survey

From Security to Assurance in the Cloud: A Survey

Authors:
Claudio A. Ardagna

Università degli Studi di Milano, Italy

Università degli Studi di Milano, Italy
View Profile

,
Rasool Asal

ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE

ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE
View Profile

,
Ernesto Damiani

Università degli Studi di Milano, Italy, ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE

Università degli Studi di Milano, Italy, ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE
View Profile

,
Quang Hieu Vu

ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE

ETISALAT BT Innovation Center, Khalifa University, Abu Dhabi, UAE
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 48 Issue 1Article No.: 2pp 1–50https://doi.org/10.1145/2767005

Published:22 July 2015Publication History

ACM Computing Surveys

Abstract

The cloud computing paradigm has become a mainstream solution for the deployment of business processes and applications. In the public cloud vision, infrastructure, platform, and software services are provisioned to tenants (i.e., customers and service providers) on a pay-as-you-go basis. Cloud tenants can use cloud resources at lower prices, and higher performance and flexibility, than traditional on-premises resources, without having to care about infrastructure management. Still, cloud tenants remain concerned with the cloud’s level of service and the nonfunctional properties their applications can count on. In the last few years, the research community has been focusing on the nonfunctional aspects of the cloud paradigm, among which cloud security stands out. Several approaches to security have been described and summarized in general surveys on cloud security techniques. The survey in this article focuses on the interface between cloud security and cloud security assurance. First, we provide an overview of the state of the art on cloud security. Then, we introduce the notion of cloud security assurance and analyze its growing impact on cloud security approaches. Finally, we present some recommendations for the development of next-generation cloud security and assurance solutions.

