On cloud security attacks: A taxonomy and intrusion detection and prevention as a service

Journal of Network and Computer Applications

Volumn 74, Issue , 2016, Pages 98-120

  Iqbal, Salman ^a   Mat Kiah, Miss Laiha ^a   Dhaghighi, Babak ^a   Hussain, Muzammil ^a   Khan, Suleman ^a   Khan, Muhammad Khurram ^b   Raymond Choo, Kim Kwang ^c,d,e  

^a UNIVERSITY OF MALAYA   (Malaysia)

^b KING SAUD UNIVERSITY   (Saudi Arabia)

^c UNIVERSITY OF TEXAS AT SAN ANTONIO   (United States)

^d UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

^e CHINA UNIVERSITY OF GEOSCIENCES   (China)

Author keywords

Cloud computing; Intrusion detection; Security attacks; Taxonomy

Indexed keywords

CLOUD COMPUTING; INFRASTRUCTURE AS A SERVICE (IAAS); INTRUSION DETECTION; MERCURY (METAL); PLATFORM AS A SERVICE (PAAS); SOFTWARE AS A SERVICE (SAAS); TAXONOMIES;

CLOUD ENVIRONMENTS; CLOUD SECURITIES; IN-DEPTH UNDERSTANDING; INTRUSION DETECTION AND PREVENTION; MITIGATION STRATEGY; SECURITY ATTACKS; SECURITY REQUIREMENTS; SYSTEM DESIGNERS;

WEB SERVICES;

EID: 84983503423     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2016.08.016     Document Type: Review

References (141)

