Cloud Computing and Information Security

  • Naresh Kumar Sehgal
  • Pramod Chandra P. Bhatt
  • John M. Acken


Computer security issues exacerbate with growth of the Internet as more people and computers join the web, opening new ways to compromise an ever-increasing amount of information and potential for damages. However, an even bigger challenge to information security has been created with the implementation of Cloud Computing. This chapter gives a description of information security issues and solutions. Some information security challenges that are specific to Cloud Computing are described. Security solutions must make a trade-off between the amount of security and the level of performance cost. The key thesis of this chapter is that security solutions applied to Cloud Computing must span multiple levels and across functions. A few key challenges related to Cloud Computing and virtualization are presented. Our goal is to spur further discussion on the evolving usage models for Cloud Computing and security. Any such discussion needs to address both the real and perceived security issues. Then we present security using encryption keys, challenges in using the standard security algorithms, and Cloud Computing security practices. We wrap up this chapter with a discussion of side channel security attacks and an introduction to block chain technology.


  1. 1.
    Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security: A short chapter. Proceedings of the 2009 ACM workshop on Cloud Computing Security, Chicago, pp. 97–102.Google Scholar
  2. 2.
    Soundararajan, G., & Amza, C. (2005). Online data migration for autonomic provisioning of databases in dynamic content web servers. Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research, Toranto, pp. 268–282.Google Scholar
  3. 3.
    Nicolas, P. Cloud multi-tenancy. Available:
  4. 4.
    Bun, F. S. (2009). Introduction to Cloud Computing. Presented at the Grid Asia.Google Scholar
  5. 5.
    Ray, E., & Schultz, E. (2009). Virtualization security. Proceedings of the 5th annual workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, Oak Ridge, Tennessee, pp. 1–5.Google Scholar
  6. 6.
    Naor, M., & Rothblum, G. N. (2009). The complexity of online memory checking. Journal of the ACM, 56, 1–46.MathSciNetCrossRefGoogle Scholar
  7. 7.
    Cachin, C., Keidar, I., & Shraer, A. (2009). Trusting the Cloud. SIGACT News, 40, 81–86.CrossRefGoogle Scholar
  8. 8.
    Jain, A. K., Lin, H., Pankanti, S., & Bolle, R. (1997). An identity-authentication system using fingerprints. Proceedings of the IEEE, 85, 1365–1388.CrossRefGoogle Scholar
  9. 9.
    AWS Security Best Practices, August 2016.
  10. 10.
    Juels, A., & Kaliski, Jr., B. S. (2007). PORS: Proofs of Retrievability for Large Files. Proceedings of the 14th ACM conference on Computer and Communications Security, Alexandria, pp. 584–597.Google Scholar
  11. 11.
    Clair, L. S., Johansen, L., Butler, K., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., & Jaeger, T. (2007). Password exhaustion: Predicting the end of password usefulness. Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park. Technical Report NAS-TR-0030-2006.Google Scholar
  12. 12.
    Gupta, P., Ravi, S., Raghunathan, A., & Jha, N. K. (2005). Efficient fingerprint-based user authentication for embedded systems. Proceedings of the 42nd annual Design Automation Conference, Anaheim, pp. 244–247.Google Scholar
  13. 13.
    Khan, M. K. (2010). Fingerprint biometric based self-authentication and deniable authentication schemes for the electronic world. IETE Technical Review, 26, 191–195.CrossRefGoogle Scholar
  14. 14.
    Shaver, C., & Acken, J. M. (2010). Effects of equipment variation on speaker recognition error rates. Presented at the IEEE International Conference on Acoustics Speech and Signal Processing, Dallas.Google Scholar
  15. 15.
    Jayanna, H. S., & Prasanna, S. R. M. (2009). Analysis, feature extraction, modeling and testing techniques for speaker recognition. IETE Technical Review, 26, 181–190.CrossRefGoogle Scholar
  16. 16.
    Acken, J. M., & Nelson, L. E. (2008). Statistical basics for testing and security of digital systems for identity authentication. Presented at the 6th International Conference on Computing, Communications and Control Technologies: CCCT2008, Florida.Google Scholar
  17. 17.
    Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. ACM Communications, 21, 120–126.MathSciNetCrossRefGoogle Scholar
  18. 18.
    Advanced Encryption Standard (AES) (FIPS PUB 197). Federal Information Processing Standards Publication 197 November 26, 2001.Google Scholar
  19. 19.
    SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions FIPS PUB 202. August 2015.
  20. 20.
    Schneier, B. (1996). Applied cryptography second edition: Protocols, algorithms, and source code in C. New York: Wiley.zbMATHGoogle Scholar
  21. 21.
    Panko, R. (2003). Corporate computer and network security. Prentice Hall, Inc. NJ, USA.Google Scholar
  22. 22.
    Moscibroda, T., & Mutlu, O. (2007). Memory performance attacks: Denial of memory service in multi-core systems. Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, Boston, pp. 1–18.Google Scholar
  23. 23.
    Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my Cloud: Exploring information leakage in third-party compute Cloud. Proceedings of the 16th ACM conference on Computer and Communications Security, Chicago, pp. 199–212.Google Scholar
  24. 24.
    Osvik, D., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: The case of AES. In D. Pointcheval (Ed.), Topics in cryptology – CT-RSA 2006 (Vol. 3860, pp. 1–20). Berlin/Heidelberg: Springer.CrossRefGoogle Scholar
  25. 25.
    Bishop, M. (2005). Introduction to computer security. Boston: Addison-Wesley.Google Scholar
  26. 26.
    Saripalli, P., & Walters, B. (2010). QUIRC: A quantitative impact and risk assessment framework for Cloud security. 2010 IEEE 3rd international conference on Cloud Computing (CLOUD), pp. 280–288.Google Scholar
  27. 27.
    Wang, Q., Jin, H., & Li, N. (2009). Usable access control in collaborative environments: Authorization based on people-tagging. Proceedings of the 14th European conference on Research in Computer Security, Saint-Malo, France, pp. 268–284.Google Scholar
  28. 28.
    Enck, W., Butler, K., Richardson, T., McDaniel, P., & Smith, A. (2008). Defending against attacks on main memory persistence. Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 65–74.Google Scholar
  29. 29.
  30. 30.
    Al-Rwais, S., & Al-Muhtadi, J. (2010). A context-aware access control model for pervasive environments. IETE Technical Review, 27, 371–379.CrossRefGoogle Scholar
  31. 31.
  32. 32.
  33. 33.
    Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., & Yarom, Y. (2018). Spectre attacks: Exploiting speculative execution. (PDF).Google Scholar
  34. 34.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Naresh Kumar Sehgal
    • 1
  • Pramod Chandra P. Bhatt
    • 2
  • John M. Acken
    • 3
  1. 1.Data Center GroupIntel CorporationSanta ClaraUSA
  2. 2.Computer Science and Information Technology ConsultantRetd. Prof. IIT DelhiBangaloreIndia
  3. 3.Electrical and Computer EngineeringPortland State UniversityPortlandUSA

Personalised recommendations