References

G. Aceto, A. Botta, W. De Donato, and A. Pescapè. 2013. Cloud monitoring: A survey. Computer Networks 57, 9 (June 2013), 2093--2115. Google ScholarDigital Library
Advanced Security Service cERTificate for SOA. 2010. Advanced Security Service cERTificate for SOA. Retrieved from http://assert4soa.eu/.Google Scholar
E. Aguiar, Y. Zhang, and M. Blanton. 2013. An overview of issues and recent developments in cloud computing and storage security. In High Performance Semantic Cloud Auditing, B.-Y. Choi, K. Han, and S. Song (Eds.). Springer.Google Scholar
M. Ahmed, Q. H. Vu, R. Asal, H. Al Muhairi, and C. Y. Yeun. July 2012. SECRESO: A secure storage model for cloud data based on reed-solomon code. In Proc. of AIM 2012.Google Scholar
M. Al Morsy, J. Grundy, and I. Müller. November-December 2010. An analysis of the cloud computing security problem. In Proc. of APSEC-CLOUD 2010.Google Scholar
K. Alhamazani, R. Ranjan, K. Mitra, F. Rabhi, S. U. Khan, A. Guabtni, and V. Bhatnagar. 2013. An overview of the commercial cloud monitoring tools: Research dimensions, design issues, and state-of-the-art. CoRR abs/1312.6170 (2013).Google Scholar
S. A. Almulla and C. Y. Yeun. March-April 2010. Cloud computing security management. In Proc. of ICESMA 2010. Sharjah, UAE.Google Scholar
S. Andreozzi, N. De Bortoli, S. Fantinel, A. Ghiselli, G. Rubini, G. Tortone, and M. C. Vistoli. 2005. GridICE: A monitoring service for grid systems. Future Generation Computer Systems 21, 4 (April 2005), 559--571. Google ScholarDigital Library
Aniketos, ASSERT4SOA, CUMULUS, SecCord. 2013. Specifications identification & gap analysis Use cases 43, 78, 80. Retrieved from http://csc.etsi.org/Application/documentapp/downloadimmediate/?docId==123.Google Scholar
M. Anisetti, C. A. Ardagna, and E. Damiani. June 2012. A low-cost security certification scheme for evolving services. In Proc. of IEEE ICWS 2012. Google ScholarDigital Library
M. Anisetti, C. A. Ardagna, and E. Damiani. June-July 2013a. Security certification of composite services: A test-based approach. In Proc. of IEEE ICWS 2013. Google ScholarDigital Library
M. Anisetti, C. A. Ardagna, E. Damiani, P. A. Bonatti, M. Faella, C. Galdi, and L. Sauro. 2014. e-Auctions for multi-cloud service provisioning. In Proc. of IEEE SCC 2014. Anchorage, AL, USA. Google ScholarDigital Library
M. Anisetti, C. A. Ardagna, E. Damiani, and F. Saonara. 2013b. A test-based security certification scheme for web services. ACM TWEB 7, 2 (May 2013), 1--41. Google ScholarDigital Library
C. A. Ardagna, R. Asal, E. Damiani, and Q. H. Vu. March-April 2014. On the management of cloud non-functional properties: The cloud transparency toolkit. In Proc. of IFIP NTMS 2014.Google Scholar
C. A. Ardagna, E. Damiani, F. Frati, D. Rebeccani, and M. Ughetti. June 2012. Scalability patterns for platform-as-a-service. In Proc. of IEEE CLOUD 2012. Google ScholarDigital Library
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. 2009. Above the Clouds: A Berkeley Review of Cloud Computing. In Tech. Rep. UCB/EECS-2009-28. EECS Department, U.C. Berkeley.Google Scholar
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. 2010. A view of cloud computing. CACM 53, 4 (April 2010), 50--58. Google ScholarDigital Library
W. W. Armour et al. 2013. NIST Cloud Computing Security Reference Architecture. NIST Special Publication 500-299. Retrieved from http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf.Google Scholar
V. Attasena, N. Harbi, and J. Darmont. September 2013. Sharing-based privacy and availability of cloud data warehouses. In Proc. of EDA 2013.Google Scholar
A. Aviram, S. Hu, B. Ford, and R. Gummadi. October 2010. Determinating timing channels in compute clouds. In Proc. of ACM CCSW 2010. Google ScholarDigital Library
J. Bacon, D. Eyers, T. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch. 2014. Information flow control for secure cloud computing. IEEE TNSM (2014).Google Scholar
X. Bai, M. Li, B. Chen, W.-T. Tsai, and J. Gao. December 2011. Cloud testing tools. In Proc. of IEEE SOSE 2011. Google ScholarDigital Library
X. Bai, M. Li, X. Huang, W.-T. Tsai, and J. Gao. May 2013. Vee@Cloud: The virtual test lab on the cloud. In Proc. of AST 2013. Google ScholarDigital Library
G. Ballabio. 2013. Security and availability techniques for cloud-based applications. Computer Fraud & Security 2013, 10 (October 2013), 5--7.Google ScholarCross Ref
L. Baresi and S. Guinea. December 2005. Dynamo: Dynamic monitoring of WS-BPEL processes. In Proc. of ICSOC 2005. Google ScholarDigital Library
A. Barsoum and A. Hasan. 2013. Enabling dynamic data and indirect mutual trust for cloud computing storage systems. IEEE TPDS 24, 12 (December 2013), 2375--2385. Google ScholarDigital Library
F. Benali, N. Bennani, G. Gianini, and S. Cimato. October 2010. A distributed and privacy-preserving method for network intrusion detection. In Proc. of OTM 2010. Google ScholarDigital Library
N. Bennani, E. Damiani, and S. Cimato. July 2010. Toward cloud-based key management for outsourced databases. In Proc. of SAPSE 2010. Google ScholarDigital Library
S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. July-August 2006. vTPM: Virtualizing the trusted platform module. In Proc. of USENIX-SS 2006. Google ScholarDigital Library
K. Bernsmed, M. G. Jaatun, P. H. Meland, and A. Undheim. August 2011. Security SLAs for federated cloud services. In Proc. of ARES 2011. Google ScholarDigital Library
K. Bernsmed, M. G. Jaatun, P. H. Meland, and A. Undheim. December 2012. Thunder in the clouds: Security challenges and solutions for federated Clouds. In Proc. of IEEE CloudCom 2012. Google ScholarDigital Library
B. Bertholon, S. Varrette, and P. Bouvry. July 2011. Certicloud: A novel TPM-based approach to ensure cloud IaaS security. In Proc. of IEEE CLOUD 2011. Google ScholarDigital Library
R. Bhadauria and S. Sanyal. 2012. Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques. Retrieved from http://arxiv.org/ftp/arxiv/papers/1204/1204.0764.pdf.Google Scholar
D. Bianculli and C. Ghezzi. September 2007. Monitoring conversational web services. In Proc. of IW-SOSWE 2007. Dubrovnik, Croatia. Google ScholarDigital Library
A. Birgisson, J. G. Politz, U. Erlingsson, A. Taly, M. Vrable, and M. Lentczner. February 2014. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In Proc. of NDSS 2014.Google Scholar
Z. Birnbaum, B. Liu, A. Dolgikh, Y. Chen, and V. Skormin. June-July 2013. Cloud security auditing based on behavioral modeling. In Proc. of IEEE SERVICES 2013. Google ScholarDigital Library
A. Bisong and S. M. Rahman. 2011. An overview of the security concerns in enterprise cloud computing. CoRR abs/1101.5613 (2011). Retrieved from http://arxiv.org/abs/1101.5613.Google Scholar
S. Bleikertz, S. Bugiel, H. Ideler, S. Nürnberger, and A.-R. Sadeghi. June 2013. Client-controlled cryptography-as-a-service in the cloud. In Proc. of ACNS 2013. Google ScholarDigital Library
S. Bleikertz, A. Kurmus, Z. A. Nagy, and M. Schunter. May 2012. Secure cloud maintenance: Protecting workloads against insider attacks. In Proc. of ACM ASIACCS 2012. Google ScholarDigital Library
P. A. Boampong and L. A. Wahsheh. March 2012. Different facets of security in the cloud. In Proc. of CNS 2012. Google ScholarDigital Library
J.-M. Bohli, N. Gruschka, M. Jensen, L. L. Iacono, and N. Marnau. 2013. Security and privacy-enhancing multicloud architectures. IEEE Transactions on Dependable and Secure Computing 10, 4 (July-August 2013), 212--224. Google ScholarDigital Library
G. Booth, A. Soknacki, and A. Somayaji. June 2013. Cloud security: Attacks and current defenses. In Proc. of ASIA 2013.Google Scholar
P. Bosc, E. Damiani, and M. Fugini. 2001. Fuzzy service selection in a distributed object-oriented environment. IEEE TFS 9, 5 (2001), 682--698. Google ScholarDigital Library
S. Bouchenak, G. Chockler, H. Chockler, G. Gheorghe, N. Santos, and A. Shraer. 2013. Verifying cloud services: Present and future. ACM SIGOPS Operating Systems Review 47, 2 (July 2013), 6--19. Google ScholarDigital Library
K. D. Bowers, A. Juels, and A. Oprea. November 2009. HAIL: A high-availability and integrity layer for cloud storage. In Proc. of ACM CCS 2009. Google ScholarDigital Library
N. Brender and I. Markov. 2013. Risk perception and risk management in cloud computing: Results from a case study of Swiss companies. IJIM 33, 5 (June 2013), 726--733.Google Scholar
J. Buckley, T. Mens, M. Zenger, A. Rashid, and G. Kniesel. 2005. Towards a taxonomy of software change: Research articles. Journal of Software Maintenance and Evolution: Research and Practice - Unanticipated Software Evolution 17, 5 (September 2005), 309--332. Google ScholarDigital Library
S. Bugiel, S. Nürnberger, T. Pöppelmann, A.-R. Sadeghi, and T. Schneider. October 2011. AmazonIA: When elasticity snaps back. In Proc. of ACM CCS 2011. Google ScholarDigital Library
Roland A. Burger, Christian Cachin, and Elmar Husmann. 2013. Cloud, Trust, Privacy - Trustworthy cloud computing whitepaper, 2013. Retrieved from http://www.zurich.ibm.com/&sim;cca/papers/tclouds-white.pdf.Google Scholar
T. Caddy. 2011. Side-channel attacks. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
G. Candea, S. Bucur, and C. Zamfir. June 2010. Automated software testing as a service. In Proc. of ACM SoCC 2010. Google ScholarDigital Library
B. Carminati. 2009. Merkle trees. In Encyclopedia of Database Systems, L. Liu, M. T. Özsu, and M. Tamer (Eds.). Springer.Google Scholar
E. Casalicchio and L. Silvestri. 2013. Mechanisms for SLA provisioning in cloud-based service providers. Computer Networks 57, 3 (February 2013), 795--810. Google ScholarDigital Library
