Security transparency: the next frontier for security research in the cloud

Journal of Cloud Computing

Volumn 4, Issue 1, 2015, Pages

  Ouedraogo, Moussa ^a   Mignon, Severine ^a   Cholez, Herve ^a   Furnell, Steven ^b   Dubois, Eric ^a  

^a LUXEMBOURG INSTITUTE OF SCIENCE AND TECHNOLOGY   (Luxembourg)

^b UNIVERSITY OF PLYMOUTH   (United Kingdom)

Author keywords

Cloud Services; Mutual audits; Security and protection; Security transparency; Trusted cloud services

Indexed keywords

CLOUD COMPUTING; DISTRIBUTED DATABASE SYSTEMS; MOBILE SECURITY; TRANSPARENCY; UBIQUITOUS COMPUTING; WEB SERVICES;

CLOUD SERVICE PROVIDERS; CLOUD SERVICES; MUTUAL AUDITS; SECURITY AND PRIVACY; SECURITY AND PROTECTION; SECURITY RESEARCH; STATE OF THE ART; TRUSTED CLOUDS;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 85006218746     PISSN: None     EISSN: 2192113X     Source Type: Journal    
DOI: 10.1186/s13677-015-0037-5     Document Type: Article

References (75)

1. Anthes G (2010) Security in the cloud. Communication of the ACM 53(11):16–18, ACM digital library, New York
2. Schneier B (2009) Cloud computing. Accessed 11th February, 2014 from http://www.schneier.com/blog/archives/2009/06/cloud_computing.html
3. Horch A, Christmann C, Kett H, Falkner J, Anette Weisbecker A (2013) Essential Elements of an SME-specific Search of Trusted Cloud Services. In: Proceedings of CLOSER. Springer, Heidelberg, pp 88–94
4. Dorey P.G., Leite A. (2011) Commentary: Cloud computing – A security problem or solution? Information Security Technical Report, 16 (3–4), pp. 89–96, Elsevier
5. El-Gazzar RF (2013) Cloud Computing Adoption Factors and Processes for Enterprises - A Systematic Literature Review. In: Proceedings of CLOSER. Springer, Berlin, pp 78–87
6. Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11, Elsevier
7. Lombardi F, Di Pietro R (2011) Secure virtualization for cloud computing. J Netw Comput Appl 34(4):1113–22, Elsevier
8. Rodero-Merino L, Vaquero LM, Caron E, Muresan A, Desprez F (2012) Building safe PaaS clouds: a survey on security in multitenant software platforms. Computers & Security 31(1):96–108
9. Vaquero LM, Rodero-Merino L, Morán D (2011) Locking the sky: a survey on IaaS cloud security. Computing 91(1):93–118, Springer, Vienna
10. Chen Y, Paxson V, Katz RH (2010). What’s New About Cloud Computing Security? Report EECS Department, University of California, Berkeley. Accessed September 13, 2012 from http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
11. Hu F, Qiu M, Li J, Grant T, Tylor D, McCaleb S, Butler L, Hamner R (2011) A review on cloud computing: design challenges in architecture and security. J Comput Info Technol 19(1):25–55
12. Popović K, Hocenski Z (2010) Cloud computing security issues and challenges. In: Proceedings of the 33rd International Convention. IEEExplore, Opatija, pp 344–349
13. Oza NV, Karppinen K, Savola R (2010) User Experience and Security in the Cloud -- An Empirical Study in the Finnish Cloud Consortium. In: Proceeding of CloudCom. IEEExplore, Indianapolis, pp 621–628
14. Jansen W, Grance T (2011) Guidelines on Security and Privacy in Public Cloud Computing, NIST SP 800–144. National Institute of Standardisation and technology, Gaithersburg
15. Teneyuca D (2011) Internet cloud security: the illusion of inclusion. Info Security Technical Report 16(3–4):102–7, Elsevier
16. Cloud Security Alliance (2010) Top Threats to Cloud Computing. Accessed 21 March 2014 from https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
17. Ouedraogo M, Islam S (2015) Towards the Integration of Security Transparency in the Modelling and Design of Cloud Based Systems, In proceedings of CAiSE Workshops 2015: 495-506, Lecture Notes in Business Information Processing Springer International Publishing Switzerland.
18. Cloud Security Alliance –CSA (2011). Cloud Controls Matrix v.1.3, Accessed 23rd March 2014 from: https://cloudsecurityalliance.org/
19. Gellman R (2009) Privacy in the clouds: risks to privacy and confidentiality from cloud computing. Report, World Privacy Forum (WPF)
20. rd October, 2014 from http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
21. rd March, 2014 from http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
22. Santos N, Gummadi KP, Rodrigues R (2009) Towards Trusted Cloud Computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing (HOTCLOUD). USENIX, San Diego
23. Brodkin J. (2009) Cloud computing outages: Amazon customers the latest to suffer downtime. Accessed 12th March 2014 from: http://www.networkworld.com/community/node/48961
