survey

The State of Public Infrastructure-as-a-Service Cloud Security

Authors:
Wei Huang

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
Afshar Ganjali

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
Beom Heyn Kim

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
Sukwon Oh

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

,
David Lie

University of Toronto, Toronto, ON, Canada

University of Toronto, Toronto, ON, Canada
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 47 Issue 4Article No.: 68pp 1–31https://doi.org/10.1145/2767181

Published:26 June 2015Publication History

ACM Computing Surveys

Abstract

The public Infrastructure-as-a-Service (IaaS) cloud industry has reached a critical mass in the past few years, with many cloud service providers fielding competing services. Despite the competition, we find some of the security mechanisms offered by the services to be similar, indicating that the cloud industry has established a number of “best-practices,” while other security mechanisms vary widely, indicating that there is also still room for innovation and experimentation. We investigate these differences and possible underlying reasons for it. We also contrast the security mechanisms offered by public IaaS cloud offerings and with security mechanisms proposed by academia over the same period. Finally, we speculate on how industry and academia might work together to solve the pressing security problems in public IaaS clouds going forward.

References

Amazon AWS. 2013. Amazon Web Services Risk and Compliance. https://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdf, Last accessed: June 2015.Google Scholar
Amazon AWS. 2014. Amazon Web Services Overview of Security Processes. https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf, Last accessed: June 2015.Google Scholar
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy.Google Scholar
Michael Armbrust, Armando Fox, Rean Griffith, Anthony Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. 2010. A view of cloud computing. Communications of the ACM 53, 4, 50--58. Google ScholarDigital Library
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Osama Khan, Lea Kissner, Zachary Peterson, and Dawn Song. 2011. Remote data checking using provable data possession. ACM Transactions on Information and System Security (TISSEC) 14, 1, 12. Google ScholarDigital Library
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 598--609. Google ScholarDigital Library
Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, and Gene Tsudik. 2008. Scalable and efficient provable data possession. In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SECURECOMM’08). Google ScholarDigital Library
Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. 2010. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 103--108. Google ScholarDigital Library
Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). 38--49. Google ScholarDigital Library
Yossi Azar, Seny Kamara, Ishai Menache, Mariana Raykova, and Bruce Shepard. 2014. Co-location-resistant clouds. In Proceedings of the 2014 ACM Workshop on Cloud Computing Security (CCSW’14). 9--20. Google ScholarDigital Library
Adam Barker, Blesson Varghese, Jonathan Stuart Ward, and Ian Sommerville. 2014. Academic cloud computing research: Five pitfalls and five opportunities. In Proceedings of the 6th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’14). Google ScholarDigital Library
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (OSDI’14). 267--283. Google ScholarDigital Library
Karyn Benson, Rafael Dowsley, and Hovav Shacham. 2011. Do you know where your cloud files are? In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 73--82. Google ScholarDigital Library
Daniel Bernstein. 2005. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf, Last accessed: April 2015.Google Scholar
Alysson Neves Bessani, Miguel P. Correia, Bruno Quaresma, Fernando André, and Paulo Sousa. 2011. DepSky: Dependable and secure storage in a cloud-of-clouds. In Proceedings of the 2011 European Conference on Computer Systems (EuroSys’11). 31--46. Google ScholarDigital Library
Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, and Kaan Onarlioglu. 2014. Toward robust hidden volumes using write-only oblivious RAM. In Proceedings of the 21th ACM Conference on Computer and Communications Security (CCS’14). 203--214. Google ScholarDigital Library
Kevin Bowers, Marten van Dijk, Ari Juels, Alina Oprea, and Ronald Rivest. 2011. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 501--514. Google ScholarDigital Library
Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009a. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 187--198. Google ScholarDigital Library
Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009b. Proofs of retrievability: Theory and implementation. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 43--54. Google ScholarDigital Library
Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi, and Thomas Schneider. 2011. AmazonIA: When elasticity snaps back. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 389--400. Google ScholarDigital Library
Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, and Vinod Ganapathy. 2012. Self-service cloud computing. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 253--264. Google ScholarDigital Library
Bo Chen and Reza Curtmola. 2013. Towards self-repairing replication-based storage systems using untrusted clouds. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy. 377--388. Google ScholarDigital Library
Bo Chen, Reza Curtmola, Giuseppe Ateniese, and Randal Burns. 2010a. Remote data checking for network coding-based distributed storage systems. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 31--42. Google ScholarDigital Library
Li Chen and Kai Chen. 2014. BitBill: Scalable, robust, verifiable peer-to-peer billing for cloud computing. In Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing. 20. Google ScholarDigital Library
Yanpei Chen, Vern Paxson, and Randy Katz. 2010b. What’s New about Cloud Computing Security. Technical Report UCB/EECS-2010-5. Dept. Electrical Eng. and Comput. Sciences, University of California.Google Scholar
Cloud Security Alliance. 2011. Security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, Last accessed: June 2015.Google Scholar
Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. 2011. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 189--202. Google ScholarDigital Library
Reza Curtmola, Osama Khan, and Randal Burns. 2008a. Robust remote data checking. In Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. 63--68. Google ScholarDigital Library
Reza Curtmola, Osama Khan, Randal Burns, and Giuseppe Ateniese. 2008b. MR-PDP: Multiple-replica provable data possession. In Proceedings of the 28th International Conference on Distributed Computing Systems. 411--420. Google ScholarDigital Library
