Abstract
Computer security issues exacerbate with growth of the Internet as more people and computers join the web, opening new ways to compromise an ever-increasing amount of information and potential for damages. However, an even bigger challenge to information security has been created with the implementation of Cloud Computing. This chapter gives a description of information security issues and solutions. Some information security challenges that are specific to Cloud Computing are described. Security solutions must make a trade-off between the amount of security and the level of performance cost. The key thesis of this chapter is that security solutions applied to Cloud Computing must span multiple levels and across functions. A few key challenges related to Cloud Computing and virtualization are presented. Our goal is to spur further discussion on the evolving usage models for Cloud Computing and security. Any such discussion needs to address both the real and perceived security issues. Then we present security using encryption keys, challenges in using the standard security algorithms, and Cloud Computing security practices. We wrap up this chapter with a discussion of side channel security attacks and an introduction to block chain technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security: A short chapter. Proceedings of the 2009 ACM workshop on Cloud Computing Security, Chicago, pp. 97–102.
Soundararajan, G., & Amza, C. (2005). Online data migration for autonomic provisioning of databases in dynamic content web servers. Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research, Toranto, pp. 268–282.
Nicolas, P. Cloud multi-tenancy. Available: http://www.slideshare.net/pnicolas/Cloudmulti-tenancy
Bun, F. S. (2009). Introduction to Cloud Computing. Presented at the Grid Asia.
Ray, E., & Schultz, E. (2009). Virtualization security. Proceedings of the 5th annual workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee, pp. 1–5.
Naor, M., & Rothblum, G. N. (2009). The complexity of online memory checking. Journal of the ACM, 56, 1–46.
Cachin, C., Keidar, I., & Shraer, A. (2009). Trusting the Cloud. SIGACT News, 40, 81–86.
Jain, A. K., Lin, H., Pankanti, S., & Bolle, R. (1997). An identity-authentication system using fingerprints. Proceedings of the IEEE, 85, 1365–1388.
AWS Security Best Practices, August 2016. http://aws.amazon.com/security
Juels, A., & Kaliski, Jr., B. S. (2007). PORS: Proofs of Retrievability for Large Files. Proceedings of the 14th ACM conference on Computer and Communications Security, Alexandria, pp. 584–597.
Clair, L. S., Johansen, L., Butler, K., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., & Jaeger, T. (2007). Password exhaustion: Predicting the end of password usefulness. Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park. Technical Report NAS-TR-0030-2006.
Gupta, P., Ravi, S., Raghunathan, A., & Jha, N. K. (2005). Efficient fingerprint-based user authentication for embedded systems. Proceedings of the 42nd annual Design Automation Conference, Anaheim, pp. 244–247.
Khan, M. K. (2010). Fingerprint biometric based self-authentication and deniable authentication schemes for the electronic world. IETE Technical Review, 26, 191–195.
Shaver, C., & Acken, J. M. (2010). Effects of equipment variation on speaker recognition error rates. Presented at the IEEE International Conference on Acoustics Speech and Signal Processing, Dallas.
Jayanna, H. S., & Prasanna, S. R. M. (2009). Analysis, feature extraction, modeling and testing techniques for speaker recognition. IETE Technical Review, 26, 181–190.
Acken, J. M., & Nelson, L. E. (2008). Statistical basics for testing and security of digital systems for identity authentication. Presented at the 6th International Conference on Computing, Communications and Control Technologies: CCCT2008, Florida.
Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. ACM Communications, 21, 120–126.
Advanced Encryption Standard (AES) (FIPS PUB 197). Federal Information Processing Standards Publication 197 November 26, 2001.
SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions FIPS PUB 202. https://doi.org/10.6028/NIST.FIPS.202. August 2015.
Schneier, B. (1996). Applied cryptography second edition: Protocols, algorithms, and source code in C. New York: Wiley.
Panko, R. (2003). Corporate computer and network security. Prentice Hall, Inc. NJ, USA.
Moscibroda, T., & Mutlu, O. (2007). Memory performance attacks: Denial of memory service in multi-core systems. Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, Boston, pp. 1–18.
Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my Cloud: Exploring information leakage in third-party compute Cloud. Proceedings of the 16th ACM conference on Computer and Communications Security, Chicago, pp. 199–212.
Osvik, D., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: The case of AES. In D. Pointcheval (Ed.), Topics in cryptology – CT-RSA 2006 (Vol. 3860, pp. 1–20). Berlin/Heidelberg: Springer.
Bishop, M. (2005). Introduction to computer security. Boston: Addison-Wesley.
Saripalli, P., & Walters, B. (2010). QUIRC: A quantitative impact and risk assessment framework for Cloud security. 2010 IEEE 3rd international conference on Cloud Computing (CLOUD), pp. 280–288.
Wang, Q., Jin, H., & Li, N. (2009). Usable access control in collaborative environments: Authorization based on people-tagging. Proceedings of the 14th European conference on Research in Computer Security, Saint-Malo, France, pp. 268–284.
Enck, W., Butler, K., Richardson, T., McDaniel, P., & Smith, A. (2008). Defending against attacks on main memory persistence. Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 65–74.
Al-Rwais, S., & Al-Muhtadi, J. (2010). A context-aware access control model for pervasive environments. IETE Technical Review, 27, 371–379.
https://securityintelligence.com/23-best-practices-for-Cloud-security/
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., & Yarom, Y. (2018). Spectre attacks: Exploiting speculative execution. (PDF).
https://www.geeksforgeeks.org/blockchain-technology-introduction/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Sehgal, N.K., Bhatt, P.C.P., Acken, J.M. (2020). Cloud Computing and Information Security. In: Cloud Computing with Security. Springer, Cham. https://doi.org/10.1007/978-3-030-24612-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-24612-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24611-2
Online ISBN: 978-3-030-24612-9
eBook Packages: EngineeringEngineering (R0)