a survey on security issue and its proposed solutions in cloud … › ab02 ›...

1st International Conference of Recent Trends in Information and Communication Technologies

A Survey on Security Issue and Its Proposed Solutions in Cloud

Environment

Yousra Abdul Alsahib S.aldeen*, Mohammad Abdur Razzaque, Mazleena Saleh

Faculty of computing, Universiti Teknologi Malaysia, Johor Bahru, Malaysia

Abstract

Cloud computing is the new direction in computing and resourcemanagement.

Through Cloud services are delivered using classical network protocols and formats

over the Internet, implicit vulnerabilities existing in these protocols as well as threats

introduced by newer architectures lead to increase security and privacy concerns.

Also, clients’ lack of direct resource control,new security risks are introduced and

whole IT infrastructure is under the control of the cloud provider. So, the clients have

to trust the security protection mechanismsthat the cloud and the service providers

offer. In this paper, firstly, we survey the Cloud computing definitions,

characteristics, and its benefits. Secondly, we survey the vulnerabilities and attacks;

identify relevant solution directives to strengthen security in the Cloud environment.

Keywords: cloud computing, security

1 Introduction

Cloud computing has appeared roughly in the year 2008 as a new distributed

computing paradigm with the purpose of reaching the long dreamed computing as utility, a term first invoked as early as 1965 by Corbató and Vyssotsky .Utility

computing is identified as computational resources efficiently wrapped as services.

Cloud environments combine virtualization techniques in order to provide an

efficient way of dispatching resources on the minute. This allows organizingpay-

per-usebusiness model, meaning that customers get to specifically choose whatever

resources (e.g., CPUs, memory, bandwidth, security policies, platforms, and

hardware load) that are they require, reducing costs by paying only for what is

subscribed to[1]. Although the cloud characteristics are well implicit,the security

state of cloud is yet confusing. In spite of the growth incloud computing, per se

implying that many enterprisesadopted the model, several security issues raise

severe concernsfor some. In fact, major clients might hold back, choosing to keep

infrastructures on-premises rather thanmoving them to outsourced locations. As the sensitive applications and data are moved into the cloud data centers, run on virtual

computing resources in the form of virtual machine. This unique attributes,

however, poses many novel tangible and intangible security and privacy challenges.

It might be difficult to track the security issue in cloud computing environments[2].

This paper focuses on security issue by presenting the attributes of security,

vulnerabilities and attacks in cloud environment as shown in figure.1. It also

classified many papers into four classifications as shown in section 3 including

attributes of security, vulnerabilities and attacks, architecture or framework for

solving security issue, approach for solving security issue and methods for solving

IRICT 2014 Proceeding 12th -14th September, 2014, Universiti Teknologi Malaysia, Johor, Malaysia

Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 460

security issue. The rest of the paper is organized as follows: Section 2 discusses

cloud computing definitions, its characteristics and its benefits. A survey on

security issue in the Cloud and their existing solutions are provided in Section 3.

Section 4 introduces conclusion.

2. Cloud computing

Cloud computing is identified by[2] and [3] as an abstraction based on the notion of

pooling physical resources and presenting them as a virtual resource. It can be identified in

other way as a technology largely viewed as the next big step in the development and

deployment of an increasing number of distributed applications [4]. Computer clouds are

typically homogeneous. An entire cloud shares the same security, resource management,

cost and other policies, and last, but not least, it targets enterprise computing. It can

consider as an umbrella term to describe a category of sophisticated on-demand computing

services initially offered by commercial providers, such as Amazon, Google, and

Microsoft, [5]. [6]stated that cloud computing offers infrastructure and computational

services on demand for various customers on shared resources. Services that are offered

range from infrastructure services such as Amazon EC2 (computation) or S3 (storage), over

platform services such as Google App Engine or Microsoft’s database service SQL Azure,

to software services such as outsourced customer relationship management applications by

Salesforce.com.

