEE SCC 2014. Anchorage, AL, USA.
13. M. Anisetti, C. A. Ardagna, E. Damiani, and F. Saonara. 2013b. A test-based security certification scheme for web services. ACM TWEB 7, 2 (May 2013), 1-41.
14. C. A. Ardagna, R. Asal, E. Damiani, and Q. H. Vu. March-April 2014. On the management of cloud nonfunctional properties: The cloud transparency toolkit. In Proc. of IFIP NTMS 2014.
15. C. A. Ardagna, E. Damiani, F. Frati, D. Rebeccani, and M. Ughetti. June 2012. Scalability patterns for platform-as-a-service. In Proc. of IEEE CLOUD 2012.
16. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. 2009. Above the Clouds: A Berkeley Review of Cloud Computing. In Tech. Rep. UCB/EECS-2009-28. EECS Department, U.C. Berkeley.
17. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. 2010. A view of cloud computing. CACM 53, 4 (April 2010), 50-58.
18. W. W. Armour et al. 2013. NIST Cloud Computing Security Reference Architecture. NIST Special Publication 500-299. Retrieved from http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST-Security-Reference-Architecture-2013.05.15-v1.0.pdf.
19. V. Attasena, N. Harbi, and J. Darmont. September 2013. Sharing-based privacy and availability of cloud data warehouses. In Proc. of EDA 2013.
20. A. Aviram, S. Hu, B. Ford, and R. Gummadi. October 2010. Determinating timing channels in compute clouds. In Proc. of ACM CCSW 2010.
21. J. Bacon, D. Eyers, T. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch. 2014. Information flow control for secure cloud computing. IEEE TNSM (2014).
22. X. Bai, M. Li, B. Chen, W.-T. Tsai, and J. Gao. December 2011. Cloud testing tools. In Proc. of IEEE SOSE 2011.
23. X. Bai, M. Li, X. Huang, W.-T. Tsai, and J. Gao. May 2013. Vee@Cloud: The virtual test lab on the cloud. In Proc. of AST 2013.
24. G. Ballabio. 2013. Security and availability techniques for cloud-based applications. Computer Fraud & Security 2013, 10 (October 2013), 5-7.
25. L. Baresi and S. Guinea. December 2005. Dynamo: Dynamic monitoring of WS-BPEL processes. In Proc. of ICSOC 2005.
26. A. Barsoum and A. Hasan. 2013. Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE TPDS 24, 12 (December 2013), 2375-2385.
27. F. Benali, N. Bennani, G. Gianini, and S. Cimato. October 2010. A distributed and privacy-preservingmethod for network intrusion detection. In Proc. of OTM 2010.
28. N. Bennani, E. Damiani, and S. Cimato. July 2010. Toward cloud-based key management for outsourced databases. In Proc. of SAPSE 2010.
29. S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. July-August 2006. vTPM: Virtualizing the trusted platform module. In Proc. of USENIX-SS 2006.
30. K. Bernsmed, M. G. Jaatun, P. H. Meland, and A. Undheim. August 2011. Security SLAs for federated cloud services. In Proc. of ARES 2011.
31. K. Bernsmed, M. G. Jaatun, P. H. Meland, and A. Undheim. December 2012. Thunder in the clouds: Security challenges and solutions for federated Clouds. In Proc. of IEEE CloudCom 2012.
32. B. Bertholon, S. Varrette, and P. Bouvry. July 2011. Certicloud: A novel TPM-based approach to ensure cloud IaaS security. In Proc. of IEEE CLOUD 2011.
33. R. Bhadauria and S. Sanyal. 2012. Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques. Retrieved from http://arxiv.org/ftp/arxiv/papers/1204/1204.0764.pdf.
34. D. Bianculli and C. Ghezzi. September 2007. Monitoring conversational web services. In Proc. of IW-SOSWE 2007. Dubrovnik, Croatia.
35. A. Birgisson, J. G. Politz, U. Erlingsson, A. Taly, M. Vrable, and M. Lentczner. February 2014. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In Proc. of NDSS 2014.
36. Z. Birnbaum, B. Liu, A. Dolgikh, Y. Chen, and V. Skormin. June-July 2013. Cloud security auditing based on behavioral modeling. In Proc. of IEEE SERVICES 2013.
37. A. Bisong and S. M. Rahman. 2011. An overview of the security concerns in enterprise cloud computing. CoRR abs/1101.5613 (2011). Retrieved from http://arxiv.org/abs/1101.5613.
38. S. Bleikertz, S. Bugiel, H. Ideler, S. Nürnberger, and A.-R. Sadeghi. June 2013. Client-controlled cryptography-as-a-service in the cloud. In Proc. of ACNS 2013.
39. S. Bleikertz, A. Kurmus, Z. A. Nagy, and M. Schunter. May 2012. Secure cloud maintenance: Protecting workloads against insider attacks. In Proc. of ACM ASIACCS 2012.
40. P. A. Boampong and L. A. Wahsheh. March 2012. Different facets of security in the cloud. In Proc. of CNS 2012.
41. J.-M. Bohli, N. Gruschka, M. Jensen, L. L. Iacono, and N. Marnau. 2013. Security and privacy-enhancing multicloud architectures. IEEE Transactions on Dependable and Secure Computing 10, 4 (July-August 2013), 212-224.
42. G. Booth, A. Soknacki, and A. Somayaji. June 2013. Cloud security: Attacks and current defenses. In Proc. of ASIA 2013.
43. P. Bosc, E. Damiani, and M. Fugini. 2001. Fuzzy service selection in a distributed object-oriented environment. IEEE TFS 9, 5 (2001), 682-698.
44. S. Bouchenak, G. Chockler, H. Chockler, G. Gheorghe, N. Santos, and A. Shraer. 2013. Verifying cloud services: Present and future. ACM SIGOPS Operating Systems Review 47, 2 (July 2013), 6-19.
45. K. D. Bowers, A. Juels, and A. Oprea. November 2009. HAIL: A high-availability and integrity layer for cloud storage. In Proc. of ACM CCS 2009.
46. N. Brender and I. Markov. 2013. Risk perception and risk management in cloud computing: Results from a case study of Swiss companies. IJIM 33, 5 (June 2013), 726-733.
47. J. Buckley, T. Mens, M. Zenger, A. Rashid, and G. Kniesel. 2005. Towards a taxonomy of software change: Research articles. Journal of Software Maintenance and Evolution: Research and Practice - Unanticipated Software Evolution 17, 5 (September 2005), 309-332.
48. S. Bugiel, S. Nürnberger, T. Pöppelmann, A.-R. Sadeghi, and T. Schneider. October 2011. AmazonIA: When elasticity snaps back. In Proc. of ACM CCS 2011.