24. Cloud Security Alliance. (2013) The Notorious Nine Cloud Computing Top Threats in 2013. Accessed 20 October 2014 from https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013/
25. Mills E. (2012) Cybercriminals move to the cloud, Accessed 12th December, 2013 from: http://news.cnet.com/8301-1009_3-57464177-83/cybercrime-moves-to-the-cloud/
26. McAfee and Guardian Analytics. (2012) Dissecting Operation High Roller. Accessed 10 February 2014 from: http://www.mcafee.com/mx/resources/reports/rp-operation-high-roller.pdf
27. Srinivasan MK, Sarukesi K, Rodrigues P, Manoj SM, Revathy P (2012) State-of-the-art cloud computing security taxonomies: a classification of security challenges in the present cloud computing environment. In: Proceeding of ICACCI. ACM digital library, New York, pp 470–476
28. Winkler V. (2011) Securing the cloud- cloud computer security techniques and tactics. Syngress
29. Garfinkel T., Pfaff B, Chow J, Rosenblum M, Boneh D. (2003) Terra: a virtual machine-based platform for trusted computing. In: Proceedings of SOSP 2003, ACM
30. Krautheim FJ (2009) Private Virtual Infrastructure for Cloud Computing. In: Proceedings of the HOTCLOUD conference 2009. ACM, New York
31. Arshad J, Townend P, Jie X (2009) Quantification of Security for Compute Intensive Workloads in Clouds. In: Proceedings of the 15th International Conference on Parallel and Distributed Systems. IEEE, Shenzhen
32. De Chaves SA, Uriarte RB, Westphall CB (2011) Towards an architecture for monitoring private clouds. IEEE Commun Mag 49(12):130–7, IEEE
33. Savola R, Juhola A, Uusitalo I (2010) Towards wider cloud service applicability by security, privacy and trust measurements. In: Proceedings of the 4th Int. Conf. on Application of Information and Communication Technologies (AICT’10). IEEE, Tashkent, pp 45–50
34. Rak M, Liccardo L, Aversa R (2011) A SLA-based interface for security management in cloud and GRID integrations. In: Proceedings of the 7th International Conference on Information Assurance and Security (IAS). IEEE, Melaka, pp 378–383
35. Rak M, Luna J, Petcu D, Casola V, Suri N, Villano U. (2013) Security as a Service Using an SLA-based Approach via SPECS. In:Proceedings of IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), pp, 1 – 6, IEEE
36. Wieder P, Butler JM, Theilmann W, Yahyapour R (eds) (2011) Service Level Agreements for Cloud Computing. Springer-Verlag, New York
37. Lorenzoli D, Spanoudakis G (2010) EVEREST+: Runtime SLA Violations Prediction. In: Proceedings of the 5th Middleware for Service-oriented Computing Workshop. ACM, New York
38. Shanahan M (1999) The event calculus explained. In Artificial Intelligence LNAI 1600:409–30
39. Chazalet A (2010) Service level checking in the cloud computing context. In: Proceedings of the third International Conference on Cloud Computing. IEEE, Miami, pp 297–304
40. Kohne A, Spohr M, Nagel L, Spinczyk O (2014) FederatedCloudSim: a SLA-aware federated cloud simulation framework. Proceedings of the 2nd International Workshop on CrossCloud Systems, ACM, New York
41. Maity S, Chaudhuri A (2014) Optimal negotiation of SLA in federated cloud using multiobjective genetic algorithms. In: Proceedings of CLOUDNET 2014. IEEExplore, New York, pp 269–271
42. Nuñez D, Fernandez – Gago C, Pearson S, Felici M. (2013) A Metamodel for Measuring Accountability Attributes in the Cloud. In: Proceedings of the 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), IEEE
43. Petcu D (2014) A taxonomy for SLA-based monitoring of cloud security. COMPSAC 2014:640–1
44. Rodero-Merino L, Vaquero LM, Gil V, Galán F, Fontán J, Montero RS, Llorente IM (2010) From infrastructure delivery to service management in clouds. Future Generation of ComputerSystems 26(8):1226–40
45. Sunyaev A, Schneider S (2013) Cloud services certification. Communication of the ACM 56(2):33–36, ACM digital Library, New York
46. Cloud Security Alliance –CSA. (2012). Consensus Assessments Initiative Questionnaire 1.1. Available at: https://cloudsecurityalliance.org
47. TÜV Rheinland’s. (2014) certification for cloud providers, Accessed on 20th October 2014 from: //www.tuv.com/en/corporate/business_customers/information_scuriy_cw/strategic_information_security/cloud_security_certification/cloud_security_certification.html
48. Schneider S, Lansing J, Gao F, Sunyaev A (2014) A Taxonomic Perspective on Certification Schemes: Development of a Taxonomy for Cloud Service Certification Criteria. In: Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS 2014). IEEE, Waikoloa