D. Catteddu and G. Hogben. November 2009a. Cloud Computing: Benefits, Risks and Recommendations for Information Security. European Network and Information Security Agency (ENISA). Retreived from http://www.enisa.europa.eu/activities/risk-management/files/deliverables/cloud-computing-risk-assessm ent/at_download/fullReport.Google Scholar
D. Catteddu and G. Hogben. November 2009b. Information Assurance Framework. European Network and Information Security Agency (ENISA).Google Scholar
CEN. 2014. CEN Workshop on Requirements and Recommendations for Assurance in the Cloud (WS RACS). Retrieved from http://www.cen.eu/work/areas/ICT/eBusiness/Pages/WS-RACS.aspx.Google Scholar
Certification infrastrUcture for MUlti-layer cloUd Services 2013. Certification infrastrUcture for MUlti-layer cloUd Services. Retrieved from http://www.cumulus-project.eu/.Google Scholar
Certification, InteRnationalisation and standaRdization in cloUd Security 2012. Certification, InteRnationalisation and standaRdization in cloUd Security. Retrieved from http://www.cirrus-project.eu/.Google Scholar
W. K. Chan, L. Mei, and Z. Zhang. December 2009. Modeling and testing of cloud applications. In Proc. of IEEE APSCC 2009.Google Scholar
N. S. Chauhan, A. Saxena, and J. V. R. Murthy. October 2013. An approach to measure security of cloud hosted application. In Proc. of IEEE CCEM 2013.Google ScholarCross Ref
X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. June 2008. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In Proc. of IEEE/IFIP DSN 2008.Google Scholar
Y. Chen, V. Paxson, and R. H. Katz. January 2010. What’s New About Cloud Computing Security? Technical Report No. UCB/EECS-2010-5. Retrieved from http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html.Google Scholar
A. Chonka, Y. Xiang, W. Zhou, and A. Bonti. 2011. Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. Journal of Network and Computer Applications 34, 4 (July 2011), 1097--1107. Google ScholarDigital Library
S. S. M. Chow, C.-K. Chu, X. Huang, J. Zhou, and R. H. Deng. 2012. Dynamic secure cloud storage with provenance. In Cryptography and Security, D. Naccache (Ed.). Springer-Verlag, Berlin, 442--464. Google ScholarDigital Library
M. Christodorescu, R. Sailer, D. L. Schales, D. Sgandurra, and D. Zamboni. November 2009. Cloud security is not (just) virtualization security. In Proc. of ACM CCSW 2009. Google ScholarDigital Library
C.-K. Chu, S. S. M. Chow, W.-G. Tzeng, J. Zhou, and R. H. Deng. 2014. Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE TPDS 25, 2 (February 2014), 468--477. Google ScholarDigital Library
S. Cimato, E. Damiani, F. Zavatarelli, and R. Menicocci. June-July 2013. Towards the certification of cloud services. In Proc. of IEEE SERVICES 2013. Google ScholarDigital Library
CIO. 2012. Creating Effective Cloud Computing Contracts for the Federal Government -- Best Practices for Acquiring IT as a Service. Council and Chief Acquisition Officer Council. Retrieved from http://www.gsa.gov/portal/mediaId/164011/fileName/cloudbestpractices.action.Google Scholar
L. Ciortea, C. Zamfir, S. Bucur, V. Chipounov, and G. Candea. 2010. Cloud9: A software testing service. ACM SIGOPS Operating Systems Review 43, 4 (January 2010), 5--10. Google ScholarDigital Library
S. Clayman, A. Galis, C. Chapman, G. Toffetti, L. Rodero-Merino, L. Miguel Vaquero, K. Nagin, and B. Rochwerger. 2010. Monitoring service clouds in the future internet. In Towards the Future Internet, G. Tselentis, A. Galis, A. Gavras, S. Krco, V. Lotz, E. Simperl, B. Stiller, and T. Zahariadis (Eds.). IOS Press, 115--126.Google Scholar
Cloud Accountability Project 2012. Cloud Accountability Project. Retrieved from http://www.a4cloud.eu/.Google Scholar
Cloud Security Alliance. 2010. Guidance for Identity & Access Management V2.1. Retrieved from http://www.cloudsecurityalliance.org/guidance/csaguide-dom12-v2.10.pdf.Google Scholar
Cloud Security Alliance. 2011. Security Guidance for Critical Areas of Focus in Cloud Computing V3.0. Retrieved from https://downloads.cloudsecurityalliance.org/initiatives/guidance/csaguide.v3.0.pdf.Google Scholar
Cloud Security Alliance. 2013. The Notorious Nine Cloud Computing Top Threats in 2013. https://downloads. cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_ in_2013.pdf.Google Scholar
Cloud Security on Demand 2012. Cloud Security on Demand. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD_ID=1218817 & HistoricalAwards==false.Google Scholar
Cloud Standards Customer Council. August 2012. Security for Cloud Computing 10 Steps to Ensure Success. Retrieved from http://www.cloud-council.org/Security_for_Cloud_Computing-Final_080912.pdf.Google Scholar
CloudSec. October 2013. A Briefing on Cloud Security Challenges and Opportunities. Retrieved from http://www.telenor.com/wp-content/uploads/2013/11/TelenorWhitepaperCloud-V_30_v.pdf.Google Scholar
Continuous Quality Assurance and Optimisation for Cloud brokers 2012. Continuous Quality Assurance and Optimisation for Cloud Brokers. Retrieved from http://www.broker-cloud.eu/.Google Scholar
CSA. 2014. CloudAudit: Automated Audit, Assertion, Assessment, and Assurance. Retrieved from https://cloudsecurityalliance.org/research/cloudaudit/.Google Scholar
K. Dahbur, B. Mohammad, and A. B. Tarakji. April 2011. A survey of risks, threats and vulnerabilities in cloud computing. In Proc. of ISWSA 2011. Amman, Jordan. Google ScholarDigital Library
E. Damiani, C. A. Ardagna, and N. El Ioini. 2009a. Open source systems security certification. Springer, New York. Google ScholarDigital Library
E. Damiani, N. El Ioini, A. Sillitti, and G. Succi. July 2009b. WS-Certificate. In Proc. of IEEE SERVICES I 2009. Google ScholarDigital Library
W. Dawoud, I. Takouna, and C. Meinel. March 2010. Infrastructure as a service security: Challenges and solutions. In Proc. of INFOS 2010.Google Scholar
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. 2013. Integrity for join queries in the cloud. IEEE TCC 1, 2 (July-December 2013), 187--200. Google ScholarDigital Library
S. De Capitani di Vimercati, S. Foresti, and P. Samarati. 2014. Selective and fine-grained access to data in the cloud. In Secure Cloud Computing, S. Jajodia, K. Kant, P. Samarati, V. Swarup, and C. Wang (Eds.). Springer.Google Scholar
M. Dekker and G. Hogben. December 2011. Survey and analysis of security parameters in cloud SLAs across the European public sector. European Network and Information Security Agency (ENISA). Retrieved from http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/survey-and-analysis- of-security-parameters-in-cloud-slas-across-the-european-public-sector/at_download/fullReport.Google Scholar
Y. Desmedt. 2011. Covert channels. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
M. H. Diallo, B. Hore, E.-C. Chang, S. Mehrotra, and N. Venkatasubramanian. June 2012. CloudProtect: Managing data privacy in cloud applications. In Proc. of IEEE CLOUD 2012. Honolulu, HI, USA. Google ScholarDigital Library
F. Doelitzscher, C. Reich, M. Knahl, and N. Clarke. 2013. Understanding cloud audits. In Privacy and Security for Cloud Computing, S. Pearson and G. Yee (Eds.). Springer London, 125--163.Google Scholar
F. Doelitzscher, C. Reich, M. Knahl, A. Passfall, and N. Clarke. 2012. An agent based business aware incident detection system for cloud environments. JoCCASA 1, 1 (2012), 1--19.Google Scholar
F. Doelitzscher, T. Ruebsamen, T. Karbe, M. Knahl, C. Reich, and N. Clarke. 2013. Sun behind clouds - On automatic cloud security audits and a cloud audit policy language. International Journal on Advances in Networks and Services 6, 1--2 (2013), 1--16.Google Scholar
A. Donevski, S. Ristov, and M. Gusev. May 2013. Security assessment of virtual machines in open source clouds. In Proc. of MIPRO 2013.Google Scholar
D. Dranidis, E. Ramollari, and D. Kourtesis. November 2009. Run-time verification of behavioural conformance for conversational web services. In Proc. of IEEE ECOWS 2009. Google ScholarDigital Library
G. Dsouza, G. Rodriguez, Y. Al-Nashif, and S. Hariri. 2013. Building resilient cloud services using DDDAS and moving target defence. JCC 2, 2/3 (2013), 171--190.Google Scholar
Empowering the service industry with SLA-aware infrastructures 2008. Empowering the service industry with SLA-aware infrastructures. http://sla-at-soi.eu/.Google Scholar
Ensuring Trustworthiness and Security in Service Composition 2010. Ensuring Trustworthiness and Security in Service Composition. http://www.aniketos.eu/.Google Scholar
ETSI. November 2013. Cloud Standards Coordination -- Final Report. Retrieved from http://csc.etsi.org/Application/documentapp/downloadimmediate/?docId=204.Google Scholar
D. A. B. Fernandes, L. F. B. Soares, J. V. Gomes, M. M. Freire, and P. R. M. Inacio. 2013. Security issues in cloud environments: A survey. International Journal of Information Security (September 2013), 1--58. Google ScholarDigital Library
M. Ficco, L. Tasquier, and R. Aversa. October 2013. Intrusion detection in cloud computing. In Proc. of 3PGCIC 2013. Google ScholarDigital Library
R. Focardi, R. Gorrieri, and F. Martinelli. 2004. Classification of security properties (Part II: network security). In Foundations of Security Analysis and Design II - Tutorial Lectures, R. Focardi and R. Gorrieri (Eds.). Springer, Berlin.Google Scholar
H. Foster and G. Spanoudakis. March 2011a. Advanced service monitoring configurations with SLA decomposition and selection. In Proc. of ACM SAC 2011. Google ScholarDigital Library