Jonathan Dautrich, Emil Stefanov, and Elaine Shi. 2014. Burst ORAM: Minimizing ORAM response times for bursty access patterns. In Proceedings of the 23rd USENIX Security Symposium. 749--764. Google ScholarDigital Library
Chris Erway, Alptekin Küpçü, Charalampos Papamanthou, and Roberto Tamassia. 2009. Dynamic provable data possession. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 213--222. Google ScholarDigital Library
Jonathan I. Ezor. 2010. Busting Blocks: Revisiting 47 USC Sec. 230 to address the lack of effective legal recourse for wrongful inclusion in spam filters. Richmond Journal of Law and Technology 17, 1.Google Scholar
Benjamin Farley, Ari Juels, Venkatanathan Varadarajan, Thomas Ristenpart, Kevin Bowers, and Michael Swift. 2012. More for your money: Exploiting performance heterogeneity in public clouds. In Proceedings of the 3rd ACM Symposium on Cloud Computing. 20:1--20:14. Google ScholarDigital Library
Ariel J. Feldman, William P. Zeller, Michael J. Freedman, and Edward W. Felten. 2010. SPORC: Group collaboration using untrusted cloud resources. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). Google ScholarDigital Library
Gartner. 2013. Magic Quadrant for Cloud Infrastructure as a Service. Retrieved form http://www.gartner.com/technology/reprints.do?id=1-1IMDMZ5&ct==130819&st==sb, Last accessed: June 2015.Google Scholar
Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University. Google ScholarDigital Library
Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. 2010. Dude, where’s that IP?: Circumventing measurement-based IP geolocation. In Proceedings of the 19th USENIX Security Symposium. 16--32. Google ScholarDigital Library
Robert P. Goldberg. 1974. Survey of virtual machine research. IEEE Computer Magazine 7, 6 (June 1974), 35--45. Google ScholarDigital Library
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM 43, 3 (May 1996), 431--473. Google ScholarDigital Library
Google. 2012. Google’s approach to IT security: A Google white paper. https://static.googleusercontent.com/media/www.google.com/en/US/work/pdf/whygoogle/google-common-security-whitepaper.pdf.Google Scholar
Andreas Haeberlen, Paarijaat Aditya, Rodrigo Rodrigues, and Peter Druschel. 2010. Accountable virtual machines. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 119--134. Google ScholarDigital Library
Shai Halevi, Danny Harnik, Benny Pinkas, and Alexandra Shulman-Peleg. 2011. Proofs of ownership in remote storage systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 491--500. Google ScholarDigital Library
Eran Hammer-Lahav, David Recordon, and Dick Hardt. 2012. The OAuth 2.0 authorization protocol. IETF Q51214 Draft v2.22. https://tools.ietf.org/html/draft-ietf-oauth-v2-22, Last accessed: June 2015.Google Scholar
Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Carlos Rozas, Vinay Phegade, and Juan del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 11:1--11:1. Google ScholarDigital Library
International Organization for Standardization. 2014. Information security management systems. ISO/IEC 27000:2014.Google Scholar
Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’12).Google Scholar
Robert Jellinek, Yan Zhai, Thomas Ristenpart, and Michael Swift. 2014. A day late and a dollar short: The case for research on cloud billing systems. In The USENIX Workshop on Hot Topics in Cloud Computing. 21. Google ScholarDigital Library
Ari Juels and Burton S. Kaliski Jr. 2007. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 584--597. Google ScholarDigital Library
Ari Juels and Alina Oprea. 2013. New approaches to security and availability for cloud data. Communications of the ACM 56, 2 (Feb. 2013), 64--73. Google ScholarDigital Library
Charlie Kaufman and Ramanathan Venkatapathy. 2010. Windows Azure™security overview, version 1.01. http://go.microsoft.com/?linkid=9740388, Last accessed: June 2015.Google Scholar
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. 2010. NoHype: Virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th International Symposium on Computer Architecture (ISCA’10). 350--361. Google ScholarDigital Library
Beom Heyn Kim, Wei Huang, and David Lie. 2012a. Unity: Secure and durable personal cloud storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 31--36. Google ScholarDigital Library
Beom Heyn Kim and David Lie. 2015. Caelus: Verifying the consistency of cloud services with battery-powered devices. In Proceedings of the 2015 IEEE Symposium on Security and Privacy.Google ScholarDigital Library
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012b. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium. 11. Google ScholarDigital Library
Ang Li, Xiaowei Yang, Srikanth Kandula, and Ming Zhang. 2010. CloudCmp: Comparing public cloud providers. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC’10). 1--14. Google ScholarDigital Library
Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI’04). Google ScholarDigital Library
Bartosz Lipinski, Wojciech Mazurczyk, and Krzysztof Szczypiorski. 2014. Improving hard disk contention-based covert channel in cloud computing. In Proceedings of the 2014 IEEE Security and Privacy Workshops. 100--107. Google ScholarDigital Library
Prince Mahajan, Srinath T. V. Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Michael Dahlin, and Michael Walfish. 2010. Depot: Cloud storage with minimal trust. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 1--12. Google ScholarDigital Library
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd European Conference on Computer Systems (EuroSys’08). 315--328. Google ScholarDigital Library
Frank Mckeen, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 10:1--10:1. Google ScholarDigital Library
Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham. 2012. Are AES x86 cache timing attacks still feasible? In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 19--24. Google ScholarDigital Library
Derek Gordon Murray, Grzegorz Milos, and Steven Hand. 2008. Improving Xen security through disaggregation. In Proceedings of the 4th International Conference on Virtual Execution Environments (VEE’08). 151--160. Google ScholarDigital Library
Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf, Last accessed: June 2015.Google Scholar
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova. 2013. Pinocchio: Nearly practical verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 238--252. Google ScholarDigital Library
Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, and Huseyin Ulusoy. 2014. Preventing cryptographic key leakage in cloud virtual machines. In Proceedings of the 23rd USENIX Security Symposium. 703--718. Google ScholarDigital Library
Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang. 2011. Enabling security in cloud storage SLAs with CloudProof. In Proceedings of the 2011 Annual Usenix Technical Conference. 355--368. Google ScholarDigital Library
