Security issues in cloud environments: a survey
Tóm tắt
Từ khóa
Tài liệu tham khảo
57un Blog: A BIG Password Cracking Wordlist. https://57un.wordpress.com/2013/03/09/a-big-password-cracking-wordlist/ . Accessed May 2013 (2013)
Aguiar, E., Zhang, Y., Blanton, M.: An Overview of Issues and Recent Developments in Cloud Computing and Storage Security, pp. 1–31. Springer, Berlin (2013)
Ahuja, S.P., Komathukattil, D.: A survey of the state of cloud security. Netw. Commun. Technol. 1(2), 66–75 (2012). doi: 10.5539/nct.v1n2p66
Aihkisalo, T., Paaso, T.: Latencies of service invocation and processing of the REST and SOAP web service interfaces. In: IEEE 8th World Congress on Services (SERVICES), pp. 100–107. Honolulu, HI, USA (2012). doi: 10.1109/SERVICES.2012.55
Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N., Zhan, Y.: Investigation of IT security and compliance challenges in security-as-a-service for cloud computing. In: 15th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), pp. 124–129. Shenzhen, Guangdong, China (2012). doi: 10.1109/ISORCW.2012.31
Alert Logic: State of Cloud Security Report: Targeted Attacks and Opportunistic Hacks. http://www.alertlogic.com/resources/security-intelligence-newsletter/download-cloud-security-report-spring2013/ (2013). Accessed Apr. 2013
AlFardan, N., Bernstein, D., Paterson, K., Poettering, B., Schuldt, J.: On the Security of RC4 in TLS. http://www.isg.rhul.ac.uk/tls/index.html (2013). Accessed Apr. 2013
AlienVault: OSSIM Website. https://aws.amazon.com/marketplace/pp/B00BIUQRGC/ (2013). Accessed May 2013
Amazon: Amazon Web Services: Overview of Security Processes. http://s3.amazonaws.com/aws_blog/AWS_Security_Whitepaper_2008_09.pdf (2011). White Paper. Accessed Sept. 2012
Amazon: Amazon Elastic Compute Cloud (Amazon EC2). https://aws.amazon.com/ec2/ (2012). Accessed Apr. 2013
Amazon: Amazon Virtual Private Cloud (Amazon VPC). http://aws.amazon.com/vpc/ (2012). Accessed Sept. 2012
Amazon Web Services Discussion Forums: Low Entropy on EC2 Instances— Problem for Anything Related to Security. https://forums.aws.amazon.com/thread.jspa?messageID=249079 (2011). Accessed Apr. 2013
Amoroso, E.: From the enterprise perimeter to a mobility-enabled secure cloud. IEEE Secur. Priv. 11(1), 23–31 (2013). doi: 10.1109/MSP.2013.8
Anstee, D.: Q1 Key Findings from ATLAS. http://www.arbornetworks.com/corporate/blog/4855-q1-key-findings-from-atlas (2013). Accessed Apr. 2013
Apache: CloudStack Website. https://cloudstack.apache.org/ (2013). Accessed May 2013
Apprenda: Apprenda Website. http://apprenda.com (2013). Accessed Apr. 2013
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010). doi: 10.1145/1721654.1721672
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R.H., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28. Electrical Engineering and Computer Sciences University of California (2009)
Ateniese, G., Di Pietro, R., Mancini, L.V., Tsudik, G.: Scalable and efficient provable data possession. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 9:1–9:10. ACM, New York, NY, USA (2008)
Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating timing channels in compute clouds. In: Proceedings of the ACM Workshop on Cloud computing, Security, pp. 103–108 (2010). doi: 10.1145/1866835.1866854
Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. SIGOPS Oper. Syst. Rev. 45(2), 38–53 (2011). doi: 10.1145/2007183.2007189
Back, G., Hsieh, W.C.: The KaffeOS Java runtime system. ACM Trans. Program. Lang. Syst. 27(4), 583–630 (2005). doi: 10.1145/1075382.1075383
Backstrom, L., Dwork, C., Kleinberg, J.: Wherefore art thou R3579X?: anonymized social networks, hidden patterns, and structural steganography. In: Proceedings of the 16th International Conference on World Wide Web, pp. 181–190. ACM, New York, NY, USA (2007). doi: 10.1145/1242572.1242598
Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., Xu, D.: DKSM: subverting virtual machine introspection for fun and profit. In: 29th IEEE Symposium on Reliable Distributed Systems, pp. 82–91. IEEE Computer Society, Washington, DC, USA (2010). doi: 10.1109/SRDS.2010.39
Banerjee, P., Friedrich, R., Bash, C., Goldsack, P., Huberman, B., Manley, J., Patel, C., Ranganathan, P., Veitch, A.: Everything as a service: powering the new information economy. Computer 44(3), 36–43 (2011). doi: 10.1109/MC.2011.67
Basak, D., Toshniwal, R., Maskalik, S., Sequeira, A.: Virtualizing networking and security in the cloud. SIGOPS Oper. Syst. Rev. 44(4), 86–94 (2010). doi: 10.1145/1899928.1899939
Begum, S., Khan, M.: Potential of cloud computing architecture. In: International Conference on Information and Communication Technologies, pp. 1–5. IEEE (2011). doi: 10.1109/ICICT.2011.5983572
Behl, A.: Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation. In: World Congress on Information and Communication Technologies, pp. 217–222. IEEE (2011). doi: 10.1109/WICT.2011.6141247
Behl, A., Behl, K.: Security paradigms for cloud computing. In: 4th International Conference on Computational Intelligence, Communication Systems and Networks, pp. 200–205. IEEE (2012). doi: 10.1109/CICSyN.2012.45
Belqasmi, F., Singh, J., Glitho, R.: SOAP-based vs. RESTful web services: a case study for multimedia. IEEE Internet Comput. 16(4), 54–63 (2012). doi: 10.1109/MIC.2012.62
Bentounsi, M., Benbernou, S., Atallah, M.: Privacy-preserving business process outsourcing. In: IEEE 19th International Conference on Web Services, pp. 662–663. IEEE (2012). doi: 10.1109/ICWS.2012.34
Bernstein, D., Vij, D.: Intercloud security considerations. In: IEEE 2nd International Conference on Cloud Computing Technology and Science, pp. 537–544. IEEE Computer Society, Washington, DC, USA (2010)
Bin Mat Nor, F., Jalil, K., Manan, J.L.: An enhanced remote authentication scheme to mitigate man-in-the-browser attacks. In: International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 271–276. Kuala Lumpur, Malaysia (2012). doi: 10.1109/CyberSec.2012.6246086
Boampong, P.A., Wahsheh, L.A.: Different facets of security in the cloud. In: Proceedings of the 15th Communications and Networking Simulation Symposium, pp. 5:1–5:7. Society for Computer Simulation International, San Diego, CA, USA (2012)