49. Roland A. Burger, Christian Cachin, and Elmar Husmann. 2013. Cloud, Trust, Privacy - Trustworthy cloud computing whitepaper, 2013. Retrieved from http://www.zurich.ibm.com/-cca/papers/tclouds-white.pdf.
50. T. Caddy. 2011. Side-channel attacks. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.
51. G. Candea, S. Bucur, and C. Zamfir. June 2010. Automated software testing as a service. In Proc. of ACM SoCC 2010.
52. B. Carminati. 2009. Merkle trees. In Encyclopedia of Database Systems, L. Liu, M. T. Özsu, and M. Tamer (Eds.). Springer.
53. E. Casalicchio and L. Silvestri. 2013. Mechanisms for SLA provisioning in cloud-based service providers. Computer Networks 57, 3 (February 2013), 795-810.
54. D. Catteddu and G. Hogben. November 2009a. Cloud Computing: Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (ENISA). Retreived from http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessm ent/at-download/fullReport.
55. D. Catteddu and G. Hogben. November 2009b. Information Assurance Framework. European Network and Information Security Agency (ENISA).
56. CEN. 2014. CEN Workshop on Requirements and Recommendations for Assurance in the Cloud (WS RACS). Retrieved from http://www.cen.eu/work/areas/ICT/eBusiness/Pages/WS-RACS.aspx.
57. Certification infrastrUcture forMUlti-layer cloUd Services 2013. Certification infrastrUcture forMUlti-layer cloUd Services. Retrieved from http://www.cumulus-project.eu/.
58. Certification, InteRnationalisation and standaRdization in cloUd Security 2012. Certification, InteRnationalisation and standaRdization in cloUd Security. Retrieved from http://www.cirrus-project.eu/.
59. W. K. Chan, L. Mei, and Z. Zhang. December 2009. Modeling and testing of cloud applications. In Proc. of IEEE APSCC 2009.
60. N. S. Chauhan, A. Saxena, and J. V. R. Murthy. October 2013. An approach to measure security of cloud hosted application. In Proc. of IEEE CCEM 2013.
61. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. June 2008. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In Proc. of IEEE/IFIP DSN 2008.
62. Y. Chen, V. Paxson, and R. H. Katz. January 2010. What's New About Cloud Computing Security? Technical Report No. UCB/EECS-2010-5. Retrieved from http://www.eecs.Berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html.
63. A. Chonka, Y. Xiang, W. Zhou, and A. Bonti. 2011. Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. Journal of Network and Computer Applications 34, 4 (July 2011), 1097-1107.
64. S. S. M. Chow, C.-K. Chu, X. Huang, J. Zhou, and R. H. Deng. 2012. Dynamic secure cloud storage with provenance. In Cryptography and Security, D. Naccache (Ed.). Springer-Verlag, Berlin, 442-464.
65. M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni. November 2009. Cloud security is not (just) virtualization security. In Proc. of ACM CCSW 2009.
66. C.-K. Chu, S. S. M. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng. 2014. Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE TPDS 25, 2 (February 2014), 468-477.
67. S. Cimato, E. Damiani, F. Zavatarelli, and R. Menicocci. June-July 2013. Towards the certification of cloud services. In Proc. of IEEE SERVICES 2013.
68. CIO. 2012. Creating Effective Cloud Computing Contracts for the Federal Government - Best Practices for Acquiring IT as a Service. Council and Chief Acquisition Officer Council. Retrieved from http://www.gsa.gov/portal/mediaId/164011/fileName/cloudbestpractices.action.
69. L. Ciortea, C. Zamfir, S. Bucur, V. Chipounov, and G. Candea. 2010. Cloud9: A software testing service. ACM SIGOPS Operating Systems Review 43, 4 (January 2010), 5-10.
70. S. Clayman, A. Galis, C. Chapman, G. Toffetti, L. Rodero-Merino, L. Miguel Vaquero, K. Nagin, and B. Rochwerger. 2010. Monitoring service clouds in the future internet. In Towards the Future Internet, G. Tselentis, A. Galis, A. Gavras, S. Krco, V. Lotz, E. Simperl, B. Stiller, and T. Zahariadis (Eds.). IOS Press, 115-126.
71. Cloud Accountability Project 2012. Cloud Accountability Project. Retrieved from http://www.a4cloud.eu/.
72. Cloud Security Alliance. 2010. Guidance for Identity & Access Management V2.1. Retrieved from http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf.
73. Cloud Security Alliance. 2011. Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Retrieved from https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf.
74. Cloud Security Alliance. 2013. The Notorious Nine Cloud Computing Top Threats in 2013. https://downloads.cloudsecurityalliance.org/initiatives/top-threats/The-Notorious-Nine-Cloud-Computing-Top-Threats-in-2013.pdf.
75. Cloud Security on Demand 2012. Cloud Security on Demand. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD-ID=1218817&HistoricalAwards=false.
76. Cloud Standards Customer Council. August 2012. Security for Cloud Computing 10 Steps to Ensure Success. Retrieved from http://www.cloud-council.org/Security-for-Cloud-Computing-Final-080912.pdf.
77. CloudSec. October 2013. A Briefing on Cloud Security Challenges and Opportunities. Retrieved from http://www.telenor.com/wp-content/uploads/2013/11/TelenorWhitepaperCloud-V-30-v.pdf.
78. Continuous Quality Assurance and Optimisation for Cloud brokers 2012. Continuous Quality Assurance and Optimisation for Cloud Brokers. Retrieved from http://www.broker-cloud.eu/.
79. CSA. 2014. CloudAudit: Automated Audit, Assertion, Assessment, and Assurance. Retrieved from https://cloudsecurityalliance.org/research/cloudaudit/.
80. K. Dahbur, B. Mohammad, and A. B. Tarakji. April 2011. A survey of risks, threats and vulnerabilities in cloud computing. In Proc. of ISWSA 2011. Amman, Jordan.
81. E. Damiani, C. A. Ardagna, and N. El Ioini. 2009a. Open source systems security certification. Springer, New York.
82. E. Damiani, N. El Ioini, A. Sillitti, and G. Succi. July 2009b. WS-Certificate. In Proc. of IEEE SERVICES I 2009.
83. W. Dawoud, I. Takouna, and C. Meinel. March 2010. Infrastructure as a service security: Challenges and solutions. In Proc. of INFOS 2010.
84. S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. 2013. Integrity for join queries in the cloud. IEEE TCC 1, 2 (July-December 2013), 187-200.
85. S. De Capitani di Vimercati, S. Foresti, and P. Samarati. 2014. Selective and fine-grained access to data in the cloud. In Secure Cloud Computing, S. Jajodia, K. Kant, P. Samarati, V. Swarup, and C. Wang (Eds.). Springer.
