, Volume 91, Issue 1, pp 93–118 | Cite as

Locking the sky: a survey on IaaS cloud security

  • Luis M. VaqueroEmail author
  • Luis Rodero-Merino
  • Daniel Morán


Cloud computing is expected to become a common solution for deploying applications thanks to its capacity to leverage developers from infrastructure management tasks, thus reducing the overall costs and services’ time to market. Several concerns prevent players’ entry in the cloud; security is arguably the most relevant one. Many factors have an impact on cloud security, but it is its multitenant nature that brings the newest and more challenging problems to cloud settings. Here, we analyze the security risks that multitenancy induces to the most established clouds, Infrastructure as a service clouds, and review the literature available to present the most relevant threats, state of the art of solutions that address some of the associated risks. A major conclusion of our analysis is that most reported systems employ access control and encryption techniques to secure the different elements present in a virtualized (multitenant) datacenter. Also, we analyze which are the open issues and challenges to be addressed by cloud systems in the security field.


Cloud computing Security IaaS Multitenancy 

Mathematics Subject Classification (2000)

68M01 68U35 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Owens CD (2010) Securing elasticity in the cloud. Commun ACM 53(6):46–51. http://10.1145/1743546.1743565 Google Scholar
  2. 2.
    Vaquero L, Rodero-Merino L, Caceres J, Lindner M (2009) A break in the clouds: towards a cloud definition. ACM Comput Commun Rev 39(1): 50–55CrossRefGoogle Scholar
  3. 3.
    Chen Y, Paxson V, Katz RH (2010) Whats new about cloud computing security. Tech. Rep. UCB/EECS-2010-5, EECS Department, University of California, BerkeleyGoogle Scholar
  4. 4.
    Viega J (2009) Cloud computing and the common man. Computer 42: 106–108CrossRefGoogle Scholar
  5. 5.
    Molnar D, Schechter S (2010) Self hosting vs. cloud hosting:accounting for the security impact of hosting in the cloud. In: Workshop on the economics of information securityGoogle Scholar
  6. 6.
    CSA: Cloud security guide (2009) Tech. rep., cloud security alliance.
  7. 7.
    ENISA: Cloud computing: Benefits, risks and recommendations for information security (2009) Tech rep., European Network and Information Security AgencyGoogle Scholar
  8. 8.
    Archer J, Boheme A, Cullinarie D, Puhlmann N, Kurtz P, Reavis J (2010) Top threats to cloud computing. Tech. rep., Cloud Security Alliance.
  9. 9.
    Lu W, Keahy K, Freeman T, Siebenlist F (2005) Making your workspace secure: establishing trust with vms in the grid super computing. In: Supercomputing. PosterGoogle Scholar
  10. 10.
    Calder B, Chien AA, Wang J, Yang D (2005) The entropia virtual machine for desktop grids. In: VEE ’05: Proceedings of the 1st ACM/USENIX international conference on virtual execution environments, pp 186–196. ACM, New York, NY, USA.
  11. 11.
    Suzaki K, Yagi T, Iijima K, Quynh NA (2007) Os circular: internet client for reference. In: LISA’07: Proceedings of the 21st conference on large installation system administration conference, pp 1–12. USENIX Association, Berkeley, CA, USAGoogle Scholar
  12. 12.
    Jinpeng W, Xiaolan Z, Glenn A, Vasanth B, Peng N (2009) Managing security of virtual machine images in a cloud environment. In: CCSW ’09: Proceedings of the 2009 ACM workshop on Cloud computing security, pp 91–96. ACM, New York, NY, USA.
  13. 13.
    Constandache I, Yumerefendi A, Chase J (2008) Secure control of portable images in a virtual computing utility. In: VMSec ’08: Proceedings of the 1st ACM workshop on virtual machine security, pp 1–8. ACM, New York, NY, USA.
  14. 14.
    Descher M, Masser P, Feilhauer T, Tjoa AM, Huemer D (2009) Retaining data control to the client in infrastructure clouds. In: Availability, reliability and security, international conference on 0:9–16.