H. Foster and G. Spanoudakis. May 2011b. SMaRT: A workbench for reporting the monitorability of services from SLAs. In Proc. of PESOS 2011. Google ScholarDigital Library
Ganglia. 2014. Homepage. Retrieved from http://ganglia.sourceforge.net/.Google Scholar
J. Gao, X. Bai, and W.-T. Tsai. 2011. Cloud testing-issues, challenges, needs and practice. SeiJ 1, 1 (September 2011).Google Scholar
J. Gao, X. Bai, W.-T. Tsai, and T. Uehara. 2013. SaaS testing on clouds - Issues, challenges and needs. Proc. of IEEE SOSE 2013 (March 2013). Google ScholarDigital Library
S. K. Garg, S. Versteeg, and R. Buyya. 2013. A framework for ranking of cloud computing services. Future Generation Computer Systems 29, 4 (June 2013), 1012--1023. Google ScholarDigital Library
German Federal Office for Information Security. August 2012. Security Recommendations for Cloud Computing Providers. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Minimum_informa tion/SecurityRecommendationsCloudComputingProviders.pdf?__blob=publicationFile.Google Scholar
E. Ghazizadeh, J.-L. A. Manan, M. Zamani, and A. Pashang. December 2012. A survey on security issues of federated identity in the cloud computing. In Proc. of IEEE CloudCom 2012. Google ScholarDigital Library
C. Ghezzi and S. Guinea. 2007. Run-time monitoring in service-oriented architectures. In Test and Analysis of Web Services, L. Baresi and E. Di Nitto (Eds.). Springer, Berlin, 237--264.Google Scholar
M. Godfrey and M. Zulkernine. June 2013. A server-side solution to cache-based side-channel attacks in the cloud. In Proc. of IEEE CLOUD 2013. Google ScholarDigital Library
M. Green. 2013. The threat in the cloud. IEEE Security & Privacy 11, 1 (January-February 2013), 86--89. Google ScholarDigital Library
B. Grobauer, T. Walloschek, and E. Stocker. 2011. Understanding cloud computing vulnerabilities. IEEE Security & Privacy 9, 2 (March-April 2011), 50--57. Google ScholarDigital Library
N. Gruschka and L. L. Iacono. July 2009. Vulnerable cloud: SOAP message security validation revisited. In Proc. of IEEE ICWS 2009. Google ScholarDigital Library
N. Gruschka and M. Jensen. July 2010. Attack surfaces: A taxonomy for attacks on cloud services. In Proc. of IEEE CLOUD 2010. Google ScholarDigital Library
A. Haeberlen. 2010. A case for the accountable cloud. ACM SIGOPS Operating Systems Review 44, 2 (April 2010), 52--57. Google ScholarDigital Library
S. Hallé and R. Villemaire. March 2009. Runtime monitoring of web service choreographies using streaming XML. In Proc. of ACM SAC 2009. Honolulu, HI, Hawaii. Google ScholarDigital Library
W. M. Halton and S. Rahman. 2012. The top ten cloud-security practices in next-generation networking. IJCNDS 8, 1/2 (December 2012), 70--84. Google ScholarDigital Library
T. Hanawa, T. Banzai, H. Koizumi, R. Kanbayashi, T. Imada, and M. Sato. April 2010. Large-scale software testing environment using cloud computing technology for dependable parallel and distributed systems. In Proc. of ICSTW 2010. Google ScholarDigital Library
Z. Hao, S. Zhong, and N. Yu. 2011. A time-bound ticket-based mutual authentication scheme for cloud computing. IJCCC 6, 2 (2011), 227--235.Google Scholar
K. Hashizume, D. G. Rosado, E. Fernandez-Medina, and E. B. Fernandez. 2013. An analysis of security issues for cloud computing. JISA 4, 1 (2013), 1--13.Google Scholar
G. Hogben and M. Dekker. 2012. Procure Secure: A guide to monitoring of security service levels in cloud contracts. European Network and Information Security Agency (ENISA). Retrieved from http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts/at_download/fullReport.Google Scholar
V. Holub, T. Parsons, P. O’Sullivan, and J. Murphy. June 2009. Runtime correlation engine for system monitoring and testing. In Proc. of ICAC-INDST 2009. Google ScholarDigital Library
I. Iankoulova and M. Daneva. May 2012. Cloud computings security requirements: A systematic review. In Proc. of RCIS 2012.Google Scholar
IATAC and DACS. 2007. Software Security Assurance: State of the Art Report (SOAR). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc==GetTRDoc.pdf&AD==ADA472363.Google Scholar
A. S. Ibrahim, J. Hamlyn-Harris, and J. Grundy. November-December 2010. Emerging security challenges of cloud virtual infrastructure. In Proc. of APSEC-CLOUD 2010. Sydney, Australia.Google Scholar
Infrastructure for Secure Cloud Computing 2013. Infrastructure for Secure Cloud Computing. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD_ID=1253870&HistoricalAwards==false.Google Scholar
C. Irvine and T. Levin. December 1999. Toward a taxonomy and costing method for security services. In Proc. of ACSAC 1999. Google ScholarDigital Library
S. Jajodia, W. Litwin, and T. Schwarz. 2013. Recoverable encryption through a noised secret over a large cloud. In Transactions on Large-Scale Data- and Knowledge-Centered Systems IX, A. Hameurlain, J. Küng, and R. Wagner (Eds.). Lecture Notes in Computer Science, Vol. 7980. Springer, Berlin, 42--64. Google ScholarDigital Library
W. Jansen and T. Grance. 2011. Guidelines on Security and Privacy in Cloud Computing. NIST SP-800-144. Retrieved from http://www.nist.gov/manuscript-publication-search.cfm?pub_id=909494.Google Scholar
D. Jayasinghe, G. Swint, S. Malkowski, J. Li, Q. Wang, J. Park, and C. Pu. June 2012. Expertus: A generator approach to automate performance testing in IaaS clouds. In Proc. of IEEE CLOUD 2012. Google ScholarDigital Library
C. Jenkins. 2013. The three pillars of a secure hybrid cloud environment. Computer Fraud & Security 2013, 6 (June 2013), 13--15.Google ScholarCross Ref
M. Jensen, J. Schwenk, N. Gruschka, and L. L. Iacono. July 2009. On technical security issues in cloud computing. In Proc. of IEEE CLOUD 2009. Google ScholarDigital Library
R. Jhawar and V. Piuri. August 2013. Adaptive resource management for balancing availability and performance in cloud computing. In Proc. of SECRYPT 2013.Google Scholar
R. Jhawar, V. Piuri, and P. Samarati. December 2012. Supporting security requirements for resource management in cloud computing. In Proc. of IEEE CSE 2012. Google ScholarDigital Library
S. Jin, J. Seol, and S. Maeng. May 2013. Towards assurance of availability in virtualized cloud system. In Proc. of IEEE/ACM CCGrid 2013.Google Scholar
A. Juels and A. Oprea. 2013. New approaches to security and availability for cloud data. CACM 56, 2 (February 2013). Google ScholarDigital Library
T. Jung, X.-Y. Li, and Z. Wan. April 2013. Privacy preserving cloud data access with multi-authorities. In Proc. of IEEE INFOCOM 2013.Google Scholar
N. Kaaniche, A. Boudguiga, and M. Laurent. June 2013. ID based cryptography for cloud data storage. In Proc. of IEEE CLOUD 2013. Google ScholarDigital Library
L. Kai, T. Weiqin, Z. Liping, and H. Chao. November 2013. SCM: A design and implementation of monitoring system for cloudstack. In Proc. of CSC 2013. Google ScholarDigital Library
C. Kalloniatis, V. Manousakis, H. Mouratidis, and S. Gritzalis. April 2013. Migrating into the cloud: Identifying the major security and privacy concerns. In Proc. of IFIP I3E 2013.Google Scholar
S. Kang, J. Lee, H. Jang, H. Lee, Y. Lee, S. Park, T. Park, and J. Song. June 2008. SeeMon: Scalable and energy-efficient context monitoring framework for sensor-rich mobile environments. In Proc. of MobiSys 2008. Google ScholarDigital Library
L. M. Kaufman. 2010. Can public-cloud security meet its unique challenges? IEEE Security & Privacy 8, 4 (July-August 2010), 55--57. Google ScholarDigital Library
U. Khalid, A. Ghafoor, M. Irum, and M. A. Shibli. September 2013. Cloud based secure and privacy enhanced authentication & authorization protocol. In Proc. of KES 2013.Google Scholar
K. M. Khan and Q. Malluhi. 2010. Establishing trust in cloud computing. IT Professional 12, 5 (September-October 2010), 20--27. Google ScholarDigital Library
T. M. King and A. S. Ganti. April 2010. Migrating autonomic self-testing to the cloud. In Proc. of ICSTW 2010. Google ScholarDigital Library
R. B. Knode. 2009. Digital Trust in the Cloud: Liquid Security in Cloudy Places. CSC. Retrieved from http://assets1.csc.com/au/downloads/0610_20_Digital_trust_in_the_cloud.pdf.Google Scholar
F. Koeppe and J. Schneider. November-December 2010. Do you get what you pay for? using proof-of-work functions to verify performance assertions in the cloud. In Proc. of IEEE CloudCom 2010. Google ScholarDigital Library
D. Kourtesis, E. Ramollari, D. Dranidis, and I. Paraskakis. 2010. Increased reliability in SOA environments through registry-based conformance testing of Web services. Production Planning & Control 21, 2 (2010), 130--144.Google ScholarCross Ref
F. J. Krautheim. June 2009. Private virtual infrastructure for cloud computing. In Proc. of HotCloud 2009. San Diego, CA, USA. Google ScholarDigital Library
M. Krotsiani, G. Spanoudakis, and K. Mahbub. August 2013. Incremental certification of cloud services. In Proc. of SECURWARE 2013.Google Scholar
A. Kurmus, M. Gupta, R. Pletka, C. Cachin, and R. Haas. December 2011. A comparison of secure multi-tenancy architectures for filesystem storage clouds. In Proc. of ACM/IFIP/USENIX Middleware 2011. Google ScholarDigital Library
U. Lang. November-December 2010. OpenPMF SCaaS: Authorization as a service for cloud & SOA applications. In Proc. of IEEE CloudCom 2010. Google ScholarDigital Library
J.-H. Lee, M.-W. Park, J.-H. Eom, and T.-M. Chung. February 2011. Multi-level intrusion detection system and log management in cloud computing. In Proc. of ICACT 2011. Gangwon-Do, South Korea.Google Scholar