Bowers, K.D., Juels, A., Oprea, A.: HAIL: a high-availability and integrity layer for cloud storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 187–198. ACM, New York, NY, USA (2009). doi: 10.1145/1653662.1653686
Box: Box Website. https://www.box.com/ (2013). Accessed Apr. 2013
Bradbury, D.: Shadows in the cloud: Chinese involvement in advanced persistent threats. Netw. Secur. 2010(5), 16–19 (2010). doi: 10.1016/S1353-4858(10)70058-1
Brito, H.: Pentagon Creating “Rules of Engagement” for Responding to Advanced Attackers. Mandiant M-Unition (2013)
Bugiel, S., Nürnberger, S., Pöppelmann, T., Sadeghi, A.R., Schneider, T.: AmazonIA: when elasticity snaps back. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 389–400. ACM, New York, NY, USA (2011). doi: 10.1145/2046707.2046753
Carriço, P.: Low entropy on VMs $$\ldots $$ … http://blog.pedrocarrico.net/post/17026199379/low-entropy-on-vms (2012). Accessed May 2013
Carroll, M., Kotzé, P., Van der Merwe, A. (2011). Secure virtualization—benefits, risks and controls. In: Leymann, F., Ivanov, I., van Sinderen, M., Shishkov, B. (eds.) CLOSER, pp. 15–23. SciTePress
Casale, A.: The Dangers of Recycling in the Cloud. TheMakegood (2013)
Chen, C.C., Yuan, L., Greenberg, A., Chuah, C.N., Mohapatra, P.: Routing-as-a-Service (RaaS): a framework for tenant-directed route control in data center. In: Proceedings of the 30th IEEE International Conference on Computer Communications (INFOCOM), pp. 1386–1394 (2011) doi: 10.1109/INFCOM.2011.5934924
Chen, D., Zhao, H.: Data security and privacy protection issues in cloud computing. In: International Conference on Computer Science and Electronics Engineering, vol. 1, pp. 647–651. IEEE (2012). doi: 10.1109/ICCSEE.2012.193
Chen, T.H., lien Yeh, H., Shih, W.K.: An advanced ECC dynamic ID-based remote mutual authentication scheme for cloud computing. In: 5th FTRA International Conference on Multimedia and Ubiquitous Engineering (MUE), pp. 155–159. Crete, Greece (2011). doi: 10.1109/MUE.2011.69
Chen, X., Andersen, J., Mao, Z., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: IEEE International Conference on Dependable Systems and Networks (DNS) With FCTS and DCC, pp. 177–186. Anchorage, AK, USA (2008). doi: 10.1109/DSN.2008.4630086
Chen, Y., Paxson, V., Katz, R.H.: What’s New About Cloud Computing Security? Technical Report UCB/EECS-2010-5. EECS Department, University of California, Berkeley (2010). http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html
Chonka, A., Xiang, Y., Zhou, W., Bonti, A.: Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J. Netw. Comput. Appli. 34(4), 1097–1107 (2011). doi: 10.1016/j.jnca.2010.06.004
Choudhary, V.: Software as a service: implications for investment in software development. In: 40th Annual Hawaii International Conference on System Sciences, p. 209a. IEEE Computer Society, Washington, DC, USA (2007). doi: 10.1109/HICSS.2007.493
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 85–90. ACM, New York, NY, USA (2009). doi: 10.1145/1655008.1655020
Christodorescu, M., Sailer, R., Schales, D.L., Sgandurra, D., Zamboni, D.: Cloud security is not (just) virtualization security: a short paper. In: Proceedings of the ACM Workshop on Cloud Computing Security (CCSW), pp. 97–102. ACM, Chicago, IL, USA (2009). doi: 10.1145/1655008.1655022
Chung, H., Park, J., Lee, S., Kang, C.: Digital forensic investigation of cloud storage services. Digit. Investig. (2012). doi: 10.1016/j.diin.2012.05.015 . Available online on 23 Jun. 2012
Cisco: Cisco Data Center Infrastructure 2.5 Design Guide. http://www.cisco.com/univercd/cc/td/doc/solution/dcidg21.pdf (2007). Accessed Oct. 2012
Cisco: Data Center Power and Cooling. http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/white_paper_c11-680202.pdf (2011). White Paper. Accessed Sept. 2012
Cisco: Cisco Global Cloud Index: Forecast and Methodology, 2011–2016. http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns1175/Cloud_Index_White_Paper.pdf (2012). White Paper. Accessed Apr. 2013
Cisco: 2013 Cisco Annual Security Report. http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html (2013). Accessed Apr. 2013
Cisco: Cisco Cloud Services Router 1000V Series. http://www.cisco.com/en/US/products/ps12559/index.html (2013). Accessed Jul. 2013
Citrix: Citrix Website. https://www.citrix.com/products.html?ntref=hp_nav_us (2013). Accessed Jun. 2013
CloudBees: CloudBees Website. http://www.cloudbees.com/ (2013). Accessed Apr. 2013
Corbató, F.J., Vyssotsky, V.A.: Introduction and overview of the Multics system. In: Proceedings of the Fall Joint Computer Conference, pp. 185–196. ACM, New York, NY, USA (1965)
Coronado, C.: Blackhole Exploit Kit Leverages Margaret Thatcher’s Death. Trend Micro (2013)
CSA: Top Threats to Cloud Computing. https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf (2010). Accessed Sept. 2012
CSA: Security Guidance for Critical Areas of Focus in Cloud Computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (2011). Accessed Sept. 2012
CSA: The Notorious Nine Cloud Computing Top Threats in 2013. https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf (2013). Accessed Jul. 2013
Cuckoo Website: Cuckoo. http://www.cuckoosandbox.org/ (2013). Accessed Apr. 2013
Curran, K., Dougan, T.: Man in the browser attacks. Int. J. Ambient Comput. Intell. 4(1), 29–39 (2012). doi: 10.4018/jaci.2012010103
Czajkowski, G., Daynàs, L.: Multitasking without compromise: a virtual machine evolution. ACM SIGPLAN Not. 47(4a), 60–73 (2012). doi: 10.1145/2442776.2442785
Dacosta, I., Chakradeo, S., Ahamad, M., Traynor, P.: One-time cookies: preventing session hijacking attacks with stateless authentication tokens. ACM Trans. Internet Technol. 12(1), 1:1–1:24 (2012). doi: 10.1145/2220352.2220353
Dahbur, K., Mohammad, B., Tarakji, A.B.: A survey of risks, threats and vulnerabilities in cloud computing. In: Proceedings of the International Conference on Intelligent Semantic Web-Services and Applications, pp. 12:1–12:6. ACM, New York, NY, USA (2011)
Darrow, B., Higginbothamm, S.: What We’ll See in 2013 in Cloud Computing. GigaOM (2012)
de Borja, F.: Nebula One Seeks To Reinvent Cloud Computing. CloudTimes (2013)
Dhage, S.N., Meshram, B.B., Rawat, R., Padawe, S., Paingaokar, M., Misra, A.: Intrusion detection system in cloud computing environment. In: Proceedings of the International Conference & Workshop on Emerging Trends in Technology, pp. 235–239. ACM, New York, NY, USA (2011). doi: 10.1145/1980022.1980076
