Abstract
The public Infrastructure-as-a-Service (IaaS) cloud industry has reached a critical mass in the past few years, with many cloud service providers fielding competing services. Despite the competition, we find some of the security mechanisms offered by the services to be similar, indicating that the cloud industry has established a number of “best-practices,” while other security mechanisms vary widely, indicating that there is also still room for innovation and experimentation. We investigate these differences and possible underlying reasons for it. We also contrast the security mechanisms offered by public IaaS cloud offerings and with security mechanisms proposed by academia over the same period. Finally, we speculate on how industry and academia might work together to solve the pressing security problems in public IaaS clouds going forward.
- Amazon AWS. 2013. Amazon Web Services Risk and Compliance. https://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdf, Last accessed: June 2015.Google Scholar
- Amazon AWS. 2014. Amazon Web Services Overview of Security Processes. https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf, Last accessed: June 2015.Google Scholar
- Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
- Michael Armbrust, Armando Fox, Rean Griffith, Anthony Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. 2010. A view of cloud computing. Communications of the ACM 53, 4, 50--58. Google ScholarDigital Library
- Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Osama Khan, Lea Kissner, Zachary Peterson, and Dawn Song. 2011. Remote data checking using provable data possession. ACM Transactions on Information and System Security (TISSEC) 14, 1, 12. Google ScholarDigital Library
- Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 598--609. Google ScholarDigital Library
- Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, and Gene Tsudik. 2008. Scalable and efficient provable data possession. In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SECURECOMM’08). Google ScholarDigital Library
- Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. 2010. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 103--108. Google ScholarDigital Library
- Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). 38--49. Google ScholarDigital Library
- Yossi Azar, Seny Kamara, Ishai Menache, Mariana Raykova, and Bruce Shepard. 2014. Co-location-resistant clouds. In Proceedings of the 2014 ACM Workshop on Cloud Computing Security (CCSW’14). 9--20. Google ScholarDigital Library
- Adam Barker, Blesson Varghese, Jonathan Stuart Ward, and Ian Sommerville. 2014. Academic cloud computing research: Five pitfalls and five opportunities. In Proceedings of the 6th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’14). Google ScholarDigital Library
- Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (OSDI’14). 267--283. Google ScholarDigital Library
- Karyn Benson, Rafael Dowsley, and Hovav Shacham. 2011. Do you know where your cloud files are? In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 73--82. Google ScholarDigital Library
- Daniel Bernstein. 2005. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf, Last accessed: April 2015.Google Scholar
- Alysson Neves Bessani, Miguel P. Correia, Bruno Quaresma, Fernando André, and Paulo Sousa. 2011. DepSky: Dependable and secure storage in a cloud-of-clouds. In Proceedings of the 2011 European Conference on Computer Systems (EuroSys’11). 31--46. Google ScholarDigital Library
- Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, and Kaan Onarlioglu. 2014. Toward robust hidden volumes using write-only oblivious RAM. In Proceedings of the 21th ACM Conference on Computer and Communications Security (CCS’14). 203--214. Google ScholarDigital Library
- Kevin Bowers, Marten van Dijk, Ari Juels, Alina Oprea, and Ronald Rivest. 2011. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 501--514. Google ScholarDigital Library
- Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009a. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 187--198. Google ScholarDigital Library
- Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009b. Proofs of retrievability: Theory and implementation. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 43--54. Google ScholarDigital Library
- Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi, and Thomas Schneider. 2011. AmazonIA: When elasticity snaps back. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 389--400. Google ScholarDigital Library
- Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, and Vinod Ganapathy. 2012. Self-service cloud computing. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 253--264. Google ScholarDigital Library
- Bo Chen and Reza Curtmola. 2013. Towards self-repairing replication-based storage systems using untrusted clouds. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy. 377--388. Google ScholarDigital Library
- Bo Chen, Reza Curtmola, Giuseppe Ateniese, and Randal Burns. 2010a. Remote data checking for network coding-based distributed storage systems. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 31--42. Google ScholarDigital Library
- Li Chen and Kai Chen. 2014. BitBill: Scalable, robust, verifiable peer-to-peer billing for cloud computing. In Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing. 20. Google ScholarDigital Library
