A survey on security issues in service delivery models of cloud computing

Amazon. Amazon Elastic Compute Cloud (EC2), 2010 〈http://www.amazon.com/ec2/〉 [accessed: 10 December 2009].

Attanasio CR. Virtual machines and data security. In: Proceedings of the workshop on virtual computer systems. New York, NY, USA: ACM; 1973. p. 206–9.

Auger R. SQL Injection, 2009 〈http://projects.webappsec.org/SQL-Injection〉 [accessed on: 15 February 2010].

Basta, 2007, Computer security and penetration testing, Delmar Cengage Learning

Bernard Golden. Defining private clouds, 2009 〈http://www.cio.com/article/ 492695/Defining_Private_Clouds_Part_One〉 [accessed on: 11 January 2010].

Berre AJ, Roman D, Landre E, Heuvel WVD, Skar LA, Udnaes M, et al. Towards best practices in designing for the cloud. In: Proceedings of the 24th ACM SIGPLAN conference companion on object oriented programming systems languages and applications, Orlando, Florida, USA, 2009, p. 697–8.

Blaze, 1999

BNA. Privacy & security law report, 8 PVLR 10, 03/09/2009. Copyright 2009 by The Bureau of National Affairs, Inc. (800-372-1033), 2009 〈http://www.bna.com〉 [accessed on: 2 November 2009].

Boss G, Malladi P, Quan D, Legregni L, Hall H. Cloud computing, 2009, p. 4 〈http://www.ibm.com/developerswork/websphere/zones/ hipods/library.html〉 [accessed on: 18 October 2009].

Bowers KD, Juels A, Oprea A. HAIL: a high-availability and integrity layer for cloud storage, Cryptology ePrint Archive, Report 2008/489, 2008 〈http://eprint.iacr.org/〉 [accessed on: 18 October 2009].

Choudhary V. Software as a service: implications for investment in software development. In: International conference on system sciences, 2007, p. 209.

Clavister. Security in the cloud, Clavister White Paper 〈http://www.it-wire.nu/members/cla69/attachments/CLA_WP_SECURITY_IN_THE_CLOUD.pdf〉 [accessed on: 21 October 2009].

Cloud Security Alliance. Guidance for identity & access management V2.1, 2010a 〈http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf〉 [accessed on: 9 May 2010].

Cloud Security Alliance. Security best practices for cloud computing, 2010b 〈http://www.cloudsecurityalliance.org〉 [accessed on: 10 April 2010].

Cooper R. Verizon Business Data Breach security blog, 2008 〈http://securityblog.verizonbusiness.com/2008/06/10/2008-data-breach-investigations-report/〉 [accessed on: 11 February 2010].

Descher M, Masser P, Feilhauer T, Tjoa AM, Huemer D. Retaining data control to the client in infrastructure clouds. In: International conference on availability, reliability and security, ARES ’09, 2009, p. 9–16.

Gajek S, Liao L, Schwenk J. Breaking and fixing the inline approach. In: SWS ’07, Proceedings of the ACM workshop on secure web services. New York, NY, USA: ACM; 2007. p. 37–43.

Hayes, 2008, Cloud computing, Commun ACM, 9, 10.1145/1364782.1364786

Heiser J. What you need to know about cloud computing security and compliance, Gartner, Research, ID Number: G00168345, 2009.

Kandukuri BR, Paturi VR, Rakshit A. Cloud security issues. In: IEEE international conference on services computing, 2009, p. 517–20.

Kaufman, 2009, Data security in the world of cloud computing, security and privacy, IEEE, 7, 61

Kormann, 2000, Risks of the passport single signon protocol, Comput Networks, 33, 51, 10.1016/S1389-1286(00)00048-7

Krugel C, Toth T, Kirda E. Service specific anomaly detection for network intrusion detection. In: Proceedings of the 2002 ACM symposium on applied computing, 2002, p. 201–8.

Lo H, Wang R, Garbani J-P, Daley E, Iqbal R, Green C, Forrester report. The State of Enterprise Software: 2009.

Microsoft White Paper. MS Strategy for Lightweight Directory Access Protocol, 2010 〈http://technet.microsoft.com/en-us/library/cc750824.aspx〉 [accessed on: 2 February 2010].

Milne J. Private cloud projects dwarf public initiatives, 2010 〈http://www.cbronline.com/news/private_cloud_projects_dwarf_public_initiatives_281009〉 [accessed: 19 June 2010].

Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L et al. The Eucalyptus Open-Source Cloud-Computing System. In: Proceedings of the 2009 ninth IEEE/ACM international symposium on cluster computing and the grid, 2009, p. 124–31.

Open Grid Forum, 2010 〈http://www.ogf.org/〉 [accessed on: 20 May 2010].

Oracle. Wiring through an Enterprise Service Bus, 2009 〈http://www.oracle.com/technology/tech/soa/mastering-soa-series/part2.html〉 [accessed on: 19 February 2010].

OWASP, 2010 〈http://owasptop10.googlecode.com/files/OWASP%20Top%20 10%20-%202010.pdf〉 [accessed: 19 June 2010].

PCI DSS. Requirements and Security Assessment Procedures, 2009 〈https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf〉 [accessed on: 24 January 2010].

Raj H, Nathuji R, Singh A, England P. Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM workshop on cloud computing security, Chicago, Illinois, USA, 2009, p. 77–84.

Ristenpart T, Tromer E, Shacham H, Savage S. Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, Cambridge, US (2009). Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the CCS 2009, ACM Press, 2009, p. 270–4.

Saraswat Vijay. Report on the Programming Language X10, x10-lang.org, 2010 〈http://dist.codehaus.org/x10/documentation/languagespec/x10-latest.pdf〉 [accessed on: 17 June 2010].

Seccombe A, Hutton A, Meisel A, Windel A, Mohammed A, Licciardi A, et al. Security guidance for critical areas of focus in cloud computing, v2.1. CloudSecurityAlliance, 2009, 25 p.

Softlayer. Service Level Agreement and Master Service Agreement, 2009 〈http://www.softlayer.com/sla.html〉 [accessed on: 11 December 2009]

Stanojevi, 2008, Fully decentralized emulation of best-effort and processor sharing queues

Tsai W, Jin Z, Bai X. Internetware computing: issues and perspective. In: Proceedings of the first Asia-Pacific symposium on Internetware. Beijing, China: ACM; 2009. p. 1–10.

Vaquero, 2009, A break in the clouds: towards a cloud definition, 50

Viega, 2009, Cloud computing and the common man, Computer, 42, 106, 10.1109/MC.2009.252

Wade HB, David Hylender C, Andrew Valentine J. Verizon Business 2008 data breach investigation report, 2008 〈http://www.verizonbusiness.com/resources/security/databreachreport.pdf〉 [accessed on: 19 February 2010].

Wang C, Wang Q, Ren K. Ensuring data storage security in cloud computing, Cryptology ePrint Archive, Report, 2009 〈http://eprint.iacr.org/〉 [accessed: 18 October 2009].

Weiss A. Computing in the clouds. In: ACM networker, December 2007, 2007, p. 16–25

Whyman, 2008

Zalewski M. Browser security handbook, 2009 〈http://code.google.com/p/browsersec/〉 [accessed on: 19 February 2010].