1. Ab Rahman, N.H., Choo, K.-K.R., A survey of information security incident handling in the cloud. Comput. Secur. 49 (2015), 45–69.
2. Alizadeh, M., et al. Authentication in mobile cloud computing: a survey. J. Netw. Comput. Appl., 2015.
3. Almomani, A., et al. A survey of phishing email filtering techniques. Commun. Surv. Tutor. IEEE 15:4 (2013), 2070–2090.
4. Alqahtani, S.M., Balushi, M.A. and John, R., 2014. An intelligent intrusion detection system for cloud computing (SIDSCC). In: Proceedings of the 2014 International Conference on Computational Science and Computational Intelligence (CSCI), IEEE.
5. Alqahtani, S.M., Balushi, M.A. John, R., 2014. An intelligent intrusion prevention system for cloud computing (SIPSCC). In: Proceedings of the 2014 International Conference on Computational Science and Computational Intelligence (CSCI), IEEE.
6. AlZain, M.A., Soh, B., Pardede, E., 2011. MCDB: Using Multi-clouds to Ensure Security in Cloud Computing. In: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE.
7. Anitha, E., Malliga, S., 2013. A packet marking approach to protect cloud environment against DDoS attacks. In: Proceedings of the 2013 International Conference on Information Communication and Embedded Systems (ICICES), IEEE.
8. Araújo, J.D., Abdelouahab, Z., Virtualization in intrusion detection systems: a study on different approaches for cloud computing environments. IJCSNS, 12(11), 2012, 10.
9. Armbrust, M., et al. A view of cloud computing. Commun. ACM 53:4 (2010), 50–58.
10. Arshad, J., Townend, P., Xu, J., An abstract model for integrated intrusion detection and severity analysis for clouds. Int. J. Cloud Appl. Comput. (IJCAC) 1:1 (2011), 1–16.
11. Ayodele, T. and Adeegbe, D., 2013. Cloud based emails boundaries and vulnerabilities. In: Proceedings of the Science and Information Conference (SAI), 2013. IEEE.
12. Azeez, A., et al., 2010 Multi-tenant SOA middleware for cloud computing. In: Proceedings of the Cloud Computing (Cloud), 2010 IEEE 3rd International Conference on, 2010. IEEE.
13. Bakshi, A., Yogesh, B., 2010. Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Proceedings of the Communication Software and Networks, 2010. ICCSN'10. Second International Conference on, 2010. IEEE.
14. Barron, C., H., Yu, Zhan, J., 2012. Cloud computing security case studies and research. In: Proceedings of the World Congress on Engineering. 2013.
15. Bhadauria, R., et al., 2011. A survey on security issues in cloud computing. arXiv preprint arXiv:1109.5388, 2011.
16. Bhadauria, R., Sanyal, S., 2012. Survey on security issues in cloud computing and associated mitigation techniques. arXiv preprint arXiv:1204.0764, 2012.
17. Bharadwaja, S., et al., 2011. Collabra: a xen hypervisor based collaborative intrusion detection system. In: Proceedings of the Information Technology: New Generations (ITNG), 2011 Eighth International Conference on, 2011. IEEE.
18. Bouayad, A., et al., 2012. Cloud computing: security challenges. In: Proceedings of the Information Science and Technology (CIST), 2012 Colloquium in. 2012. IEEE.
19. Bradai, A., Afifi, H., Enforcing trust-based intrusion detection in cloud computing using algebraic methods. In: Proceedings of the Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2012 International Conference on. 2012. IEEE.
20. Brunette, G., Mogull, R., Security guidance for critical areas of focus in cloud computing v2.1. Cloud Secur. Alliance, 2009, 1–76.
21. Bryan Williams, T.C., Virtualization System Security. 2010, IBM.
22. Chen, Z., et al. Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua Sci. Technol. 18:1 (2013), 40–50.
23. Chen, Q., et al., 2011. CBF: A packet filtering method for DDoS attack defense in cloud environment. In: Proceedings of the Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on, 2011. IEEE.
24. Chonka, A., Abawajy, J., 2012. Detecting and mitigating HX-DoS attacks against cloud web services. In: Proceedings of the Network-Based Information Systems (NBiS), 2012 15th International Conference on, 2012. IEEE.
25. Chung, C.-J., et al. NICE: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secur. Comput., 2013, 1.
