Security and Privacy in Cloud Computing

Recent advances have given rise to the popularity and success of cloud computing. However, when outsourcing the data and business application to a third party causes the security and privacy issues to become a critical concern. Throughout the study at hand, the authors obtain a common goal to provide a comprehensive review of the existing security and privacy issues in cloud environments. We have identified five most representative security and privacy attributes (i.e., confidentiality, integrity, availability, accountability, and privacy-preservability). Beginning with these attributes, we present the relationships among them, the vulnerabilities that may be exploited by attackers, the threat models, as well as existing defense strategies in a cloud scenario. Future research directions are previously determined for each attribute.

[1]  Cyrille Artho,et al.  Software Side Channel Attack on Memory Deduplication , 2011, SOSP 2011.

[2]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[3]  Jörg Schwenk,et al.  The Accountability Problem of Flooding Attacks in Service-Oriented Architectures , 2009, 2009 International Conference on Availability, Reliability and Security.

[4]  Hrishikesh B. Acharya,et al.  Is That You? Authentication in a Network without Identities , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[5]  Paulo S. L. M. Barreto,et al.  Demonstrating data possession and uncheatable data transfer , 2006, IACR Cryptol. ePrint Arch..

[6]  Yihua Zhang,et al.  Secure and Verifiable Outsourcing of Large-Scale Biometric Computations , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[7]  Jingyuan Zhang,et al.  Hidden information in Microsoft Word , 2011, Int. J. Secur. Networks.

[8]  Shiuh-Pyng Shieh,et al.  Authentication and secret search mechanisms for RFID-aware wireless sensor networks , 2010, Int. J. Secur. Networks.

[9]  A Min Tjoa,et al.  Retaining Data Control to the Client in Infrastructure Clouds , 2009, 2009 International Conference on Availability, Reliability and Security.

[10]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[11]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[12]  Yang Xiao,et al.  A survey of anonymity in wireless communication systems , 2009, Secur. Commun. Networks.

[13]  Vyas Sekar,et al.  Verifiable resource accounting for cloud computing services , 2011, CCSW '11.

[14]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[15]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[16]  Yang Xiao,et al.  PeerReview re-evaluation for accountability in distributed systems or networks , 2012, Int. J. Secur. Networks.

[17]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[18]  Moustafa Youssef,et al.  A source authentication scheme using network coding , 2011, Int. J. Secur. Networks.

[19]  Mary Baker,et al.  Nettimer: A Tool for Measuring Bottleneck Link Bandwidth , 2001, USITS.

[20]  Guang Gong,et al.  On the (in)security of two Joint Encryption and Error Correction schemes , 2011, Int. J. Secur. Networks.

[21]  Dan Lin,et al.  Data protection models for service provisioning in the cloud , 2010, SACMAT '10.

[22]  Daniele Sgandurra,et al.  Cloud security is not (just) virtualization security: a short paper , 2009, CCSW '09.

[23]  Douglas Jacobson,et al.  Detecting fraudulent use of cloud resources , 2011, CCSW '11.

[24]  Roberto Di Pietro,et al.  Transparent security for cloud , 2010, SAC '10.

[25]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[26]  Siu-Ming Yiu,et al.  Exclusion-intersection encryption , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[27]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[28]  Matthew N. O. Sadiku,et al.  An intrusion detection technique based on continuous binary communication channels , 2011, Int. J. Secur. Networks.

[29]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[30]  Arati Baliga,et al.  Lurking in the Shadows: Identifying Systemic Threats to Kernel Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[31]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[32]  Siani Pearson,et al.  A client-based privacy manager for cloud computing , 2009, COMSWARE '09.

[33]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[34]  Hovav Shacham,et al.  Eliminating fine grained timers in Xen , 2011, CCSW '11.

[35]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[36]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[37]  Ting Yu,et al.  SecureMR: A Service Integrity Assurance Framework for MapReduce , 2009, 2009 Annual Computer Security Applications Conference.

[38]  Eric Young,et al.  Editorial , 1955, Journal of the Association for Research in Otolaryngology.

[39]  Neeraj Jaggi,et al.  A three dimensional sender anonymity metric , 2011, Int. J. Secur. Networks.

[40]  Andrew Charlesworth,et al.  Accountability as a Way Forward for Privacy Protection in the Cloud , 2009, CloudCom.

[41]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[42]  Lakshmi Sobhana Kalli,et al.  Market-Oriented Cloud Computing : Vision , Hype , and Reality for Delivering IT Services as Computing , 2013 .

[43]  Shensheng Tang,et al.  An epidemic model with adaptive virus spread control for Wireless Sensor Networks , 2011, Int. J. Secur. Networks.

[44]  Victor C. M. Leung,et al.  Improved IP Multimedia Subsystem Authentication mechanism for 3G-WLAN networks , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[45]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[46]  Cong Wang,et al.  Secure and practical outsourcing of linear programming in cloud computing , 2011, 2011 Proceedings IEEE INFOCOM.

[47]  Guoliang Xue,et al.  Authenticating strangers in Online Social Networks , 2011, Int. J. Secur. Networks.

[48]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[49]  Yang Xiao,et al.  Cyber Security and Privacy Issues in Smart Grids , 2012, IEEE Communications Surveys & Tutorials.

[50]  Ren-Junn Hwang,et al.  An efficient secure data dissemination scheme for grid structure Wireless Sensor Networks , 2010, Int. J. Secur. Networks.

[51]  Bo Fu,et al.  GlobalView: building global view with log files in a distributed/networked system for accountability , 2014, Secur. Commun. Networks.