- Yanpei Chen, Vern Paxson, and Randy Katz. 2010b. What’s New about Cloud Computing Security. Technical Report UCB/EECS-2010-5. Dept. Electrical Eng. and Comput. Sciences, University of California.Google Scholar
- Cloud Security Alliance. 2011. Security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, Last accessed: June 2015.Google Scholar
- Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. 2011. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 189--202. Google ScholarDigital Library
- Reza Curtmola, Osama Khan, and Randal Burns. 2008a. Robust remote data checking. In Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. 63--68. Google ScholarDigital Library
- Reza Curtmola, Osama Khan, Randal Burns, and Giuseppe Ateniese. 2008b. MR-PDP: Multiple-replica provable data possession. In Proceedings of the 28th International Conference on Distributed Computing Systems. 411--420. Google ScholarDigital Library
- Jonathan Dautrich, Emil Stefanov, and Elaine Shi. 2014. Burst ORAM: Minimizing ORAM response times for bursty access patterns. In Proceedings of the 23rd USENIX Security Symposium. 749--764. Google ScholarDigital Library
- Chris Erway, Alptekin Küpçü, Charalampos Papamanthou, and Roberto Tamassia. 2009. Dynamic provable data possession. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 213--222. Google ScholarDigital Library
- Jonathan I. Ezor. 2010. Busting Blocks: Revisiting 47 USC Sec. 230 to address the lack of effective legal recourse for wrongful inclusion in spam filters. Richmond Journal of Law and Technology 17, 1.Google Scholar
- Benjamin Farley, Ari Juels, Venkatanathan Varadarajan, Thomas Ristenpart, Kevin Bowers, and Michael Swift. 2012. More for your money: Exploiting performance heterogeneity in public clouds. In Proceedings of the 3rd ACM Symposium on Cloud Computing. 20:1--20:14. Google ScholarDigital Library
- Ariel J. Feldman, William P. Zeller, Michael J. Freedman, and Edward W. Felten. 2010. SPORC: Group collaboration using untrusted cloud resources. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). Google ScholarDigital Library
- Gartner. 2013. Magic Quadrant for Cloud Infrastructure as a Service. Retrieved form http://www.gartner.com/technology/reprints.do?id=1-1IMDMZ5&ct==130819&st==sb, Last accessed: June 2015.Google Scholar
- Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University. Google ScholarDigital Library
- Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. 2010. Dude, where’s that IP?: Circumventing measurement-based IP geolocation. In Proceedings of the 19th USENIX Security Symposium. 16--32. Google ScholarDigital Library
- Robert P. Goldberg. 1974. Survey of virtual machine research. IEEE Computer Magazine 7, 6 (June 1974), 35--45. Google ScholarDigital Library
- Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM 43, 3 (May 1996), 431--473. Google ScholarDigital Library
- Google. 2012. Google’s approach to IT security: A Google white paper. https://static.googleusercontent.com/media/www.google.com/en/US/work/pdf/whygoogle/google-common-security-whitepaper.pdf.Google Scholar
- Andreas Haeberlen, Paarijaat Aditya, Rodrigo Rodrigues, and Peter Druschel. 2010. Accountable virtual machines. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 119--134. Google ScholarDigital Library
- Shai Halevi, Danny Harnik, Benny Pinkas, and Alexandra Shulman-Peleg. 2011. Proofs of ownership in remote storage systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 491--500. Google ScholarDigital Library
- Eran Hammer-Lahav, David Recordon, and Dick Hardt. 2012. The OAuth 2.0 authorization protocol. IETF Q51214 Draft v2.22. https://tools.ietf.org/html/draft-ietf-oauth-v2-22, Last accessed: June 2015.Google Scholar
- Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Carlos Rozas, Vinay Phegade, and Juan del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 11:1--11:1. Google ScholarDigital Library
- International Organization for Standardization. 2014. Information security management systems. ISO/IEC 27000:2014.Google Scholar
- Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’12).Google Scholar
- Robert Jellinek, Yan Zhai, Thomas Ristenpart, and Michael Swift. 2014. A day late and a dollar short: The case for research on cloud billing systems. In The USENIX Workshop on Hot Topics in Cloud Computing. 21. Google ScholarDigital Library
- Ari Juels and Burton S. Kaliski Jr. 2007. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 584--597. Google ScholarDigital Library
- Ari Juels and Alina Oprea. 2013. New approaches to security and availability for cloud data. Communications of the ACM 56, 2 (Feb. 2013), 64--73. Google ScholarDigital Library
- Charlie Kaufman and Ramanathan Venkatapathy. 2010. Windows Azure™security overview, version 1.01. http://go.microsoft.com/?linkid=9740388, Last accessed: June 2015.Google Scholar
- Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. 2010. NoHype: Virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th International Symposium on Computer Architecture (ISCA’10). 350--361. Google ScholarDigital Library
- Beom Heyn Kim, Wei Huang, and David Lie. 2012a. Unity: Secure and durable personal cloud storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 31--36. Google ScholarDigital Library