49. AICPA. (2012) Statement on Auditing Standards (SAS) n°70. Accessed October 20, 2013. from http://sas70.com/sas70_overview.html
50. Juels A, Kaliski BS Jr (2007) Pors: proofs of retrievability for large files. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security (CCS 2007). ACM Digital library, New York, pp 584–597
51. Wang C, Wang Q, Ren K, Lou W (2010) Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing. In: Proceedings of the 29th conference on Information Communications (INFOCOM 2010). IEEE, San Diego, pp 525–533
52. Kerschbaum F.(2013) Searching over encrypted data in cloud systems, in: Proceedings of SACMAT 2013, pp.87-88, ACM ditigal library
53. Zhu Y, Hu H, Ahn GJ, Yau SS (2012) Efficient audit service outsourcing for data integrity in clouds. J Syst Softw 85(5):108–1095, Elsevier
54. Gentry C (2009) Fully Homomorphic Encryption Using Ideal Lattices. In: Proceedings of the 41st annual ACM Symposium on Theory of Computing (STC 2009). ACM, NewYork, pp 169–178
55. López-Alt A, Tromer E, Vaikuntanathan V (2012) On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of STOC 2012. ACM, New York, pp 1219–1234
56. Kamara S, Lauter K (2010) Cryptographic cloud storage. In: Proceedings of Financial Cryptography. Workshop on Real-Life Cryptographic, Protocols and Standardization, Springer, Heidelberg
57. Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson NJZ, Song D (2007) Provable Data Possession at Untrusted Stores. In: Proceedings of CCS’07, Alexandria, VA. ACM, New York, pp 598–609
58. Shacham H, Waters B (2008) Compact proofs of retrievability. In: Advances in Cryptology (Asiacrypt ’08), vol. 5350, Lecture Notes in Computer Science. Springer, Heidelberg, pp 90–107
59. Dodis Y, Vadhan S, Wichs D (2009) Proofs of retrievability via hardness amplification. In: Theory of Cryptography Conference, vol. 5444 of Lecture Notes in Computer Science. Springer, Heidelberg, pp 109–127
60. Rübsamen T., Reich C. (2013) Cloud Audits and Privacy Risks. In: Proceedings of OTM conferences, LNCS V8185, pp 403–4013, Springer
61. Doelitzscher F, Reich C, Knahl M, Clarke N (2012) An agent based business aware incident detection system for cloud environments. Journal of Cloud Computing:Advances, Systems and Applications 1(9):1–19, Springer-Verlag, Berlin
62. Ouedraogo M, Mouratidis H, Hecker A, Bonhomme C, Khadraoui D, Dubois E, Preston D (2011) A new approach to evaluating security assurance. In: Proceedings of the 7th International Conference on Information Assurance and Security (IAS). IEEExplore, New York, pp 215–221
63. Ouedraogo M, Savola R, Mouratidis H, Preston D, Kadraoui D, Dubois E (2013) Taxonomy of quality metrics for assessing assurance of security correctness’. Softw Qual J 21(1):67–97, Springer, US
64. Ouedraogo M, Khadraoui D, Mouratidis H, Dubois E (2012) Appraisal and reporting of security assurance at operational systems level. Journal of software and system and software 85(1):193–208, Elsevier
65. Ouedraogo M, Mouratidis M. (2013) Selecting a cloud service provider in the age of cybercrime, Computers & Security, vol.38, pp.3-13 Special issue on Cybercrime in the Digital Economy, Elsevier
66. Pauley W (2010) Cloud provider transparency: an empirical evaluation. IEEE Security & Privacy 8(6):32–3, IEEExplore, New York
67. Etzion O., Niblett P. (2010) Event Processing in Action. Manning Publications Company 2010, ISBN 978-1-935182-21-4, pp. I-XXIV, 1–360
68. Luckham DC (2005) The power of events - an introduction to complex event processing in distributed enterprise systems. ACM, New York, p I-XIX, 1–376. ISBN 978-0-201-72789-0
69. Anicic D, Rudolph S, Fodor P, Stojanovic N (2012) Real-time complex event recognition and reasoning-a logic programming approach. Appl Artif Intell 26(1–2):6–57
70. Cugola G, Margara A (2012) Complex event processing with T-REX. J Syst Softw 85(8):1709–28
71. Zhang RJ, Unger EA (1996) Event Specification and Detection, technical report. University, Kansas State
72. Waltermire D, Schmidt C, Scarfone K, Ziring N (2011) Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2. National Institute of Standards and Technology, Gaithersburg, MD, pp 20899–893
73. Waltermire D, Quinn S, Scarfone K, Halbardier A (2009) The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2., Special Publication 800–126. NIST, Gaithersburg
74. Bellifemine F, Caire G, Poggi A, Rimassa G (2008) JADE: A software framework for developing multi-agent applications. lessons learned. Information & Software Technology 50(1–2):10–21
75. Leibiusky J., Eisbruch G., Simonassi D. (2012) Getting Started with Storm, O’ Reilley