• Corpus ID: 14165593

What's New About Cloud Computing Security?

@inproceedings{Chen2010WhatsNA,
  title={What's New About Cloud Computing Security?},
  author={Yanpei Chen and Vern Paxson and Randy H. Katz},
  year={2010}
}
While the economic case for cloud computing is compelling, the security challenges it poses are equally striking. In this work we strive to frame the full space of cloud-computing security issues, attempting to separate justified concerns from possible over-reactions. We examine contemporary and historical perspectives from industry, academia, government, and “black hats”. We argue that few cloud computing security issues are fundamentally new or fundamentally intractable; often what appears… 

Cloud computing security: Fine-grained analysis and security approaches

TLDR
The impact of the cloud computing characteristics and properties such as Multitenancy and Elasticity on the security model and also with the Virtualizatkin which is a cornerstone of some cloud implementations are emphasized.

Cyber Concerns With Cloud Computing

TLDR
This survey paper will provide a review of the existing cyber concerns with cloud computing from a military perspective and point out future cyber concerns that may populate due to emerging technological advancements on the horizon.

A quantitative analysis of current security concerns and solutions for cloud computing

TLDR
This article identifies and classify the main security concerns and solutions in cloud computing, and proposes a taxonomy of security in cloud Computing, giving an overview of the current status ofSecurity in this emerging technology.

Auditing for Standards Compliance in the Cloud: Challenges and Directions

TLDR
Examining the notion of audit as it is currently being used by surveying available provider APIs and new standards for publishing audit data concludes that current efforts by cloud providers being termed as audit still fall short of addressing some of the most pressing concerns of their customers related to multiple issues.

Data Security and Privacy Protection Issues in Cloud Computing

  • Deyan ChenHong Zhao
  • Computer Science
    2012 International Conference on Computer Science and Electronics Engineering
  • 2012
TLDR
This paper provides a concise but all-round analysis on data security and privacy protection issues associated with cloud computing across all stages of data life cycle and describes future research work about dataSecurity and privacy Protection issues in cloud.

Cloud computing security: The scientific challenge, and a survey of solutions

  • M. Ryan
  • Computer Science
    J. Syst. Softw.
  • 2013

Who can you trust in the cloud?: a review of security issues within cloud computing

TLDR
A method for allowing the user to select specific security levels of security for items is proposed and a list of security items that all users should be aware of before opting to use cloud based services is made.

Security and Privacy Issues in Cloud Computing

TLDR
This chapter describes various service and deployment models of cloud computing and identifies major challenges, including three critical challenges: regulatory, security and privacy issues in cloud computing.

Security transparency: the next frontier for security research in the cloud

TLDR
It is argued that undertaking some initiatives in that direction is a key to sustaining the current momentum of the cloud, and proposes some routes towards related solutions by discussing a number of desiderata for establishing a better security transparency between a Cloud Service Provider (CSP) and a Cloud service Consumer (CSC).

Privacy and Security for Cloud Computing

TLDR
This book analyzes the latest advances in privacy, security and risk technologies within cloud environments and investigates the applicability of existing controls for mitigating information security risks to cloud computing environments.
...

References

SHOWING 1-10 OF 44 REFERENCES

Above the Clouds: A Berkeley View of Cloud Computing

TLDR
This work focuses on SaaS Providers (Cloud Users) and Cloud Providers, which have received less attention than SAAS Users, and uses the term Private Cloud to refer to internal datacenters of a business or other organization, not made available to the general public.

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

TLDR
It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.

Towards Trusted Cloud Computing

TLDR
The design of a trusted cloud computing platform (TCCP) is proposed, which enables Infrastructure as a Service (IaaS) providers such as Amazon EC2 to provide a closed box execution environment that guarantees confidential execution of guest virtual machines.

Managing security of virtual machine images in a cloud environment

TLDR
An image management system is proposed that controls access to images, tracks the provenance of images, and provides users and administrators with efficient image filters and scanners that detect and repair security violations.

Securing virtual machine monitors: what is needed?

TLDR
It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems, but just like operating systems, VMMs can have exploitable security vulnerabilities.

The NIST Definition of Cloud Computing

TLDR
This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

HAIL: a high-availability and integrity layer for cloud storage

TLDR
A strong, formal adversarial model for HAIL is proposed, and rigorous analysis and parameter choices are proposed that improve on the security and efficiency of existing tools, like Proofs of Retrievability deployed on individual servers.

Browser interfaces and extended validation SSL certificates: an empirical study

TLDR
This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants, finding the alternative interface to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding.

Timing Analysis of Keystrokes and Timing Attacks on SSH

TLDR
A statistical study of users' typing patterns is performed and it is shown that these patterns reveal information about the keys typed, and that timing leaks open a new set of security risks, and hence caution must be taken when designing this type of protocol.

Application and analysis of the virtual machine approach to information system security and isolation

TLDR
This paper shows that a combined virtual machine monitor/operating system (VMM/OS) approach to information system isolation provides substantially better software security than a conventional multiprogramming operating system approach.