  15. 15.
    Baldwin A, Dalton C, Shiu S, Kostienko K, Rajpoot Q (2009) Providing secure services for a virtual infrastructure. SIGOPS Oper Syst Rev 43(1):44–51. Google Scholar
  16. 16.
    Raj H, Schwan K (2009) Extending virtualization services with trust guarantees via behavioral monitoring. In: VDTS ’09: Proceedings of the 1st EuroSys workshop on virtualization technology for dependable systems, pp 24–29. ACM, New York, NY, USA.
  17. 17.
    Baiardi F, Sgandurra D (2007) Building trustworthy intrusion detection through vm introspection. In: IAS ’07: Proceedings of the third international symposium on information assurance and security, pp 209–214. IEEE Computer Society, Washington, DC, USA.
  18. 18.
    Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings on network and distributed systems security symposium, pp 191–206Google Scholar
  19. 19.
    Sala G, Sgandurra D, Baiardi F (2007) Security and integrity of a distributed storage in a virtual environment. In: Proceedings of 4th international IEEE security in storage workshop, pp 58–69Google Scholar
  20. 20.
    Perez R, van Doorn L, Sailer R (2008) Virtualization and hardware-based security. IEEE Secur Privacy 6(5):24–31. Google Scholar
  21. 21.
    Aoyagi S, Oikawa S (2008) Ixiv vmm: a vmm on 2-level ring architecture. In: Computer and information technology, IEEE 8th international conference on 0:533–538.
  22. 22.
    Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin JL, Doorn Lv (2005) Building a mac-based security architecture for the xen open-source hypervisor. In: ACSAC ’05: Proceedings of the 21st annual computer security applications conference, pp 276–285. IEEE Computer Society, Washington, DC, USA.
  23. 23.
    McCune JM, Parno BJ, Perrig A, Reiter MK, Isozaki H (2008) Flicker: an execution infrastructure for tcb minimization. In: Eurosys08: Proceedings of the 3rd ACM SIGOPS/EuroSys European conference on computer systems 2008, pp 315–328. ACM, New York, NY, USAGoogle Scholar
  24. 24.
    Carpenter M, Liston T, Skoudis E (2007) Hiding virtualization from attackers and malware. IEEE Secur Privacy 5: 62–65CrossRefGoogle Scholar
  25. 25.
    Okamura K, Oyama Y (2010) Load-based covert channels between xen virtual machines. In: SAC ’10: Proceedings of the 2010 ACM symposium on applied computing, pp 173–180. ACM, New York, NY, USA.
  26. 26.
    Tromer E, Osvik DA, Shamir A (2009) Efficient cache attacks on aes, and countermeasures. J Cryptol 23(1): 37–71CrossRefMathSciNetGoogle Scholar
  27. 27.
    Kocher PC (1996) Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: CRYPTO ’96: Proceedings of the 16th annual international cryptology conference on advances in cryptology, pp 104–113. Springer, London, UKGoogle Scholar
  28. 28.
    Aviram A, Hu S, Ford B, Gummadi R (2010) Determinating timing channels in statistically multiplexed clouds. CoRR abs/1003.5303 Google Scholar
  29. 29.
    Dunlap GW, Lucchetti DG, Fetterman MA, Chen PM (2008) Execution replay of multiprocessor virtual machines. In: VEE ’08: Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on virtual execution environments, pp 121–130. ACM, New York, NY, USA.
  30. 30.
    Karger PA, Safford DR (2008) I/o for virtual machine monitors: Security and performance issues. IEEE Secur Privacy 6(5):16–23.
  31. 31.
    Wang Z, Jiang X (2010) Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: 31st IEEE symposium on security and privacyGoogle Scholar
  32. 32.
    Murray D, Milos G, Hand S (2008) Improving xen security through disaggregation. In: 4th ACM SIGPLAN/SIGOPS international conference on virtual execution environments, pp 151–160Google Scholar
  33. 33.
    Karger PA (2005) Multi-level security requirements for hypervisors. In: ACSAC ’05: Proceedings of the 21st annual computer security applications conference, pp 267–275. IEEE Computer Society, Washington, DC, USA.
  34. 34.
    Wen-Zhi C, Hong-Wei Z, Wei H (2008) Sevmm: Vmm-based security control model. In: Proceedings of cyberworlds, international conference on 0:820–823.