86. M. Dekker and G. Hogben. December 2011. Survey and analysis of security parameters in cloud SLAs across the European public sector. European Network and Information Security Agency (ENISA). Retrieved from http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/survey-and-analysisof-security-parameters-in-cloud-slas-across-the-european-public-sector/at-download/fullReport.
87. Y. Desmedt. 2011. Covert channels. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.
88. M. H. Diallo, B. Hore, E.-C. Chang, S. Mehrotra, and N. Venkatasubramanian. June 2012. CloudProtect: Managing data privacy in cloud applications. In Proc. of IEEE CLOUD 2012. Honolulu, HI, USA.
89. F. Doelitzscher, C. Reich, M. Knahl, andN. Clarke. 2013. Understanding cloud audits. In Privacy and Security for Cloud Computing, S. Pearson and G. Yee (Eds.). Springer London, 125-163.
90. F. Doelitzscher, C. Reich, M. Knahl, A. Passfall, and N. Clarke. 2012. An agent based business aware incident detection system for cloud environments. JoCCASA 1, 1 (2012), 1-19.
91. F. Doelitzscher, T. Ruebsamen, T. Karbe, M. Knahl, C. Reich, and N. Clarke. 2013. Sun behind clouds - On automatic cloud security audits and a cloud audit policy language. International Journal on Advances in Networks and Services 6, 1-2 (2013), 1-16.
92. A. Donevski, S. Ristov, and M. Gusev. May 2013. Security assessment of virtual machines in open source clouds. In Proc. of MIPRO 2013.
93. D. Dranidis, E. Ramollari, and D. Kourtesis. November 2009. Run-time verification of behavioural conformance for conversational web services. In Proc. of IEEE ECOWS 2009.
94. G. Dsouza, G. Rodriguez, Y. Al-Nashif, and S. Hariri. 2013. Building resilient cloud services using DDDAS and moving target defence. JCC 2, 2/3 (2013), 171-190.
95. Empowering the service industry with SLA-aware infrastructures 2008. Empowering the service industry with SLA-aware infrastructures. http://sla-at-soi.eu/.
96. Ensuring Trustworthiness and Security in Service Composition 2010. Ensuring Trustworthiness and Security in Service Composition. http://www.aniketos.eu/.
97. ETSI. November 2013. Cloud Standards Coordination - Final Report. Retrieved from http://csc.etsi.org/Application/documentapp/downloadimmediate/?docId=204.
98. D. A. B. Fernandes, L. F. B. Soares, J. V. Gomes, M. M. Freire, and P. R. M. Inacio. 2013. Security issues in cloud environments: A survey. International Journal of Information Security (September 2013), 1-58.
99. M. Ficco, L. Tasquier, and R. Aversa. October 2013. Intrusion detection in cloud computing. In Proc. of 3PGCIC 2013.
100. R. Focardi, R. Gorrieri, and F. Martinelli. 2004. Classification of security properties (Part II: network security). In Foundations of Security Analysis and Design II - Tutorial Lectures, R. Focardi and R. Gorrieri (Eds.). Springer, Berlin.
101. H. Foster and G. Spanoudakis. March 2011a. Advanced service monitoring configurations with SLA decomposition and selection. In Proc. of ACM SAC 2011.
102. H. Foster and G. Spanoudakis. May 2011b. SMaRT: A workbench for reporting the monitorability of services from SLAs. In Proc. of PESOS 2011.
103. Ganglia. 2014. Homepage. Retrieved from http://ganglia.sourceforge.net/.
104. J. Gao, X. Bai, andW.-T. Tsai. 2011. Cloud testing-issues, challenges, needs and practice. SeiJ 1, 1 (September 2011).
105. J. Gao, X. Bai, W.-T. Tsai, and T. Uehara. 2013. SaaS testing on clouds - Issues, challenges and needs. Proc. of IEEE SOSE 2013 (March 2013).
106. S. K. Garg, S. Versteeg, and R. Buyya. 2013. A framework for ranking of cloud computing services. Future Generation Computer Systems 29, 4 (June 2013), 1012-1023.
107. German Federal Office for Information Security. August 2012. Security Recommendations for Cloud Computing Providers. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Minimum-informa tion/SecurityRecommendationsCloudComputingProviders.pdf?-blob=publicationFile.
108. E. Ghazizadeh, J.-L. A. Manan, M. Zamani, and A. Pashang. December 2012. A survey on security issues of federated identity in the cloud computing. In Proc. of IEEE CloudCom 2012.
109. C. Ghezzi and S. Guinea. 2007. Run-time monitoring in service-oriented architectures. In Test and Analysis of Web Services, L. Baresi and E. Di Nitto (Eds.). Springer, Berlin, 237-264.
110. M. Godfrey and M. Zulkernine. June 2013. A server-side solution to cache-based side-channel attacks in the cloud. In Proc. of IEEE CLOUD 2013.
111. M. Green. 2013. The threat in the cloud. IEEE Security & Privacy 11, 1 (January-February 2013), 86-89.
112. B. Grobauer, T. Walloschek, and E. Stocker. 2011. Understanding cloud computing vulnerabilities. IEEE Security & Privacy 9, 2 (March-April 2011), 50-57.
113. N. Gruschka and L. L. Iacono. July 2009. Vulnerable cloud: SOAP message security validation revisited. In Proc. of IEEE ICWS 2009.
114. N. Gruschka and M. Jensen. July 2010. Attack surfaces: A taxonomy for attacks on cloud services. In Proc. of IEEE CLOUD 2010.
115. A. Haeberlen. 2010. A case for the accountable cloud. ACM SIGOPS Operating Systems Review 44, 2 (April 2010), 52-57.
116. S. Hallé and R. Villemaire. March 2009. Runtime monitoring of web service choreographies using streaming XML. In Proc. of ACM SAC 2009. Honolulu, HI, Hawaii.
117. W. M. Halton and S. Rahman. 2012. The top ten cloud-security practices in next-generation networking. IJCNDS 8, 1/2 (December 2012), 70-84.
118. T. Hanawa, T. Banzai, H. Koizumi, R. Kanbayashi, T. Imada, and M. Sato. April 2010. Large-scale software testing environment using cloud computing technology for dependable parallel and distributed systems. In Proc. of ICSTW 2010.
119. Z. Hao, S. Zhong, and N. Yu. 2011. A time-bound ticket-based mutual authentication scheme for cloud computing. IJCCC 6, 2 (2011), 227-235.
120. K. Hashizume, D. G. Rosado, E. Fernandez-Medina, and E. B. Fernandez. 2013. An analysis of security issues for cloud computing. JISA 4, 1 (2013), 1-13.
121. G. Hogben and M. Dekker. 2012. Procure Secure: A guide to monitoring of security service levels in cloud contracts. European Network and Information Security Agency (ENISA). Retrieved from http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/procure-secure-a-guide-tomonitoring- of-security-service-levels-in-cloud-contracts/at-download/fullReport.