The National Institute of Standards and Technology NIST (2009) define Cloud

Computing as having key characteristics, specific delivery models, and deployment

models. Pearson (2009) listed the key characteristics defined by NIST as including the

sharing of resources, and resource pooling technology such as multi-tenancy and

virtualization. Davis et al.(2010) go on to state that the centralized provisioning of services

by a Cloud Service Provider (CSP) reduces the need for IT to maintain internal servers,

software licenses, support staff, and facilities. CSPs in turn can leverage scale to provide

lower costs, improved service levels such as continuous global access, software update and

maintenance, and security services

[2]presented the NIST draft definition goes on to describe these five essential

characteristics that are


Cloud Computing

Characteristics Service Models Deployment Models

On-Demand Self-Service Software as a Service

(SaaS)

Private Cloud

Broad Network Access Platform as a Service

(PaaS)

Community Cloud

Resource Pooling Infrastructure as a Service

(IaaS)

Public Cloud

Rapid Elasticity Hybrid Cloud

Measured Service

Consequently, cloud computing has become a very attractive computing paradigm which

aims to provide reliable and customized computing environments for widespread Internet

users. It can be consider as the fifth utility, following water, electricity, gas and telephony

grids. So, it is being widely accepted throughout businesses. Although cloud computing has

introduced several benefits to the IT industries, it also brings many particular challenges

which should be taken in our consideration such as security and privacy.

3. Security Challenges in Cloud Computing

This section is classified into four subsections to focus on security issue in cloud

environment and present several papers that searched in this space.

3.1 Security vulnerabilities and attacks in Cloud Computing

The service and data maintenance is provided by cloud providers which leaves the

client/customer unaware of where the processes are running or where the data is stored. In

other word, the client has no control over it,[7]. So that, they presented service level

agreements(SLA’s) of cloud computing including definition of services, performance

management, problem management, customer duties and responsibilities, warranties and remedies, security, disaster recovery and business continuity disaster, termination. A survey

of the different security risks that pose a threat to the cloud is presented by [8], [3] and [9]

such as cross-site scripting [XSS] ,access control weaknesses , network penetration and

packet analysis Session etc.. They also presented the key security elements including data

security, network security, data locality, data integrity, data segregation, data access,

authentication and authorization, tenant, data confidentiality, web application security, data

breaches virtualization vulnerability, availability, backup and identity management and

sign-on process. [10]focused on five aspects availability, confidentiality, data integrity,

control, and audit for security. When using cloud services, it should be focused on an

important security challenges [11] ,[12] and [13] . These challenges are including: resource

location, multi-tenancy issue, authentication and trust of acquired information, system monitoring and logs, cloud standards. They focused on Cloud computing must have central

components of the accountability which are transparency, responsibility, assurance and

remediation. [14]and[15]described storage, virtualization, and networks are the biggest

security concerns in cloud computing. Virtualization which allows multiple users to share a

physical server is one of the major concerns for cloud users. They focused on

understanding what vulnerabilities such as insecure interfaces and APIs Cloud; Data-

related vulnerabilities exist in Cloud Computing etc... They made a relationship between

threats and vulnerabilities to identify what vulnerabilities contribute to the execution of


these threats and make the system more robust. Some threats of security issues is discussed

by [16], [17] and [18] including failures in providers security, attacks by another customer,

availability and reliability issues, wrapping Attack, flooding Attack that are associated

with the cloud computing and analysed the possible security solutions such as Client Based

Privacy Manager, Mirage Image Management System, and Wrapping Attack Problem,

Flooding Attack Problem. [19] discussed the security threats including Denial of Service (DoS) attacks, Side Channel attacks, Authentication attacks, Man-in-the-middle

cryptographic attacks; Inside-job. They focused in benefits of using digital ID’s. Using

Digital ID’s for the employee in accessing the cloud computing services is the best way to

minimize the unauthorized access, this also on way to address the nonrepudiation issues. A

digital ID, sometimes called a digital certificate, is a file on client computer that identifies

who he is.