26. Corporation, P.S., 2008. SaaS Security and privacy.
27. Council, S.-a.-a.-S.E., 2006. Software-as-a-Service; A Comprehensive Look at the Total Cost of Ownership of Software Applications.
28. Dastjerdi, A.V., Bakar, K.A., Tabatabaei, S.G.H., 2009. Distributed intrusion detection in clouds using mobile agents. In: Proceedings of the Advanced Engineering Computing and Applications in Sciences, 2009. ADVCOMP'09. Third International Conference on, 2009. IEEE.
29. Dawoud, W., TakounaI., I., Meinel, C., 2010. Infrastructure as a service security: Challenges and, solutions. In: Proceedings of the Informatics and Systems (INFOS), 2010 The 7th International Conference on. 2010. IEEE.
30. Dinesha, H., Agrawal, V., 2012. Multi-level authentication technique for accessing cloud services. In: Proceedings of the Computing, Communication and Applications (ICCCA), 2012 International Conference on, 2012. IEEE.
31. Ding, B., et al., 2012. Return-oriented programming attack on the Xen hypervisor. In: Proceedings of the Availability, Reliability and Security (ARES), 2012 Seventh International Conference on, 2012. IEEE.
32. Duncan, A., et al., 2013. Cloud Computing: Insider Attacks on Virtual Machines during Migration. In: Proceedings of the Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on, 2013. IEEE.
33. Duncan, A.J., Creese, S., Goldsmith, M., 2012. Insider attacks in cloud computing. In: Proceedings of the Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. 2012. IEEE.
34. Ferguson, E., Weber, J., Hasan, R., 2012. Cloud based content fetching: Using cloud infrastructure to obfuscate phishing scam analysis. In: Proceedings of the Services (SERVICES), 2012 IEEE Eighth World Congress on. 2012. IEEE.
35. FireHost, 2012. Cross-Site Scripting Attacks Up 160% in Final Quarter of 2012; Available from: 〈http://www.firehost.com/company/newsroom/web-application-attack-report-fourth-quarter-2012〉.
36. Gani, A., et al. A review on interworking and mobility techniques for seamless connectivity in mobile cloud computing. J. Netw. Comput. Appl. 43 (2014), 84–102.
37. Garfinkel, T., et al. Terra: A Virtual Machine-based Platform For Trusted Computing. ACM SIGOPS Operating Systems Review, 2003, ACM,.
38. Garg, S., Saran, H., 2008. Anti-DDoS Virtualized Operating System. In: Proceedings of the Availability, Reliability and Security, 2008. ARES 08. Third International Conference on, 2008. IEEE.
39. Godfrey, M. and Zulkernine, M., 2013. A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud. In: Proceedings of the Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on, 2013. IEEE.
40. Grispos, G., Glisson, W.B., Storer T., 2013. Cloud security challenges: Investigating policies, standards, and guidelines in a fortune 500 organization. arXiv preprint arXiv:1306.2477, 2013.
41. Guan, Y. and Bao, J., 2009. A CP intrusion detection strategy on cloud computing. In: Proceedings of the 2009 International Symposium on Web Information Systems and Applications (WISA’09). 2009.
42. Gupta, S., et al., 2012. A fingerprinting system calls approach for intrusion detection in a cloud environment. In: CASoN.
43. Hamad, H., Al-Hoby, M., Managing intrusion detection as a service in cloud networks. Int. J. Comput. Appl. 41:1 (2012), 35–40.
44. Hamdi, M., 2012. Security of cloud computing, storage, and networking. In: Proceedings of the Collaboration Technologies and Systems (CTS), 2012 International Conference on, 2012. IEEE.
45. Harnik, D., Pinkas, B., Shulman-Peleg, A., Side channels in cloud services: deduplication in cloud storage. Secur. Priv. IEEE 8:6 (2010), 40–47.
46. Houmansadr, A., Zonouz, S.A., Berthier, R., 2011. A cloud-based intrusion detection and response system for mobile phones. In: Proceedings of the Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on, 2011. IEEE.
47. Ibrahim, A.S., et al., 2011. Cloudsec: a security monitoring appliance for virtual machines in the iaas cloud model. In: Proceedings of the Network and System Security (NSS), 2011 5th International Conference on. 2011. IEEE.
