Security Issues for Cloud Computing

The cloud is next generation platform that provides dynamic resource pooling, virtualization and high resource availability. It is one of today’s most enticing technology areas due to its advantages like cost efficiency and flexibility. There are significant or persistent concerns about the cloud computing those are impeding momentum and will compromise the vision of cloud computing as a new information technology procurement model. A general understanding of cloud computing refers to the concept of grid computing, utility computing, software as a service, storage in cloud and virtualization. It enables the virtual organization to share geographically distributed resources as they pursue common goals, assuming the absence of central location, omniscience and an existing trust relationship. This paper is a survey more specific to the different security issues that has emanated due to the nature of the service delivery models of a cloud computing system.

[1]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[2]  Roberto Di Pietro,et al.  Secure virtualization for cloud computing , 2011, J. Netw. Comput. Appl..

[3]  Simson L. Garfinkel,et al.  An Evaluation of Amazon's Grid Computing Services: EC2, S3, and SQS , 2007 .

[4]  Keqiu Li,et al.  Advanced topics on cloud computing , 2011, Journal of computer and system sciences (Print).

[5]  Nils Gruschka,et al.  The Impact of Flooding Attacks on Network-based Services , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[6]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[7]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[8]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[9]  Helmut Krcmar,et al.  Towards a Generic Value Network for Cloud Computing , 2010, GECON.

[10]  Bhavani M. Thuraisingham,et al.  R2D: Extracting Relational Structure from RDF Stores , 2009, 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology.

[11]  Hiroyuki Sato,et al.  A Cloud Trust Model in a Security Aware Cloud , 2010, 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet.

[12]  Nils Gruschka,et al.  Vulnerable Cloud: SOAP Message Security Validation Revisited , 2009, 2009 IEEE International Conference on Web Services.

[13]  Tibor Jager,et al.  A Browser-Based Kerberos Authentication Scheme , 2008, ESORICS.

[14]  Jörg Schwenk,et al.  The Accountability Problem of Flooding Attacks in Service-Oriented Architectures , 2009, 2009 International Conference on Availability, Reliability and Security.

[15]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[16]  E. Chang,et al.  Human system interaction with confident computing. The mega trend , 2008, 2008 Conference on Human System Interactions.

[17]  Gail-Joon Ahn,et al.  Role-based privilege and trust management , 2005, Comput. Syst. Sci. Eng..

[18]  Neal Leavitt,et al.  Anonymization Technology Takes a High Profile , 2009, Computer.

[19]  Valeria Vittorini,et al.  A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures , 2007, J. Comput. Secur..

[20]  Bhavani M. Thuraisingham,et al.  Security Issues for Cloud Computing , 2010, Int. J. Inf. Secur. Priv..

[21]  H. Nissenbaum Can Trust be Secured Online? A theoretical perspective , 1999 .

[22]  Cyril Onwubiko,et al.  Security Issues to Cloud Computing , 2010, Cloud Computing.

[23]  Siani Pearson,et al.  Persistent and Dynamic Trust: Analysis and the Related Impact of Trusted Platforms , 2005, iTrust.

[24]  Cong Wang,et al.  Toward Secure and Dependable Storage Services in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[25]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[26]  D. Collard,et al.  Trust : making and breaking cooperative relations , 1989 .

[27]  Yan Wang,et al.  Reputation-Oriented Trustworthy Computing in E-Commerce Environments , 2008, IEEE Internet Computing.

[28]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[29]  A. Baier Trust and Antitrust , 1986, Ethics.

[30]  Colin Camerer,et al.  Not So Different After All: A Cross-Discipline View Of Trust , 1998 .

[31]  Nils Gruschka,et al.  A survey of attacks on web services , 2009, Computer Science - Research and Development.

[32]  Jörg Schwenk,et al.  Analysis of Signature Wrapping Attacks and Countermeasures , 2009, 2009 IEEE International Conference on Web Services.

[33]  Supriya Singh,et al.  Young Australians' privacy, security and trust in internet banking , 2009, OZCHI.

[34]  Morton Pincus,et al.  Market Reaction to Events Surrounding the Sarbanes-Oxley Act of 2002 and Earnings Management , 2006 .

[35]  Frank Leymann,et al.  Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[36]  Dai Yuefa Data Security Model for Cloud Computing , 2009 .

[37]  S. Chittayasothorn,et al.  A Transformation from RDF Documents and Schemas to Relational Databases , 2007, 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[38]  Niels Provos,et al.  Cybercrime 2.0: when the cloud turns dark , 2009, CACM.

[39]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[40]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[41]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[42]  Jörg Schwenk,et al.  Risks of the CardSpace Protocol , 2009, ISC.

[43]  ReedBenjamin,et al.  Building a high-level dataflow system on top of Map-Reduce , 2009, VLDB 2009.

[44]  Lori M. Kaufman,et al.  Data Security in the World of Cloud Computing , 2009, IEEE Security & Privacy.