3.2 Architecture and framework for solving security issue in Cloud

[20] proposed a novel advanced architecture advanced cloud protection system

(ACPS) for cloud protection that can monitor both guest and middleware integrity. It could protect them from most kinds of attack while remaining fully transparent to the service user

and to the service provider. It has been proven able to locally react to security breaches and

capable of notifying the security management layer of such an events. A model and several

possible architectures for outsourcing data and arbitrary computations that provide

confidentiality, integrity, and verifiability is presented by [21]. Also, they presented

architectures to instantiate their model: The first architecture computes the function within

a tamper-proof hardware token and the second architecture is based on fully homomorphic

encryption. The main technical of their paper is a third architecture that combines the

advantages of the previous architectures and overcomes their respective disadvantages.[22]

proposed a Trusted Third Party, tasked with assuring specific security characteristics within

a cloud environment. The proposed solution called upon cryptography, specifically Public

Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. Their solution,

presented a horizontal level of service, available to all implicated entities, that realizes a

security mesh, within which essential trust is maintained.[23] discussed the integrity

protection problem in the clouds and designed a novel architecture, Transparent Cloud

Protection System (TCPS) for increased security of cloud resources. The proposed

Transparent Cloud Protection System (TCPS), a middleware whose core is located between

the Kernel and the virtualization layer. It intended to protect the integrity of guest VMs and

of the distributed computing middleware by allowing the host to monitor guest VMs and

infrastructure components. [24]proposed a dynamic migration architecture, leveraging the

dynamic provisioning capability of a cloud, to detect and avoid a new form of DOS attack

in a cloud data center, and verified that such an attack could be carried out in a real cloud data center.. They also proposed a novel available bandwidth estimation tool that works

accurately and reliably in high-speed networks. [25]proposed a secured framework for

cloud computing depending on the security solutions suggested. A secure framework

showed the deployed frame work shows a secured environment in which the clients need to

access the providers ‘network using secured VPN. In this framework the providers check

for user authentication, make sure that the clients approaching them are authorized and

genuine. [26]proposed system protecting personal information by using role-based access

control model and attributed- based access control to limit access. The users of the private

cloud system can access their resources against interference. Therefore, this system can

enhance the security of the cloud and protect access from the unauthorized users, provide

confidentiality, integrity and availability.


3.3Approach or Prototype for solving security issue in cloud

A new approach to timing channel control is proposed by [27]. They used

provider-enforced deterministic execution instead of resource partitioning to eliminate

timing channels within a shared cloud domain. Provider-enforced determinism prevents

execution timing from affecting the results of a compute task, Experiments with a prototype OS for deterministic cloud computing suggested that such an approach may be practical

and efficient. [28]proposed a novel technique for detecting application DOS attack by

means of a new constraint-based group testing model. Group testing provides short

detection delay and low false positive/negative rate. The motivated by classic GT methods,

three detection algorithms were proposed and a system based on these algorithms was

introduced. Theoretical analysis and preliminary simulation results demonstrated the

outstanding performance of this system in terms of low detection latency and false

positive/negative rate. [29]designed an anonymous authentication and authorization

protocol using anonymous public key certificates along with standard Strong

Authentication and XACML servers. The proposed protocol promises full anonymity and

prevents identity theft by employing anonymous identities. They have kept their framework flexible enough to provide multiple levels of anonymity by using more than just one CA for

issuing anonymous certificates. Their proposed protocol can be integrated with existing

identity management systems and provide anonymity as a cloud service. Fundamental risks

arise from sharing physical infrastructure between mutually distrustful users is argued by

