Abstract
Throughout the end of the first half and during the second half of the past century, advances in technology allowed scientists to develop computer systems. In the beginning, mostly between the forties and the sixties, single computers would fill large rooms with electronics that would consume as much power as several hundreds of modern desktop computers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon. Amazon Web Services: Overview of Security Processes. http://s3.amazonaws.com/aws_blog/AWS_Security_Whitepaper_2008_09.pdf. White Paper. 2012
Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53(2010):50–58
Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Zaharia M (2009) Above the clouds: a berkeley view of cloud computing. In: Technical report \(\#\)UCB/EECS-2009-28. Electrical Engineering and Computer Sciences University of California.
Ateniese G, Di Pietro R, Mancini LV, Tsudik G (2008) Scalable and efficient provable data possession. In: Proceedings of the 4th international conference on security and privacy in communication networks (Istanbul, Turkey, 2008), 9:1–9:10.
Aviram A, Hu S, Ford B, Gummadi R (2010) Determinating timing channels in compute clouds. Proceedings of the ACM workshop on cloud computing security, Chicago, IL, USA, In, pp 103–108
Backstrom L, Dwork C, Kleinberg J (2007) Wherefore art thou R3579X?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th international conference on world wide web, Banff, Alberta, Canada, pp 181–190.
Bahram S, Jiang X, Wang Z, Grace M, Li J, Srinivasan D, Rhee J, Xu D (2010) DKSM: subverting virtual machine introspection for fun and profit. In: 29th IEEE symposium on reliable distributed systems, New Delhi, India, pp 82–91.
Begum S, Khan MK (2011) Potential of cloud computing architecture. International conference on information and communication technologies, Karachi, Pakistan, In, pp 1–5
Behl A (2011) Emerging security challenges in cloud computing: An insight to cloud security challenges and their mitigation. World congress on information and communication technologies, Mumbai, India, In, pp 217–222
Bentounsi M, Benbernou S, Atallah MJ (2012) Privacy-preserving business process outsourcing. In: IEEE 19th international conference on web services, Honolulu, HI, USA, pp 662–663.
Bernstein D, Vij D (2010) Intercloud security considerations. In: IEEE 2nd international conference on cloud computing technology and science, Indianapolis, IN, USA, pp 537–544.
Boampong PA, Wahsheh LA (2012) Different facets of security in the cloud. In: Proceedings of the 15th communications and networking simulation symposium, Orlando, FL, USA, pp 5:1–5:7.
Bugiel S, Nürnberger S, Pöppelmann T, Sadeghi A-R, Schneider T (2011) AmazonIA: when elastiaddress snaps back. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago, IL, USA, pp 389–400.
Carroll M, Kotzé P, Van der Merwe A (2011) Secure virtualization–benefits, risks and controls. CLOSER, Noordwijkerhout, Netherlands
Che J, Duan Y, Zhang T, Fan J (2011) Study on the security models and strategies of cloud computing. Procedia Eng 23(2011):586–593
Chen D, Zhao H (2012) Data security and privacy protection issues in cloud computing. International conference on computer science and electronics engineering, Hangzhou, China, In, pp 647–651
Chen Y, Paxson V, Katz RH (2010) What’s new about cloud computing security? In: Technical report \(\#\)UCB/EECS-2010-5. University of California, Berkeley, EECS Department
Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Compu Appl 34(2011):1097–1107
Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Proceedings of the ACM workshop on cloud computing security. Chicago, IL, USA 2009:85–90
Chung H, Park J, Lee S, Kang C (2012) Digital forensic investigation of cloud storage services. Digital Investigation.
Cisco (2007) Cisco data center infrastructure 2.5 design guide. http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/white_paper_c11-680202.pdf White Paper
Cisco (2011) Data center power and cooling. http://www.cisco.com/univercd/cc/td/doc/solution/dcidg21.pdf White Paper
Corbató FJ, Vyssotsky VA (1965) Introduction and overview of the multics system. In: Proceedings of the fall joint computer conference (Las Vegas, NV, USA, 1965), pp 185–196.
CSA (2011) Security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf White Paper
CSA (2010) Top threats to cloud computing. https://cloudsecurityalliance.org/research/top-threats/. White paper
Dahbur K, Mohammad B, Tarakji AB (2011) A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the international conference on intelligent semantic web-services and applications, Amman, Jordan, pp 12:1–12:6.
Dhage SN, Meshram BB, Rawat R, Padawe S, Paingaokar M, Misra A (2011) Intrusion detection system in cloud computing environment. Proceedings of the international conference and workshop on emerging trends in technology, Mumbai, Maharashtra, India, In, pp 235–239
Dinesha HA, Agrawal VK (2012) Multi-level authentication technique for accessing cloud services. International conference on computing, communication and applications, Dindigul, Tamilnadu, India, In, pp 1–4
Ding X, Zhang L, Wan Z, Gu M (2011) De-anonymizing dynamic social networks. IEEE global telecommunications conference, Houston, USA, In, pp 1–6
Doroodchi M, Iranmehr A, Pouriyeh SA (2009) An investigation on integrating XML-based security into web services. In: 5th IEEE GCC conference exhibition, Kuwait City, Kuwait, pp 1–5.