  35. 35.
    Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the nineteenth ACM symposium on operating systems principles, pp 193–206. ACM PressGoogle Scholar
  36. 36.
    Hirano M, Shinagawa T, Eiraku H, Hasegawa S, Omote K, Tanimoto K, Horie T, Kato K, Okuda T, Kawai E, Yamaguchi S (2008) Introducing role-based access control to a secure virtual machine monitor: security policy enforcement mechanism for distributed computers. In: Asia-Pacific conference on services computing. 2006 IEEE 0:1225–1230.
  37. 37.
    Rueda S, Vijayakumar H, Jaeger T (2009) Analysis of virtual machine system policies. In: SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies, pp 227–236. ACM, New York, NY, USA.
  38. 38.
    Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: ACM conference on computer and communications securityGoogle Scholar
  39. 39.
    Keller E, Szefer J, Rexford J, Lee R (2010) Nohype: virtualized cloud infrastructure without the virtualization. In: ISCA ’10: Proceedings of the international symposium on computer architectureGoogle Scholar
  40. 40.
    Ruan A, Shen Q, Yin Y (2008) A generalized trusted virtualized platform architecture. In: Young computer scientists, international conference for 0:2340–2346.
  41. 41.
    Berger S, Cáceres R, Goldman KA, Perez R, Sailer R, van Doorn L (2006) vtpm: virtualizing the trusted platform module. In: USENIX-SS’06: Proceedings of the 15th conference on USENIX security symposium. USENIX Association, Berkeley, CA, USAGoogle Scholar
  42. 42.
    Gebhardt C, Tomlinson A (2008) Secure virtual disk images for grid computing. In: APTC ’08: Proceedings of the 2008 Third Asia-Pacific trusted infrastructure technologies conference, pp 19–29. IEEE Computer Society, Washington, DC, USA.
  43. 43.
    Lioy A, Ramunno G, Vernizzi D (2009) Trusted-computing technologies for the protection of critical information systems. J Inform Assur Secur 4: 449–457Google Scholar
  44. 44.
    Nuno Santos Krishna P, Gummadi RR (2009) Towards trusted cloud computing. In: Hot Cloud.
  45. 45.
    Cabuk S, Dalton CI, Ramasamy H, Schunter M (2007) Towards automated provisioning of secure virtualized networks. In: CCS ’07: Proceedings of the 14th ACM conference on computer and communications security, pp 235–245. ACM, New York, NY, USA.
  46. 46.
    Tarnovsky C (2010) Deconstructing a secure processor. In: Black hat briefings federal.
  47. 47.
    Iliev A, Smith SW (2005) Protecting client privacy with trusted computing at the server. IEEE Secur Privacy 3(2):20–28. Google Scholar
  48. 48.
    Antonelli CJ, Undy M, Honeyman P (1999) The packet vault: secure storage of network data. In: ID’99: Proceedings of the 1st conference on workshop on intrusion detection and network monitoring, pp 11–11. USENIX Association, Berkeley, CA, USAGoogle Scholar
  49. 49.
    Parno B (2008) Bootstrapping trust in a “trusted” platform. In: HOTSEC’08: Proceedings of the 3rd conference on hot topics in security, pp 1–6. USENIX Association, Berkeley, CA, USAGoogle Scholar
  50. 50.
    The genesis kernel: a virtual network operating system for spawning network architectures (1999)Google Scholar
  51. 51.
    Barham P, Dragovic B, Fraser K, Hand S, Harris T, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. In: SOSP ’03: Proceedings of the nineteenth ACM symposium on operating systems principles, pp 164–177. ACM, New York, NY, USA.
  52. 52.
    Sundararaj AI, Dinda PA (2004) Towards virtual networks for virtual machine grid computing. In: VM’04: Proceedings of the 3rd conference on virtual machine research and technology symposium, pp 14–14. USENIX Association, Berkeley, CA, USAGoogle Scholar
  53. 53.
    Touch J (2001) Dynamic internet overlay deployment and management using the x-bone. Comput Netw 36(2–3):117–135.
  54. 54.