[52]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[53]  Carsten Lund,et al.  Proof verification and hardness of approximation problems , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[54]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[55]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[56]  Abdelrahman Desoky,et al.  Edustega: an Education-Centric Steganography methodology , 2011, Int. J. Secur. Networks.

[57]  Chen Wang,et al.  A Collaborative Monitoring Mechanism for Making a Multitenant Platform Accountable , 2010, HotCloud.

[58]  Dawn Xiaodong Song,et al.  FIT: fast Internet traceback , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[59]  Robert Könighofer,et al.  A Fast and Cache-Timing Resistant Implementation of the AES , 2008, CT-RSA.

[60]  Ahmad-Reza Sadeghi,et al.  Token-Based Cloud Computing , 2010, TRUST.

[61]  Stefanos Kaxiras,et al.  Non deterministic caches: a simple and effective defense against side channel attacks , 2008, Des. Autom. Embed. Syst..

[62]  Jie Wu,et al.  Friendship-based location privacy in Mobile Social Networks , 2011, Int. J. Secur. Networks.

[63]  Tzong-Chen Wu,et al.  Mutual anonymity protocol with integrity protection for mobile peer-to-peer networks , 2010, Int. J. Secur. Networks.

[64]  Yang Xiao,et al.  Security and privacy in RFID and applications in telemedicine , 2006, IEEE Commun. Mag..

[65]  Elisa Bertino,et al.  An algebra for fine-grained integration of XACML policies , 2009, SACMAT '09.

[66]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[67]  Bu-Sung Lee,et al.  Towards Achieving Accountability, Auditability and Trust in Cloud Computing , 2011, ACC.

[68]  Farnam Jahanian,et al.  CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[69]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[70]  Joseph Idziorek,et al.  Exploiting Cloud Utility Models for Profit and Ruin , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[71]  Jean-Pierre Seifert,et al.  Deconstructing new cache designs for thwarting software cache-based side channel attacks , 2008, CSAW '08.

[72]  Mark Crovella,et al.  Measuring Bottleneck Link Speed in Packet-Switched Networks , 1996, Perform. Evaluation.

[73]  Hovav Shacham,et al.  Do you know where your cloud files are? , 2011, CCSW '11.

[74]  Shahram Latifi,et al.  Partial iris and recognition as a viable biometric scheme , 2011, Int. J. Secur. Networks.

[75]  Yang Xiao Accountability for wireless LANs, ad hoc networks, and wireless mesh networks , 2008, IEEE Communications Magazine.

[76]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[77]  K. P. Subbalakshmi,et al.  KL-sense secure image steganography , 2011, Int. J. Secur. Networks.

[78]  Cong Wang,et al.  Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing , 2009, ESORICS.

[79]  Jing Liu,et al.  Temporal Accountability and Anonymity in Medical Sensor Networks , 2011, Mob. Networks Appl..

[80]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[81]  Li Xu,et al.  Bloom filter based secure and anonymous DSR protocol in wireless ad hoc networks , 2010, Int. J. Secur. Networks.

[82]  Michael K. Reiter,et al.  HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis , 2011, 2011 IEEE Symposium on Security and Privacy.

[83]  Prasant Mohapatra,et al.  Rendezvous based trust propagation to enhance distributed network security , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[84]  Andreas Haeberlen,et al.  Accountable Virtual Machines , 2010, OSDI.

[85]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[86]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[87]  A. Tamilarasi,et al.  A backpressure technique for filtering spoofed traffic at upstream routers , 2010, Int. J. Secur. Networks.

[88]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[89]  Parameswaran Ramanathan,et al.  What do packet dispersion techniques measure? , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[90]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.

[91]  Dan Lin,et al.  Preventing Information Leakage from Indexing in the Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[92]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[93]  Yang Xiao,et al.  Accountable MapReduce in cloud computing , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[94]  Ruby B. Lee,et al.  A novel cache architecture with enhanced performance and security , 2008, 2008 41st IEEE/ACM International Symposium on Microarchitecture.

[95]  Thomas Sandholm,et al.  What's inside the Cloud? An architectural map of the Cloud landscape , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[96]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[97]  Roberto Di Pietro,et al.  Scalable and efficient provable data possession , 2008, IACR Cryptol. ePrint Arch..

[98]  Ming-Hour Yang,et al.  Lightweight authentication protocol for mobile RFID networks , 2010, Int. J. Secur. Networks.

[99]  Krishna P. Gummadi,et al.  Towards Trusted Cloud Computing , 2009, HotCloud.

[100]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[101]  Huan Liu,et al.  A new form of DOS attack in a cloud and its avoidance mechanism , 2010, CCSW '10.

[102]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[103]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[104]  Matthias Huber,et al.  Brief Announcement: Towards Secure Cloud Computing , 2009, SSS.

[105]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[106]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[107]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[108]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[109]  Russ Bubley,et al.  Randomized algorithms , 1995, CSUR.

[110]  Ju Wang,et al.  A cross-layer authentication design for secure video transportation in wireless sensor network , 2010, Int. J. Secur. Networks.

[111]  Mikhail J. Atallah,et al.  Securely outsourcing linear algebra computations , 2010, ASIACCS '10.

[112]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[113]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[114]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[115]  Daisuke Takahashi,et al.  Accountability using flow-net: design, implementation, and performance evaluation , 2012, Secur. Commun. Networks.

[116]  Daisuke Takahashi,et al.  Virtual flow-net for accountability and forensics of computer and network systems , 2014, Secur. Commun. Networks.

[117]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[118]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[119]  Yang Xiao Flow-net methodology for accountability in wireless networks , 2009, IEEE Network.

[120]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.