H. Li, Y. Dai, and B. Yang. 2011a. Identity-based cryptography for cloud security. IACR Cryptology ePrint Archive 2011 (2011), 169.Google Scholar
J. Li, B. Li, T. Wo, C. Hu, J. Huai, L. Liu, and K. P. Lam. 2011b. CyberGuarder: A virtualization security assurance architecture for green cloud computing. Future Generation Computer Systems 28, 2 (May 2011), 379--390. Google ScholarDigital Library
M. Li, W. Zang, K. Bai, M. Yu, and P. Liu. December 2013. MyCloud: Supporting user-configured privacy protection in cloud computing. In Proc. of ACSAC 2013. Google ScholarDigital Library
B. Libert and J.-J. Quisquater. 2011. Identity-based cryptosystems. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
H.-Y. Lin and W.-G. Tzeng. 2012. A secure erasure code-based cloud storage system with secure data forwarding. IEEE TPDS 23, 6 (June 2012), 995--1003. Google ScholarDigital Library
H. Liu. October 2010. A new form of DOS attack in a cloud and its avoidance mechanism. In Proc. of ACM CCSW 2010. Google ScholarDigital Library
X. Liu, Y. Xia, S. Jiang, F. Xia, and Y. Wang. July 2013. Hierarchical attribute-based access control with authentication for outsourced data in cloud computing. In Proc. of IEEE TrustCom 2013. Google ScholarDigital Library
F. Lombardi and R. Di Pietro. 2011. Secure virtualization for cloud computing. Journal of Network and Computer Applications 34, 4 (July 2011), 1113--1122. Google ScholarDigital Library
F. Lombardi and R. Di Pietro. March 2010. Transparent security for Cloud. In Proc. of ACM SAC 2010. Google ScholarDigital Library
W. Lu, X. Hu, S. Wang, and X. Li. 2014. A multi-criteria QoS-aware trust service composition algorithm in cloud computing environments. IJGDC 7, 1 (2014), 77--88.Google ScholarCross Ref
W. Luo, L. Xu, Z. Zhan, Q. Zheng, and S. Xu. 2014. Federated cloud security architecture for secure and agile clouds. In High Performance Cloud Auditing and Applications, K. J. Han, B.-Y. Choi, and S. Song (Eds.). Springer, New York.Google Scholar
W. Ma, X. Li, Y. Shi, and Y. Guo. 2013. A virtual machine cloning approach based on trusted computing. TELKOMNIKA 11, 11 (November 2013), 6935--6942.Google ScholarCross Ref
I. MacNeil and X. Li. 2006. “Comply or explain”: Market discipline and non-compliance with the Combined Code. Corporate Governance: An International Review 14, 5 (2006), 486--496.Google ScholarCross Ref
K. Mahbub and G. Spanoudakis. 2007. Monitoring WS-agreements: An event calculusbased approach. In Test and Analysis of Web Services, L. Baresi and E. Di Nitto (Eds.). Springer, Berlin, 265--306.Google Scholar
K. Mahbub and G. Spanoudakis. November 2004. A framework for requirements monitoring of service based systems. In Proc. of ICSOC 2004. Google ScholarDigital Library
R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou. June 2012. A whitebox approach for automated security testing of android applications on the cloud. In Proc. of AST 2012. Google ScholarDigital Library
S. Mansfield-Devine. 2008. Danger in the clouds. Network Security 2008, 12 (December 2008), 9--11. Google ScholarDigital Library
D. C. Marinescu, A. Paya, J. P. Morrison, and P. D. Healy. 2013. An auction-driven self-organizing cloud delivery model. CoRR abs/1312.2998 (2013).Google Scholar
M. L. Massie, B. N. Chun, and D. E. Culler. 2004. The ganglia distributed monitoring system: Design, implementation, and experience. Parallel Comput. 30, 7 (July 2004), 817--840.Google ScholarCross Ref
M. Massie, B. Li, B. Nicholes, V. Vuksan, R. Alexander, J. Buchbinder, F. Costa, A. Dean, D. Josephsen, P. Phaal, and D. Pocock. 2012. Monitoring with Ganglia -- Tracking Dynamic Host and Application Metrics at Scale. O’Reilly Media. Google ScholarDigital Library
M. McIntosh and P. Austel. November 2005. XML signature element wrapping attacks and countermeasures. In Proc. of SWS 2005. Fairfax, VA, USA. Google ScholarDigital Library
S. Mei, H. Ba, F. Tu, J. Ren, and Z. Wang. September 2013. TTP-ACE: A trusted third party for auditing in cloud environment. In Proc. of ICSCTEA 2013. September.Google Scholar
P. Mell and T. Grance. 2011. The NIST Definition of Cloud Computing. NIST SP-800-145. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf.Google Scholar
S. Meng and L. Liu. 2013. Enhanced monitoring-as-a-service for effective cloud management. IEEE TC 62, 9 (September 2013), 1705--1720. Google ScholarDigital Library
C. Modi, D. Patel, B. Borisaniya, A. Patel, and M. Rajarajan. 2013a. A survey on security issues and solutions at different layers of cloud computing. Journal of Supercomputing 63, 2 (February 2013). Google ScholarDigital Library
C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan. 2013b. A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications 36, 1 (June 2013), 42--57. Google ScholarDigital Library
M. H. Mohamaddiah, A. Abdullah, S. Subramaniam, and M. Hussin. 2014. A survey on resource allocation and monitoring in cloud computing. IJMLC 4, 1 (February 2014).Google Scholar
A. T. Monfared and M. G. Jaatun. November-December 2011. Monitoring intrusions and security breaches in highly distributed cloud environments. In Proc. of IEEE CloudCom 2011. Google ScholarDigital Library
J. Moreno. 2010. A Testing Framework for Cloud Storage Systems. Master Thesis -- ETH Zürich. Retreived from http://e-collection.library.ethz.ch/eserv/eth:1987/eth-1987-01.pdf.Google Scholar
T. Morris. 2011. Trusted platform module. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
O. Moser, F. Rosenberg, and S. Dustdar. April 2008. Non-intrusive monitoring and service adaptation for WS-BPEL. In Proc. of WWW 2008. Google ScholarDigital Library
H. Mouratidis, S. Islam, C. Kalloniatis, and S. Gritzalis. 2013. A framework to support selection of cloud providers based on security and privacy requirements. JSS 86, 9 (March 2013), 2276--2293. Google ScholarDigital Library
A. Muñoz and A. Maña. June 2013. Bridging the GAP between software certification and trusted computing for securing cloud computing. In Proc. of IEEE SERVICES 2013. Google ScholarDigital Library
I. Muttik and C. Barton. 2009. Cloud security technologies. Information Security Technical Report 14, 1 (2009), 1--6. Google ScholarDigital Library
M. Nabeel, N. Shang, and E. Bertino. 2013. Privacy preserving policy-based content sharing in public clouds. IEEE TKDE 25, 11 (November 2013), 2602--2614. Google ScholarDigital Library
Nagios. 2014. Cloud Computing. Retrieved from http://www.nagios.com/solutions/cloud-computing.Google Scholar
Network of Excellence on Engineering Secure Future Internet Software Services and Systems. 2010. Network of Excellence on Engineering Secure Future Internet Software Services and Systems. Retrieved from http://www.nessos-project.eu/.Google Scholar
J. Ni, Y. Yu, Y. Mu, and Q. Xia. 2014. On the security of an efficient dynamic auditing protocol in cloud storage. IEEE TPDS (2014).Google Scholar
K. Okamura and Y. Oyama. March 2010. Load-based covert channels between xen virtual machines. In Proc. of ACM SAC 2010. Sierre, Switzerland. Google ScholarDigital Library
M. Okuhara, T. Shiozaki, and T. Suzuki. 2010. Security architectures for cloud computing. Fujitsu Scientific and Technical Journal 46, 4 (October 2010), 397--402.Google Scholar
OpenStack Open Source Cloud Computing Software 2015. OpenStack Open Source Cloud Computing Software. Retrieved from https://www.openstack.org/.Google Scholar
N. Paladi, C. Gehrmann, and F. Morenius. March 2013. State of The Art and Hot Aspects in Cloud Data Storage Security. SICS technical report T2013:01.Google Scholar
M. P. Papazoglou, V. Andrikopoulos, and S. Benbernou. 2011. Managing evolving services. IEEE Software 28, 3 (May-June 2011), 49--55. Google ScholarDigital Library
S. Paquette, P. T. Jaeger, and S. C. Wilson. 2010. Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly 27, 3 (April 2010), 245--253.Google ScholarCross Ref
K.-W. Park, J. Han, J. Chung, and K. H. Park. 2013. THEMIS: A mutually verifiable billing system for the cloud computing environment. IEEE TSC 6, 3 (July-September 2013), 300--313. Google ScholarDigital Library
T. Parveen and S. Tilley. April 2010. When to migrate software testing to the cloud?. In Proc of ICSTW 2010. Google ScholarDigital Library
A. Patel, M. Taghavi, K. Bakhtiyari, and J. Celestino JúNior. 2013. An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications 36, 1 (January 2013), 25--41. Google ScholarDigital Library
E. Pattuk, M. Kantarcioglu, V. Khadilkar, H. Ulusoy, and S. Mehrotra. June 2013. BigSecret: A secure data management framework for key-value stores. In Proc. of IEEE CLOUD 2013. Google ScholarDigital Library
M. Pearce, S. Zeadally, and R. Hunt. 2013. Virtualization: Issues, security threats, and solutions. ACM CSUR 45, 2 (February 2013), 17:1--17:39. Google ScholarDigital Library
S. Pearson. 2011. Toward accountability in the cloud. IEEE Internet Computing 15, 4 (2011), 64--69. Google ScholarDigital Library
S. Pearson. 2013. Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing, S. Pearson and G. Yee (Eds.). Springer London, 3--42.Google ScholarDigital Library
S. Pearson and A. Benameur. November-December 2010. Privacy, security and trust issues arising from cloud computing. In Proc. of IEEE CloudCom 2010. Google ScholarDigital Library
S. Pearson, Y. Shen, and M. Mowbray. December 2009. A privacy manager for cloud computing. In Proc. of CloudCom 2009. Google ScholarDigital Library
D. Perez-Botero, J. Szefer, and R. B. Lee. May 2013. Characterizing hypervisor vulnerabilities in cloud computing servers. In Proc. of ASIACCS-SCC 2013. Google ScholarDigital Library
