Skip to main content
SpringerLink
Log in

Cloud Computing and Information Security

  • Chapter
  • First Online:
Cloud Computing with Security

Abstract

Computer security issues exacerbate with growth of the Internet as more people and computers join the web, opening new ways to compromise an ever-increasing amount of information and potential for damages. However, an even bigger challenge to information security has been created with the implementation of Cloud Computing. This chapter gives a description of information security issues and solutions. Some information security challenges that are specific to Cloud Computing are described. Security solutions must make a trade-off between the amount of security and the level of performance cost. The key thesis of this chapter is that security solutions applied to Cloud Computing must span multiple levels and across functions. A few key challenges related to Cloud Computing and virtualization are presented. Our goal is to spur further discussion on the evolving usage models for Cloud Computing and security. Any such discussion needs to address both the real and perceived security issues. Then we present security using encryption keys, challenges in using the standard security algorithms, and Cloud Computing security practices. We wrap up this chapter with a discussion of side channel security attacks and an introduction to block chain technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security: A short chapter. Proceedings of the 2009 ACM workshop on Cloud Computing Security, Chicago, pp. 97–102.

    Google Scholar 

  2. Soundararajan, G., & Amza, C. (2005). Online data migration for autonomic provisioning of databases in dynamic content web servers. Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research, Toranto, pp. 268–282.

    Google Scholar 

  3. Nicolas, P. Cloud multi-tenancy. Available: http://www.slideshare.net/pnicolas/Cloudmulti-tenancy

  4. Bun, F. S. (2009). Introduction to Cloud Computing. Presented at the Grid Asia.

    Google Scholar 

  5. Ray, E., & Schultz, E. (2009). Virtualization security. Proceedings of the 5th annual workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee, pp. 1–5.

    Google Scholar 

  6. Naor, M., & Rothblum, G. N. (2009). The complexity of online memory checking. Journal of the ACM, 56, 1–46.

    Article  MathSciNet  Google Scholar 

  7. Cachin, C., Keidar, I., & Shraer, A. (2009). Trusting the Cloud. SIGACT News, 40, 81–86.

    Article  Google Scholar 

  8. Jain, A. K., Lin, H., Pankanti, S., & Bolle, R. (1997). An identity-authentication system using fingerprints. Proceedings of the IEEE, 85, 1365–1388.

    Article  Google Scholar 

  9. AWS Security Best Practices, August 2016. http://aws.amazon.com/security

  10. Juels, A., & Kaliski, Jr., B. S. (2007). PORS: Proofs of Retrievability for Large Files. Proceedings of the 14th ACM conference on Computer and Communications Security, Alexandria, pp. 584–597.

    Google Scholar 

  11. Clair, L. S., Johansen, L., Butler, K., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., & Jaeger, T. (2007). Password exhaustion: Predicting the end of password usefulness. Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park. Technical Report NAS-TR-0030-2006.

    Google Scholar 

  12. Gupta, P., Ravi, S., Raghunathan, A., & Jha, N. K. (2005). Efficient fingerprint-based user authentication for embedded systems. Proceedings of the 42nd annual Design Automation Conference, Anaheim, pp. 244–247.

    Google Scholar 

  13. Khan, M. K. (2010). Fingerprint biometric based self-authentication and deniable authentication schemes for the electronic world. IETE Technical Review, 26, 191–195.

    Article  Google Scholar 

  14. Shaver, C., & Acken, J. M. (2010). Effects of equipment variation on speaker recognition error rates. Presented at the IEEE International Conference on Acoustics Speech and Signal Processing, Dallas.

    Google Scholar 

  15. Jayanna, H. S., & Prasanna, S. R. M. (2009). Analysis, feature extraction, modeling and testing techniques for speaker recognition. IETE Technical Review, 26, 181–190.