Duncan AJ, Creese S, Goldsmith M (2012) Insider attacks in cloud computing. In: IEEE 11th international conference on trust, security and privacy in computing and communications, Liverpool, United Kingdom, pp 857–862.
Dykstra J, Sherman AT (2012) Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digital Inv 9:S90–S98
ENISA (2009) Cloud computing: benefits, risks and recommendations for infomarion security. http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment. White Paper
Firdhous M, Ghazali O, Hassan S (2011) A trust computing mechanism for cloud computing with multilevel thresholding. In: 6th IEEE international conference on industrial and information systems (Kandy, Sri Lanka, 2011), pp 457–461.
Foster I, Zhao Y, Raicu I, Lu S (2008) Cloud computing and grid computing 360-degree compared. Grid computing environments workshop, Austin, TX, USA, pp 1–10
Garfinkel T, Rosenblum M (2005) When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proceedings of the 10th conference on hot topics in operating systems (Santa Fe, NM, USA, 2005), pp 20–20.
Gartner (2008) Assessing the security risks of cloud computing. http://cloud.ctrls.in/files/assessing-the-security-risks.pdf. White Paper
Gartner (2011) Summary report for gartner’s top predictions for IT organizations and users, 2012 and beyond: control slips away. http://www.gartner.com/id=1861020. White Paper
Gonzalez N, Miers C, Redigolo F, Carvalho T, Simplicio M, Naslund M, Pourzandi M (2011) A quantitative analysis of current security concerns and solutions for cloud computing. In: IEEE 3rd international conference on cloud computing technology and science, Athens, Greece, pp 231–238.
Goodin D (2009) Webhost hack wipes out data for 100,000 sites. The Register.
Grobauer B, Walloschek T, Stocker E (2011) Understanding cloud computing vulnerabilities. IEEE Secur Privacy 9(2011):50–57
Gruschka N, Iacono LL (2009) Vulnerable cloud: SOAP message security validation revisited. IEEE Int Conf Web Services, Los Angeles, USA, pp 625–631
Habib SM, Ries S, Muhlhauser M (2011) Towards a trust management system for cloud computing. In: IEEE 10th international conference on trust. Security Privacy Comput Commun 2011:933–939
Hart J (2009) Remote working: managing the balancing act between network access and data security. Comput Fraud Security 2009:14–17
Hayes B (2008) Cloud computing. Commun ACM 51(2008):9–11
IDC (2009) New IDC IT cloud services survey: top benefits and challenges. http://blogs.idc.com/ie/?p=730. White Paper
IDC (2008) New IDC IT cloud services survey: top benefits and challenges. http://blogs.idc.com/ie/?p=210. White Paper
Idziorek J, Tannian M (2011) Exploiting cloud utility models for profit and ruin. IEEE Int Conf Cloud Comput, Washington, D.C., USA, pp 33–40
Idziorek J, Tannian M, Jacobson D (2011) Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM workshop on cloud computing security workshop (Chicago, IL, USA, 2011), pp 61–72.
Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. IEEE international carnahan conference on security technology (San Jose, CA, USA, 2010), pp 35–41.
Jensen M, Gruschka N, Herkenhöner R (2009) A survey of attacks on web services. Comput Sci Res Dev 24(4):185–197
Jensen M, Gruschka N, Luttenberger N (2008) The impact of flooding attacks on network-based services. In: 3rd international conference on availability, reliability and security, Barcelona, Spain, pp 509–513.
Jensen M, Meyer C (2011) Expressiveness considerations of XML signatures. In: IEEE 35th annual computer software and applications conference workshop, Seoul, Korea, pp 392–397.
Jensen M, Schäge S, Schwenk J (2010) Towards an anonymous access control and accountability scheme for cloud computing. In: IEEE 3rd international conference on cloud computing, Miami, USA, pp 540–541.
Jensen M, Schwenk J, Gruschka N, Iacono LL (2009) On technical security issues in cloud computing. IEEE International conference on cloud computing, Bangalore, India, pp 109–116
Jin B, Wang Y, Liu Z, Xue J (2011) A trust model based on cloud model and bayesian networks. Proc, Environ Sci 11(Part A):452–459.