- Beom Heyn Kim and David Lie. 2015. Caelus: Verifying the consistency of cloud services with battery-powered devices. In Proceedings of the 2015 IEEE Symposium on Security and Privacy.Google ScholarDigital Library
- Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012b. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium. 11. Google ScholarDigital Library
- Ang Li, Xiaowei Yang, Srikanth Kandula, and Ming Zhang. 2010. CloudCmp: Comparing public cloud providers. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC’10). 1--14. Google ScholarDigital Library
- Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI’04). Google ScholarDigital Library
- Bartosz Lipinski, Wojciech Mazurczyk, and Krzysztof Szczypiorski. 2014. Improving hard disk contention-based covert channel in cloud computing. In Proceedings of the 2014 IEEE Security and Privacy Workshops. 100--107. Google ScholarDigital Library
- Prince Mahajan, Srinath T. V. Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Michael Dahlin, and Michael Walfish. 2010. Depot: Cloud storage with minimal trust. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 1--12. Google ScholarDigital Library
- Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd European Conference on Computer Systems (EuroSys’08). 315--328. Google ScholarDigital Library
- Frank Mckeen, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 10:1--10:1. Google ScholarDigital Library
- Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham. 2012. Are AES x86 cache timing attacks still feasible? In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 19--24. Google ScholarDigital Library
- Derek Gordon Murray, Grzegorz Milos, and Steven Hand. 2008. Improving Xen security through disaggregation. In Proceedings of the 4th International Conference on Virtual Execution Environments (VEE’08). 151--160. Google ScholarDigital Library
- Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf, Last accessed: June 2015.Google Scholar
- Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova. 2013. Pinocchio: Nearly practical verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 238--252. Google ScholarDigital Library
- Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, and Huseyin Ulusoy. 2014. Preventing cryptographic key leakage in cloud virtual machines. In Proceedings of the 23rd USENIX Security Symposium. 703--718. Google ScholarDigital Library
- Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang. 2011. Enabling security in cloud storage SLAs with CloudProof. In Proceedings of the 2011 Annual Usenix Technical Conference. 355--368. Google ScholarDigital Library
- Krishna P. N. Puttaswamy, Christopher Kruegel, and Ben Y. Zhao. 2011. Silverline: Toward data confidentiality in storage-intensive cloud applications. In Proceedings of the 2nd ACM Symposium on Cloud Computing. 10:1--10:13. Google ScholarDigital Library
- Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 77--84. Google ScholarDigital Library
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 199--212. Google ScholarDigital Library
- Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. 2009. Towards trusted cloud computing. In Proceedings of the 1st USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’09). Google ScholarDigital Library
- Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Proceedings of the 21st USENIX Security Symposium. Google ScholarDigital Library
- Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Trent Jaeger, and Patrick McDaniel. 2010. Seeding clouds with trust anchors. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 43--46. Google ScholarDigital Library
- Bruce Schneier. 1999. DVD Encryption Broken. Retrieved from https://www.schneier.com/essay-193.html, Last accessed date: June 2015.Google Scholar
- Hovav Shacham and Brent Waters. 2008. Compact proofs of retrievability. In Advances in Cryptology-ASIACRYPT 2008. Springer, 90--107. Google ScholarDigital Library
- Elaine Shi, Emil Stefanov, and Charalampos Papamanthou. 2013. Practical dynamic proofs of retrievability. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 325--336. Google ScholarDigital Library
- Alexander Shraer, Christian Cachin, Asaf Cidon, Idit Keidar, Yan Michalevsky, and Dani Shaket. 2010. Venus: Verification for untrusted cloud storage. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 19--30. Google ScholarDigital Library
- Rishi Sinha, Christos Papadopoulos, and John Heidemann. 2007. Internet Packet Size Distributions: Some Observations. Technical Report ISI-TR-2007-643. USC/Information Sciences Institute.Google Scholar
- Ronald Smith and G. Scott Knight. 2008. Predictable design of network-based covert communication systems. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. 311--321. Google ScholarDigital Library
- Emil Stefanov and Elaine Shi. 2013. ObliviStore: High performance oblivious cloud storage. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 253--267. Google ScholarDigital Library
- Emil Stefanov, Elaine Shi, and Dawn Song. 2012a. Towards practical oblivious RAM. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS).Google Scholar
- Emil Stefanov, Marten van Dijk, Ari Juels, and Alina Oprea. 2012b. Iris: A scalable cloud file system with efficient integrity checks. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). 229--238. Google ScholarDigital Library
- Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 299--310. Google ScholarDigital Library