G. Peterson. 2010. Don’t trust. and verify: A security architecture stack for the cloud. IEEE Security & Privacy 8, 5 (September-October 2010), 83--86. Google ScholarDigital Library
C. Pham, D. Chen, Z. Kalbarczyk, and R. K. Iyer. June 2011. CloudVal: A framework for validation of virtualization environment in cloud infrastructure. In Proc of IEEE/IFIP DSN 2011. Google ScholarDigital Library
Policy and Security Configuration Management 2010. Policy and Security Configuration Management. Retrieved from http://www.posecco.eu/.Google Scholar
G. Porter. 2013. Cloud Service Provider Methods for Managing Insider Threats: Analysis Phase I. Technical Note, CMU/SEI-2013-TN-020.Google Scholar
B. Preneel. 2011. MAC algorithms. In Encyclopedia of Cryptography and Security, H.C.A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
B. Qin, H. Wang, Q. Wu, J. Liu, and J. Domingo-Ferrer. 2013. Simultaneous authentication and secrecy in identity-based data upload to cloud. Cluster Computing 16, 4 (April 2013), 845--859. Google ScholarDigital Library
M. N. Rajkumar, V. V. Kumar, and R. Sivaramakrishnan. 2013. Efficient integrity auditing services for cloud computing using raptor codes. In Proc. of ACM RACS 2013. Google ScholarDigital Library
J. Rao, Y. Wei, J. Gong, and C.-Z. Xu. 2013. QoS guarantees and service differentiation for dynamic cloud applications. IEEE TNSM 10, 1 (March 2013), 43--55.Google Scholar
H. Rasheed. 2013. Data and infrastructure security auditing in cloud computing environments. IJIM (December 2013).Google Scholar
M. Raykova, H. Zhao, and S. M. Bellovin. February-March 2012. Privacy enhanced access control for outsourced data sharing. In Proc. of FC 2012.Google Scholar
K. Ren, C. Wang, and Q. Wang. 2012. Security challenges for the public cloud. IEEE Internet Computing 16, 1 (January-February 2012), 69--73. Google ScholarDigital Library
Resources and Services Virtualization without Barriers 2008. Resources and Services Virtualization without Barriers. http://www.reservoir-fp7.eu/.Google Scholar
Risk Assessment Techniques for Off-line and On-line Security Evaluation of Cloud Computing 2013. Risk Assessment Techniques for Off-line and On-line Security Evaluation of Cloud Computing. Retrieved from http://www.nsf.gov/awardsearch/showAward?AWD_ID=1332035 & HistoricalAwards==false.Google Scholar
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. November 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proc. of ACM CCS 2009. Google ScholarDigital Library
L. M. Riungu, O. Taipale, and K. Smolander. November-December 2010. Research issues for software testing in the cloud. In Proc. of IEEE CloudCom 2010. Google ScholarDigital Library
F. Rocha and M. Correia. June 2011. Lucy in the sky without diamonds: Stealing confidential data in the cloud. In Proc. of IEEE/IFIP DSN-W 2011. Google ScholarDigital Library
L. Rodero-Merino, L. M. Vaquero, E. Caron, A. Muresan, and F. Desprez. 2012. Building safe PaaS clouds: A survey on security in multitenant software platforms. Computers & Security 31, 1 (February 2012), 96--108. Google ScholarDigital Library
C. Rong, S. T. Nguyen, and M. G. Jaatun. 2013. Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering 39, 1 (May 2013), 47--54. Google ScholarDigital Library
S. Ruj, M. Stojmenovic, and A. Nayak. 2014. Decentralized access control with anonymous authentication of data stored in clouds. IEEE TPDS 25, 2 (February 2014), 384--394. Google ScholarDigital Library
M. D. Ryan. 2013. Cloud computing security: The scientific challenge, and a survey of solutions. JSS 86, 9 (February 2013), 2263--2268. Google ScholarDigital Library
S. H. Ryu, F. Casati, H. Skogsrud, B. Betanallah, and R. Saint-Paul. 2008. Supporting the dynamic evolution of web service protocols in service-oriented architectures. ACM TWEB 2, 2 (April 2008), 13:1--13:46. Google ScholarDigital Library
S. Sakr and A. Liu. June 2012. SLA-based and consumer-centric dynamic provisioning for cloud databases. In Proc. of IEEE CLOUD 2012. Google ScholarDigital Library
M. Salifu, Yijun Yu, and B. Nuseibeh. October 2007. Specifying monitoring and switching problems in context. In Proc. of IEEE RE 2007.Google Scholar
N. Santos, R. Rodrigues, K. P. Gummadi, and S. Saroiu. August 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Proc. of USENIX Security Symposium 2012. Google ScholarDigital Library
P. Saripalli and B. Walters. 2010. QUIRC: A quantitative impact and risk assessment framework for cloud security. In Proc. of IEEE CLOUD 2010. Google ScholarDigital Library
M. Schumacher, E. B. Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad. 2006. Security Patterns: Integrating security and systems engineering. Wiley. Google ScholarDigital Library
Secure and Privacy-assured Data Service Outsourcing in Cloud Computing 2012. Secure and Privacy-assured Data Service Outsourcing in Cloud Computing. http://www.nsf.gov/awardsearch/showAward?AWD_ID=1262277&HistoricalAwards==false.Google Scholar
Secure Data-Intensive Computing on Hybrid Clouds 2012. Secure Data-Intensive Computing on Hybrid Clouds. http://www.nsf.gov/awardsearch/showAward?AWD_ID=1223495&HistoricalAwards==false.Google Scholar
Secure Provision and Consumption in the Internet of Services 2010. Secure Provision and Consumption in the Internet of Services. Retrieved from http://www.spacios.eu/.Google Scholar
Secure Provisioning of Cloud Services based on SLA management 2013. Secure Provisioning of Cloud Services Based on SLA Management. Retrieved from http://specs-project.eu/.Google Scholar
J. Sedayao, S. Su, X. Ma, M. Jiang, and K. Miao. December 2009. A simple technique for securing data at rest stored in a computing cloud. In Proc. of CloudCom 2009. Beijing, China. Google ScholarDigital Library
SEI. 2011. Securing Web Services for Army SOA. Retrieved from http://www.sei.cmu.edu/solutions/softwaredev/securing-web-services.cfm.Google Scholar
S. Sengupta, V. Kaulgud, and V. S. Sharma. July 2011. Cloud computing security--trends and research directions. In Proc. of IEEE SERVICES 2011. Google ScholarDigital Library
J. Shao, H. Wei, Q. Wang, and H. Mei. July 2010. A runtime model based monitoring approach for cloud. In Proc. of IEEE CLOUD 2010. Google ScholarDigital Library
S. Shetty. June-July 2013. Auditing and analysis of network traffic in cloud environment. In Proc. of IEEE SERVICES 2013. Google ScholarDigital Library
A. Shraer, C. Cachin, A. Cidon, I. Keidar, Y. Michalevsky, and D. Shaket. October 2010. Venus: Verification for untrusted cloud storage. In Proc. of ACM CCSW 2010. Google ScholarDigital Library
J. Simmonds, Y. Gan, M. Chechik, S. Nejati, B. O’Farrell, E. Litani, and J. Waterhouse. 2009. Runtime monitoring of web service conversations. IEEE TSC 2, 3 (July--September 2009), 223--244. Google ScholarDigital Library
M. Singhal, S. Chandrasekhar, T. Ge, R. Sandhu, R. Krishnan, G.-J. Ahn, and E. Bertino. 2013. Collaboration in multicloud computing environments: Framework and security issues. Computer 46, 2 (February 2013), 76--84. Google ScholarDigital Library
J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono. 2011. All your clouds are belong to us: Security analysis of cloud management interfaces. In Proc. of ACM CCSW 2011. Google ScholarDigital Library
Z. Song, J. Molina, S. Lee, H. Lee, S. Kotani, and R. Masuoka. 2009. TrustCube: An infrastructure that builds trust in client. In Future of Trust in Computing, D. Gawrock, H. Reimer, A.-R. Sadeghi, and C. Vishik (Eds.). Vieweg+Teubner, 68--79.Google Scholar
G. Spanoudakis, E. Damiani, and A. Maña. October 2012. Certifying services in cloud: The case for a hybrid, incremental and multi-layer approach. In Proc. of IEEE HASE 2012. Google ScholarDigital Library
M. K. Srinivasan, K. Sarukesi, P. Rodrigues, M. S. Manoj, and P. Revathy. August 2012. State-of-the-art cloud computing security taxonomies: A classification of security challenges in the present cloud computing environment. In Proc. of ICACCI 2012. Google ScholarDigital Library
M. Srivatsa and A. Iyengar. 2011. Application-level denial of service. In Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia (Eds.). Springer.Google Scholar
O. Starov and S. Vilkomir. May 2013. Integrated TaaS platform for mobile development: Architecture solutions. In Proc. of AST 2013. Google ScholarDigital Library
E. Stefanov, M. van Dijk, A. Juels, and A. Oprea. December 2012. Iris: A scalable cloud file system with efficient integrity checks. In Proc. of ACSAC 2012. Google ScholarDigital Library
S. J. Stolfo, M. B. Salem, and A. D. Keromytis. May 2012. Fog computing: Mitigating insider data theft attacks in the cloud. In Proc. of IEEE SPW 2012. Google ScholarDigital Library
S. Subashini and V. Kavitha. 2011. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34, 1 (January 2011), 1--11. Google ScholarDigital Library
A. Sulistio and C. Reich. September 2013. Towards a self-protecting cloud. In Proc. of OTM 2013.Google Scholar
S. Sundareswaran, A. C. Squicciarini, and D. Lin. 2012. Ensuring distributed accountability for data sharing in the cloud. IEEE TDSC 9, 4 (July 2012), 556--568. Google ScholarDigital Library
A. Sunyaev and S. Schneider. 2013. Cloud services certification. CACM 56, 2 (February 2013), 33--36. Google ScholarDigital Library
J. Szefer and R. B. Lee. 2014. Hardware-enhanced security for cloud computing. In Secure Cloud Computing, S. Jajodia, K. Kant, P. Samarati, V. Swarup, and C. Wang (Eds.). Springer.Google Scholar
H. Takabi and J. B. D. Joshi. January 2012. Policy management as a service: An approach to manage policy heterogeneity in cloud computing environment. In Proc. of HICSS 2012. Google ScholarDigital Library