[30]. They presented a number of approaches for mitigating this risk. First, cloud providers

may obfuscate both the internal structure of their services and the placement policy to

complicate an adversary’s attempts to place a VM on the same physical machine as its

target. Second, one may focus on the side-channel vulnerabilities themselves and employ

blinding techniques to minimize the information that can be leaked. They believed such an

option is the only fool proof solution to this problem and thus is likely to be demanded by

customers with strong privacy requirements.[31] presented data protection scheme with

public auditing scheme and some of the unique factors. A public auditing scheme consists of four algorithms: Key Gen, Sig Gen, Gen Proof, and Verify Proof. KeyGen is a key

generation algorithm that is run by the user to setup the scheme. SigGen is used by the user

to generate verification metadata, which may be consisted signatures, or other related

information that will be used for auditing. GenProof is run by the cloud server to generate a

proof of data storage correctness, while Verify Proof is run by the TPA to audit the proof

from the cloud server. [32]focused on two of the layers, i.e., the storage layer and the data

layer. In particular, they discussed a scheme for secure third party publications of

documents in a cloud. They developed a secure cloud consisting of hardware (includes

800TB of data storage on a mechanical disk drive, 2400 GB of memory and several

commodity computers), software (includes Hadoop) and data (includes a semantic web data

repository). Their cloud system contains support efficient storage of encrypted sensitive data, store, manage and query massive amounts of data, support fine-grained access control

and support strong authentication.

3.4Methods for solving security issue in Cloud

To store and access the data securely from the cloud storage, [33] is proposed a

method that allows user. They exploited the technique of elliptic curve cryptography

encryption to protect data files and proposed model has two parts in the cloud storage

server, Private data section and Shared data section to achieve secure, storage and access on

outsource data in the cloud. Their method ensure the security and privacy of data stored on

cloud. [34]identified five common types of attacks, which are Denial of service attack,

Cross virtual machine side-channel attack, malicious insider’s attack, Attacks targeting shared memory, and Phishing attack. These are the top threats for the real world cloud


implementation. To develop a procedure for the automatic identification of these attacks,

they generated a database from their experience by including number of packets sent,

number of packets received, number of packets lost, number of open ports, difference in

VM file size, network usage, CPU usage, and number of failed administrative log-on

attempts. The tables1, 2, 3 and 4 are illustrated all studies that searched in this field.

Table 1 illustrated the studies that analysis of security issue

References Survey and analysis of

security issue

Advantages and disadvantages

Kandukuri et al. (2009) and

Srinivasamurthy et al.

Emphasized on various

security threats in cloud

computing also the

existing methods and

presented security issues

that have to be included

in SLA (service level

agreement)

Adv. They identify reason of

cloud security issue is that the

client has no control over it and

also identify the SLA (service

level agreement)

Subashini et al.2011, Bisong,

2011 and Kulkarni et al (2012)

Presented a survey of the

different security risks

that pose a threat to the

cloud such as cross-site

scripting [XSS] ,access

control weaknesses.

Adv. focused on an important

security challenges when using

cloud services.

Zhou etal.(2010) Investigated several

Cloud Computing system

providers about their

concerns on security and

privacy issues.

Adv. they determined the focused

on five aspects availability,

confidentiality, data integrity,

control, and audit for security.

Rong et al.(2013) ,

Mahmood(2011) and (Manager,

2013)

Focused on an important

security challenges when

using cloud services,

explained privacy issues

of cloud computing

,concluded on the

benefits as well as

applications of cloud

computing, identified

method of dynamically

routing data.

Adv. they provide reader security

and privacy challenges when

using cloud computing and at the

same time benefits of using it.

Hashizume et al(2013) and S.

Kumar et al (2013)

Discussed what

vulnerabilities exist in

Cloud Computing and

focused on Virtualization

and different types of

Adv. They presented the benefits

of virtualization and its effect on

security cloud.


Table 2 is illustrated the studies including architecture and framework for solving security issue

References Architecture and framework Advantages and

disadvantages

Lombardi et al. (2011) Proposed a novel advanced

architecture Advanced Cloud

Protection System (ACPS) for

cloud protection that can

monitor both guest and

middleware integrity.