122. V. Holub, T. Parsons, P. O'Sullivan, and J. Murphy. June 2009. Runtime correlation engine for system monitoring and testing. In Proc. of ICAC-INDST 2009.
123. I. Iankoulova and M. Daneva. May 2012. Cloud computings security requirements: A systematic review. In Proc. of RCIS 2012.
124. IATAC and DACS. 2007. Software Security Assurance: State of the Art Report (SOAR). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA472363.
125. A. S. Ibrahim, J. Hamlyn-Harris, and J. Grundy. November-December 2010. Emerging security challenges of cloud virtual infrastructure. In Proc. of APSEC-CLOUD 2010. Sydney, Australia.
126. Infrastructure for Secure Cloud Computing 2013. Infrastructure for Secure Cloud Computing. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD-ID=1253870&HistoricalAwards=false.
127. C. Irvine and T. Levin. December 1999. Toward a taxonomy and costing method for security services. In Proc. of ACSAC 1999.
128. S. Jajodia, W. Litwin, and T. Schwarz. 2013. Recoverable encryption through a noised secret over a large cloud. In Transactions on Large-Scale Data- and Knowledge-Centered Systems IX, A. Hameurlain, J. Küng, and R. Wagner (Eds.). Lecture Notes in Computer Science, Vol. 7980. Springer, Berlin, 42-64.
129. W. Jansen and T. Grance. 2011. Guidelines on Security and Privacy in Cloud Computing. NIST SP-800-144. Retrieved from http://www.nist.gov/manuscript-publication-search.cfm?pub-id=909494.
130. D. Jayasinghe, G. Swint, S. Malkowski, J. Li, Q. Wang, J. Park, and C. Pu. June 2012. Expertus: A generator approach to automate performance testing in IaaS clouds. In Proc. of IEEE CLOUD 2012.
131. C. Jenkins. 2013. The three pillars of a secure hybrid cloud environment. Computer Fraud & Security 2013, 6 (June 2013), 13-15.
132. M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono. July 2009. On technical security issues in cloud computing. In Proc. of IEEE CLOUD 2009.
133. R. Jhawar and V. Piuri. August 2013. Adaptive resource management for balancing availability and performance in cloud computing. In Proc. of SECRYPT 2013.
134. R. Jhawar, V. Piuri, and P. Samarati. December 2012. Supporting security requirements for resource management in cloud computing. In Proc. of IEEE CSE 2012.
135. S. Jin, J. Seol, and S. Maeng. May 2013. Towards assurance of availability in virtualized cloud system. In Proc. of IEEE/ACM CCGrid 2013.
136. A. Juels and A. Oprea. 2013. New approaches to security and availability for cloud data. CACM 56, 2 (February 2013).
137. T. Jung, X.-Y. Li, and Z. Wan. April 2013. Privacy preserving cloud data access with multi-authorities. In Proc. of IEEE INFOCOM 2013.
138. N. Kaaniche, A. Boudguiga, and M. Laurent. June 2013. ID based cryptography for cloud data storage. In Proc. of IEEE CLOUD 2013.
139. L. Kai, T.Weiqin, Z. Liping, and H. Chao. November 2013. SCM: A design and implementation of monitoring system for cloudstack. In Proc. of CSC 2013.
140. C. Kalloniatis, V. Manousakis, H. Mouratidis, and S. Gritzalis. April 2013. Migrating into the cloud: Identifying the major security and privacy concerns. In Proc. of IFIP I3E 2013.
141. S. Kang, J. Lee, H. Jang, H. Lee, Y. Lee, S. Park, T. Park, and J. Song. June 2008. SeeMon: Scalable and energy-efficient context monitoring framework for sensor-rich mobile environments. In Proc. of MobiSys 2008.
142. L. M. Kaufman. 2010. Can public-cloud security meet its unique challenges? IEEE Security & Privacy 8, 4 (July-August 2010), 55-57.
143. U. Khalid, A. Ghafoor, M. Irum, andM. A. Shibli. September 2013. Cloud based secure and privacy enhanced authentication & authorization protocol. In Proc. of KES 2013.
144. K. M. Khan and Q. Malluhi. 2010. Establishing trust in cloud computing. IT Professional 12, 5 (September- October 2010), 20-27.
145. T. M. King and A. S. Ganti. April 2010. Migrating autonomic self-testing to the cloud. In Proc. of ICSTW 2010.
146. R. B. Knode. 2009. Digital Trust in the Cloud: Liquid Security in Cloudy Places. CSC. Retrieved from http://assets1.csc.com/au/downloads/0610-20-Digital-trust-in-the-cloud.pdf.
147. F. Koeppe and J. Schneider. November-December 2010. Do you get what you pay for? using proof-of-work functions to verify performance assertions in the cloud. In Proc. of IEEE CloudCom 2010.
148. D. Kourtesis, E. Ramollari, D. Dranidis, and I. Paraskakis. 2010. Increased reliability in SOA environments through registry-based conformance testing ofWeb services. Production Planning & Control 21, 2 (2010), 130-144.
149. F. J. Krautheim. June 2009. Private virtual infrastructure for cloud computing. In Proc. of HotCloud 2009. San Diego, CA, USA.
150. M. Krotsiani, G. Spanoudakis, and K. Mahbub. August 2013. Incremental certification of cloud services. In Proc. of SECURWARE 2013.
151. A. Kurmus, M. Gupta, R. Pletka, C. Cachin, and R. Haas. December 2011. A comparison of secure multitenancy architectures for filesystem storage clouds. In Proc. of ACM/IFIP/USENIX Middleware 2011.
152. U. Lang. November-December 2010. OpenPMF SCaaS: Authorization as a service for cloud & SOA applications. In Proc. of IEEE CloudCom 2010.
153. J.-H. Lee, M.-W. Park, J.-H. Eom, and T.-M. Chung. February 2011. Multi-level intrusion detection system and log management in cloud computing. In Proc. of ICACT 2011. Gangwon-Do, South Korea.
154. H. Li, Y. Dai, and B. Yang. 2011a. Identity-based cryptography for cloud security. IACR Cryptology ePrint Archive 2011 (2011), 169.
155. J. Li, B. Li, T. Wo, C. Hu, J. Huai, L. Liu, and K. P. Lam. 2011b. CyberGuarder: A virtualization security assurance architecture for green cloud computing. Future Generation Computer Systems 28, 2 (May 2011), 379-390.
156. M. Li, W. Zang, K. Bai, M. Yu, and P. Liu. December 2013. MyCloud: Supporting user-configured privacy protection in cloud computing. In Proc. of ACSAC 2013.
157. B. Libert and J.-J. Quisquater. 2011. Identity-based cryptosystems. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.