Dinesha, H., Agrawal, V.: Multi-level authentication technique for accessing cloud services. In: International Conference on Computing, Communication and Applications, pp. 1–4. IEEE (2012). doi: 10.1109/ICCCA.2012.6179130
Ding, X., Zhang, L., Wan, Z., Gu, M.: De-anonymizing dynamic social networks. In: IEEE Global Telecommunications Conference, pp. 1–6. IEEE (2011). doi: 10.1109/GLOCOM.2011.6133607
Doel, K.: Scary Logins: Worst Passwords of 2012 and How to Fix Them. SplashData (2012)
Dong, T.: Android. Dropdialer. https://www.symantec.com/security_response/writeup.jsp?docid=2012-070909--0726-99 (2012). Accessed Apr. 2013
Doroodchi, M., Iranmehr, A., Pouriyeh, S.: An investigation on integrating XML-based security into Web services. In: 5th IEEE GCC Conference Exhibition, pp. 1–5. IEEE (2009)
Ducklin, P.: HElib. SOPHOS Nakedsecurity (2013)
Duncan, A., Creese, S., Goldsmith, M.: Insider attacks in cloud computing. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 857–862. IEEE Computer Society, Washington, DC, USA (2012). doi: 10.1109/TrustCom.2012.188
Dykstra, J., Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit. Investig. 9, Supplement(0), S90–S98 (2012). doi: 10.1016/j.diin.2012.05.001
Electronic Frontier Foundation: HTTPS Everywhere Website. https://www.eff.org/https-everywhere (2013). Accessed Apr. 2013
ENISA: Cloud Computing: Benefits, Risks and Recommendations for Infomarion Security. http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessment (2009). Accessed Sept. 2012
Firdhous, M., Ghazali, O., Hassan, S.: A trust computing mechanism for cloud computing with multilevel thresholding. In: 6th IEEE International Conference on Industrial and Information Systems, pp. 457–461. IEEE (2011). doi: 10.1109/ICIINFS.2011.6038113
FireEye: FireEye Advanced Threat Report—2H 2012. http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2h2012.pdf (2013). Accessed Apr. 2013
Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, pp. 1–10. IEEE (2008). doi: 10.1109/GCE.2008.4738445
Garfinkel, T., Rosenblum, M.: When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proceedings of the 10th Conference on Hot Topics in Operating Systems, vol. 10, pp. 20–20. USENIX Association, Berkeley, CA, USA (2005)
Gartner: Assessing the Security Risks of Cloud Computing. http://cloud.ctrls.in/files/assessing-the-security-risks.pdf (2008). White Paper. Accessed Sept. 2012
Gens, F.: IT Cloud Services User Survey, pt.2: Top Benefits & Challenges. IDC (2008)
Gens, F.: New IDC IT Cloud Services Survey: Top Benefits and Challenges. IDC (2009)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC), STOC ’09, pp. 169–178. ACM, Bethesda, MD, USA (2009). doi: 10.1145/1536414.1536440
Geoffray, N., Thomas, G., Muller, G., Parrend, P., Frenot, S., Folliot, B.: I-JVM: a Java virtual machine for component isolation in OSGi. In: IEEE/IFIP Int. Conf. on Dependable Systems Networks (DSN), pp. 544–553. Estoril, Lisbon, Portugal (2009). doi: 10.1109/DSN.2009.5270296
Gomathisankaran, M., Tyagi, A., Namuduri, K.: HORNS: a homomorphic encryption scheme for cloud computing using Residue number system. In: 45th Annual Conference on Information Sciences and Systems (CISS), pp. 1–5. Baltimore, MD, USA (2011). doi: 10.1109/CISS.2011.5766176
Gong, C., Liu, J., Zhang, Q., Chen, H., Gong, Z.: The characteristics of cloud computing. In: 39th International Conference on Parallel Processing Workshop, pp. 275–279. IEEE Computer Society, Washington, DC, USA (2010). doi: 10.1109/ICPPW.2010.45
Gonzalez, N., Miers, C., Redigolo, F., Carvalho, T., Simplicio, M., Naslund, M., Pourzandi, M.: A quantitative analysis of current security concerns and solutions for cloud computing. In: IEEE 3rd International Conference on Cloud Computing Technology and Science, pp. 231–238. IEEE Computer Society, Washington, DC, USA (2011).
Goodin, D.: Why Passwords have Never been Weaker—and Crackers have Never been Stronger. Ars Technica (2012)
Goodrich, R.: What Is Doxing? TechNewsDaily (2013)
Google: Google App Engine. https://developers.google.com/appengine/ (2013). Accessed Apr. 2013
Grispos, G., Glisson, W.B., Storer, T.: Using smartphones as a proxy for forensic evidence contained in cloud storage services. In: 46th Hawaii International Conference on System Sciences (HICSS), pp. 4910–4919. Maui, HI, USA (2013). doi: 10.1109/HICSS.2013.592
Grobauer, B., Walloschek, T., Stocker, E.: Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9(2), 50–57 (2011). doi: 10.1109/MSP.2010.115
Grosse, E., Upadhyay, M.: Authentication at scale. IEEE Secur. Priv. 11(1), 15–22 (2013). doi: 10.1109/MSP.2012.162
Gruschka, N., Iacono, L.: Vulnerable cloud: SOAP message security validation revisited. In: IEEE International Conference on Web Services, pp. 625–631. IEEE Computer Society, Washington, DC, USA (2009). doi: 10.1109/ICWS.2009.70
Gul, I., Rehman, A., Islam, M.: Cloud computing security auditing. In: The 2nd International Conference on Next Generation Information Technology, pp. 143–148. IEEE (2011)
Habib, S., Ries, S., Muhlhauser, M.: Towards a trust management system for cloud computing. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 933–939. IEEE Computer Society, Washington, DC, USA (2011). doi: 10.1109/TrustCom.2011.129
Hale, C.: bcrypt. http://codahale.com/how-to-safely-store-a-password/ (2010). Accessed May 2013
Hamada, J.: Japanese One-Click Fraud Campaign Comes to Google Play. Symantec Blog (2013)
Hart, J.: Remote working: managing the balancing act between network access and data security. Comput. Fraud Secur. 2009(11), 14–17 (2009). doi: 10.1016/S1361-3723(09)70141-1
Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Minding your Ps and Qs: detection of widespread weak keys in network devices. In: Proceedings of the 21st USENIX Security Symposium, pp. 205–220. USENIX, Bellevue, WA, USA (2012). doi: 10.1109/ICCIAutom.2011.6183990
Hodges, J., Jackson, C., Barth, A.: HTTP Strict Transport Security (HSTS). RFC 6797 (Proposed Standard) (2012). https://www.ietf.org/rfc/rfc6797.txt
HP: HP 2012 Cyber Risk Report. http://www.hpenterprisesecurity.com/collateral/whitepaper/HP2012CyberRiskReport_0213.pdf (2013). Accessed Apr. 2013