H. Takabi, J. B. D. Joshi, and Gail-Joon Ahn. 2010b. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 6 (November-December 2010), 24--31. Google ScholarDigital Library
H. Takabi, J. B. D. Joshi, and G.-J. Ahn. July 2010a. SecureCloud: Towards a comprehensive security framework for cloud computing environments. In Proc. of IEEE COMPSACW 2010. Google ScholarDigital Library
T. Takahashi, G. Blanc, Y. Kadobayashi, D. Fall, H. Hazeyama, and S. Matsuo. April 2012. Enabling secure multitenancy in cloud computing: Challenges and approaches. In Proc. of BCFIC 2012.Google Scholar
Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman. 2012. Secure overlay cloud storage with access control and assured deletion. IEEE TDSC 9, 6 (November 2012), 903--916. Google ScholarDigital Library
D. Thebeau II, B. Reidy, R. Valerdi, A. Gudagi, H. Kurra, Y. Al-Nashif, S. Hariri, and F. Sheldon. March 2014. Improving cyber resiliency of cloud application services by applying software behavior encryption (SBE). In Proc. of CSER 2014.Google Scholar
Trend Micro. April 2013. Best Practices for Security and Compliance with Amazon Web Services. Retrieved from https://reinvent.awsevents.com/files/Trend Micro_Whitepaper.pdf.Google Scholar
H.-L. Truong_c and T. Fahringer. 2004. SCALEA-G: A unified monitoring and performance analysis system for the grid. Scientific Programming 12, 4 (December 2004), 225--237. Google ScholarDigital Library
H.-Y. Tsai, M. Siebenhaar, A. Miede, Y.-L. Huang, and R. Steinmetz. 2012. Threat as a service? virtualization’s impact on cloud security. IT Professional 14, 1 (January-February 2012), 32--37. Google ScholarDigital Library
W.-T. Tsai, P. Zhong, J. Balasooriya, Y. Chen, X. Bai, and J. Elston. June-July 2011. An approach for service composition and testing for cloud computing. In Proc. of ISADS 2011. Google ScholarDigital Library
P. K. Tysowski and M. A. Hasan. 2013. Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE TCC 1, 2 (July 2013), 172--186. Google ScholarDigital Library
M. van Dijk, A. Juels, A. Oprea, R. L. Rivest, E. Stefanov, and N. Triandopoulos. October 2012. Hourglass schemes: How to prove that cloud files are encrypted. In Proc. of ACM CCS 2012. Raleigh, NC, USA. Google ScholarDigital Library
E. van Veenendaal. October 2012. Standard glossary of terms used in Software Testing. International Software Testing Qualifications Board (ISTQB). Retrieved from http://www.istqb.org/downloads/finish/20/101.html.Google Scholar
L. M. Vaquero, L. Rodero-Merino, and D. Moran. 2011. Locking the sky: A survey on IaaS cloud security. Computing 91, 1 (January 2011), 93--118. Google ScholarDigital Library
M. Velten and F. Stumpf. November 2013. Secure and privacy-aware multiplexing of hardware-protected TPM integrity measurements among virtual machines. In Proc. of ICISC 2012. Google ScholarDigital Library
Z. Wan, J. Liu, and R.-H. Deng. 2012. HASBE: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE TIFS 7, 2 (April 2012), 743--754. Google ScholarDigital Library
B. Wang, S. S. M. Chow, M. Li, and H. Li. July 2013a. Storing shared data on the cloud via security-mediator. In Proc. of IEEE ICDCS 2013. Google ScholarDigital Library
B. Wang, B. Li, and H. Li. 2014. Oruta: Privacy-preserving public auditing for shared data in the cloud. IEEE TCC (2014).Google Scholar
B. Wang, B. Li, and H. Li. April 2013. Public auditing for shared data with efficient user revocation in the cloud. In Proc. of IEEE INFOCOM 2013.Google Scholar
C. Wang, N. Cao, K. Ren, and W. Lou. 2012. Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE TPDS 23, 8 (August 2012), 1467--1479. Google ScholarDigital Library
C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou. 2013b. Privacy-preserving public auditing for secure cloud storage. IEEE TC 62, 2 (February 2013), 362--375. Google ScholarDigital Library
C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou. 2012. Toward secure and dependable storage services in cloud computing. IEEE TSC 5, 2 (April 2012), 220--232. Google ScholarDigital Library
C. Wang, Q. Wang, K. Ren, and W. Lou. March 2010. Privacy-preserving public auditing for data storage security in cloud computing. In Proc. of IEEE INFOCOM 2010. Google ScholarDigital Library
M. Wang, V. Holub, T. Parsons, J. Murphy, and P. O’Sullivan. March 2010. Scalable run-time correlation engine for monitoring in a cloud computing environment. In Proc. of IEEE ECBS 2010. Google ScholarDigital Library
Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li. 2011. Enabling public auditability and data dynamics for storage security in cloud computing. IEEE TPDS 22, 5 (May 2011), 847--859. Google ScholarDigital Library
J. Wei, C. Pu, C. V. Rozas, A. Rajan, and F. Zhu. November-December 2013. Modeling the runtime integrity of cloud servers: A scoped invariant perspective. In Proc. of IEEE CloudCom 2010. Google ScholarDigital Library
L. Wei and M. K. Reiter. September 2012. Third-party private DFA evaluation on encrypted files in the cloud. In Proc. of ESORICS 2012.Google Scholar
L. Wei and M. K. Reiter. September 2013. Ensuring file authenticity in private DFA evaluation on encrypted files in the cloud. In Proc. of ESORICS 2013. Egham, UK.Google Scholar
L. Wei, H. Zhu, Z. Cao, X. Dong, W. Jia, Y. Chen, and A.V. Vasilakos. April 2014. Security and privacy for storage and computation in cloud computing. Information Sciences 258 (April April 2014), 371--386. Google ScholarDigital Library
P. Wieder, J. M. Butler, W. Theilmann, and R. Yahyapour. 2011. Service Level Agreements for Cloud Computing. Springer. Google ScholarDigital Library
Z. Xiao and Y. Xiao. 2013. Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials 15, 2 (April-June 2013), 843--859.Google ScholarCross Ref
T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar. March 2013. SnortFlow: A openflow-based intrusion prevention system in cloud environment. In Proc. of GENI GREE 2012. Google ScholarDigital Library
L. Xu, X. Cao, Y. Zhang, and W. Wu. 2013a. Software service signature (s3) for authentication in cloud computing. Cluster Computing 16, 4 (December 2013), 905--914. Google ScholarDigital Library
Z. Xu, C. Wang, Q. Wang, K. Ren, and L. Wang. April 2013b. Proof-carrying cloud computation: The case of convex optimization. In Proc. of IEEE INFOCOM 2013. Turin, Italy.Google Scholar
K. Yang and X. Jia. 2013. An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE TPDS 24, 9 (September 2013), 1717--1726. Google ScholarDigital Library
K. Yang, X. Jia, K. Ren, and B. Zhang. April 2013. DAC-MACS: Effective data access control for multi-authority cloud storage systems. In Proc. of IEEE INFOCOM 2013. Turin, Italy.Google Scholar
L. Ye, H. Zhang, J. Shi, and X. Du. December 2012. Verifying cloud service level agreement. In Proc. of IEEE GLOBECOM 2012. Anaheim, CA, USA.Google Scholar
Y. A. Younis, M. Merabti, and K. Kifayat. 2013. Secure Cloud Computing for Critical Infrastructure A Survey. Retrieved from http://www.cms.livjm.ac.uk/pgnet2013/proceedings/papers/1569764399.pdf.Google Scholar
J. Yu, P. Lu, Y. Zhu, G. Xue, and M. Li. 2013a. Toward secure multikeyword top-k retrieval over encrypted cloud data. IEEE TDSC 10, 4 (July 2013), 239--250. Google ScholarDigital Library
L. Yu, W.-T. Tsai, X. Chen, L. Liu, Y. Zhao, L. Tang, and W. Zhao. June 2010a. Testing as a service over cloud. In Proc. of IEEE SOSE 2010. Google ScholarDigital Library
S. Yu, Y. Tian, S. Guo, and D. Wu. 2013b. Can we beat DDoS attacks in clouds? IEEE TPDS (July 2013).Google Scholar
S. Yu, C. Wang, K. Ren, and W. Lou. March 2010b. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. of IEEE INFOCOM 2010. Google ScholarDigital Library
S. Zawoad, A. K. Dutta, and R. Hasan. May 2013. SecLaaS: Secure logging-as-a-service for cloud forensics. In Proc. of ACM ASIACCS 2013. Google ScholarDigital Library
P. Zech. March 2011. Risk-based security testing in cloud computing environments. In Proc. of IEEE ICST 2011. Google ScholarDigital Library
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. October 2012. Cross-VM side channels and their use to extract private keys. In Proc. of ACM CCS 2012. Google ScholarDigital Library
Y. Zhang and M. K. Reiter. November 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proc. of ACM CCS 2013. Google ScholarDigital Library
L. Zhao, Y. Ren, M. Li, and K. Sakurai. 2012. Flexible service selection with user-specific QoS support in service-oriented architecture. Journal of Network and Computer Applications 35, 3 (March 2012), 962--973. Google ScholarDigital Library
M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou. November 2010. Security and privacy in cloud computing: A survey. In Proc. of SKG 2010. Google ScholarDigital Library
Y. Zhu, G.-J. Ahn, H. Hu, S. S. Yau, H. G. An, and C.-J. Hu. 2013. Dynamic audit services for outsourced storages in clouds. IEEE TSC 6, 2 (April 2013), 227--238. Google ScholarDigital Library
Y. Zhu, H. Hu, G.-J. Ahn, D. Huang, and S. Wang. March 2012. Towards temporal access control in cloud computing. In Proc. of IEEE INFOCOM 2012.Google Scholar
D. Zissis and D. Lekkas. 2012. Addressing cloud computing security issues. Future Generation Computer Systems 28, 3 (March 2012), 583--592. Google ScholarDigital Library
D. Zou, W. Zhang, W. Qiang, G. Xiang, L. T. Yang, H. Jin, and K. Hu. 2013. Design and implementation of a trusted monitoring framework for cloud platforms. Future Generation Computer Systems 29, 8 (October 2013), 2092--2102. Google ScholarDigital Library