158. H.-Y. Lin and W.-G. Tzeng. 2012. A secure erasure code-based cloud storage system with secure data forwarding. IEEE TPDS 23, 6 (June 2012), 995-1003.
159. H. Liu. October 2010. A new form of DOS attack in a cloud and its avoidance mechanism. In Proc. of ACM CCSW 2010.
160. X. Liu, Y. Xia, S. Jiang, F. Xia, and Y. Wang. July 2013. Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In Proc. of IEEE TrustCom 2013.
161. F. Lombardi and R. Di Pietro. 2011. Secure virtualization for cloud computing. Journal of Network and Computer Applications 34, 4 (July 2011), 1113-1122.
162. F. Lombardi and R. Di Pietro. March 2010. Transparent security for Cloud. In Proc. of ACM SAC 2010.
163. W. Lu, X. Hu, S. Wang, and X. Li. 2014. A multi-criteria QoS-aware trust service composition algorithm in cloud computing environments. IJGDC 7, 1 (2014), 77-88.
164. W. Luo, L. Xu, Z. Zhan, Q. Zheng, and S. Xu. 2014. Federated cloud security architecture for secure and agile clouds. In High Performance Cloud Auditing and Applications, K. J. Han, B.-Y. Choi, and S. Song (Eds.). Springer, New York.
165. W. Ma, X. Li, Y. Shi, and Y. Guo. 2013. A virtual machine cloning approach based on trusted computing. TELKOMNIKA 11, 11 (November 2013), 6935-6942.
166. I. MacNeil and X. Li. 2006. "Comply or explain": Market discipline and non-compliance with the Combined Code. Corporate Governance: An International Review 14, 5 (2006), 486-496.
167. K. Mahbub and G. Spanoudakis. 2007. Monitoring WS-agreements: An event calculusbased approach. In Test and Analysis of Web Services, L. Baresi and E. Di Nitto (Eds.). Springer, Berlin, 265-306.
168. K. Mahbub and G. Spanoudakis. November 2004. A framework for requirements monitoring of service based systems. In Proc. of ICSOC 2004.
169. R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou. June 2012. A whitebox approach for automated security testing of android applications on the cloud. In Proc. of AST 2012.
170. S. Mansfield-Devine. 2008. Danger in the clouds. Network Security 2008, 12 (December 2008), 9-11.
171. D. C. Marinescu, A. Paya, J. P. Morrison, and P. D. Healy. 2013. An auction-driven self-organizing cloud delivery model. CoRR abs/1312.2998 (2013).
172. M. L. Massie, B. N. Chun, and D. E. Culler. 2004. The ganglia distributed monitoring system: Design, implementation, and experience. Parallel Comput. 30, 7 (July 2004), 817-840.
173. M. Massie, B. Li, B. Nicholes, V. Vuksan, R. Alexander, J. Buchbinder, F. Costa, A. Dean, D. Josephsen, P. Phaal, and D. Pocock. 2012. Monitoring with Ganglia - Tracking Dynamic Host and Application Metrics at Scale. O'Reilly Media.
174. M. McIntosh and P. Austel. November 2005. XML signature element wrapping attacks and countermeasures. In Proc. of SWS 2005. Fairfax, VA, USA.
175. S. Mei, H. Ba, F. Tu, J. Ren, and Z. Wang. September 2013. TTP-ACE: A trusted third party for auditing in cloud environment. In Proc. of ICSCTEA 2013. September.
176. P. Mell and T. Grance. 2011. The NIST Definition of Cloud Computing. NIST SP-800-145. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.
177. S. Meng and L. Liu. 2013. Enhanced monitoring-as-a-service for effective cloud management. IEEE TC 62, 9 (September 2013), 1705-1720.
178. C. Modi, D. Patel, B. Borisaniya, A. Patel, andM. Rajarajan. 2013a. A survey on security issues and solutions at different layers of cloud computing. Journal of Supercomputing 63, 2 (February 2013).
179. C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan. 2013b. A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications 36, 1 (June 2013), 42-57.
180. M. H. Mohamaddiah, A. Abdullah, S. Subramaniam, and M. Hussin. 2014. A survey on resource allocation and monitoring in cloud computing. IJMLC 4, 1 (February 2014).
181. A. T. Monfared and M. G. Jaatun. November-December 2011. Monitoring intrusions and security breaches in highly distributed cloud environments. In Proc. of IEEE CloudCom 2011.
182. J. Moreno. 2010. A Testing Framework for Cloud Storage Systems. Master Thesis - ETH Zürich. Retreived from http://e-collection.library.ethz.ch/eserv/eth:1987/eth-1987-01.pdf.
183. T. Morris. 2011. Trusted platform module. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.
184. O. Moser, F. Rosenberg, and S. Dustdar. April 2008. Non-intrusive monitoring and service adaptation for WS-BPEL. In Proc. of WWW 2008.
185. H. Mouratidis, S. Islam, C. Kalloniatis, and S. Gritzalis. 2013. A framework to support selection of cloud providers based on security and privacy requirements. JSS 86, 9 (March 2013), 2276-2293.
186. A. Muñoz and A. Maña. June 2013. Bridging the GAP between software certification and trusted computing for securing cloud computing. In Proc. of IEEE SERVICES 2013.
187. I. Muttik and C. Barton. 2009. Cloud security technologies. Information Security Technical Report 14, 1 (2009), 1-6.
188. M. Nabeel, N. Shang, and E. Bertino. 2013. Privacy preserving policy-based content sharing in public clouds. IEEE TKDE 25, 11 (November 2013), 2602-2614.
189. Nagios. 2014. Cloud Computing. Retrieved from http://www.nagios.com/solutions/cloud-computing.
190. Network of Excellence on Engineering Secure Future Internet Software Services and Systems. 2010. Network of Excellence on Engineering Secure Future Internet Software Services and Systems. Retrieved from http://www.nessos-project.eu/.
191. J. Ni, Y. Yu, Y. Mu, and Q. Xia. 2014. On the security of an efficient dynamic auditing protocol in cloud storage. IEEE TPDS (2014).
192. K. Okamura and Y. Oyama. March 2010. Load-based covert channels between xen virtual machines. In Proc. of ACM SAC 2010. Sierre, Switzerland.
193. M. Okuhara, T. Shiozaki, and T. Suzuki. 2010. Security architectures for cloud computing. Fujitsu Scientific and Technical Journal 46, 4 (October 2010), 397-402.
194. OpenStack Open Source Cloud Computing Software 2015. OpenStack Open Source Cloud Computing Software. Retrieved from https://www.openstack.org/.
195. N. Paladi, C. Gehrmann, and F. Morenius. March 2013. State of The Art and Hot Aspects in Cloud Data Storage Security. SICS technical report T2013:01.