HP: HP ArcSight. http://www8.hp.com/us/en/software-solutions/software.html?compURI=1340477 (2013). Accessed Apr. 2013
Hua, J., Sakurai, K.: Barrier: a lightweight hypervisor for protecting kernel integrity via memory isolation. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC), pp. 1470–1477. ACM, Trento, Italy (2012). doi: 10.1145/2231936.2232011
Hunt, T.: 5 Ways to Implement HTTPS in an Insufficient Manner (and leak sensitive data). http://www.troyhunt.com/2013/04/5-ways-to-implement-https-in.html (2013). Accessed Apr. 2013
Idziorek, J., Tannian, M.: Exploiting cloud utility models for profit and ruin. In: IEEE International Conference on Cloud Computing, pp. 33–40. IEEE Computer Society, Washington, DC, USA (2011)
Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 61–72. ACM, New York, NY, USA (2011). doi: 10.1145/2046660.2046676
Infosecurity: Recycled phones retain their previous owners’ data. Infosecurity Magazine (2013)
Intel: Intel Digital Random Number Generator (DRNG): Software Implementation Guide. http://software.intel.com/sites/default/files/m/d/4/1/d/8/441_Intel_R_DRNG_Software_Implementation_Guide_final_Aug7.pdf (2012). Accessed May 2013
Jackson, C.: 8 Cloud Security Concepts You Should Know. Network World (2010)
Jackson, C., Barth, A.: ForceHTTPS: protecting high-security web sites from network attacks. In: Proceedings of the 17th International Conference on World Wide Web (WWW), pp. 525–534. ACM, Beijing, China (2008). doi: 10.1145/1367497.1367569
Jasti, A., Shah, P., Nagaraj, R., Pendse, R.: Security in multi-tenancy cloud. In: IEEE International Carnahan Conference on Security Technology, pp. 35–41. IEEE (2010). doi: 10.1109/CCST.2010.5678682
Jenkins, Q.: Spamhaus: DDoS Update—March 2013. Spamhaus (2013)
Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on web services. Comput. Sci. Res. Dev. 24, 185–197 (2009). doi: 10.1007/s00450-009-0092-6
Jensen, M., Gruschka, N., Luttenberger, N.: The impact of flooding attacks on network-based services. In: 3rd International Conference on Availability, Reliability and Security, pp. 509–513. IEEE Computer Society, Washington, DC, USA (2008)
Jensen, M., Meyer, C.: Expressiveness considerations of XML signatures. In: IEEE 35th Annual Computer Software and Applications Conf. Workshop, pp. 392–397. IEEE Computer Society, Washington, DC, USA (2011)
Jensen, M., Schäge, S., Schwenk, J.: Towards an anonymous access control and accountability scheme for cloud computing. In: IEEE 3rd International Conference on Cloud Computing, pp. 540–541. IEEE Computer Society, Washington, DC, USA (2010). doi: 10.1109/CLOUD.2010.61
Jensen, M., Schwenk, J.: The accountability problem of flooding attacks in service-oriented architectures. In: International Conference on Availability, Reliability and Security, pp. 25–32. IEEE (2009)
Jensen, M., Schwenk, J., Gruschka, N., Iacono, L.: On Technical security issues in cloud computing. In: IEEE International Conference on Cloud Computing, pp. 109–116. IEEE Computer Society, Washington, DC, USA (2009). doi: 10.1109/CLOUD.2009.60
Jin, B., Wang, Y., Liu, Z., Xue, J.: A trust model based on cloud model and Bayesian networks. Procedia Environ. Sci. 11, Part A, 452–459 (2011). doi: 10.1016/j.proenv.2011.12.072
Kandukuri, B., Paturi, V., Rakshit, A.: Cloud security issues. In: IEEE International Conference on Services Computing, pp. 517–520. IEEE (2009). doi: 10.1109/SCC.2009.84
Kant, K.: Data center evolution: a tutorial on state of the art, issues, and challenges. Comput. Netw. 53(17), 2939–2965 (2009). doi: 10.1016/j.comnet.2009.10.004
Katsuki, T.: Crisis for Windows Sneaks onto Virtual Machines. Symantec Blog (2012)
Kerrigan, B., Chen, Y.: A study of entropy sources in cloud computers: random number generation on cloud hosts. In: Proceedings of the 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security (MMM-ACNS), pp. 286–298. Springer, St. Petersburg, Russia (2012). doi: 10.1007/978-3-642-33704-8_24
Khan, K., Malluhi, Q.: Establishing trust in cloud computing. IT Prof. 12(5), 20–27 (2010). doi: 10.1109/MITP.2010.128
Khorshed, M.T., Ali, A.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28(6), 833–851 (2012). doi: 10.1016/j.future.2012.01.006
King, C.I.: Intel Rdrand Instruction Revisited. http://smackerelofopinion.blogspot.co.uk/2012/10/intel-rdrand-instruction-revisited.html (2012). Accessed May 2013
King, S., Chen, P.: SubVirt: implementing malware with virtual machines. In: IEEE Symposium on Security and Privacy, pp. 14 pp.-327. IEEE Computer Society, Washington, DC, USA (2006). doi: 10.1109/SP.2006.38
Kirkland, D.: Entropy (or rather the lack thereof) in OpenStack instances... and how to improve that. http://www.openstack.org/summit/san-diego-2012/openstack-summit-sessions/presentation/entropy-or-lack-thereof-in-openstack-instances (2012). Accessed May 2013
Kufel, L.: Security event monitoring in a distributed systems environment. IEEE Secur. Priv. 11(1), 36–43 (2013). doi: 10.1109/MSP.2012.61
Leder, F., Werner, T.: Know Your Enemy: Containing Conficker. http://www.honeynet.org/files/KYE-Conficker.pdf (2010). White Paper. Accessed May 2013
Leder, F., Werner, T.: Containing Conficker. http://net.cs.uni-bonn.de/wg/cs/applications/containing-conficker/ (2011). Accessed May 2013
Lee, J.H., Park, M.W., Eom, J.H., Chung, T.M.: Multi-level intrusion detection system and log management in cloud computing. In: 13th International Conference on Advanced Communication Technology, pp. 552–555. IEEE (2011)
Lemos, R.: Blue Security Folds Under Spammer’s Wrath. SecurityFocus (2013)
Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What’s inside the cloud? An architectural map of the cloud landscape. In: Proceedings of the ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 23–31. IEEE Computer Society, Washington, DC, USA (2009). doi: 10.1109/CLOUD.2009.5071529
Leopando, J.: World Backup Day: The 3–2–1 Rule. Trend Micro TrendLabs (2013)
Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102–109. Fajardo, PR, USA (2011). doi: 10.1109/MALWARE.2011.6112333
Li, H.C., Liang, P.H., Yang, J.M., Chen, S.J.: Analysis on cloud-based security vulnerability assessment. In: IEEE 7th International Conference on e-Business Engineering, pp. 490–494. IEEE (2010). doi: 10.1109/ICEBE.2010.77