Krishna P. N. Puttaswamy, Christopher Kruegel, and Ben Y. Zhao. 2011. Silverline: Toward data confidentiality in storage-intensive cloud applications. In Proceedings of the 2nd ACM Symposium on Cloud Computing. 10:1--10:13. Google ScholarDigital Library
Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 77--84. Google ScholarDigital Library
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 199--212. Google ScholarDigital Library
Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. 2009. Towards trusted cloud computing. In Proceedings of the 1st USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’09). Google ScholarDigital Library
Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Proceedings of the 21st USENIX Security Symposium. Google ScholarDigital Library
Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Trent Jaeger, and Patrick McDaniel. 2010. Seeding clouds with trust anchors. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 43--46. Google ScholarDigital Library
Bruce Schneier. 1999. DVD Encryption Broken. Retrieved from https://www.schneier.com/essay-193.html, Last accessed date: June 2015.Google Scholar
Hovav Shacham and Brent Waters. 2008. Compact proofs of retrievability. In Advances in Cryptology-ASIACRYPT 2008. Springer, 90--107. Google ScholarDigital Library
Elaine Shi, Emil Stefanov, and Charalampos Papamanthou. 2013. Practical dynamic proofs of retrievability. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 325--336. Google ScholarDigital Library
Alexander Shraer, Christian Cachin, Asaf Cidon, Idit Keidar, Yan Michalevsky, and Dani Shaket. 2010. Venus: Verification for untrusted cloud storage. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 19--30. Google ScholarDigital Library
Rishi Sinha, Christos Papadopoulos, and John Heidemann. 2007. Internet Packet Size Distributions: Some Observations. Technical Report ISI-TR-2007-643. USC/Information Sciences Institute.Google Scholar
Ronald Smith and G. Scott Knight. 2008. Predictable design of network-based covert communication systems. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. 311--321. Google ScholarDigital Library
Emil Stefanov and Elaine Shi. 2013. ObliviStore: High performance oblivious cloud storage. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 253--267. Google ScholarDigital Library
Emil Stefanov, Elaine Shi, and Dawn Song. 2012a. Towards practical oblivious RAM. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS).Google Scholar
Emil Stefanov, Marten van Dijk, Ari Juels, and Alina Oprea. 2012b. Iris: A scalable cloud file system with efficient integrity checks. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). 229--238. Google ScholarDigital Library
Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 299--310. Google ScholarDigital Library
San-Tsai Sun and Konstantin Beznosov. 2012. The devil is in the (implementation) details: An empirical analysis of oauth SSO systems. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 378--390. Google ScholarDigital Library
Jakub Szefer and Ruby Lee. 2012. Architectural support for hypervisor-secure virtualization. In Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’12). 437--450. Google ScholarDigital Library
Hassan Takabi, James B. D. Joshi, and Gail-Joon Ahn. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 6, 24--31. Google ScholarDigital Library
Douglas Terry, Vijayan Prabhakaran, Ramakrishna Kotla, Mahesh Balakrishnan, Marcos Aguilera, and Hussam Abu-Libdeh. 2013. Consistency-based service level agreements for cloud storage. In Proceedings of the 24rd ACM Symposium on Operating Systems Principles (SOSP’13). 309--324. Google ScholarDigital Library
The Trusted Computing Group. 2013. Homepage. Retrieved from https://www.trustedcomputinggroup.org, Last accessed: June 2015.Google Scholar
Marten van Dijk, Ari Juels, Alina Oprea, Ronald L. Rivest, Emil Stefanov, and Nikos Triandopoulos. 2012. Hourglass schemes: How to prove that cloud files are encrypted. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 265--280. Google ScholarDigital Library
Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M. Swift. 2012. Resource-freeing attacks: Improve your cloud performance (at your neighbor’s expense). In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 281--292. Google ScholarDigital Library
Venkatanathan Varadarajan, Thomas Ristenpart, and Michael Swift. 2014. Scheduler-based defenses against cross-VM side-channels. In Proceedings of the 23rd USENIX Security Symposium. 687--702. Google ScholarDigital Library
Bhanu C. Vattikonda, Sambit Das, and Hovav Shacham. 2011. Eliminating fine grained timers in Xen. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 41--46. Google ScholarDigital Library
Victor Vu, Srinath Setty, Andrew Blumberg, and Michael Walfish. 2013. A hybrid architecture for interactive verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 223--237. Google ScholarDigital Library
Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. 2012. LoSt: Location based storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 59--70. Google ScholarDigital Library
Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. 2009. Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). ACM, 91--96. Google ScholarDigital Library
Peter Williams and Radu Sion. 2012. Single round access privacy on outsourced storage. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 293--304. Google ScholarDigital Library
Peter Williams, Radu Sion, and Alin Tomescu. 2012. PrivateFS: A parallel oblivious file system. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 977--988. Google ScholarDigital Library
Chiachih Wu, Zhi Wang, and Xuxian Jiang. 2013. Taming hosted hypervisors with (mostly) deprivileged execution. In Proceedings of the 20th Symposium on Network and Distributed System Security (NDSS’13).Google Scholar
Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium. Google ScholarDigital Library
Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 29--40. Google ScholarDigital Library
Kan Yang, Xiaohua Jia, and Kui Ren. 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 523--528. Google ScholarDigital Library
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium. 719--732. Google ScholarDigital Library
Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011a. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 203--216. Google ScholarDigital Library
Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, and Yaoping Ruan. 2011. Sedic: Privacy-aware data intensive computing on hybrid clouds. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 515--526. Google ScholarDigital Library
Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011b. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy. 313--328. Google ScholarDigital Library
Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 305--316. Google ScholarDigital Library
Yinqian Zhang and Michael K. Reiter. 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 827--838. Google ScholarDigital Library