    Andersen D, Balakrishnan H, Kaashoek F, Morris R (2001) Resilient overlay networks. In: SOSP ’01: Proceedings of the eighteenth ACM symposium on operating systems principles, pp 131–145. ACM, New York, NY, USA.
  55. 55.
    Bavier A, Feamster N, Huang M, Peterson L, Rexford J (2006) In vini veritas: realistic and controlled network experimentation. In: SIGCOMM ’06: Proceedings of the 2006 conference on applications, technologies, architectures, and protocols for computer communications, pp 3–14. ACM, New York, NY, USA.
  56. 56.
    Davoli R (2005) Vde: Virtual distributed ethernet. In: TRIDENTCOM ’05: Proceedings of the first international conference on testbeds and research infrastructures for the DEvelopment of NeTworks and COMmunities, pp 213–220. IEEE Computer Society, Washington, DC, USA.
  57. 57.
    Dalton C (2005) Xen virtualization and security. Tech. rep., HP Security OfficeGoogle Scholar
  58. 58.
    Housley R (2002) Rfc 3378. etherip: Tunneling ethernet frames in ip datagrams. RFC.
  59. 59.
    Sundararaj AI, Gupta A, Dinda PA (2004) Dynamic topology adaptation of virtual networks of virtual machines. In: LCR ’04: Proceedings of the 7th workshop on workshop on languages, compilers, and run-time support for scalable systems, pp 1–8. ACM, New York, NY, USA.
  60. 60.
    Jiang X, Xu D (2003) Violin: Virtual internetworking on overlay infrastructure. In: Proceedings of the 2nd international symposium on parallel and distributed processing and applications, pp 937–946.
  61. 61.
    Primet PVB, Gelas JP, Mornard O, Koslovski G, Roca V, Giraud L, Montagnat J, Huu TT (2009) A scalable security model for enabling dynamic virtual private execution infrastructures on the internet. In: CCGRID ’09: Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, pp 348–355. IEEE Computer Society, Washington, DC, USA.
  62. 62.
    Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reailly Media, Sebastopol, CA, USAGoogle Scholar
  63. 63.
    Soltesz S, Potzl H, Pluczynski M, Bavier A, Peterson L (2007) Copntainer-based operating system virtualization: A scalablem hig-performance alternative to hypervisors. In: Eurosys, pp 275–287Google Scholar
  64. 64.
    Jensen M, Schwenk J, Gruschka N, LoIacono L (2009) On technical security issues in cloud computing. Cloud Computing. In: IEEE international conference on 0:109–116Google Scholar
  65. 65.
    Casado M, Freedman MJ, Pettit J, Luo J, McKeown N, Shenker S (2007) Ethane: taking control of the enterprise. SIGCOMM Comput Commun Rev 37(4):1–12.
  66. 66.
    Bernstein D, Ludvigson E (2009) Networking challenges and resultant approaches for large scale cloud construction.In: Grid and pervasive computing conference, workshops at the 0:136–142.
  67. 67.
    Pffaf B, Pettit J, Koponen T, Anidon K, Casado M, Shenker S (2009) Extending networking into the virtualization layer. In: ACM SIGCOMM’s hot topics in networks (HotNets) workshops.
  68. 68.
    Rodero-Merino L, Vaquero LM, Gil V, Galán F, Fontán J, Montero RS, Llorente IM (2010) From infrastructure delivery to service management in clouds. Future Gen Comput Syst 26(8): 1226–1240CrossRefGoogle Scholar
  69. 69.
    Jaquith A (2007) Security metrics: replacing fear, uncertainty, and doubt. Addison-Wesley Professional, ReadingGoogle Scholar
  70. 70.
    Verendel V (2009) Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: NSPW ’09: Proceedings of the 2009 workshop on new security paradigms workshop, pp 37–50. ACM, New York, NY, USA.
  71. 71.
    Krautsevich L, Martinelli F, Yautsiukhin A (2010) Formal approach to security metrics.: what does “more secure” mean for you? In: ECSA ’10: Proceedings of the fourth European conference on software architecture, pp 162–169. ACM, New York, NY, USA.

Copyright information

© Springer-Verlag 2010

Authors and Affiliations

  • Luis M. Vaquero
    • 1
    Email author
  • Luis Rodero-Merino
    • 2
  • Daniel Morán
    • 3
  1. 1.Hewlett-Packard LabsBristolUK
  2. 2.LIP ENS Lyon, Graal/Avalon Group, INRIAVilleurbanneFrance
  3. 3.U.N.E.DMadridSpain

Personalised recommendations