48. Jensen, M., et al., 2009. On technical security issues in cloud computing. In: Proceedings of the Cloud Computing, 2009. CLOUD'09. IEEE International Conference on, 2009. IEEE.
49. Jia, T., Wang, X., The research and design of intelligent IPS model based on dynamic cloud firewall linkage. Int. J. Digit. Content Technol. Appl. 5:3 (2011), 304–309.
50. Juliadotter, N.V., Choo, K.-K.R., Chapter 3 - CATRA: Conceptual cloud attack taxonomy and risk assessment framework, in The Cloud Security Ecosystem. 2015, Syngress: Boston. pp. 37–81.
51. Kang, L., Zhang, X., 2010. Identity-based authentication in cloud storage sharing. In: Proceedings of the Multimedia Information Networking and Security (MINES), 2010 International Conference on, 2010. IEEE.
52. Karnwal, T., Thandapanii, S., Gnanasekaran, A., A Filter tree approach to protect cloud computing against XML DDoS and HTTP DDoS attack. Intelligent Informatics, 2013, Springer, 459–469.
53. Katkamwar, N.S., Puranik, A.G., Deshpande, P., Securing cloud servers against flooding based DDoS attacks. Int. J. Appl. Innov. Eng. Manag. (IJAIEM) 1:3 (2012), 50–55.
54. Khan, S., et al. A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing. Sci. World J., 2014 2014.
55. Khan, S., et al. Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66 (2016), 214–235.
56. Khan, S., et al. Cloud log forensics: foundations, state of the art, and future directions. ACM Comput. Surv. (CSUR), 49(1), 2016, 7.
57. Khan, S., et al. Forensic challenges in mobile cloud computing. In: Proceedings of the Computer, Communications, and Control Technology (I4CT), 2014 International Conference on. 2014. IEEE.
58. Khan, S., et al., 2015. SIDNFF: Source identification network forensics framework for cloud computing. In: Proceedings of the Consumer Electronics-Taiwan (ICCE-TW), 2015 IEEE International Conference on, 2015. IEEE.
59. Khonji, M., Iraqi, Y., Jones, A., Phishing detection: a literature survey. Commun. Surv. Tutor. IEEE 15:4 (2013), 2091–2121.
60. Khorshed, M.T., Ali, A.S. Wasimi, S.A., 2011. Monitoring insiders activities in cloud computing using rule based learning. In: Proceedings of the Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on. 2011. IEEE.
61. Khune, R., Thangakumar, J., 2012. A cloud-based intrusion detection system for Android smartphones. In: Proceedings of the International conference on radar, communication and computing, India. 2012.
62. Kourai, K., Azumi, T., Chiba, S., 2012. A self-protection mechanism against stepping-stone attacks, for IaaS clouds. In: Proceedings of the Ubiquitous Intelligence & Computing and 9th International Conference on Autonomic & Trusted Computing (UIC/ATC), 2012 9th International Conference on. 2012. IEEE.
63. Kwon, H., et al. Self-similarity based lightweight intrusion detection method for cloud computing. Intelligent Information and Database Systems, 2011, Springer, 353–362.
64. Lee, J.-H., et al., 2011. Multi-level intrusion detection system and log management in cloud computing. In: Proceedings of the Advanced Communication Technology (ICACT), 2011 13th International Conference on, 2011. IEEE.
65. Li, T., et al., 2011. LARX: Large-scale anti-phishing by retrospective data-exploring based on a cloud computing platform. In: Proceedings of the Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on, 2011. IEEE.
66. Lin, C.-H., et al., 2010. A detection scheme for flooding attack on application layer based on semantic concept. In: Proceedings of the Computer Symposium (ICS), 2010 International. 2010. IEEE.
67. Lin, W. and Lee, D., 2012. Traceback Attacks in Cloud–Pebbletrace Botnet. In: Proceedings of the Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on. 2012. IEEE.
68. Liu, J., et al. Application partitioning algorithms in mobile cloud computing: taxonomy, review and future directions. J. Netw. Comput. Appl. 48 (2015), 99–117.
69. Liu, F., et al., 2009. The design and application of Xen-based host system firewall and its extension. In: Proceedings of the Electronic Computer Technology, 2009 International Conference on. 2009. IEEE.