196. M. P. Papazoglou, V. Andrikopoulos, and S. Benbernou. 2011. Managing evolving services. IEEE Software 28, 3 (May-June 2011), 49-55.
197. S. Paquette, P. T. Jaeger, and S. C. Wilson. 2010. Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly 27, 3 (April 2010), 245-253.
198. K.-W. Park, J. Han, J. Chung, and K. H. Park. 2013. THEMIS: A mutually verifiable billing system for the cloud computing environment. IEEE TSC 6, 3 (July-September 2013), 300-313.
199. T. Parveen and S. Tilley. April 2010. When to migrate software testing to the cloud?. In Proc of ICSTW 2010.
200. A. Patel, M. Taghavi, K. Bakhtiyari, and J. Celestino JúNior. 2013. An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications 36, 1 (January 2013), 25-41.
201. E. Pattuk, M. Kantarcioglu, V. Khadilkar, H. Ulusoy, and S. Mehrotra. June 2013. BigSecret: A secure data management framework for key-value stores. In Proc. of IEEE CLOUD 2013.
202. M. Pearce, S. Zeadally, and R. Hunt. 2013. Virtualization: Issues, security threats, and solutions. ACMCSUR 45, 2 (February 2013), 17:1-17:39.
203. S. Pearson. 2011. Toward accountability in the cloud. IEEE Internet Computing 15, 4 (2011), 64-69.
204. S. Pearson. 2013. Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing, S. Pearson and G. Yee (Eds.). Springer London, 3-42.
205. S. Pearson and A. Benameur. November-December 2010. Privacy, security and trust issues arising from cloud computing. In Proc. of IEEE CloudCom 2010.
206. S. Pearson, Y. Shen, and M. Mowbray. December 2009. A privacy manager for cloud computing. In Proc. of CloudCom 2009.
207. D. Perez-Botero, J. Szefer, and R. B. Lee. May 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proc. of ASIACCS-SCC 2013.
208. G. Peterson. 2010. Don't trust. and verify: A security architecture stack for the cloud. IEEE Security & Privacy 8, 5 (September-October 2010), 83-86.
209. C. Pham, D. Chen, Z. Kalbarczyk, and R. K. Iyer. June 2011. CloudVal: A framework for validation of virtualization environment in cloud infrastructure. In Proc of IEEE/IFIP DSN 2011.
210. Policy and Security Configuration Management 2010. Policy and Security Configuration Management. Retrieved from http://www.posecco.eu/.
211. G. Porter. 2013. Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I. Technical Note, CMU/SEI-2013-TN-020.
212. B. Preneel. 2011. MAC algorithms. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.
213. B. Qin, H. Wang, Q. Wu, J. Liu, and J. Domingo-Ferrer. 2013. Simultaneous authentication and secrecy in identity-based data upload to cloud. Cluster Computing 16, 4 (April 2013), 845-859.
214. M. N. Rajkumar, V. V. Kumar, and R. Sivaramakrishnan. 2013. Efficient integrity auditing services for cloud computing using raptor codes. In Proc. of ACM RACS 2013.
215. J. Rao, Y. Wei, J. Gong, and C.-Z. Xu. 2013. QoS guarantees and service differentiation for dynamic cloud applications. IEEE TNSM 10, 1 (March 2013), 43-55.
216. H. Rasheed. 2013. Data and infrastructure security auditing in cloud computing environments. IJIM (December 2013).
217. M. Raykova, H. Zhao, and S. M. Bellovin. February-March 2012. Privacy enhanced access control for outsourced data sharing. In Proc. of FC 2012.
218. K. Ren, C. Wang, and Q. Wang. 2012. Security challenges for the public cloud. IEEE Internet Computing 16, 1 (January-February 2012), 69-73.
219. Resources and Services Virtualization without Barriers 2008. Resources and Services Virtualization without Barriers. http://www.reservoir-fp7.eu/.
220. Risk Assessment Techniques for Off-line and On-line Security Evaluation of Cloud Computing 2013. Risk Assessment Techniques for Off-line and On-line Security Evaluation of Cloud Computing. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD-ID=1332035&HistoricalAwards=false.
221. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. November 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proc. of ACM CCS 2009.
222. L. M. Riungu, O. Taipale, and K. Smolander. November-December 2010. Research issues for software testing in the cloud. In Proc. of IEEE CloudCom 2010.
223. F. Rocha and M. Correia. June 2011. Lucy in the sky without diamonds: Stealing confidential data in the cloud. In Proc. of IEEE/IFIP DSN-W 2011.
224. L. Rodero-Merino, L. M. Vaquero, E. Caron, A. Muresan, and F. Desprez. 2012. Building safe PaaS clouds: A survey on security in multitenant software platforms. Computers & Security 31, 1 (February 2012), 96-108.
225. C. Rong, S. T. Nguyen, and M. G. Jaatun. 2013. Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering 39, 1 (May 2013), 47-54.
226. S. Ruj, M. Stojmenovic, and A. Nayak. 2014. Decentralized access control with anonymous authentication of data stored in clouds. IEEE TPDS 25, 2 (February 2014), 384-394.
227. M. D. Ryan. 2013. Cloud computing security: The scientific challenge, and a survey of solutions. JSS 86, 9 (February 2013), 2263-2268.
228. S. H. Ryu, F. Casati, H. Skogsrud, B. Betanallah, and R. Saint-Paul. 2008. Supporting the dynamic evolution of web service protocols in service-oriented architectures. ACM TWEB 2, 2 (April 2008), 13:1-13:46.
229. S. Sakr and A. Liu. June 2012. SLA-based and consumer-centric dynamic provisioning for cloud databases. In Proc. of IEEE CLOUD 2012.
230. M. Salifu, Yijun Yu, and B. Nuseibeh.October 2007. Specifyingmonitoring and switching problems in context. In Proc. of IEEE RE 2007.
231. N. Santos, R. Rodrigues, K. P. Gummadi, and S. Saroiu. August 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Proc. of USENIX Security Symposium 2012.
232. P. Saripalli and B. Walters. 2010. QUIRC: A quantitative impact and risk assessment framework for cloud security. In Proc. of IEEE CLOUD 2010.
233. M. Schumacher, E. B. Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad. 2006. Security Patterns: Integrating security and systems engineering. Wiley.
234. Secure and Privacy-assured Data Service Outsourcing in Cloud Computing 2012. Secure and Privacy-assured Data Service Outsourcing in Cloud Computing. http://www.nsf.gov/awardsearch/showAward?AWD-ID=1262277&HistoricalAwards=false.
235. Secure Data-Intensive Computing on Hybrid Clouds 2012. Secure Data-Intensive Computing on Hybrid Clouds. http://www.nsf.gov/awardsearch/showAward?AWD-ID=1223495&HistoricalAwards=false.
