Advertisement

Security for Enterprise Cloud Services2

  • William Y. Chang
  • Hosame Abu-Amara
  • Jessica Feng Sanford
Chapter

Abstract

Companies and individuals have natural concerns about the security of their data. The term “security” is rather ambiguous, in that it can mean “confidentiality,” “authenticity” “timeliness,” “availability” or many other definitions. We use the term “security” to mean ensuring that the data can be accessed only by authorized entities and that the data is confidential, authentic, up-to-date, and exists.

Keywords

Cloud Computing Cloud Service Intrusion Detection Intrusion Detection System Cloud Provider 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    The Committee on National Security Systems: National Information Assurance (IA) glossary, CNSS Instruction No. 4009. CNSS. June 2006Google Scholar
  2. 2.
    National Institute of Standards and Technology: Role Based Access Control (RBAC) and Role-Based Security, http://csrc.nist.gov/groups/SNS/rbac/, July/Aug 2010
  3. 3.
    American National Standards Institute: American national standard for information technology—role based access control, ANSI INCITS 359-2004. ANSI. Feb 2004Google Scholar
  4. 4.
    Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (Feb 1996)Google Scholar
  5. 5.
    Chakraborty, S., Ray, I.: TrustBAC—integrating trust relationships into the RBAC model for access control in open systems. Proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), ACM, Lake Tahoe, 7–9 June 2006Google Scholar
  6. 6.
    Otenko, D.C.A., Ball, E.: Role-based access control with X.509 attribute certificates. IEEE Internet Comput. 7(2), 62–69 (March/April 2003)CrossRefGoogle Scholar
  7. 7.
    Zhou, W., Meinel, C.: Implement Role-Based Access Control with Attribute Certificates. Forschungsgruppe Institut für Telematik, Universität Trier, 54286, Trier (n.d.)Google Scholar
  8. 8.
    Health Level Seven International, HL7 Vocabulary, http://www.hl7.org/ and http://www.hl7.org/v3ballot/html/infrastructure/vocabulary/vocabulary.htm, Version 1058-20100815, 22 Aug 2010
  9. 9.
    Spalding, R.S., III: Net-centric warfare 2.0: Cloud Computing and the new age of war. Air War College, Air University (22 Feb 2009)Google Scholar
  10. 10.
    Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication a Public World. Prentice Hall, Upper Saddle River (2002)Google Scholar
  11. 11.
    Park, J.S., Ahn, G.-J., Sandhu, R.: RBAC on the Web using LDAP. Proceedings of the 15th IFIP WG 11.3 Working Conference on Database and Application Security, IFIP, Ontario, 15–18 July 2001Google Scholar
  12. 12.
    Cisco Systems, Public Export Product Data, http://tools.cisco.com/legal/export/pepd/Search.do, 2006
  13. 13.
    COMMERCIAL ENCRYPTION EXPORT CONTROLS. http://www.bis.doc.gov/encryption/guidance.htm
  14. 14.
    Java Cryptography Architecture—cryptographic service provider. http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#ProviderArch
  15. 15.
    Microsoft Developer Network page about CSPs. http://msdn.microsoft.com/en-us/library/aa380245(VS.85).aspx
  16. 16.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos network authentication service (V5). Internet Engineering Task Force Request for Comments (IETF RFC) 4120. July 2005Google Scholar
  17. 17.
    Barkley, J.F., Kuhn, D.R., Rosenthal, L.S., Skall, M.W., Cincotta, A.V.: Role-Based access control for the web. National Institute of Standards and Technology. http://csrc.nist.gov/rbac/cals-paper.html
  18. 18.
    Fragoso-Rodriguez, U., Laurent-Maknaviciu, M., Incera-Dieguez, J.: Federated identity architectures. 1st Mexican Conference on Informatics Security 2006 (MCIS 2006), IEEE Computer Society, Oaxaca, Nov 2006Google Scholar
  19. 19.
  20. 20.
    Goodner, M., Hondo, M., Nadalin, A., McIntosh, M., Schmidt, D.: Understanding WS-Federation. May 2007. http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-fed/WS-FederationSpec05282007.pdf?S_TACT = 105AGX04&S_CMP=LP
  21. 21.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute Clouds. Proceedings of 16th ACM Conference on Computer and Communications Security, ACM, Chicago, 9–13 Nov 2009Google Scholar
  22. 22.
    Side channel attack. Wikipedia. http://en.wikipedia.org/wiki/Side_channel_attack
  23. 23.