[45]  Kevin D. Seppi,et al.  MRPSO: MapReduce particle swarm optimization , 2007, GECCO '07.

[46]  Elisa Bertino,et al.  Selective and authentic third-party distribution of XML documents , 2004, IEEE Transactions on Knowledge and Data Engineering.

[47]  Challa Narasimham,et al.  Data security in cloud using RSA , 2013, 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[48]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[49]  Bart Nooteboom,et al.  Social capital, institutions and trust , 2006 .

[50]  Bart Kosko,et al.  Fuzzy Cognitive Maps , 1986, Int. J. Man Mach. Stud..

[51]  Gail-Joon Ahn,et al.  SecureCloud: Towards a Comprehensive Security Framework for Cloud Computing Environments , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[52]  Neal Leavitt,et al.  Is Cloud Computing Really Ready for Prime Time? , 2009, Computer.

[53]  Kevin W. Hamlen,et al.  Aspect-oriented in-lined reference monitors , 2008, PLAS '08.

[54]  Harit Shah,et al.  Security Issues on Cloud Computing , 2013, ArXiv.

[55]  Nitesh V. Chawla,et al.  Scaling up Classifiers to Cloud Computers , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[56]  Hai Jin,et al.  Building dynamic and transparent integrity measurement and protection for virtualized platform in cloud computing , 2010 .

[57]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[58]  Paul A. Karger Securing virtual machine monitors: what is needed? , 2009, ASIACCS '09.

[59]  Levent Ertaul,et al.  Security Challenges in Cloud Computing , 2010, Security and Management.

[60]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[61]  Thomas Groß,et al.  Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[62]  Christopher Olston,et al.  Building a HighLevel Dataflow System on top of MapReduce: The Pig Experience , 2009, Proc. VLDB Endow..

[63]  Trung Dong Huynh,et al.  A personalized framework for trust assessment , 2009, SAC '09.

[64]  V. K. Agrawal,et al.  Multi-level authentication technique for accessing cloud services , 2012, 2012 International Conference on Computing, Communication and Applications.

[65]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[66]  Tom Scavo,et al.  SAML V2.0 Holder-of-Key Web Browser SSO Profile Version 1.0 , 2009 .

[67]  B. Jaya Chandrared,et al.  Cloud Zones: Security and Privacy Issues in Cloud Computing , 2012 .

[68]  Balachandra Reddy Kandukuri,et al.  Cloud Security Issues , 2009, 2009 IEEE International Conference on Services Computing.

[69]  Shigeru Okuma,et al.  A study on reconfigurable computing system for cryptography , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[70]  Sugata Sanyal,et al.  A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security , 2011, ArXiv.

[71]  Valentina Casola,et al.  Identity federation in cloud computing , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[72]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[73]  Kanika Lakhani,et al.  Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing , 2010, 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010).

[74]  Joy Bhattacharjee,et al.  A Survey on Cloud Computing Security, Challenges and Threats , 2011 .

[75]  Bhavani Shankar,et al.  Study of security issues in cloud computing , 2011 .

[76]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[77]  M. Sasikumar,et al.  Security Issues in Cloud Computing: A survey , 2012 .

[78]  Daniel Osterwalder,et al.  Trust Through Evaluation and Certification? , 2001 .

[79]  Raph Levien,et al.  Attack-Resistant Trust Metrics , 2009, Computing with Social Trust.

[80]  Georg Lausen,et al.  Spreading activation models for trust propagation , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[81]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[82]  S Ramgovind,et al.  The management of security in Cloud computing , 2010, 2010 Information Security for South Africa.

[83]  Paul T. Jaeger,et al.  Public Libraries, Values, Trust, and E-Government , 2007 .

[84]  M.R. Tribhuwan,et al.  Ensuring Data Storage Security in Cloud Computing through Two-Way Handshake Based on Token Management , 2010, 2010 International Conference on Advances in Recent Technologies in Communication and Computing.

[85]  Michael Hall,et al.  Security and Control in the Cloud , 2010, Inf. Secur. J. A Glob. Perspect..

[86]  Syed M. Rahman,et al.  An Overview of the Security Concerns in Enterprise Cloud Computing , 2011, ArXiv.

[87]  Scott Moore,et al.  ActionScript bytecode verification with co-logic programming , 2009, PLAS '09.

[88]  S. Sitkin,et al.  Explaining the Limited Effectiveness of Legalistic “Remedies” for Trust/Distrust , 1993 .

[89]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[90]  Anna E. Shimanek Do You Want Milk with Those Cookies? Complying with the Safe Harbor Privacy Principles , 2001 .

[91]  Samuel J. Best,et al.  The Effect of Risk Perceptions on Online Political Participatory Decisions , 2008 .

[92]  Kevin W. Hamlen,et al.  Enforcing IRM security policies: Two case studies , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.