Li, Q., Clark, G.: Mobile security: a look ahead. IEEE Secur. Priv. 11(1), 78–81 (2013). doi: 10.1109/MSP.2013.15
Li, X., Loh, P., Tan, F.: Mechanisms of polymorphic and metamorphic viruses. In: European Intelligence and Security Informatics Conference (EISIC), pp. 149–154. Berkeley/Oakland, CA, USA (2011). doi: 10.1109/EISIC.2011.77
Liu, F., Su, X., Liu, W., Shi, M.: The design and application of Xen-based host system firewall and its extension. In: International Conference on Electronic Computer Technology, pp. 392–395. Macau, China (2009). doi: 10.1109/ICECT.2009.83
Liu, H.: A new form of DoS attack in a cloud and its avoidance mechanism. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 65–76. ACM, New York, NY, USA (2010). doi: 10.1145/1866835.1866849
LivingSocial: LivingSocial Security Notice. https://livingsocial.com/createpassword (2013). Accessed May 2013
Luo, S., Lin, Z., Chen, X., Yang, Z., Chen, J.: Virtualization security for cloud computing service. In: International Conference on Cloud and Service Computing, pp. 174–179. IEEE Computer Society, Washington, DC, USA (2011)
Mandiant: APT1: Exposing One of China’s Cyber Espionage Units. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf (2013). Accessed Apr. 2013
Mansfield-Devine, S.: Danger in the clouds. Netw. Secur. 2008(12), 9–11 (2008). doi: 10.1016/S1353-4858(08)70140-5
Marlinspike, M.: New tricks for defeating SSL in practice. https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf (2009). Accessed Apr. 2013
Marlinspike, M.: sslstrip. http://www.thoughtcrime.org/software/sslstrip/ (2009). Accessed Apr. 2013
Martin, D.: Implementing effective controls in a mobile, agile, cloud-enabled enterprise. IEEE Secur. Priv. 11(1), 13–14 (2013). doi: 10.1109/MSP.2013.1
Mathisen, E.: Security challenges and solutions in cloud computing. In: Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies, pp. 208–212. IEEE (2011). doi: 10.1109/DEST.2011.5936627
McAfee: McAfee Threats Report—Fourth Quarter 2012. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2012.pdf (2013). Accessed Apr. 2013
McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: efficient TCB reduction and attestation. In: IEEE Symposium on Security and Privacy (SP), pp. 143–158. Oakland, CA, USA (2010). doi: 10.1109/SP.2010.17
McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004). doi: 10.1109/MSECP.2004.1281254
McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: Proceedings of the Workshop on Secure Web Services, pp. 20–27. ACM, New York, NY, USA (2005). doi: 10.1145/1103022.1103026
McKendrick, J.: 7 Predictions for Cloud Computing in 2013 That Make Perfect Sense. Forbes (2012)
MEGA: The MEGA API. https://mega.co.nz/#developers (2013). Accessed Apr. 2013
Microsoft: Microsoft Hyper-V Server 2012 Website. https://www.microsoft.com/en-us/server-cloud/hyper-v-server/ (2013). Accessed Jun. 2013
Microsoft: Microsoft Security Intelligence Report: Volume 14. http://www.microsoft.com/security/sir/default.aspx (2013). Accessed Apr. 2013
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appli. (2012). doi: 10.1016/j.jnca.2012.05.003 . Available online 2 June 2012
Mohamed, E., Abdelkader, H., El-Etriby, S.: Enhanced data security model for cloud computing. In: 8th International Conference on Informatics and Systems, pp. CC-12–CC-17. IEEE (2012)
Mohan, V., Hamlen, K.W.: Frankenstein: stitching malware from benign binaries. In: Proceedings of the 6th USENIX Conference on Offensive Technologies, pp. 8–8. USENIX Association, Bellevue, WA, USA (2012)
Monfared, A., Jaatun, M.: Monitoring intrusions and security breaches in highly distributed cloud environments. In: IEEE 3rd International Conference on Cloud Computing Technology and Science, pp. 772–777. IEEE Computer Society, Washington, DC, USA (2011). doi: 10.1109/CloudCom.2011.119
Morsy, M.A., Grundy, J., Müller, I.: An analysis of the cloud computing security problem. In: Proceedings of Asia Pacific Software Engineering Conference Cloud Workshop, pp. 1–6. IEEE Computer Society, Washington, DC, USA (2010)
Moser, S.: Change I7d8c1f9b: add ’random _seed’ entry to instance metadata. https://review.openstack.org/#c/14550/ (2012). Accessed May 2013
MPICH: MPICH Website. http://www.mpich.org/ (2013). Accessed Apr. 2013
Musthaler, L.: DDoS-as-a-Service? You Betcha! It’s Cheap, It’s Easy, and It’s Available to Anyone. Security Bistro (2012)
Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 30th IEEE Symposium on Security and Privacy, pp. 173–187. IEEE Computer Society, Washington, DC, USA (2009). doi: 10.1109/SP.2009.22
Nathoo, N.: Cloud Wars—The Fall of Cloud Storage. CloudTimes (2013). Accessed Apr. 2013
Nebula: Introducing Nebula One. https://www.nebula.com/nebula-one (2013). Accessed Apr. 2013
Network-Tools: Network-Tools Website. http://network-tools.com/ (2013). Accessed Apr. 2013
Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, pp. 226–241. Athens, Greece (2005). doi: 10.1109/SP.2005.15
NIST: NIST Cloud Computing Reference Architecture. http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505 (2011). Accessed Jul. 2013
NIST: The NIST Definition of Cloud Computing. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (2011). Accessed Sept. 2012
NIST: NIST Cloud Computing Program. http://www.nist.gov/itl/cloud/ (2012). Accessed Sept. 2012
NIST: NIST Cloud Computing Security Reference Architecture. http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf (2013). Accessed Jul. 2013
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of the Black Hat Convention (2008). doi: 10.1109/ICCIAutom.2011.6183990
OCCI: OCCI Website. http://occi-wg.org/ (2013). Accessed Apr. 2013
Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of the ACM Symposium on Applied Computing, pp. 173–180. ACM, New York, NY, USA (2010). doi: 10.1145/1774088.1774125
O’Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011). doi: 10.1109/MSP.2011.98
O’Neill, M.: Cloud APIs—the Next Battleground for Denial-of-Service Attacks. CSA Blog (2013)
Open Cloud Initiative (OCI): OCI Website. http://www.opencloudinitiative.org/ (2013). Accessed May 2013
OpenNebula: OpenNebula Website. http://opennebula.org/ (2013). Accessed Apr. 2013