70. Lo, C.-C., Huang, C.-C., Ku., J. A cooperative intrusion detection system framework for cloud computing networks. In: Proceedings of the Parallel Processing Workshops (ICPPW), 2010 39th International Conference on. 2010. IEEE.
71. Lomotey, R.K., Deters, R., 2013. SaaS Authentication Middleware for Mobile Consumers of IaaS Cloud. in Services (SERVICES), 203 IEEE Ninth World Congress on, 2013. IEEE.
72. Manvi, S.S., Shyam, G.K., Resource management for Infrastructure as a Service (IaaS) in cloud computing: a survey. J. Netw. Comput. Appl. 41 (2014), 424–440.
73. Mazzariello, C., Bifulco, R., Canonico, R., 2010. Integrating a network ids into an open source cloud computing environment. In: Proceedings of the Information Assurance and Security (IAS), 2010 Sixth International Conference on. 2010. IEEE.
74. Meng, Y., Li, W., Kwok, L.-F., 2013. Design of cloud-based parallel exclusive signature matching model in intrusion detection. In: Proceedings of the High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (HPCC_EUC), 2013 IEEE 10th International Conference on. 2013. IEEE.
75. Modi, C., et al. A survey on security issues and solutions at different layers of cloud computing. J. Supercomput. 63:2 (2013), 561–592.
76. Mohamed, H., et al., 2013. A collaborative intrusion detection and prevention system in cloud computing. In: Proceedings of the AFRICON, 2013. 2013. IEEE.
77. Mundada, Y., Ramachandran, A., Feamster, N., Silverline: data and network isolation for cloud services. Proc HotCloud, 2011.
78. Nasridinov, A., Byun, J.-Y., Park, Y.-H., 2012. UNWRAP: An approach on wrapping-attack tolerant SOAP messages. In: Proceedings of the Cloud and Green Computing (CGC), 2012 Second International Conference on. 2012. IEEE.
79. Nepal, S., Ranjan, R., Choo, K.-K.R., Trustworthy processing of healthcare big data in hybrid clouds. Cloud Comput. IEEE 2:2 (2015), 78–84.
80. Nikolai, J., Wang, Y., 2014. Hypervisor-based cloud intrusion detection system. In: Proceedings of the Computing, Networking and Communications (ICNC), 2014 International Conference on. 2014. IEEE.
81. Nkosi, L., Tarwireyi, P., Adigun, M.O., 2013. Detecting a malicious insider in the cloud environment using sequential rule mining. In: Proceedings of the Adaptive Science and Technology (ICAST), 2013 International Conference on. 2013. IEEE.
82. Nkosi, L., Tarwireyi, P., Adigun, M.O., 2013. Insider threat detection model for the cloud. In: Proceedings of the Information Security for South Africa, 2013. IEEE.
83. Oktay, U., Aydin, M.A., Sahingoz, O.K., 2013. A circular chain intrusion detection for cloud computing based on improved AdjointVM approach. In: Proceedings of the Computational Intelligence and Informatics (CINTI), 2013 IEEE 14th International Symposium on. 2013. IEEE.
84. Oktay, U., Sahingoz, O., 2013. Proxy Network Intrusion Detection System for cloud computing. In: Proceedings of the Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 2013 International Conference on. 2013. IEEE.
85. Oliveira, D., et al., 2008. Bezoar: Automated virtual machine-based full-system recovery from control-flow hijacking attacks. In: Proceedings of the Network Operations and Management Symposium, 2008. NOMS 2008. IEEE. 2008. IEEE.
86. Osanaiye, O., Choo, K.-K.R., Dlodlo, M., Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud ddos mitigation framework. J. Netw. Comput. Appl., 2016.
87. Oyama, Y., Hoshi, Y., 2011. A hypervisor for injecting scenario-based attack effects. In: Proceedings of the Computer Software and Applications Conference (COMPSAC), 2011 IEEE 35th Annual. 2011. IEEE.
88. Patel, A., et al. An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appl. 36:1 (2013), 25–41.
89. Potlapally, N.R., et al., 2007. Aiding side-channel attacks on cryptographic software with satisfiability-based analysis. Very Large Scale Integr (VLSI) Syst, IEEE Transactions on 15, 4, pp. 465–470.
90. Prokhorenko, V., Choo, K.-K.R., Ashman, H., Web application protection techniques: a taxonomy. J. Netw. Comput. Appl. 60 (2016), 95–112.
91. Qaisar, S., Khawaja, K.F., Cloud computing: network/security threats and countermeasures. Interdiscip. J. Contemp. Res. Bus. 3:9 (2012), 1323–1329.