Kandukuri BR, Paturi VR, Rakshit A (2009) Cloud security issues. IEEE International conference on services computing, Bangalore, India, pp 517–520
Kaufman LM (2009) Data security in the world of cloud computing. IEEE Secur Privacy 7(2009):61–64
Khorshed MT, Ali ABMS, Wasimi SA (2012) A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gen Comput Sys 28(2012):833–851
King ST, Chen PM (2006) SubVirt: implementing malware with virtual machines. IEEE Symposium on security and privacy. Oakland, CA, USA, p 327
Lee J-H, Park M-W, Eom J-H, Chung T-M (2011) Multi-level intrusion detection system and log management in cloud computing. In: 13th international conference on advanced communication technology, Phoenix Park, South Korea, pp 552–555.
Li H-C, Liang P-H, Yang J-M, Chen S-J (2010) Analysis on cloud-based security vulnerability assessment. In: IEEE 7th international conference on e-business engineering, Shanghai, China, pp 490–494.
Liu H (2010) A new form of DoS attack in a cloud and its avoidance mechanism. Proceedings of the ACM workshop on cloud computing security workshop, Chicago, USA, In, pp 65–76
Lombardi F, Pietro RD (2011) Secure virtualization for cloud computing. J Network Comput Appl 34(2011):1113–1122
Luo S, Lin Z, Chen X, Yang Z, Chen J (2011) Virtualization security for cloud computing service. International conference on cloud and service computing, Washington, USA, pp 174–179
Mansfield-Devine S (2008) Danger in the clouds. Netw Secur 2008:9–11
Mathisen E (2011) Security challenges and Solutions in Cloud Computing. In: Proceedings of the 5th IEEE international conference on digital ecosystems and technologies, Daejeon, South Korea, pp 208–212.
McGraw G (2004) Software Security. IEEE Secur Privacy 2(2004):80–83
McIntosh M, Austel P (2005) XML signature element wrapping attacks and countermeasures. Proceedings of the workshop on secure web services, Fairfax, USA, In, pp 20–27
Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2012) A survey of intrusion detection techniques in cloud. J Netw Comput Appl.
Monfared AT, Jaatun MG (2011) Monitoring intrusions and security breaches in highly distributed cloud environments. In: IEEE 3rd international conference on cloud computing technology and science, Athens, Greece, pp 772–777.
Morsy MA, Grundy J, Müller I (2010) An analysis of the cloud computing security problem. Proceedings of Asia pacific software engineering confernce cloud workshop, Sydney, Australia, In, pp 1–6
Narayanan A, Shmatikov V (2009) De-anonymizing social networks. In: 30th IEEE symposium on security and privacy, Oakland, USA, pp 173–187.
NIST (2012) NIST cloud computing program. http://www.nist.gov/itl/cloud/. White Paper
Oberheide J, Cooke E, Jahanian F (2008) Empirical exploitation of live virtual machine migration. Proceedings of the black hat conference, Washington, USA, In
Okamura K, Oyama Y (2010) Load-based covert channels between Xen virtual machines. Proceedings of the ACM symposium on applied computing, Sierre, Switzerland, In, pp 173–180
OWASP (2010) The then most critical web application security risks. http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf. White Paper
Patel A, Taghavi M, Bakhtiyari K, Júnior JC (2012) A systematic review. J Netw Comput Appl Intrusion Detec Prev Sys Cloud Comput.
PCI (2012) PCI SSC data security standards overview. https://www.pcisecuritystandards.org/security_standards/index.php. White Paper
Pfaff B, Pettit J, Koponen T, Amidon K, Casado M, Shenker S (2009) Extending networking into the virtualization layer. In: Proceedings of the 8th ACM workshop on hot topics in Networks.
Pianese F, Bosch P, Duminuco A, Janssens N, Stathopoulos T, Steiner M (2010) Toward a cloud operating system. IEEE/IFIP network operations and management symposium workshop, Osaka, Japan, In, pp 335–342
Rahaman MA, Schaad A, Rits M (2006) Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM workshop on secure web services, Alexandria, USA, pp 77–84.
Ramgovind S, Eloff MM, Smith E (2010) The management of security in cloud computing. Information security for South Africa, Johannesburg, South Africa, pp 1–7
Riquet D, Grimaud G, Hauspie M (2012) Large-scale coordinated attacks: Impact on the cloud security. In: 6th international conference on innovative mobile and internet services in ubiquitous computing, Palermo, Italy, pp 558–563.
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, Chicago, USA, pp 199–212.
Roberts JC, Al-Hamdani W (2011) Who can you trust in the cloud?: A review of security issues within cloud computing. Proceedings of the information security curriculum development conference, Kennesaw, GA, In, pp 15–19
Rocha F, Correia M (2011) Lucy in the sky without diamonds: stealing confidential data in the cloud. In: IEEE/IFIP 41st international conference on dependable systems and networks workshops, pp 129–134.
Rong C, Nguyen ST, Jaatun MG (2012) A survey on security challenges in cloud computing. Comput Elect Engi Beyond Lightning.