- San-Tsai Sun and Konstantin Beznosov. 2012. The devil is in the (implementation) details: An empirical analysis of oauth SSO systems. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 378--390. Google ScholarDigital Library
- Jakub Szefer and Ruby Lee. 2012. Architectural support for hypervisor-secure virtualization. In Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’12). 437--450. Google ScholarDigital Library
- Hassan Takabi, James B. D. Joshi, and Gail-Joon Ahn. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 6, 24--31. Google ScholarDigital Library
- Douglas Terry, Vijayan Prabhakaran, Ramakrishna Kotla, Mahesh Balakrishnan, Marcos Aguilera, and Hussam Abu-Libdeh. 2013. Consistency-based service level agreements for cloud storage. In Proceedings of the 24rd ACM Symposium on Operating Systems Principles (SOSP’13). 309--324. Google ScholarDigital Library
- The Trusted Computing Group. 2013. Homepage. Retrieved from https://www.trustedcomputinggroup.org, Last accessed: June 2015.Google Scholar
- Marten van Dijk, Ari Juels, Alina Oprea, Ronald L. Rivest, Emil Stefanov, and Nikos Triandopoulos. 2012. Hourglass schemes: How to prove that cloud files are encrypted. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 265--280. Google ScholarDigital Library
- Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M. Swift. 2012. Resource-freeing attacks: Improve your cloud performance (at your neighbor’s expense). In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 281--292. Google ScholarDigital Library
- Venkatanathan Varadarajan, Thomas Ristenpart, and Michael Swift. 2014. Scheduler-based defenses against cross-VM side-channels. In Proceedings of the 23rd USENIX Security Symposium. 687--702. Google ScholarDigital Library
- Bhanu C. Vattikonda, Sambit Das, and Hovav Shacham. 2011. Eliminating fine grained timers in Xen. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 41--46. Google ScholarDigital Library
- Victor Vu, Srinath Setty, Andrew Blumberg, and Michael Walfish. 2013. A hybrid architecture for interactive verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 223--237. Google ScholarDigital Library
- Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. 2012. LoSt: Location based storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 59--70. Google ScholarDigital Library
- Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. 2009. Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). ACM, 91--96. Google ScholarDigital Library
- Peter Williams and Radu Sion. 2012. Single round access privacy on outsourced storage. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 293--304. Google ScholarDigital Library
- Peter Williams, Radu Sion, and Alin Tomescu. 2012. PrivateFS: A parallel oblivious file system. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 977--988. Google ScholarDigital Library
- Chiachih Wu, Zhi Wang, and Xuxian Jiang. 2013. Taming hosted hypervisors with (mostly) deprivileged execution. In Proceedings of the 20th Symposium on Network and Distributed System Security (NDSS’13).Google Scholar
- Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium. Google ScholarDigital Library
- Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 29--40. Google ScholarDigital Library
- Kan Yang, Xiaohua Jia, and Kui Ren. 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 523--528. Google ScholarDigital Library
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium. 719--732. Google ScholarDigital Library
- Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011a. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 203--216. Google ScholarDigital Library
- Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, and Yaoping Ruan. 2011. Sedic: Privacy-aware data intensive computing on hybrid clouds. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 515--526. Google ScholarDigital Library
- Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011b. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy. 313--328. Google ScholarDigital Library
- Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 305--316. Google ScholarDigital Library
- Yinqian Zhang and Michael K. Reiter. 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 827--838. Google ScholarDigital Library
Index Terms
- The State of Public Infrastructure-as-a-Service Cloud Security
Recommendations
Cloud service engineering
ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2Building on compute and storage virtualization, Cloud Computing provides scalable, network-centric, abstracted IT infrastructure, platforms, and applications as on-demand services that are billed by consumption. Cloud Service Engineering is the ...
Security as a Service for Public Cloud Tenants(SaaS)
AbstractCloud computing is a novel paradigm that is known for its elasticity and diversity in terms of the services provided to the end users. Although these services offer many benefits such as availability, cost-reduction, flexible payment plans, ...
Cloud Computing Security: Amazon Web Service
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication TechnologiesCloud Computing is a recently emerged model which is becoming popular among almost all enterprises. It involves the concept of on demand services which means using the cloud resources on demand and we can scale the resources as per demand. Cloud ...
Comments