236. Secure Provision and Consumption in the Internet of Services 2010. Secure Provision and Consumption in the Internet of Services. Retrieved from http://www.spacios.eu/.
237. Secure Provisioning of Cloud Services based on SLAmanagement 2013. Secure Provisioning of Cloud Services Based on SLA Management. Retrieved from http://specs-project.eu/.
238. J. Sedayao, S. Su, X. Ma, M. Jiang, and K. Miao. December 2009. A simple technique for securing data at rest stored in a computing cloud. In Proc. of CloudCom 2009. Beijing, China.
239. SEI. 2011. Securing Web Services for Army SOA. Retrieved from http://www.sei.cmu.edu/solutions/softwaredev/securing-web-services.cfm.
240. S. Sengupta, V. Kaulgud, and V. S. Sharma. July 2011. Cloud computing security-trends and research directions. In Proc. of IEEE SERVICES 2011.
241. J. Shao, H. Wei, Q. Wang, and H. Mei. July 2010. A runtime model based monitoring approach for cloud. In Proc. of IEEE CLOUD 2010.
242. S. Shetty. June-July 2013. Auditing and analysis of network traffic in cloud environment. In Proc. of IEEE SERVICES 2013.
243. A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. October 2010. Venus: Verification for untrusted cloud storage. In Proc. of ACM CCSW 2010.
244. J. Simmonds, Y. Gan, M. Chechik, S. Nejati, B. O'Farrell, E. Litani, and J. Waterhouse. 2009. Runtime monitoring of web service conversations. IEEE TSC 2, 3 (July-September 2009), 223-244.
245. M. Singhal, S. Chandrasekhar, T. Ge, R. Sandhu, R. Krishnan, G.-J. Ahn, and E. Bertino. 2013. Collaboration in multicloud computing environments: Framework and security issues. Computer 46, 2 (February 2013), 76-84.
246. J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono. 2011. All your clouds are belong to us: Security analysis of cloud management interfaces. In Proc. of ACM CCSW 2011.
247. Z. Song, J.Molina, S. Lee, H. Lee, S. Kotani, and R. Masuoka. 2009. TrustCube: An infrastructure that builds trust in client. In Future of Trust in Computing, D. Gawrock, H. Reimer, A.-R. Sadeghi, and C. Vishik (Eds.). Vieweg+Teubner, 68-79.
248. G. Spanoudakis, E. Damiani, and A. Maña. October 2012. Certifying services in cloud: The case for a hybrid, incremental and multi-layer approach. In Proc. of IEEE HASE 2012.
249. M. K. Srinivasan, K. Sarukesi, P. Rodrigues, M. S.Manoj, and P. Revathy. August 2012. State-of-the-art cloud computing security taxonomies: A classification of security challenges in the present cloud computing environment. In Proc. of ICACCI 2012.
250. M. Srivatsa and A. Iyengar. 2011. Application-level denial of service. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.
251. O. Starov and S. Vilkomir. May 2013. Integrated TaaS platform for mobile development: Architecture solutions. In Proc. of AST 2013.
252. E. Stefanov, M. van Dijk, A. Juels, and A. Oprea. December 2012. Iris: A scalable cloud file system with efficient integrity checks. In Proc. of ACSAC 2012.
253. S. J. Stolfo, M. B. Salem, and A. D. Keromytis. May 2012. Fog computing: Mitigating insider data theft attacks in the cloud. In Proc. of IEEE SPW 2012.
254. S. Subashini and V. Kavitha. 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34, 1 (January 2011), 1-11.
255. A. Sulistio and C. Reich. September 2013. Towards a self-protecting cloud. In Proc. of OTM 2013.
256. S. Sundareswaran, A. C. Squicciarini, and D. Lin. 2012. Ensuring distributed accountability for data sharing in the cloud. IEEE TDSC 9, 4 (July 2012), 556-568.
257. A. Sunyaev and S. Schneider. 2013. Cloud services certification. CACM 56, 2 (February 2013), 33-36.
258. J. Szefer and R. B. Lee. 2014. Hardware-enhanced security for cloud computing. In Secure Cloud Computing, S. Jajodia, K. Kant, P. Samarati, V. Swarup, and C. Wang (Eds.). Springer.
259. H. Takabi and J. B. D. Joshi. January 2012. Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment. In Proc. of HICSS 2012.
260. H. Takabi, J. B. D. Joshi, and Gail-Joon Ahn. 2010b. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 6 (November-December 2010), 24-31.
261. H. Takabi, J. B. D. Joshi, and G.-J. Ahn. July 2010a. SecureCloud: Towards a comprehensive security framework for cloud computing environments. In Proc. of IEEE COMPSACW 2010.
262. T. Takahashi, G. Blanc, Y. Kadobayashi, D. Fall, H. Hazeyama, and S. Matsuo. April 2012. Enabling secure multitenancy in cloud computing: Challenges and approaches. In Proc. of BCFIC 2012.
263. Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman. 2012. Secure overlay cloud storage with access control and assured deletion. IEEE TDSC 9, 6 (November 2012), 903-916.
264. D. Thebeau II, B. Reidy, R. Valerdi, A. Gudagi, H. Kurra, Y. Al-Nashif, S. Hariri, and F. Sheldon. March 2014. Improving cyber resiliency of cloud application services by applying software behavior encryption (SBE). In Proc. of CSER 2014.
265. Trend Micro. April 2013. Best Practices for Security and Compliance with Amazon Web Services. Retrieved from https://reinvent.awsevents.com/files/Trend Micro-Whitepaper.pdf.
266. H.-L. Truongc and T. Fahringer. 2004. SCALEA-G: A unified monitoring and performance analysis system for the grid. Scientific Programming 12, 4 (December 2004), 225-237.
267. H.-Y. Tsai, M. Siebenhaar, A. Miede, Y.-L. Huang, and R. Steinmetz. 2012. Threat as a service? virtualization's impact on cloud security. IT Professional 14, 1 (January-February 2012), 32-37.
268. W.-T. Tsai, P. Zhong, J. Balasooriya, Y. Chen, X. Bai, and J. Elston. June-July 2011. An approach for service composition and testing for cloud computing. In Proc. of ISADS 2011.
269. P. K. Tysowski and M. A. Hasan. 2013. Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE TCC 1, 2 (July 2013), 172-186.
270. M. van Dijk, A. Juels, A. Oprea, R. L. Rivest, E. Stefanov, and N. Triandopoulos. October 2012. Hourglass schemes: How to prove that cloud files are encrypted. In Proc. of ACM CCS 2012. Raleigh, NC, USA.
271. E. van Veenendaal. October 2012. Standard glossary of terms used in Software Testing. International Software Testing Qualifications Board (ISTQB). Retrieved from http://www.istqb.org/downloads/finish/20/101.html.