Adv. It has been proven

able to locally react to

security breaches and

capable of notifying the

security management layer

of such an events.

Sadeghi et al. (2010) Combined a trusted hardware

token (e.g., a cryptographic

coprocessor or provided by the

customer) with Secure Function

Evaluation (SFE) to compute

arbitrary functions on secret

(encrypted) data where the

computation leaks no

information and is verifiable.

Adv. The main technical of

their paper is a third

architecture that combines

the advantages of the

previous architectures and

overcomes their respective

disadvantages.

Zissis et al. (2012) Proposed solution called upon

cryptography, specifically

Public Key Infrastructure

operating in concert with SSO

and LDAP, to ensure the

authentication, integrity and

confidentiality of involved data

and communications.

Adv. ensures the

authentication, integrity

and confidentiality of

involved data and

communications.

Dis adv. It is difficult getting

trusted third party.

Virtualization.

Nirmala, (2013), Challa, (2012)

and Chhikara(2013)

Focused on providing

solutions such as Client

Based Privacy Manager,

Mirage Image

Management System,

and Wrapping Attack

Problem, Flooding

Attack Problem to all

these issues.

Adv. Presented providing

solutions to all these issues.

Seunghwan et al(2012) Using Digital ID’s for the

employee in accessing the

cloud computing services

Adv. Presented the importance of

authentication method when

accessing cloud computing.


Lombardi et al.(2010) Transparent Cloud Protection

System (TCPS), a middleware

whose core is located between

the Kernel and the

virtualization layer.

Adv. It intended to protect

the integrity of guest VMs

and of the distributed

computing

H. Liu, n.d. Proposed and evaluated a new

mechanism

for applications to dynamically

relocate to a different

infrastructure when the desired

Quality of Service (QoS) could

not be met.

Adv. They detect and avoid

a new form of DOS attack

in a cloud data center, and

verified that such an attack

could be carried out in a

real cloud data center

Mathew (2012) proposed a secured framework

for cloud computing depending

on the security solutions

suggested. A secure framework

showed the x deployed frame

work shows a secured

environment in which the

clients need to access the

providers ‘network using

secured VPN.

Adv. In this framework the

providers check for user

authentication, make sure

that the clients approaching

them are authorized and

genuine.

Mon et al.(2011) Proposed system protecting

personal information by using

role-based access control model

and attributed- based access

control to limit access.

Adv. this system can

enhance the security of the

cloud and protect access

from the unauthorized

users, provide

confidentiality, integrity

and availability.

Table 3 is illustrated the studies including approaches for solving security issue

References Approach Advantages and disadvantages

Aviram n.d.. A new approach to timing

channel control

Adv. Experiments with a

prototype OS for

deterministic cloud

computing suggested that

such an approach may be

practical and efficient

Varma n.d. Proposed a novel technique for

detecting application DOS attack

by means of a new constraint-

Adv. Theoretical analysis and

preliminary simulation results

demonstrated the outstanding

performance of this system in


based group testing model. terms of low detection latency

and false positive/negative

rate.

Khalid et al.2013 Designed an anonymous

authentication and authorization

protocol using anonymous public

key certificates along with

standard Strong Authentication

and XACML servers.

Adv. Their proposed protocol

can be integrated with

existing identity management

systems and provide

anonymity as a cloud service.

Ristenpart et al.(2009) Fundamental risks arise from

sharing physical infrastructure

between mutually distrustful

users are argued They presented

a number of approaches for

mitigating this risk.

Dis adv. This option is the

only fool proof solution to this

problem

Gowrigolla et al. (2010) Presented a data protection

scheme with public auditing

scheme.

Adv. Provide auditing scheme

by authentication access.

Hamlen, et al (2010) Focused on two of the layers, i.e.,

the storage layer and the data

layer.