92. Qi, H., et al. Sierpinski triangle based data center architecture in cloud computing. J. Supercomput. 69:2 (2014), 887–907.
93. Reuben, J.S., A Survey on Virtual Machine Security. 2007, Helsinki University of Technology,.
94. Revar, A.G., Bhavsar, M.D., 2011. Securing user authentication using single sign-on in Cloud Computing. In: Proceedings of the Engineering (NUiCONE), 2011 Nirma University International Conference on. 2011. IEEE.
95. Ristenpart, T., et al., 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the Proceedings of the 16th ACM conference on Computer and communications security. 2009. ACM.
96. Rocha, F., Gross, T., van Moorsel, A., 2013. Defense-in-depth against malicious insiders in the cloud. In: Proceedings of the Cloud Engineering (IC2E), 2013 IEEE International Conference on. 2013. IEEE.
97. Rodero-Merino, L., et al. Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31:1 (2012), 96–108.
98. Roschke, S., Cheng, F., Meinel, C., 2009. An extensible and virtualization-compatible IDS management architecture. In: Proceedings of the Information Assurance and Security, 2009. IAS'09. Fifth International Conference on. 2009. IEEE.
99. S., Fiebig, et al., 2013. Detecting VM Live Migration using a Hybrid External Approach. In: CLOSER. 2013.
100. Sabahi, F., 2011. Virtualization-level security in cloud computing. In: Proceedings of the Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on. 2011. IEEE.
101. Sawesi, K.G.A., Saudi, M.M., Jali, M.Z., 2013. Designing a new E-Commerce authentication framework for a cloud-based environment. In: Proceedings of the Control and System Graduate Research Colloquium (ICSGRC), 2013 IEEE 4th. IEEE.
102. Saxena, A., et al., 2013. Detecting SOQL-injection vulnerabilities in sales force applications. In: Proceedings of the Advances in Computing, Communications and Informatics (ICACCI), 2013 International Conference on. 2013. IEEE.
103. Scarfone, K., Guide to Security For Full Virtualization Technologies. 2011, DIANE Publishing.
104. Shaikh, R., Sasikumar, M., Trust model for measuring security strength of cloud computing service. Procedia Comput. Sci. 45 (2015), 380–389.
105. Shameli-Sendi, A., et al. Taxonomy of distributed denial of service mitigation approaches for cloud computing. J. Netw. Comput. Appl. 58 (2015), 165–179.
106. Shea, R., Liu, J., 2012. Understanding the impact of denial of service attacks on virtual machines. In: Proceedings of the 2012 IEEE 20th International Workshop on Quality of Service 2012 IEEE Press.
107. Shi, J., et al., 2011. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: Proceedings of the Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on. 2011. IEEE.
108. Shiraz, M., et al. A study on the critical analysis of computational offloading frameworks for mobile cloud computing. J. Netw. Comput. Appl. 47 (2015), 47–60.
109. Simou, S., et al. Cloud forensics: identifying the major issues and challenges. Advanced Information Systems Engineering, 2014, Springer.
110. Stefanov, E., Shi, E., 2013. Oblivistore: high performance oblivious cloud storage. In: Proceedings of the Security and Privacy (SP), 2013 IEEE Symposium on. 2013. IEEE.
111. Subashini, S., Kavitha, V., A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34:1 (2011), 1–11.
112. Sun, D., et al. Surveying and analyzing security, privacy and trust issues in cloud computing environments. Procedia Eng. 15 (2011), 2852–2856.
113. Sun, Y., He., D., 2012. Model checking for the defense against cross-site scripting attacks. In: Proceedings of the Computer Science & Service System (CSSS), 2012 International Conference on. 2012. IEEE.
114. Suzaki, K., 2012. Security on cloud storage and IaaS, in Taiwan-Japan Workshop 2012/Nov/272012.
115. Szefer, J., et al. Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the Proceedings of the 18th ACM conference on Computer and communications security. 2011. ACM.
116. Takabi, H., Joshi, J.B., Ahn, G.-J., Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6 (2010), 24–31.
117. Telegraph, T., 2009. Facebook users targeted by hackers in successful phishing attack, Available from: 〈http://www.telegraph.co.uk/technology/facebook/5326971/Facebook-users-targeted-by-hackers-in-successful-phishing-attack.html〉.