272. L. M. Vaquero, L. Rodero-Merino, and D. Moran. 2011. Locking the sky: A survey on IaaS cloud security. Computing 91, 1 (January 2011), 93-118.
273. M. Velten and F. Stumpf. November 2013. Secure and privacy-aware multiplexing of hardware-protected TPM integrity measurements among virtual machines. In Proc. of ICISC 2012.
274. Z.Wan, J. Liu, and R.-H. Deng. 2012. HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE TIFS 7, 2 (April 2012), 743-754.
275. B.Wang, S. S. M. Chow, M. Li, and H. Li. July 2013a. Storing shared data on the cloud via security-mediator. In Proc. of IEEE ICDCS 2013.
276. B.Wang, B. Li, and H. Li. 2014. Oruta: Privacy-preserving public auditing for shared data in the cloud. IEEE TCC (2014).
277. B. Wang, B. Li, and H. Li. April 2013. Public auditing for shared data with efficient user revocation in the cloud. In Proc. of IEEE INFOCOM 2013.
278. C. Wang, N. Cao, K. Ren, and W. Lou. 2012. Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE TPDS 23, 8 (August 2012), 1467-1479.
279. C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou. 2013b. Privacy-preserving public auditing for secure cloud storage. IEEE TC 62, 2 (February 2013), 362-375.
280. C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou. 2012. Toward secure and dependable storage services in cloud computing. IEEE TSC 5, 2 (April 2012), 220-232.
281. C. Wang, Q. Wang, K. Ren, and W. Lou. March 2010. Privacy-preserving public auditing for data storage security in cloud computing. In Proc. of IEEE INFOCOM 2010.
282. M. Wang, V. Holub, T. Parsons, J. Murphy, and P. O'Sullivan. March 2010. Scalable run-time correlation engine for monitoring in a cloud computing environment. In Proc. of IEEE ECBS 2010.
283. Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li. 2011. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE TPDS 22, 5 (May 2011), 847-859.
284. J. Wei, C. Pu, C. V. Rozas, A. Rajan, and F. Zhu. November-December 2013. Modeling the runtime integrity of cloud servers: A scoped invariant perspective. In Proc. of IEEE CloudCom 2010.
285. L. Wei and M. K. Reiter. September 2012. Third-party private DFA evaluation on encrypted files in the cloud. In Proc. of ESORICS 2012.
286. L. Wei and M. K. Reiter. September 2013. Ensuring file authenticity in private DFA evaluation on encrypted files in the cloud. In Proc. of ESORICS 2013. Egham, UK.
287. L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, and A.V. Vasilakos. April 2014. Security and privacy for storage and computation in cloud computing. Information Sciences 258 (April April 2014), 371-386.
288. P. Wieder, J. M. Butler, W. Theilmann, and R. Yahyapour. 2011. Service Level Agreements for Cloud Computing. Springer.
289. Z. Xiao and Y. Xiao. 2013. Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials 15, 2 (April-June 2013), 843-859.
290. T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar. March 2013. SnortFlow: A openflow-based intrusion prevention system in cloud environment. In Proc. of GENI GREE 2012.
291. L. Xu, X. Cao, Y. Zhang, and W. Wu. 2013a. Software service signature (s3) for authentication in cloud computing. Cluster Computing 16, 4 (December 2013), 905-914.
292. Z. Xu, C. Wang, Q. Wang, K. Ren, and L. Wang. April 2013b. Proof-carrying cloud computation: The case of convex optimization. In Proc. of IEEE INFOCOM 2013. Turin, Italy.
293. K. Yang and X. Jia. 2013. An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE TPDS 24, 9 (September 2013), 1717-1726.
294. K. Yang, X. Jia, K. Ren, and B. Zhang. April 2013. DAC-MACS: Effective data access control for multiauthority cloud storage systems. In Proc. of IEEE INFOCOM 2013. Turin, Italy.
295. L. Ye, H. Zhang, J. Shi, and X. Du. December 2012. Verifying cloud service level agreement. In Proc. of IEEE GLOBECOM 2012. Anaheim, CA, USA.
296. Y. A. Younis, M. Merabti, and K. Kifayat. 2013. Secure Cloud Computing for Critical Infrastructure A Survey. Retrieved from http://www.cms.livjm.ac.uk/pgnet2013/proceedings/papers/1569764399.pdf.
297. J. Yu, P. Lu, Y. Zhu, G. Xue, and M. Li. 2013a. Toward secure multikeyword top-k retrieval over encrypted cloud data. IEEE TDSC 10, 4 (July 2013), 239-250.
298. L. Yu, W.-T. Tsai, X. Chen, L. Liu, Y. Zhao, L. Tang, and W. Zhao. June 2010a. Testing as a service over cloud. In Proc. of IEEE SOSE 2010.
299. S. Yu, Y. Tian, S. Guo, and D. Wu. 2013b. Can we beat DDoS attacks in clouds? IEEE TPDS (July 2013).
300. S. Yu, C. Wang, K. Ren, and W. Lou. March 2010b. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. of IEEE INFOCOM 2010.
301. S. Zawoad, A. K. Dutta, and R. Hasan. May 2013. SecLaaS: Secure logging-as-a-service for cloud forensics. In Proc. of ACM ASIACCS 2013.
302. P. Zech. March 2011. Risk-based security testing in cloud computing environments. In Proc. of IEEE ICST 2011.
303. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. October 2012. Cross-VM side channels and their use to extract private keys. In Proc. of ACM CCS 2012.
304. Y. Zhang and M. K. Reiter. November 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proc. of ACM CCS 2013.
305. L. Zhao, Y. Ren, M. Li, and K. Sakurai. 2012. Flexible service selection with user-specific QoS support in service-oriented architecture. Journal of Network and Computer Applications 35, 3 (March 2012), 962-973.
306. M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou. November 2010. Security and privacy in cloud computing: A survey. In Proc. of SKG 2010.
307. Y. Zhu, G.-J. Ahn, H. Hu, S. S. Yau, H. G. An, and C.-J. Hu. 2013. Dynamic audit services for outsourced storages in clouds. IEEE TSC 6, 2 (April 2013), 227-238.
308. Y. Zhu, H. Hu, G.-J. Ahn, D. Huang, and S. Wang. March 2012. Towards temporal access control in cloud computing. In Proc. of IEEE INFOCOM 2012.
309. D. Zissis and D. Lekkas. 2012. Addressing cloud computing security issues. Future Generation Computer Systems 28, 3 (March 2012), 583-592.
310. D. Zou, W. Zhang, W. Qiang, G. Xiang, L. T. Yang, H. Jin, and K. Hu. 2013. Design and implementation of a trusted monitoring framework for cloud platforms. Future Generation Computer Systems 29, 8 (October 2013), 2092-2102.