Index Terms

The State of Public Infrastructure-as-a-Service Cloud Security
1. Networks
  1. Network services
    1. Cloud computing
2. Security and privacy
  1. Systems security
    1. Distributed systems security
    2. Operating systems security
      1. Virtualization and security

Recommendations

Cloud service engineering
ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2

Building on compute and storage virtualization, Cloud Computing provides scalable, network-centric, abstracted IT infrastructure, platforms, and applications as on-demand services that are billed by consumption. Cloud Service Engineering is the ...
Read More
Security as a Service for Public Cloud Tenants(SaaS)
Abstract
Cloud computing is a novel paradigm that is known for its elasticity and diversity in terms of the services provided to the end users. Although these services offer many benefits such as availability, cost-reduction, flexible payment plans, ...
Read More
Cloud Computing Security: Amazon Web Service
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication Technologies

Cloud Computing is a recently emerged model which is becoming popular among almost all enterprises. It involves the concept of on demand services which means using the cloud resources on demand and we can scale the resources as per demand. Cloud ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 47, Issue 4
July 2015
573 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2775083
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 June 2015
- Revised: 1 April 2015
- Accepted: 1 April 2015
- Received: 1 May 2014
Published in csur Volume 47, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Public Infrastructure-as-a-Service Cloud
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 53
  Total Citations
  View Citations
- 2,192
  Total Downloads
- Downloads (Last 12 months)97
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The State of Public Infrastructure-as-a-Service Cloud Security

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Cloud service engineering

Security as a Service for Public Cloud Tenants(SaaS)

Cloud Computing Security: Amazon Web Service