Cloud security: a gathering storm

Users' trust in cloud systems is undermined by the lack of transparency in existing security policies.

[1]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[2]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[3]  Alec Wolman,et al.  Delusional boot: securing hypervisors without massive re-engineering , 2012, EuroSys '12.

[4]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[5]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[6]  David Lie,et al.  Auditing cloud management using information flow tracking , 2012, STC '12.

[7]  Udo Steinberg,et al.  NOVA: a microhypervisor-based secure virtualization architecture , 2010, EuroSys '10.

[8]  Jun Zhu,et al.  Breaking up is hard to do: security and functionality in a commodity hypervisor , 2011, SOSP.

[9]  Felix C. Freiling,et al.  Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms , 2009, USENIX Security Symposium.

[10]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[12]  Abhinav Srivastava,et al.  Self-service cloud computing , 2012, CCS '12.

[13]  Haibo Chen,et al.  CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization , 2011, SOSP.

[14]  Steven Hand,et al.  Improving Xen security through disaggregation , 2008, VEE '08.

[15]  Jane Watson A Stitch in Time Saves Nine. , 1991 .

[16]  Scott Devine,et al.  Disco: running commodity operating systems on scalable multiprocessors , 1997, TOCS.

[17]  Thomas Santen,et al.  Verifying the Microsoft Hyper-V Hypervisor with VCC , 2009, FM.

[18]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[19]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[20]  Eyal de Lara,et al.  The taser intrusion recovery system , 2005, SOSP '05.

[21]  Samuel Thibault,et al.  Improving performance by embedding HPC applications in lightweight Xen domains , 2008, HPCVirt '08.

[22]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[23]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[24]  Zhi Wang,et al.  Isolating commodity hosted hypervisors with HyperLock , 2012, EuroSys '12.