118. Toosi, A.N., Calheiros, R.N., Buyya, R., Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Comput. Surv. (CSUR), 47(1), 2014, 7.
119. Tupakula, U., Varadharajan, V., AkkuN., 2011. Intrusion detection techniques for infrastructure as a service cloud. In: Proceedings of the Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on. 2011. IEEE.
120. Turnbull, L., Shropshire, J., 2013. Breakpoints: an analysis of potential hypervisor attack vectors. In: Proceedings of the Southeastcon, IEEE. 2013. IEEE.
121. Vieira, K., et al. Intrusion detection for grid and cloud computing. IT Prof. 12:4 (2010), 38–43.
122. VivinSandar, S., Shenai, S., Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. Int. J. Comput. Appl. 41:20 (2012), 11–16.
123. Volokyta, A., Kokhanevych, I., Ivanov, D., 2012. Secure virtualization in cloud computing.
124. Wang, Z., Jiang, X., 2010. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the Security and Privacy (SP), 2010 IEEE Symposium on. 2010. IEEE.
125. Whaiduzzaman, M., et al. A survey on vehicular cloud computing. J. Netw. Comput. Appl. 40 (2014), 325–344.
126. Xia, Y., et al., 2012. Defending against VM rollback attack. In: Proceedings of the Dependable Systems and Networks Workshops (DSN-W), 2012 IEEE/IFIP 42nd International Conference on. 2012. IEEE.
127. Xiao, Z., Xiao, Y., Security and privacy in cloud computing. Commun. Surv. Tutor. IEEE 15:2 (2013), 843–859.
128. Xie, W., et al., 2013. Cloud-based RFID authentication. In: Proceedings of the RFID (RFID), 2013 IEEE International Conference on. 2013. IEEE.
129. Y., Gilad, et al., CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds.
130. Yang, L., et al., 2012. Defense of DDoS attack for cloud computing. In: Proceedings of the Computer Science and Automation Engineering (CSAE), 2012 IEEE International Conference on. 2012. IEEE.
131. Yaseen, Q., Panda, B., 2010. Malicious modification attacks by insiders in relational databases: prediction and prevention. In: Proceedings of the Social Computing (SocialCom), 2010 IEEE Second International Conference on. 2010. IEEE.
132. Yassin, A.A., et al., 2012. Anonymous password authentication scheme by using digital signature and fingerprint in cloud computing. In: Proceedings of the Cloud and Green Computing (CGC), 2012 s International Conference on. 2012. IEEE.
133. Yassin, W., et al., 2012. A cloud-based intrusion detection service framework. In: Proceedings of the Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on. 2012. IEEE.
134. You, P., et al., 2012. Security issues and solutions in cloud computing. In: Proceedings of the Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on. 2012. IEEE.
135. Yu, S., Gui, X., Lin, J., 2013. An approach with two-stage mode to detect cache-based side channel attacks. In: Proceedings of the Information Networking (ICOIN), 2013 International Conference on. 2013. IEEE.
136. Yu, X., Wen, Q., 2010. A view about cloud data security from data life cycle. In: Proceedings of the Computational Intelligence and Software Engineering (CiSE), 2010 International Conference on. 2010. IEEE.
137. Zhang, F., et al., 2008. PALM: security preserving VM live migration for systems with VMM-enforced protection. In: Proceedings of the Trusted Infrastructure Technologies Conference, 2008. APTC'08. Third Asia-Pacific. 2008. IEEE.
138. Zhang, Y., et al., 2006. Virtual-machine-based intrusion detection on file-aware block level storage. In: Proceedings of the Computer Architecture and High Performance Computing, 2006. SBAC-PAD'06. 18th International Symposium on. 2006. IEEE.
139. Zhang, Y., et al., 2011. Homealone: Co-residency detection in the cloud via side-channel analysis. In: Proceedings of the security and Privacy (SP), 2011 IEEE Symposium on. 2011. IEEE.
140. Zhang, Y., et al., 2012. Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on Computer and communications security. 2012. ACM.
141. Zissis, D., Lekkas, D., Addressing cloud computing security issues. Futur. Gener. Comput. Syst. 28:3 (2012), 583–592.