Adv. Their cloud system

contains support efficient

storage of encrypted sensitive

data, store, manage and query

massive amounts of data,

support fine-grained access

control and support strong

authentication.

Table 4 is illustrated the studies including methods for solving security issue

References Methods Advantages and

disadvantages

A. Kumar et al(2012) Exploited the technique of elliptic

curve cryptography encryption to

protect data files and proposed model

has two parts in the cloud storage

server.

Adv. Their method

ensure the security

and privacy of data

stored on cloud an

approach may be

practical and

efficient


Khorshed et al. (2012) Generated a database from their

experience by including number of

packets sent, number of packets

received, number of packets lost,

number of open ports, difference in

VM file size, network usage, CPU

usage, and number of failed

administrative log-on attempts.

Adv. Detecting

Denial of service

attack, Cross virtual

machine side-

channel attack,

malicious insider’s

attack, Attacks

targeting shared

memory, and

Phishing attack.

Dis adv. Could not

detect all attacks

4 Conclusion and analysis

Cloud computing can introduce several business benefits to organizations. However, there

are many challenges related to security and privacy in the Cloud environment. Therefore,

the governments across the globe must standardize some of the privacy and security

requirements. Through developing this field, it is expected to see more robust methods to

cope with the stringent requirements of cloud environments. Till then, customers could not

be fully experience the cloud computing technology and cloud security issues must be

resolved. Many researches have proved that security should be a top priority. All these

previous architecture approaches, methods should be improved to get a strong secure cloud.

This paper surveyed various vulnerabilities, threats, attacks, and also existing solutions to

address security issues at different layers of the Cloud. This paper can help the cloud

service providers and the end-users to find the weakness in the previous methods and

improve them for building strong cloud security.

References

1. Fernandes, D. a. B., Soares, L. F. B., Gomes, J. V., Freire, M. M., &Inácio, P.

R. M. (2013). Security issues in cloud environments: a survey. International

Journal of Information Security, 13(2), 113–170. doi:10.1007/s10207-013-

0208-7

2. Williams, M. I. (n.d.). New Tool for s Busi ness A Quick Start Guide to Cloud

ComputinG.

3. Bisong, A. (2011). A N OVERVIEW OF THE S ECURITY C ONCERNS IN,

3(1), 30–45.

4. Marinescu, D. C. (2012). Cloud Computing  : Theory and Practice ∗ , 1–404.

5. Mathew, A. (2012). SECURITY AND PRIVACY ISSUES OF CLOUD

COMPUTING  ;,2(4).No Title. (n.d.).

6. Sadeghi, A., Schneider, T., Winandy, M., & Horst, G. (2010). Token-Based

Cloud Computing, 2, 417–429.

7. Srinivasamurthy, S., Wayne, F., & Liu, D. Q. (n.d.). Survey on Cloud

Computing Security.


8. Subashini, S., &Kavitha, V. (2011). Journal of Network and Computer

Applications A survey on security issues in service delivery models of cloud

computing. Journal of Network and Computer Applications, 34(1), 1–11.

doi:10.1016/j.jnca.2010.07.006

9. Kulkarni, G., Gambhir, J., Patil, T., &Dongare, A. (2012). A security aspects in

cloud computing. 2012 IEEE International Conference on Computer Science

and Automation Engineering, 547–550. doi:10.1109/ICSESS.2012.6269525

10. Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010). Security and

Privacy in Cloud Computing: A Survey. 2010 Sixth International Conference

on Semantics, Knowledge and Grids, 105–112. doi:10.1109/SKG.2010.19

11. Rong, C., Nguyen, S. T., &Jaatun, M. G. (2013). Beyond lightning: A survey

on security challenges in cloud computing. Computers & Electrical

Engineering, 39(1), 47–54. doi:10.1016/j.compeleceng.2012.04.015

12. Mahmood, Z. (2011). Data Location and Security Issues in Cloud Computing.

2011 International Conference on Emerging Intelligent Data and Web

Technologies, 49–54. doi:10.1109/EIDWT.2011.16

13. Manager, S. (2013). Security Issues And Resource Planning In Cloud

Computing 1, 2(2).

14. Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B.

(2013). An analysis of security issues for cloud computing. Journal of Internet

Services and Applications, 4(1), 5.doi:10.1186/1869-0238-4-5

15. Kumar, S., Pal, S., Kumar, A., & Ali, J. (2013). Virtualization , The Great

Thing and Issues in Cloud Computing, 338–341.

16. Nirmala, V. (2013). Data Confidential lity and Integrity Verif fication using

User Aut thenticator scheme in cloud c, 0–4.

17. Challa, K. A. (2012). Cloud Computing Security Issues with Possible

Solutions, 8491, 340–344.

18. Chhikara, S. (2013). Analyzing Security Solutions in Cloud Computing,

68(25), 17–21.

19. Seunghwan, J., Gelogo, Y. E., & Park, B. (2012). Next Generation Cloud

Computing Issues and Solutions, 5(1), 63–70.

20. Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud


doi:10.1016/j.jnca.2010.06.008

21. Sadeghi, A., Schneider, T., Winandy, M., & Horst, G. (2010). Token-Based

Cloud Computing, 2, 417–429.

22. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues.

Future Generation Computer Systems, 28(3), 583–592.

doi:10.1016/j.future.2010.12.006

23. Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud


doi:10.1016/j.jnca.2010.06.008

24. Liu, H. (n.d.). A New Form of DOS Attack in a Cloud, 65–75.

25. Mathew, A. (2012). SECURITY AND PRIVACY ISSUES OF CLOUD

COMPUTING  ;, 2(4).

26. Mon, E. E., & Naing, T. T. (2011). The privacy-aware access control system

using attribute-and role-based access control in private cloud. 2011 4th IEEE

International Conference on Broadband Network and Multimedia echnology,

447–451. doi:10.1109/ICBNMT.2011.6155974

27. Aviram, A., Hu, S., & Ford, B. (n.d.). Determinating Timing Channels in

Compute Clouds.


28. Varma, P. R. K., & Krishna, D. S. (n.d.). Application Denial of Service Attacks

Detection using Group Testing Based Approach, 2(2), 167–171.

29. Khalid, U., Ghafoor, A., Irum, M., & Shibli, M. A. (2013). Cloud Based Secure

and Privacy Enhanced Authentication & Authorization Protocol. Procedia

Computer Science, 22, 680–688. doi:10.1016/j.procs.2013.09.149

30. Ristenpart, T., Tromer, E., & Savage, S. (2009). Hey , You , Get Off of My

Cloud  : Exploring Information Leakage in Third-Party Compute Clouds.

31. Gowrigolla, B., Sivaji, S., & Masillamani, M. R. (2010). Design and auditing

of Cloud computing security. 2010 Fifth International Conference on

Information and Automation for Sustainability, 292–297.

doi:10.1109/ICIAFS.2010.5715676

32. Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2010). Security

Issues for Cloud Computing. International Journal of Information Security and

Privacy, 4(2), 36–48. doi:10.4018/jisp.2010040103

33. Kumar, A., Lee, B. G., Lee, H., & Kumari, A. (2012). Secure storage and

access of data in cloud computing. 2012 International Conference on ICT

Convergence (ICTC), 336–339. doi:10.1109/ICTC.2012.6386854

34. Khorshed, M. T., Ali, a. B. M. S., & Wasimi, S. a. (2012). A survey on gaps,

threat remediation challenges and some thoughts for proactive attack detection

in cloud computing. Future Generation Computer Systems, 28(6), 833–851.

doi:10.1016/j.future.2012.01.006

a survey on security issue and its proposed solutions in cloud … › ab02 ›...

Documents