Index Terms

From Security to Assurance in the Cloud: A Survey

Recommendations

Cloud Computing Security--Trends and Research Directions
SERVICES '11: Proceedings of the 2011 IEEE World Congress on Services

Cloud Computing is increasingly becoming popular as many enterprise applications and data are moving into cloud platforms. However, a major barrier for cloud adoption is real and perceived lack of security. In this paper, we take a holistic view of ...
Read More
Security issues in cloud environments: a survey

In the last few years, the appealing features of cloud computing have been fueling the integration of cloud environments in the industry, which has been consequently motivating the research on related technologies by both the industry and the academia. ...
Read More
Open Challenges in Security of Cloud Computing
BDAW '16: Proceedings of the International Conference on Big Data and Advanced Wireless Technologies

Cloud Computing has been on the rise with the advent of Internet of Things and the whole Big Data revolution. There a numerous Cloud Computing Service Providers to choose from. However, the major concern of Cloud Computing is the Security and Privacy ...
Read More

Reviews

Reviewer: Sundara Nagarajan

Users expect that cloud service designers have included robust security mechanisms as essential aspects of the service. What differentiates one service from the other is cloud security assurance-consumers' opportunity to gain justifiable confidence about the consistency of the service with respect to its security properties. Ardagna et al. present a survey of over 300 high-quality publications on cloud security and assurance. The paper presents objective research and makes it easy for readers to select publications of interest quickly based on their own criteria. This is an excellent resource for those beginning to work in this area, as well as for security experts to get a broader view of the domain. It will also be beneficial reading for software system architects. The authors adopt a specific methodology for selecting high-quality publications with clearly defined criteria, and then go on to build a taxonomy. The presentation follows a simple framework to summarize each publication surveyed, consistently: when, where, what, and how. The authors include crisp one- or two-line summaries of promising publications, to help readers choose. The survey starts with the important security themes of vulnerabilities, threats, attacks, and risk evaluation. This section concludes by identifying an area that is less explored and of growing interest: attacks on the availability, confidentiality, and privacy of customer data. An important insight presented in the following section is related to cloud availability as a property at the intersection of security, reliability, and performance. The authors present detailed summaries of 161 research papers in an elegant table. This table is the paper's key contribution. It is very helpful for selecting publications of interest to dive deeper. The appendices compare existing surveys, white papers, and standards. The final section presents detailed results and a few recommendations for next-generation cloud security and assurance. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 48, Issue 1
September 2015
592 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2808687
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 July 2015
- Revised: 1 April 2015
- Accepted: 1 April 2015
- Received: 1 June 2014
Published in csur Volume 48, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Assurance
cloud computing
security
survey
transparency
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 115
  Total Citations
  View Citations
- 3,937
  Total Downloads
- Downloads (Last 12 months)168
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

From Security to Assurance in the Cloud: A Survey

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Cloud Computing Security--Trends and Research Directions

Security issues in cloud environments: a survey

Open Challenges in Security of Cloud Computing

Reviews

Access critical reviews of Computing literature here