OpenStack: OpenStack Website. http://www.openstack.org/ (2013). Accessed Apr. 2013
Oracle: Oracle Java SE Critical Patch Update Advisory—April 2013. http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html (2013). Accessed Apr. 2013
Oracle: VirtualBox Website. https://www.virtualbox.org/ (2013). Accessed Jun. 2013
Ortega, A.: Your Malware Shall Not Fool Us With Those Anti Analysis Tricks. AlienVault Labs (2012)
OSVDB: The Open Source Vulnerability Database Website. http://www.osvdb.org/ (2013). Accessed Apr. 2013
OWASP: The Then Most Critical Web Application Security Risks. http://owasptop10.googlecode.com/files/OWASP (2010). Accessed Oct. 2012
OWASP: The Then Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Top_10_2013 (2013). Accessed Apr. 2013
Oyama, Y., Giang, T.T.D., Chubachi, Y., Shinagawa, T., Kato, K.: Detecting malware signatures in a thin hypervisor. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC), pp. 1807–1814. ACM, Trento, Italy (2012). doi: 10.1145/2231936.2232070
Panah, A., Panah, A., Panah, O., Fallahpour, S.: Challenges of security issues in cloud computing layers. Rep. Opin. 4(10), 25–29 (2012)
Parallels: Oracle VM Server Website. http://www.oracle.com/us/technologies/virtualization/oraclevm/ (2013). Accessed Jun. 2013
Parallels: Parallels Website. http://www.parallels.com/eu/products/ (2013). Accessed Jun. 2013
Patel, A., Taghavi, M., Bakhtiyari, K., Júnior, J.C.: An intrusion detection and prevention system in cloud computing: a systematic review. J. Netw. Comput. Appli. (2012). doi: 10.1016/j.jnca.2012.08.007 . Available online 31 Aug. 2012
Patel, P.: Solution: FUTEX \_WAIT hangs Java on Linux / Ubuntu in vmware or virtual box. http://www.springone2gx.com/blog/pratik_patel/2010/01/solution_futex_wait_hangs_java_on_linux_ubuntu_in_vmware_or_virtual_box (2010). Accessed May 2013
Patidar, S., Rane, D., Jain, P.: A survey paper on cloud computing. In: 2nd International Conference on Advanced Computing Communication Technologies, pp. 394–398. IEEE (2012). doi: 10.1109/ACCT.2012.15
PCI Security Standards: PCI SSC Data Security Standards Overview. https://www.pcisecuritystandards.org/security_standards/index.php (2012). Accessed Oct. 2012
Pearce, M., Zeadally, S., Hunt, R.: Virtualization: issues, security threats, and solutions. ACM Comput. Surv. 45(2), 1:71–1:739 (2013). doi: 10.1145/2431211.2431216
Pearson, S.: Privacy, security and trust in cloud computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, pp. 3–42. Springer London (2013). doi: 10.1007/978-1-4471-4189-1_1
Perez-Botero, D., Szefer, J., Lee, R.B.: Characterizing hypervisor vulnerabilities in cloud computing servers. In: Proceedings of the 2013 International Workshop on Security in Cloud Computing (SCC), pp. 3–10. ACM, New York, NY, USA (2013). doi: 10.1145/2484402.2484406
Pfaff, B., Pettit, J., Koponen, T., Amidon, K., Casado, M., Shenker, S.: Extending networking into the virtualization layer. In: Proceedings of the 8th ACM Workshop on Hot Topics in Networks. ACM SIGCOMM (2009)
Prandini, M., Ramilli, M., Cerroni, W., Callegati, F.: Splitting the HTTPS stream to attack secure web connections. IEEE Secur. Priv. 8(6), 80–84 (2010). doi: 10.1109/MSP.2010.190
Prince, M.: The DDoS That Almost Broke the Internet. CloudFlare (2013)
Prince, M.: The DDoS That Knocked Spamhaus Offline (And How We Mitigated It). CloudFlare (2013)
Prolexic: Prolexic Quarterly Global DDoS Attack Report Q1 2013. https://www.prolexic.com/knowledge-center-ddos-attack-report-2013-q1.html (2013). Accessed Apr. 2013
Rahaman, M.A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, pp. 77–84. ACM, New York, NY, USA (2006). doi: 10.1145/1180367.1180382
Ramgovind, S., Eloff, M., Smith, E.: The management of security in cloud computing. In: Information Security for South Africa, pp. 1–7. IEEE (2010). doi: 10.1109/ISSA.2010.5588290
Rasmusson, L., Aslam, M.: Protecting private data in the cloud. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), pp. 5–12. Porto, Portugal (2012)
Rauti, S., Leppänen, V.: Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures. In: Proceedings of the 13th International Conference on Computer Systems and Technologies (CompSysTech), pp. 251–258. ACM, Ruse, Bulgaria (2012) doi: 10.1145/2383276.2383314
RedHat: KVM Website. http://www.linux-kvm.org/ (2013). Accessed Jun. 2013
RepoCERT: Botnet Using Plesk Vulnerability and Takedown. Seclists Website (2013)
Rimal, B.P., Jukan, A., Katsaros, D., Goeleven, Y.: Architectural requirements for cloud computing systems: an enterprise cloud approach. J. Grid Comput. 9(1), 3–26 (2011). doi: 10.1007/s10723-010-9171-y
Ripe, NCC: Database Query. http://apps.db.ripe.net/search/query.html (2013). Accessed Apr. 2013
Riquet, D., Grimaud, G., Hauspie, M.: Large-scale coordinated attacks: impact on the cloud security. In: 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 558–563. IEEE (2012). doi: 10.1109/IMIS.2012.76
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM, New York, NY, USA (2009)
Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: Proceedings of Network and Distributed Security Symposium (NDSS), pp. 1–18. The Internet Society, San Diego, CA, USA (2010)
Roberts II, J.C., Al-Hamdani, W.: Who can you trust in the cloud?: a review of security issues within cloud computing. In: Proceedings of the Information Security Curriculum Development Conference, pp. 15–19. ACM, New York, NY, USA (2011). doi: 10.1145/2047456.2047458
Rocha, F., Abreu, S., Correia, M.: The final Frontier: confidentiality and privacy in the cloud. Computer 44(9), 44–50 (2011). doi: 10.1109/MC.2011.223
Rocha, F., Correia, M.: Lucy in the sky without diamonds: stealing confidential data in the cloud. In: IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, pp. 129–134. IEEE (2011). doi: 10.1109/DSNW.2011.5958798
Rodero-Merino, L., Vaquero, L.M., Caron, E., Desprez, F., Muresan, A.: Building safe PaaS clouds: a survey on security in multitenant software platforms. Comput. Secur. 31(1), 96–108 (2012). doi: 10.1016/j.cose.2011.10.006
Rong, C., Nguyen, S.T., Jaatun, M.G.: Beyond lightning: a survey on security challenges in cloud computing. Comput. Electr. Eng. (2012). doi: 10.1016/j.compeleceng.2012.04.015 Available online 19 May 2012
Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation, pp. 20–20. USENIX Association, Berkeley, CA, USA (2010)
RSA: RSA SecurID Website. http://sweden.emc.com/security/rsa-securid.htm (2013). Accessed Jun. 2013
RSA FirstWatch: Tales from the Darkside: Another Mule Recruitment Site. RSA Blog (2013)
Rutkowska, J.: Subverting VistaTM Kernel for fun and profit. Black Hat Conv. (2008)
Sabahi, F.: Cloud computing security threats and responses. In: IEEE 3rd International Conference on Communication Software and Networks, pp. 245–249. IEEE (2011). doi: 10.1109/ICCSN.2011.6014715
Sadashiv, N., Kumar, S.: Cluster, grid and cloud computing: a detailed comparison. In: 6th International Conference on Computer Science Education, pp. 477–482. IEEE (2011). doi: 10.1109/ICCSE.2011.6028683
Salah, K., Alcaraz, Calero J.: Using cloud computing to implement a security overlay network. IEEE Secur. Priv. 11(1), 44–53 (2013). doi: 10.1109/MSP.2012.88
SAML v2.0: OASIS Website. https://www.oasis-open.org/standards#samlv2.0 (2005). Accessed Apr. 2013
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the Conference on Hot Topics in Cloud Computing. USENIX Association, Berkeley, CA, USA (2009)
Schloesser, M., Guarnieri, C.: Vaccinating Systems Against VM-aware Malware. Rapid7 Labs (2013)
Schloesser, M., Guarnieri, C.: Vaccinating Systems Against VM-aware Malware. https://github.com/rapid7/vaccination (2013). Accessed May 2013
Schneier, B.: Homomorphic Encryption Breakthrough. https://www.schneier.com/blog/archives/2009/07/homomorphic_enc.html (2009). Accessed May 2013
SecurityFocus: Xen CVE-2013-1920 Local Memory Corruption Vulnerability. SecurityFocus (2013)
Sekar, V., Maniatis, P.: Verifiable resource accounting for cloud computing services. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 21–26. ACM, New York, NY, USA (2011). doi: 10.1145/2046660.2046666
Sengupta, S., Kaulgud, V., Sharma, V.: Cloud computing security—trends and research directions. In: IEEE World Congress on Services, pp. 524–531. IEEE Computer Society, Washington, DC, USA (2011). doi: 10.1109/SERVICES.2011.20
Shin, S., Gu, G.: CloudWatcher: network security monitoring using OpenFlow in dynamic cloud networks (or: how to provide security monitoring as a service in clouds?). In: 20th IEEE International Conference on Network Protocols (ICNP), pp. 1–6. Austin, TX, USA (2012).doi: 10.1109/ICNP.2012.6459946
Shinotsuka, H.: Malware Authors Using New Techniques to Evade Automated Threat Analysis Systems. Symantec Blog (2012)
Singh, A.: Don’t Click the Left Mouse Button: Introducing Trojan UpClicker. FireEye Blog (2012)
Sloan, K.: Security in a virtualised world. Netw. Secur. 2009(8), 15–18 (2009). doi: 10.1016/S1353-4858(09)70077-7
SNIA: Cloud Data Management Interface (CDMI). http://www.snia.org/cdmi (2013). Accessed Apr. 2013
Somorovsky, J., Mayer, A., Schwenk, J., Kampmann, M., Jensen, M.: On breaking SAML: be whoever you want to be. In: Proceedings of the 21st USENIX Security Symposium, pp. 21–21. USENIX Association, Bellevue, WA, USA (2012)
Songjie, Yao, J., Wu, C.: Cloud computing and its key techniques. In: International Conference on Electronic and Mechanical Engineering and Information Technology, vol. 1, pp. 320–324. IEEE (2011). doi: 10.1109/EMEIT.2011.6022935
Sood, A., Enbody, R.: Targeted cyberattacks: a superset of advanced persistent threats. IEEE Secur. Priv. 11(1), 54–61 (2013). doi: 10.1109/MSP.2012.90
Sood, S.K.: A combined approach to ensure data security in cloud computing. J. Netw. Comput. Appli. 35(6), 1831–1838 (2012). doi: 10.1016/j.jnca.2012.07.007
Spoon Website: Browser Sandbox. http://spoon.net/browsers (2013). Accessed Apr. 2013
Stamos, A., Becherer, A., Wilcox, N.: Cloud Computing Security: Raining on the Trendy New Parade. https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html (2009)
Staten, J.: 2013 Cloud Predictions: We’ll Finally Get Real About Cloud. Forrester Blog (2012)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appli. 34(1), 1–11 (2011). doi: 10.1016/j.jnca.2010.07.006
Sun, D., Chang, G., Sun, L., Wang, X.: Surveying and analyzing security, privacy and trust issues in cloud computing environments. Procedia Eng. 15, 2852–2856 (2011). doi: 10.1016/j.proeng.2011.08.537
Sun, K., Li, Y., Hogstrom, M., Chen, Y.: Sizing multi-space in heap for application isolation. In: Companion to the 21st ACM SIGPLAN Symposium on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), pp. 647–648. ACM, Portland, OR, USA (2006). doi: 10.1145/1176617.1176654
Sun, M.K., Lin, M.J., Chang, M., Laih, C.S., Lin, H.T.: Malware virtualization-resistant behavior detection. In: IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), pp. 912–917. Tainan, Taiwan (2011). doi: 10.1109/ICPADS.2011.78
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the 4th European Workshop on System Security, pp. 1:1–1:6. ACM, Salzburg, Austria (2011). doi: 10.1145/1972551.1972552
Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Software side channel attack on memory deduplication. In: 23rd ACM Symposium on Operating Systems Principles. ACM, Cascais, Portugal (2011). Poster
Symantec: Internet Security Threat Report 2013. https://www.symantec.com/security_response/publications/threatreport.jsp (2013). Accessed Apr. 2013
Symantec Security Response: Internet Explorer Zero-Day Used in Watering Hole Attack: Q &A. Symantec Blog (2012)
Szefer, J., Keller, E., Lee, R.B., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 401–412. ACM, Chicago, IL, USA (2011). doi: 10.1145/2046707.2046754
Takabi, H., Joshi, J., Ahn, G.: Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 8(6), 24–31 (2010)
Tang, M., Lv, Q., Lu, Z., Zhao, Q., Song, Y.: Dynamic virtual switch protocol using Openflow. In: 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel Distributed Computing (SNPD), pp. 603–608. Kyoto, Japan (2012). doi: 10.1109/SNPD.2012.129
Tanvi: Mixed Content Blocking Enabled in Firefox 23! Firefox Blog (2013)
Taylor, G., Cox, G.: Digital randomness. IEEE Spectr. 48(9), 32–58 (2011). doi: 10.1109/MSPEC.2011.5995897
Taylor, M., Haggerty, J., Gresty, D., Lamb, D.: Forensic investigation of cloud computing systems. Netw. Secur. 2011(3), 4–10 (2011). doi: 10.1016/S1353-4858(11)70024-1
The Linux Foundation: Xen Website. http://http://www.xenproject.org/ (2013). Accessed Jun. 2013