    Krohn, M., Tromer, E.: Non-interference for a practical DIFC-based operating system. Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, IEEE, Oakland, 17–20 May 2009Google Scholar
  24. 24.
    Moscibroda, T., Mutlu, O.: Memory performance attacks: denial of memory service in multi-core systems. Proceedings of 16th USENIX Security Symposium, USENIX, Boston, 6–10, Aug 2007Google Scholar
  25. 25.
    Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and SSH timing attacks. Proceedings of 10th USENIX Security Symposium, USENIX, Washington, 13–17 Aug 2001Google Scholar
  26. 26.
    Hu, W.-M.: Reducing timing channels with fuzzy time. Proceedings of IEEE Symposium on Security and Privacy, IEEE, Oakland, 20–22 May 1991Google Scholar
  27. 27.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. James P. Anderson Co., Fort Washington (1980)Google Scholar
  29. 29.
    Stallings, W.: Cryptography and Network Security Principles and Practices, 4th edn. Prentice Hall, Upper Saddle River (2005)Google Scholar
  30. 30.
    Denning, D.E.: An intrusion-detection model. IEEE Trans. Software Eng. 13(2), 222–232 (1987)CrossRefGoogle Scholar
  31. 31.
    de Boer, R.C.: A generic architecture for fusion-based intrusion detection systems. Master Thesis, Erasmus University Rotterdam (Oct 2002)Google Scholar
  32. 32.
    Hwang, K., Kwok, Y.-K., Song, S., Chen, M.C.Y., Chen, Y., Zhou, R., Lou, X.: GridSec: trusted Grid Computing with security binding and self-defense against network worms and DDoS attacks. International Workshop on Grid Computing Security and Resource Management (GSRM’05), in conjunction with the International Conference on Computational Science (ICCS 2005), Emory University, Atlanta, 22–25 May 2005Google Scholar
  33. 33.
    Cai, M., Hwang, K., Kwok, Y.-K., Chen, Y., Song, S.: Collaborative internet worm containment. IEEE Secur. Priv. 3(3), 25–33 (2005)CrossRefGoogle Scholar
  34. 34.
    Hwang, K., Chen, Y., Liu, H.: Protecting network-centric computing system from intrusive and anomalous attacks. Proceedings of 1st IEEE International Workshop on Security in Systems and Networks (SSN’05), in conjunction with IEEE/ACM IPDPS, Denver, IEEE/ACM, 8 April 2005Google Scholar
  35. 35.
    Cai, M., Kwok, Y.-K., Hwang, K.: Inferring network anomalies from mices: a low-complexity traffic monitoring approach. ACM SIGCOMM Workshop on Mining Network Data, Philadelphia, Pennsylvania, 26 Aug 2005Google Scholar
  36. 36.
    RESTful Web services: the basics. IBM. Nov 2008. http://www.ibm.com/developerworks/webservices/library/ws-restful
  37. 37.
    Simple Object Access Protocol (SOAP). W3C, http://www.w3.org/TR/soap/
  38. 38.
    Top threats to Cloud Computing V1.0. Cloud Security Alliance. March 2010. http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
  39. 39.
    Solaris security for developers guide. Sun Microsystems. Nov 2009Google Scholar
  40. 40.
    Toward systemically secure IT architectures. Sun Microsystems. Feb 2006Google Scholar
  41. 41.
    Immutable service containers. Open Solaris. 2010. http://hub.opensolaris.org/bin/view/Project+isc/Architecture
  42. 42.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted Cloud Computing. http://www.mpi-sws.org/~rodrigo/tccp-houtcloud09.pdf
  43. 43.
    The Trusted Computing Group. https://www.trustedcomputinggroup.org
  44. 44.
    Zhao, M., Zhang, J., Figueiredo, R.: Distributed file system support for virtual machines in Grid Computing. Proceedings of the 13th IEEE International Symposium on high performance distributed computing, IEEE, Honolulu, 4–6 June 2004Google Scholar
  45. 45.
    Hadoop Distributed File System (HDFS). Apache. http://hadoop.apache.org/common/docs/current/hdfs_design.html
  46. 46.
    Mazières, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. Operat. Sys. Rev. 34(5), 124–139 (Dec 1999)CrossRefGoogle Scholar
  47. 47.
    Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a Cloud environment. Proceedings of the 2009 ACM Workshop on Cloud Computing Security, ACM, Chicago, 13 Nov 2009Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2011

Authors and Affiliations

  • William Y. Chang
    • 1
  • Hosame Abu-Amara
    • 1
  • Jessica Feng Sanford
    • 2
  1. 1.IrvineU.S.A.
  2. 2.Los AngelesU.S.A.

Personalised recommendations