Rutkowska J (2008) Subverting vistaTM Kernel for fun and profit. Black Hat Conv, Washington, D.C., USA
Sadashiv N, Kumar SMD (2011) Cluster, grid and cloud computing: a detailed comparison. In: 6th international conference on computer science education, SuperStar Virgo, Singapore, pp 477–482.
Santos N, Gummadi KP, Rodrigues R (2009) Towards trusted cloud computing. Proceedings of the conference on hot topics in cloud computing, San Diego, CA, USA, In
Sengupta S, Kaulgud V, Sharma VS (2011) Cloud computing security–trends and research directions. IEEE World Congress Services, Washington D.C., 2011, pp 524–531.
Sloan K (2009) Security in a virtualised world. Netw Secur 2009(2009):15–18
SplashData (2012) Scary logins: worst passwords of 2012 and how to fix them. http://splashdata.com/press/PR121023.htm. White Paper
Subashini S, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(2011):1–11
Suzaki K, Iijima K, Yagi T, Artho C (2011) Memory deduplication as a threat to the guest OS. In: Proceedings of the 4th European workshop on system security, New York, USA, vol 1:1–1:6.
Suzaki K, Iijima K, Yagi T, Artho C (2011) Software side channel attack on memory deduplication. 23rd ACM symposium on operating systems principles.
Takabi H, Joshi JBD, Ahn G (2010) Security and privacy challenges in cloud computing environments. IEEE Secur Privacy 8(2010):24–31
Taylor M, Haggerty J, Gresty D (2011) Lamb D (2011) Forensic investigation of cloud computing systems. Netw Secur 2011:4–10
Toubiana V, Nissenbaum H (2011) Analysis of Google logs retention policies. J Priv Confidentiality 3(2011):3–26
Townsend M (2009) Managing a security program in a cloud computing environment. Information security curriculum development conference, Kennesaw, GA, USA, pp 128–133
Tripathi A, Mishra A (2011) Cloud computing security considerations. IEEE international conference on signal processing, communications and computing, Xi’an, Shaanxi, China, In, pp 1–5
Tsai H-Y, Siebenhaar M, Miede A, Huang Y, Steinmetz R (2012) Threat as a service? virtualization’s impact on cloud security. IT Professional 14(2012):32–37
Vaquero LM, Rodero-Merino L, Morán D (2011) Locking the sky: a survey on IaaS cloud security. Computing 91(2011):93–118
Vascellaro JE (2009) Google discloses privacy glitch. http://blogs.wsj.com/digits/2009/03/08/1214/
Viega J (2009) Cloud computing and the common man. Computer 42(2009):106–108
Wang C, Ren K, Lou W, Li J (2010) Toward publicly auditable secure cloud data storage services. IEEE Network 24(2010):19–24
Wang C, Wang Q, Ren K, Lou W (2009) Ensuring data storage security in cloud computing. In: 17th international workshop on quality of service, Charleston, SC, USA, pp 1–9.
Ward M (2009) Facebook users suffer viral surge. http://news.bbc.co.uk/2/hi/technology/7918839.stm
Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. Proceedings of the ACM workshop on cloud computing security, New York, USA, In, pp 91–96
Xiao Z, Xiao Y (2012) Security and privacy in cloud computing. IEEE Commun Surv Tutorials 2012:1–17
Yang K, Jia X (2012) Data storage auditing service in cloud computing: challenges. Methods Opportunities World Wide Web 15(2012):409–428
Yu H, Powell N, Stembridge D, Yuan X (2012) Cloud computing and security challenges. In: Proceedings of the 50th annual southeast regional conference, Tuscaloosa, USA, pp 298–302.
Zhang F, Huang Y, Wang H, Chen H, Zang B (2008) PALM: security preserving VM live migration for systems with VMM-enforced protection. In: 3rd Asia-Pacific trusted infrastructure technologies conference, Wuhan, China, pp 9–18.
Zhou M, Zhang R, Xie W, Qian W, Zhou A (2010) Security and privacy in cloud computing: a survey. In: 6th international conference on semantics knowledge and grid (Ningbo, China, 2010), pp 105–112.
Zissis D, Lekkas D (2012) Addressing cloud computing security issues. Future Gener Comput Sys 28(2012):583–592
Zou B, Zhang H (2011) Toward enhancing trust in cloud computing environment. In: 2nd international conference on control, instrumentation and automation, Shiraz, Iran, pp 364–366.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Soares, L.F.B., Fernandes, D.A.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M. (2014). Cloud Security: State of the Art. In: Nepal, S., Pathan, M. (eds) Security, Privacy and Trust in Cloud Systems. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38586-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-38586-5_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38585-8
Online ISBN: 978-3-642-38586-5
eBook Packages: EngineeringEngineering (R0)