Thompson, H.: The human element of information security. IEEE Secur. Priv. 11(1), 32–35 (2013). doi: 10.1109/MSP.2012.161
Thorsheim, P.: The Final Word on the LinkedIn Leak. http://securitynirvana.blogspot.pt/2012/06/final-word-on-linkedin-leak.html (2012). Accessed May 2013
Toubiana, V., Nissenbaum, H.: Analysis of Google logs retention policies. J. Priv. Confid. 3(1), 3–26 (2011)
Townsend, M.: Managing a security program in a cloud computing environment. In: Information Security Curriculum Development Conference, pp. 128–133. ACM, New York, NY, USA (2009). doi: 10.1145/1940976.1941001
Trader, T.: GPU Monster Shreds Password Hashes. HPCwire (2012)
Tripathi, A., Mishra, A.: Cloud computing security considerations. In: IEEE International Conference on Signal Processing, Communications and Computing, pp. 1–5. IEEE (2011). doi: 10.1109/ICSPCC.2011.6061557
Tsai, H.Y., Siebenhaar, M., Miede, A., Huang, Y., Steinmetz, R.: Threat as a service?: virtualization’s impact on cloud security. IT Prof. 14(1), 32–37 (2012). doi: 10.1109/MITP.2011.117
Tseng, H.M., Lee, H.L., Hu, J.W., Liu, T.L., Chang, J.G., Huang, W.C.: Network virtualization with cloud virtual switch. In: IEEE 17th International Conference on Parallel and Distributed Systems (ICPADS), pp. 998–1003. Tainan, Taiwan (2011). doi: 10.1109/ICPADS.2011.159
Vaquero, L.M., Rodero-Merino, L., Morán, D.: Locking the sky: a survey on IaaS cloud security. Computing 91(1), 93–118 (2011). doi: 10.1007/s00607-010-0140-x
Viega, J.: Cloud computing and the common man. Computer 42(8), 106–108 (2009). doi: 10.1109/MC.2009.252
VMware: VMware vSphere. https://www.vmware.com/support/product-support/vsphere/ (2013). Accessed Apr. 2013
VMware: VMware Website. https://www.vmware.com/products/ (2013). Accessed Jun. 2013
VMware: What is OVF? https://www.vmware.com/technical-resources/virtualization-topics/virtual-appliances/ovf.html (2013). Accessed Apr. 2013
VMware Community Forums: Low/proc/sys/kernel/random/entr opy_avail causes exim to stop sending mail. http://communities.vmware.com/message/530909 (2006). Accessed May 2013
Vu, Q.H., Pham, T.V., Truong, H.L., Dustdar, S., Asal, R.: DEMODS: a description model for data-as-a-service. In: IEEE 26th International Conference on Advanced Information Networking and Applications (AINA), pp. 605–612. Fukuoka, Japan (2012). doi: 10.1109/AINA.2012.91
Wang, C., Ren, K., Lou, W., Li, J.: Toward publicly auditable secure cloud data storage services. IEEE Netw. 24(4), 19–24 (2010). doi: 10.1109/MNET.2010.5510914
Wang, C., Wang, Q., Ren, K., Lou, W.: Ensuring data storage security in cloud computing. In: 17th International Workshop on Quality of Service, pp. 1–9. IEEE (2009). doi: 10.1109/IWQoS.2009.5201385
Wang, G., Ng, T.: The impact of virtualization on network performance of Amazon EC2 data center. In: Proceedings of the IEEE INFOCOM, pp. 1–9. Sand Diego, CA, USA (2010). doi: 10.1109/INFCOM.2010.5461931
Ward, M.: Facebook Users Suffer Viral Surge. BBC News (2009)
Websense: 2013 Threat Report. https://www.websense.com/content/websense-2013-threat-report.aspx (2013). Accessed Apr. 2013
Wei, J., Zhang, X., Ammons, G., Bala, V., Ning, P.: Managing security of virtual machine images in a cloud environment. In: Proceedings of the ACM Workshop on Cloud Computing Security, pp. 91–96. ACM, New York, NY, USA (2009). doi: 10.1145/1655008.1655021
Wu, H., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: 5th International Conference on Computer Sciences and Convergence Information Technology (ICCIT), pp. 18–21. Seoul, South Korea (2010). doi: 10.1109/ICCIT.2010.5711022
Wu, H., Ding, Y., Winer, C., Yao, L.: Network security for virtual machine in cloud computing. In: 5th International Conference on Computer Sciences and Convergence Information Technology, pp. 18–21. IEEE (2010). doi: 10.1109/ICCIT.2010.5711022
Wueest, C.: Mobile Scam: Winning Without Playing. Symantec Blog (2013)
Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tuts. 15(2), 843–859 (2013). doi: 10.1109/SURV.2012.060912.00182
Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 29–40. ACM, New York, NY, USA (2011). doi: 10.1145/2046660.2046670
Yang, J., Chen, Z.: Cloud computing research and security issues. In: International Conference on Computational Intelligence and Software Engineering, pp. 1–3. IEEE (2010). doi: 10.1109/CISE.2010.5677076
Yasinsac, A., Irvine, C.: Help! Is There a Trustworthy-Systems Doctor in the House? IEEE Secur. Priv. 11(1), 73–77 (2013). doi: 10.1109/MSP.2013.10
Yilek, S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Proceedings of the International Conference on Topics in Cryptology, CT-RSA’10, pp. 41–56. Springer-Verlag, San Francisco, CA, USA (2010). doi: 10.1007/978-3-642-11925-5_4
Yu, A., Sathanur, A., Jandhyala, V.: A partial homomorphic encryption scheme for secure design automation on public clouds. In: IEEE 21st Conference on Electrical Performance of Electronic Packaging and Systems (EPEPS), pp. 177–180. Tempe, AZ, USA (2012). doi: 10.1109/EPEPS.2012.6457871
Yu, H., Powell, N., Stembridge, D., Yuan, X.: Cloud computing and security challenges. In: Proceedings of the 50th Annual Southeast Regional Conference, pp. 298–302. ACM, New York, NY, USA (2012). doi: 10.1145/2184512.2184581
Zabidi, M., Maarof, M., Zainal, A.: Malware analysis with multiple features. In: UKSim 14th International Conference on Computer Modelling and Simulation, pp. 231–235. Cambridge, London (2012). doi: 10.1109/UKSim.2012.40
Zhang, F., Huang, Y., Wang, H., Chen, H., Zang, B.: PALM: security preserving VM live migration for systems with VMM-enforced protection. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference, pp. 9–18. IEEE Computer Society, Washington, DC, USA (2008). doi: 10.1109/APTC.2008.15
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pp. 305–316. ACM, Raleigh, NC, USA (2012). doi: 10.1145/2382196.2382230
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing: a survey. In: 6th International Conference on Semantics Knowledge and Grid, pp. 105–112. IEEE Computer Society, Washington, DC, USA (2010)
Zieg, M.: Separating fact from fiction in cloud computing. Data Center J. (2012)
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2010). doi: 10.1016/j.future.2010.12.006