    Article  Google Scholar 

  16. Acken, J. M., & Nelson, L. E. (2008). Statistical basics for testing and security of digital systems for identity authentication. Presented at the 6th International Conference on Computing, Communications and Control Technologies: CCCT2008, Florida.

    Google Scholar 

  17. Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. ACM Communications, 21, 120–126.

    Article  MathSciNet  Google Scholar 

  18. Advanced Encryption Standard (AES) (FIPS PUB 197). Federal Information Processing Standards Publication 197 November 26, 2001.

    Google Scholar 

  19. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions FIPS PUB 202. https://doi.org/10.6028/NIST.FIPS.202. August 2015.

  20. Schneier, B. (1996). Applied cryptography second edition: Protocols, algorithms, and source code in C. New York: Wiley.

    MATH  Google Scholar 

  21. Panko, R. (2003). Corporate computer and network security. Prentice Hall, Inc. NJ, USA.

    Google Scholar 

  22. Moscibroda, T., & Mutlu, O. (2007). Memory performance attacks: Denial of memory service in multi-core systems. Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, Boston, pp. 1–18.

    Google Scholar 

  23. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my Cloud: Exploring information leakage in third-party compute Cloud. Proceedings of the 16th ACM conference on Computer and Communications Security, Chicago, pp. 199–212.

    Google Scholar 

  24. Osvik, D., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: The case of AES. In D. Pointcheval (Ed.), Topics in cryptology – CT-RSA 2006 (Vol. 3860, pp. 1–20). Berlin/Heidelberg: Springer.

    Chapter  Google Scholar 

  25. Bishop, M. (2005). Introduction to computer security. Boston: Addison-Wesley.

    Google Scholar 

  26. Saripalli, P., & Walters, B. (2010). QUIRC: A quantitative impact and risk assessment framework for Cloud security. 2010 IEEE 3rd international conference on Cloud Computing (CLOUD), pp. 280–288.

    Google Scholar 

  27. Wang, Q., Jin, H., & Li, N. (2009). Usable access control in collaborative environments: Authorization based on people-tagging. Proceedings of the 14th European conference on Research in Computer Security, Saint-Malo, France, pp. 268–284.

    Google Scholar 

  28. Enck, W., Butler, K., Richardson, T., McDaniel, P., & Smith, A. (2008). Defending against attacks on main memory persistence. Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 65–74.

    Google Scholar 

  29. http://www.computerworld.com/article/2487452/cybercrime-hacking/target-attack-shows-danger-of-remotely-accessible-hvac-systems.html

  30. Al-Rwais, S., & Al-Muhtadi, J. (2010). A context-aware access control model for pervasive environments. IETE Technical Review, 27, 371–379.

    Article  Google Scholar 

  31. http://www.informationweek.com/Cloud/infrastructure-as-a-service/5-critical-Cloud-security-practices/a/d-id/1318801

  32. https://securityintelligence.com/23-best-practices-for-Cloud-security/

  33. Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., & Yarom, Y. (2018). Spectre attacks: Exploiting speculative execution. (PDF).

    Google Scholar 

  34. https://www.geeksforgeeks.org/blockchain-technology-introduction/

Download references

Author information

Authors and Affiliations

  1. Data Center Group, Intel Corporation, Santa Clara, CA, USA

    Naresh Kumar Sehgal

  2. Computer Science and Information Technology Consultant, Retd. Prof. IIT Delhi, Bangalore, India

    Pramod Chandra P. Bhatt

  3. Electrical and Computer Engineering, Portland State University, Portland, OR, USA

    John M. Acken

Authors
  1. Naresh Kumar Sehgal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pramod Chandra P. Bhatt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John M. Acken
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Sehgal, N.K., Bhatt, P.C.P., Acken, J.M. (2020). Cloud Computing and Information Security. In: Cloud Computing with Security. Springer, Cham. https://doi.org/10.1007/978-3-030-24612-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24612-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24611-2

  • Online ISBN: 978-3-030-24612-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation