Author’s Accepted Manuscript

A survey of security issues for cloud computing

Minhaj Ahmad Khan

www.elsevier.com/locate/jnca

PII: S1084-8045(16)30106-0
DOI: http://dx.doi.org/10.1016/j.jnca.2016.05.010
Reference: YJNCA1652
To appear in: Journal of Network and Computer Applications
Received date: 6 July 2015
Revised date: 12 February 2016
Accepted date: 14 May 2016
Cite this article as: Minhaj Ahmad Khan, A survey of security issues for cloud
c o m p u t i ng , Journal of Network and Computer Applications,
http://dx.doi.org/10.1016/j.jnca.2016.05.010
This is a PDF file of an unedited manuscript that has been accepted for
publication. As a service to our customers we are providing this early version of
the manuscript. The manuscript will undergo copyediting, typesetting, and
review of the resulting galley proof before it is published in its final citable form.
Please note that during the production process errors may be discovered which
could affect the content, and all legal disclaimers that apply to the journal pertain.
 A Survey of Security Issues For Cloud Computing

Minhaj Ahmad Khan

Bahauddin Zakariya University Multan, Pakistan.

Abstract
High quality computing services with reduced cost and improved performance have made cloud
computing a popular paradigm. Due to its flexible infrastructure, net centric approach and ease
of access, the cloud computing has become prevalent. Its widespread usage is however being
diminished by the fact that the cloud computing paradigm is yet unable to address security issues
which may in turn aggravate the quality of service as well as the privacy of customers’ data.
In this paper, we present a survey of security issues in terms of security threats and their
remediations. The contribution aims at the analysis and categorization of working mechanisms
of the main security issues and the possible solutions that exist in the literature. We perform a
parametric comparison of the threats being faced by cloud platforms. Moreover, we compare
various intrusion detection and prevention frameworks being used to address security issues.
The trusted cloud computing and mechanisms for regulating security compliance among cloud
service providers are also analyzed. Since the security mechanisms continue to evolve, we also
present the future orientation of cloud security issues and their possible countermeasures.
Keywords:
Cloud Security, Cloud Computing, Denial-of-Service, Security Threats, Intrusion Detection
Systems

1 1. Introduction

2 Cloud computing has gained wide acceptance for organizations as well as individuals by in-
3 troducing computation, storage and software based services. It is used to address the resource
4 scarcity issues of its clients by providing them with on-demand pay-per-use services [1]. It in-
5 corporates a centralized collection of resources called a cloud connected through a high speed
6 network. The global availability of high performance resources, support of a large number of ser-
7 vices, and ability to store large amount of data have made it ubiquitous. Even with the modern
8 smartphones, the cloud computing is able to serve multiple purposes ranging from backup of con-
9 tacts to the execution of complex applications through computation offloading [2, 3]. Moreover,
10 the reduced cost of services and an assurance regarding quality make it an attractive solution
11 for mitigating the issue of constrained resources. Since a cloud computing platform provides
12 services by sharing valuable resources, an adequate usage of these resources may be achieved by

Email address: [email protected] (Minhaj Ahmad Khan)

Preprint submitted to Journal of Network and Computer Applications May 21, 2016
13 ensuring that the platform is able to counter security threats which may otherwise deteriorate its
14 performance and reliability.
15 An overview of a public cloud computing platform is shown in Figure 1. The cloud platform
16 is usually equipped with high performance server machines, high speed storage devices and an
17 efficient network. The cloud users having mobile phones, laptops or modern desktops connect to
18 the cloud platform through internet. Since the server machines are connected using an internal
19 network, an attack on the network may produce a detrimental impact in the form of commu-
20 nication delays or even the network being inaccessible [4, 5]. Likewise, the attacks on virtual
21 machines and hypervisors being used to run virtual machines have shown to severely breach
22 the security for malicious purposes [6, 7, 8, 9]. Similarly, the cloud services are also prone to
23 security threats as this layer contains software which has always been vulnerable to hacks and
24 security attacks [10]. These attacks may cause violation of data protection or even unavailability
25 of services for all the clients.

Figure 1: Cloud computing architecture with cloud users connecting to a public cloud platform through internet

26 As the cloud computing hinges on the traditional architecture, it is becoming more vulner-
27 able to security breaches. The Cloud Security Alliance report [11] reveals a manifold increase
28 in the frequency of cloud outage taking place within recent years. A large number of vulner-
29 ability incidents occurred with threats already known to exist. Similarly, as per threat report
30 published by Symantec [12], there has been a 91% increase in targeted attacks with 1 out of 3
31 Symantec.cloud customers being targeted by spear-phishing attacks in year 2013. To cope with
32 the increasing number of security threats, there has been a parallel advancement of countermea-
2
33 sures. For attacks emerging due to network such as botnet and stepping-stone attacks [4, 5],
34 various countermeasures [13, 14, 15] are able to detect and fix them. The risk of violation of
35 data protection attacks [16, 17] has been mitigated using cryptographic techniques [18, 19]. The
36 VM and hypervisor based vulnerabilities [20, 21] are tackled using authentication mechanisms
37 [22, 23]. Similarly, the attacks related to denial or theft-of-service [24, 9] may be coped with the
38 intrusion detection systems [25, 26, 27]. For the threats resulting in disclosure of information to
39 third party, the privacy Acts such as ECPA and HIPAA [28, 29] have been deployed.
40 Various contributions presenting a survey of cloud security issues and challenges have been
41 made recently. A classification of security issues while mapping threats to countermeasures
42 is described in [30, 31, 32, 33]. Similarly, corresponding to the infrastructure, platform and
43 software layers of the cloud computing model, a layer-wise categorization of security threats is
44 presented in [34]. Another classification of attacks on clouds using attack surfaces comprising
45 the users, services and clouds with six possible interfaces is described in [35]. The authors in
46 [36, 37, 38] discuss major cloud security threats as identified by Cloud Security Alliance [39],
47 whereas the confidentiality, integrity, availability, audit and control are described as major cloud
48 security issues together with data privacy Acts in [40]. The authors in [41] discuss malicious in-
49 sider based denial-of-service attacks together with the attacks on data while using Amazon Web
50 Services (AWS) as a case study. A brief survey given in [42] describes the scalability of cloud
51 and compliance regulations as major cloud security issues. The authors urge the need to build
52 confidence of cloud customers by revealing implementation details and ensuring security com-
53 pliance. The survey contribution [43] discusses various intrusion detection techniques, whereas a
54 security analysis of open source cloud software platforms is provided in [44]. In contrast to these
55 contributions, we present a comprehensive survey with a parametric analysis of cloud security
56 issues, countermeasures, and security frameworks (intrusion detection and prevention systems)
57 in this paper. We employ a component based categorization in terms of the network, VM, storage
58 and applications executing on a cloud platform. Various solutions to trusted cloud computing are
59 also analyzed together with compliance issues in terms of prevailing standards, Acts and regula-
60 tions. We also present succinctly the future orientation of security challenges and their possible
61 solutions.
62 The remaining part of this paper is organized as follows. Section 2 describes a categorization
63 of security threats and their implications. A comparative analysis of security threats and their
64 countermeasures is given in Section 3. Section 4 presents a comparison of the intrusion detec-
65 tion and prevention systems aimed at providing security for the clouds. An analysis of various
66 approaches used for trusted cloud computing is given in Section 5. Various Acts and official
67 rules used for regulating cloud computing security issues are discussed in Section 6. The future
68 challenges and issues together with the suggestions to cope with these issues are discussed in
69 Section 7 before concluding the paper in Section 8.

70 2. Cloud Computing Security: Taxonomy and Categorization

71 Cloud computing offers services using the Infrastructure as a Service (IaaS), Platform as
72 a Service (PaaS) and Software as a Service (SaaS) models [1] as shown in Figure 2. Cloud
73 users have access to servers and virtual machines through the IaaS service model. The hypervi-
74 sors execute on the servers to provide virtualization of physical resources. Similarly, using the
75 PaaS service model, the cloud platform provides support of operating systems, runtime systems,
76 databases or web servers. The SaaS service model provides support of pay-per-use software. The
77 diversity of these service delivery models makes the cloud computing platforms more vulnerable
3
 78 to attacks than any other computing platform. Its vulnerability may be exposed through any of
79 its core components: network, virtual machines, storage and applications, which are used as a
80 basis for categorization of attacks and their implications.

Figure 2: Cloud service delivery architecture

81 2.1. Categorization of Attacks Based on Cloud Components

82 For performing comparative analysis, we categorize attacks on a cloud platform based on its
83 components: network (A1 ), virtual machines (A2 ), storage (A3 ) and applications (A4 ) as elabo-
84 rated below.

85 2.1.1. Network Based Attacks (A1 )

86 The cloud machines existing within a cloud platform are connected through a network which
87 also provides connections with the machines outside the cloud platform. An intruder may attack
88 a cloud system through its network which may in turn deterioate the quality of cloud services
89 and may even put data privacy/confidentiality at risk. For our analysis, we consider three types
90 of network based attacks as elaborated below.
91 Port Scanning (A1a ) A port on a server may be probed to check the status of a service exe-
92 cuting on the target machine. The port scanning requires access to the network hosting the target
93 machine. It is used to expose vulnerabilities of the target machine resulting in the denial-of-
94 service [24]. The intrusion detection systems or firewalls [25, 26, 45, 46] may be used to detect
95 and hinder such attacks.
96 Botnets (A1b ) A botnet may be used to steal data from a host machine and communicate it
97 to a bot-master. A command and control system is established with a bot-master and several
98 machines can act as stepping-stone to steal private information. Several incidents have shown
99 to incorporate clouds as command and control servers [4, 5]. The techniques to counter botnet
100 attacks mainly attempt to track the botmaster by interpreting the communication or filtering the
101 packets [13, 14].
4
102 Spoofing Attacks (A1c ) The spoofing attacks in a network impersonate entities for malicious
103 purposes. An IP spoofing attack may replace the IP address in a network packet with a forged
104 source IP address. Similarly, a DNS spoofing attack may cause a DNS server to return an in-
105 correct IP address thereby redirecting network traffic to an attacker’s system. A virtual network
106 may be a victim of ARP spoofing [15] thereby causing an attacker VM to access packets of other
107 VMs. The cloud based antivirus [47] or intrusion detection systems [25, 26, 48] may be used to
108 cope with these attacks.

109 2.1.2. VM Based Attacks (A2 )

110 On a cloud system, the VM based attacks exploit vulnerabilities in the virtual machines to
111 violate data protection and affect the cloud services. Multiple virtual machines being hosted on
112 a system cause several security risks. Moreover, various stages of VM management may be used
113 to launch a large number of cloud attacks. For our analysis, we consider four types of VM based
114 attacks as described below.
115 Cross VM Side Channel Attacks (A2a ) The VM based side channel attacks are able to extract
116 information regarding resource usage, cryptographic keys and other information from a target
117 VM which is residing on the same physical machine as that of the attacker VM [49, 8, 17, 21].
118 These attacks may exploit timing information from resources such as cache and shared memory.
119 The countermeasures for side channel attacks use authentication mechanisms, cryptographic al-
120 gorithms or deterministic execution to mitigate the risk of side channels [22, 23, 8, 20, 50].
121 VM Creation Attacks (A2b ) A malicious code can be placed inside a VM image which is
122 then replicated during creation of virtual machines [6, 51, 52]. In this regard, virtual image
123 management system providing filters and scanners for detecting and recovering from security
124 violations may be used [53, 54, 55].
125 VM Migration and Rollback Attacks (A2c ) When an active VM is being migrated from the
126 host physical machine to another physical machine, the contents of the VM files become vul-
127 nerable to various attacks [56, 52]. For example, the log of execution state being maintained for
128 implementing a rollback may become accessible during migration. An effective configuration of
129 security policies or proper suspend/resume activities may render the VM migration to be more
130 secure [57, 58, 59, 60].
131 VM Scheduler Based Attacks (A2d ) A few vulnerabilities of scheduler may result in resource
132 stealing or theft-of-service [9, 61]. For example, a VM may be scheduled to run after a specific
133 time while retaining the credit balance of the VM execution time slice. Modified versions of
134 scheduler [9, 35] may improve security of hypervisors while maintaining fairness and efficiency.

135 2.1.3. Storage Based Attacks (A3 )

136 An attacker from outside or even a malicious insider may steal private data stored on some
137 storage device [62, 63, 64, 65]. With access to sensitive information, a large number of vulner-
138 abilities may be exploited by manipulating data if a strict monitoring mechanism is not imple-
139 mented. For analysis, we consider two types of storage based attacks on clouds as elaborated
140 below.
141 Data Scavenging (A3a ) While erasing data from a storage device, the file systems do not
142 remove data completely. Consequently, the removed data may be recovered by attackers which
143 is referred to as data scavenging [31, 66, 67, 6, 68, 69]. Various techniques to counter data
144 scavenging are reported in [70].
145 Data Deduplication (A3b ) With data deduplication being performed for minimizing storage
146 and bandwidth requirements, it becomes possible to identify the files and their contents [71]. It
5
147 may even make it possible to create communication channel for access to a malicious software.
148 The deduplication exploitation risk may be mitigated by ensuring the deduplication to occur only
149 if there is a specific number of copies of the file [72].

150 2.1.4. Application Based Attacks (A4 )

151 The applications running on a cloud may be exposed to various attacks by injecting code
152 which may trace execution paths and exploit this information for malicious purposes. Similarly,
153 the protocols implemented to provide services on a cloud system are vulnerable to attacks and
154 any running applications may use them as a source of intrusion. Moreover, on a cloud system,
155 the architectural components being shared may be exploited by an application as a source for
156 performing malicious activities. Overall, we consider three types of application based attacks as
157 described below.
158 Malware Injection and Steganography Attacks (A4a ) A malicious code may be inserted in
159 an application if a cloud platform allows for an insecure interface for application development
160 [11, 73]. With a steganography attack, the attackers embed malicious code within files being
161 transmitted over network [74]. The transmission of malicious code may then be ignored by
162 security systems for which it seems as if a normal file is being sent. The schemes like StegAD
163 [75] may be used to identify the files and possible locations of injected code in steganographied
164 files.
165 Shared Architectures (A4b ) On a shared architecture, the execution path of a victim’s applica-
166 tion can be traced. It can be further used to detect victim’s activities and hijack his account [76].
167 To detect the possibility of being exploited by shared architectures, the application binary code
168 may be analyzed [77].
169 Web Services & Protocol Based Attacks (A4c ) The web services use various protocols such as
170 SOAP whose message header can be manipulated to contain invalid requests [10]. The security
171 policies and validation mechanisms may be implemented to ensure valid requests for smooth
172 running of services. To cope with possible website based threats, application firewalls may be
173 used to identify and block the attacks [45].

174 2.2. Implications of Attacks

175 An attack on a cloud may have one or more implications which may deteriorate the provision
176 of data and services on a cloud platform. These implications are categorized as follows.
177 Violation of Data Protection: Data protection is violated when data becomes accessible to
178 users other than owners of data. A large number of threats may violate data protection through
179 different techniques such as data deduplication or third-party clouds [78, 79, 80, 69, 81].
180 Malicious Manipulation of Data: On cloud computing platforms, the communication be-
181 tween the user and the cloud services interface involves protocols such as HTTP & SOAP to-
182 gether with scripting languages which are vulnerable to a large number of threats [82, 83, 84, 10,
183 76]. Consequently, an attacker may exploit loopholes in these mechanisms which may result in
184 malicious manipulation of website data.
185 Denial-of-Service: An attacker may target the cloud platform to hinder the services being
186 provided to customers [24, 84]. For instance, it is possible for a malicious insider to occupy the
187 resources so that the requests by other users are responded with unavailability of resources.
188 Theft-of-Service: A few vulnerabilities in scheduler may result in theft-of-service attacks.
189 For example, an attacker may target the scheduling policy to be able to steal resources or obtain
190 cloud services without proper billing [9].

6
191 3. Comparative Analysis of Attacks and Countermeasures

192 A cloud computing platform provides services using its service delivery model. The attacks
193 on a cloud platform may exploit various components at every layer of its service model in order
194 to violate data protection and deteriorate the quality of service for malicious purposes. This sec-
195 tion discusses and analyzes research work contributing towards revealing attacks on clouds and
196 their countermeasures. For a parametric evaluation, Table 1, Table 2, Table 3 and Table 4 present
197 respectively a comparative analysis of attacks based on the network, VM, storage and applica-
198 tion categories. The comparison is performed in terms of the attack categories, mechanisms,
199 implications, vulnerable components and contributions for relevant countermeasures.

200 3.1. Network Based Attacks and Countermeasures

201 Through network based attacks, the botnets have been successful in exploiting the cloud
202 infrastructure for malicious purposes. For instance, the well known Zeus botnet was revealed
203 to be using Amazon’s Elastic Computing Cloud (EC2) as command and control server [4]. The
204 Zeus botnet is a malware which is able to steal passwords. Its variants have been reported to
205 be used for illegal bank transactions. Similarly, the Google cloud platform AppEngine has been
206 used as a botnet to communicate with the infected computers [5].
207 A distributed denial-of-service attack [24] performs a distributed portscan which is very dif-
208 ficult to be detected by an Intrusion Detection System (IDS) [25]. For simulation of the attack,
209 two configurations of a cloud platform secured by the Snort IDS [26] and a United Thread Man-
210 agement firewall respectively are used. The configurations also use various parameters including
211 the number of attacking and target hosts for evaluation. For 100 targeted ports, the sequential
212 and parallel distributed portscans are used with multiple scanners. For the sequential portscan, a
213 scanner is selected to scan ports, and when detected by the IDS, another scanner is then selected
214 to continue the portscan. For parallel portscan, the targets and ports are distributed among scan-
215 ners whose steps are then synchronized. The distributed mechanism works successfully to scan
216 ports despite the presence of firewalls. The experimental results show that for 64 targets, the
217 parallel portscan achieves an average success rate of 84% and continues to perform better than
218 sequential portscan even for small number of targets.
219 An ARP spoofing based attack [15] allows to impersonate ARP messages on the network.
220 It results in providing access of target VMs’ packets to an attacker VM. The attacker VM can
221 access private data as well as perform malicious activities. To cope with this attack, a framework
222 as the countermeasure to control communication among virtual machines on a cloud platform
223 is also described. The framework addresses the issue of sniffing and spoofing virtual networks
224 linking VMs. It incorporates multiple layers for routing, sharing and securing the network. The
225 routing layer uses unique tags to monitor the packets, whereas the shared network layer requires
226 VMs of the same organization to share the network. The firewall layer restricts communication
227 of a VM to the outside world and also blocks packets which attempt to modify the routing table.
228 A technique for detecting botnets in cloud is described in [13]. The approach initially deter-
229 mines the cryptographic keys being used for botnet communication between bots and Command
230 & Control servers. The attack traffic is decrypted by first identifying patterns of regions that
231 may contain the keys. An entropy search is then performed to identify the keys. Subsequently,
232 the communication taking place between the botmaster and the victims through stepping-stone
233 machines is also captured. It is accomplished by spreading Pebbleware, an executable code that

7
 Attack Attack Vulnerable
Mechanism Implications Countermeasures
Ref. Category Components
Botnet using Violation of
Amazon cloud as data
[4] A1b Cloud network [13], [14], [15], [25]
command and protection
control server (IaaS)
Violation of
ARP spoofing by data
[15] A1c Virtual network [15], [25]
VM protection
(IaaS)
Denial-of-
Distributed port
[24] A1a Service (IaaS Cloud network [25], [84]
scanning
and SaaS)

Table 1: Comparison of network based attacks on clouds

234 identifies the host machines. After reaching the botmaster, it reveals the IP address of the botmas-
235 ter. The technique of tracing the botnet server is shown to work successfully for the well-known
236 Zeus botnet.
237 For protecting clouds against stepping-stone attacks, a VM introspection based mechanism
238 is provided in [14]. The mechanism suggests the use of a packet filter architecture called xFilter,
239 which runs in a VMM. The xFilter code obtains information regarding the process IDs and user
240 IDs from guest operating systems. Upon intercepting a packet, xFilter matches the sender and
241 receiver user IDs with its filtering rules in order to accept or reject the packet. The filtering
242 rules are dynamically updated upon detecting new attacks. A decision cache is also incorporated
243 in xFilter which makes it possible to reuse previous decisions thereby reducing the overhead
244 of VM introspection. The suggested filtering approach works with almost 13% of performance
245 degradation of web based communication.
246 The instrusion detection systems [25] are able to secure a cloud network by analyzing the
247 packets flowing through the network. In contrast to firewalls, the intrusion detection systems an-
248 alyze traffic pattern through payload information. The intrusion detection systems may provide
249 traffic monitoring at individual host or network level and alert the administrators regarding sus-
250 picious activities. Similarly, the intrusion prevention systems are able to discard packets based
251 on the traffic pattern in addition to analyzing packets. A detailed categorization of these systems
252 is given in Section 4.
253 The research work in [84] targets distributed denial-of-service (DDoS) attacks. The approach
254 initially matches the IP address of the client with already stored IPs. Subsequently, a cloud de-
255 fender is incorporated to identify suspicious messages and restrict access to avoid DDoS attacks.
256 The cloud defender counts the numbers of requests corresponding to a single IP and filters if a
257 large number of requests arrives from the same IP. It then matches the hop-count value and IP
258 frequency of similar request messages and marks them suspicious. Similarly, the HTTP DDoS
259 attack is handled by using client puzzles which is a part of a WSDL file. The solution of the
260 puzzle is embedded within the header of the SOAP message. The puzzle is sent back to the IP
261 address, and if the puzzle is not resolved by the client machine, the message is discarded. More-
262 over, a signature is generated while keeping a few parameters twice in the signature, and later
263 added to the SOAP header for XML protection.

8
264 3.2. VM Based Attacks and Countermeasures
265 The security of a virtual machine being copied to create another VM may be compromised
266 by modifying its executable code [52]. The worms/viruses may be injected in the original VM
267 before creating a copy of the VM [51]. A compromised virtual machine which also contains the
268 state of the guest operating system thus results in exposing the newly created VM to security
269 threats. Moreover, it is difficult to trace the origin of the vulnerability for the newly created VM.
270 A cross-VM side channel attack may cause a malicious VM to extract Advanced Encryption
271 Standard (AES) encryption key from a target VM [49]. The attack exploits the shared cache by
272 analyzing its access pattern and cache indices when the victim VM executes the AES algorithm.
273 In [85], various approaches of stealing confidential data in the cloud are described. The
274 approach assumes a malicious insider who has administrative access to VM management. For
275 obtaining passwords, the attack incorporates the access to the memory image of the VM machine
276 using the xm command. The passwords can then be retrieved from the memory image by using
277 Linux based utilities. Similarly, to obtain private keys the tool rsakeyfind can be used which finds
278 out the key from the memory image of the target VM. For extracting confidential information, the
279 attacker creates a logical disk volume, searches for all the existing volumes, and can mount them
280 to copy the information or files. Another attack that relocates virtual machine can be performed
281 on a cloud. To accomplish this attack, the malicious user first ensures that an integrity-protected
282 hypervisor [86] is executing. The integrity-protected hypervisor uses special parameters which
283 make it secure against any possible modifications. A verification process is performed through
284 the key certificates obtained from the TPM of a secure server to make it seem as if the config-
285 uration of an insecure hypervisor based machine is the same. The VM is then relocated to the
286 machine with insecure hypervisor thereby making it possible to steal confidential data.
287 The research work in [9] describes a vulnerability in the scheduler of the Xen hypervisor. As
288 the cloud systems use virtualization, the tasks are executed on virtual machines which contain
289 virtual CPUs. The main objective of the scheduler is to determine the mapping between virtual
290 and physical CPUs. Each VCPU is given credits that are debited after scheduling the VCPU.
291 When a virtual CPU goes to sleep state due to I/O call, it retains its credits which cause it to
292 enter the BOOST state on waking up and subsequently preempt other virtual CPUs. To exploit
293 the vulnerability, the scheduler is set to schedule the attacker VM after every 10ms, let the VM
294 run for a small instance, and go idle subsequently. It ensures that other VM runs for a small time
295 whose credits are therefore reduced. Since the attacker VM wakes in BOOST state, the running
296 VM is preempted and the attacker VM resumes execution, however, the credit balance of the
297 attacker VM never decreases. The experiments performed on an Intel based processor show that
298 the attacker VM can utilize almost 98% of a CPU core’s cycles, and on the Amazon EC2 based
299 setup, the attack is able to utilize 85% of the CPU resources. Similarly, a Time-Stealer attack
300 [61] is described for a recent version of Xen scheduler. The cycle stealing approach works by
301 analyzing the source code. The suggested approach is shown to successfully acquire 96.6% CPU
302 cycles independent of the number of virtual machines executing on the same processor.
303 While replicating a virtual machine, the private data together with cryptographic keys may be
304 exposed [6]. The private data and keys are supposed to be private to a particular host. However,
305 with a new copy of VM, the exposed data may become public. The data leakage due to VM
306 replication may then be used for malicious activities.
307 An approach of stealing private information on the cloud due to sharing of physical resources
308 is given in [17]. The approach works in different steps and is based on the fact that VMs for
309 different cloud customers may be executed on the same server. The attacker VM can use side-
310 channel attacks to violate data protection of the target VM. To accomplish that, the malicious user
9
311 initially attempts to be co-resident on the same system as that of the the target VM by probing
312 the network while targeting the port numbers 80 and 443. The web servers are then traced using
313 DNS based probing. When the exposed parameters are used for launching a new instance, it
314 becomes co-resident with the victim VM. The time shared caches are then used to detect the
315 workload of instances of target VMs and launch other attacks. For example, the cryptographic
316 keys can be extracted by using side-channel attacks. Moreover, by finding the keystroke timings,
317 the passwords being entered by the target users can also be recovered.
318 Various classes of live VM migration attacks are described in [56]. The control plane class
319 attacks target communication for initiating and managing the overall VM migration process.
320 The data plane class attacks may target the data for leakage of private information. Similarly,
321 the migration module class attacks may gain illegitimate control of the VMM and the guest
322 operating systems. The suggested framework Xensploit makes use of the fragroute framework to
323 exploit various vulnerabilities such as modifying memory page of a process during transmission,
324 manipulating keys for sshd authentication and stack/integer overflow issues.
325 An attack to access cryptographic keys using the concept of side-channel attack is given in
326 [8]. The attack works for two separate DomU VMs by assuming that the attacker can access
327 a copy of the software executing on the target VM. The time taken by cache sets of instruc-
328 tion caches is determined. After measuring timings, cache patterns are classified and possible
329 errors called noise are subsequently reduced. Different mathematical operations of a crypto-
330 graphic algorithm are determined through pattern classification. These sequences of operations
331 are re-constructed to extract the cryptographic key from a victim’s machine. The experimen-
332 tation shows a successful implementation of extracting ElGamal [87] decryption key from the
333 victim’s machine.
334 Different types of attacks in multi-tenant clouds are discussed in [88]. The first attack VM
335 hopping may occur when two VMs are set to execute on a single host machine. An attacker on a
336 virtual machine can monitor the traffic of other VMs and subsequently modify their configuration
337 for any malicious activities. The VM Escape attack causes the attacker to access the hypervisor
338 which in turn may be used to affect other running VMs. The attack monitors the CPU and
339 memory utilization and can even cause the hypervisor or VMs to stop executing.
340 The energy consumption logs may be used as a side channel to recognize the VMs being
341 hosted on a cloud platform [21]. The energy consumption traces are first sampled followed by
342 computation of probability function for combination of VMs. A statistical analysis is then used
343 to determine the likelihood of VM states.
344 An approach for improvement of security of the Xen hypervisor is suggested in [93]. The
345 trusted computing base (TCB) of the Xen hypervisor contains the VMM, a privileged virtual ma-
346 chine Dom0 and other tools which may in turn be used to create other VMs. Since the tools may
347 contain user software, the size of the TCB may run out of bounds. Moreover, the administrator
348 can execute any privileged code which may even impact the functionality of the Xen hypervisor.
349 The suggested approach removes the Dom0 user space and keeps only the Dom0 kernel in the
350 TCB. Consequently, the size of the TCB is reduced and the security and integrity of the Xen
351 hypervisor improves significantly.
352 An approach called hypersafe to secure hypervisors with control flow integrity is given in
353 [92]. The proposed approach performs memory lockdown to secure code and data. It ensures
354 the pages to be unlocked for modifying even if it is required by the hypervisor itself. Any other
355 code brought for execution in hypervisor space is rejected. To protect control data, a technique
356 called restricted pointer indexing is proposed. It uses control-flow graph to determine the flow of
357 control and generate pointer indexes from control data. The targets in the control flow are found
10
Attack Attack Vulnerable
Mechanism Implications Countermeasures
Ref. Category Components
Violation of
data
[51] A2b VM creation protection VM image [53], [54], [55], [89]
(IaaS and
SaaS)
Violation of
Cross-VM Cache
data [7], [89], [90], [91],
[49] A2a based side channel Shared caches
protection [49]
attacks
(IaaS)
Theft-of-
Timed scheduling
[61] A2d Service VM Scheduler [9], [92], [93]
using hypervisor
(SaaS)
Violation of
data
[6] A2b VM replication protection VM image [53], [54], [55]
(IaaS and
SaaS)
Violation of
Cross-VM Cache
data [7], [89], [90], [91],
[8] A2a based side channel Shared caches
protection [49]
attacks
(IaaS)
Violation of
data
VM image access
protection, VM image, [94], [93], [95], [96],
[85] A2d , A2a and relocation with
Malicious Hypervisor [97], [9], [92], [93]
insecure hypervisor
manipulation
of data (IaaS)
Theft-of-
Timed scheduling
[9] A2d Service VM Scheduler [9], [92], [93]
using hypervisor
(SaaS)
Violation of
data
[52] A2b VM creation protection VM image [53], [54], [55], [89]
(IaaS and
SaaS)
Violation of
VM side channel data Time shared
[17] A2a [7], [89], [90], [91]
attack protection caches
(IaaS)
Violation of
data
Communication for protection,
Hypervisor and
[56] A2c VM migration and Denial-of- [57], [59], [60]
network
memory access Service (IaaS,
PaaS and
SaaS)
Violation of
VM escape and VM
data
hopping to access
protection,
information of other VM and [53], [60], [89], [91],
[88] A2d Denial-of-
VMs and impact hypervisor [7], [92]
Service (IaaS,
hypervisor
PaaS and
execution
SaaS)
Energy Violation of
consumption logs to data [53], [60], [89], [91],
[21] A2d VM and storage
detect VMs being protection [94]
hosted (IaaS)
11
Table 2: Comparison of VM based attacks on clouds
358 and their access is restricted to pointer indexes. The approach works efficiently as it incurs less
359 than 5% of overhead for protection of code and data.
360 For tackling various VM based attacks, the misuse patterns are proposed in [89]. The misuse
361 patterns describe the environment, conditions and sequences of cloud based attacks including
362 those caused by co-residence of virtual machines and manipulation of virtual machine images.
363 The misuse patterns act as a repository which may then be used by developers for security mea-
364 sures against the attacks.
365 Two strategies for avoiding cache based side channel attacks targeted at extracting AES keys
366 are described in [49]. The AES encryption performs various mathematical operations which are
367 very expensive. Consequently, table lookups are used as a replacement for these operations. An
368 attacker can analyze various patterns of the cache to reveal the indices of lookup table which
369 have not been accessed. The attacker detects the execution of the AES encryption as there is a
370 large number of clock cycles. It finds the affected cache sets and performs brute-force method
371 to extract encryption key. The attack can be avoided if the cache is flushed before applying AES
372 algorithm or the lookup table access is made random.
373 An approach of reducing the possibility of cross-VM side channel attacks using a modified
374 version of scheduler is given in [7]. The suggested approach adds new parameters corresponding
375 to threshold for overlapping of two VMs and noise to be inserted. The threshold for overlapping
376 of two VMs can be adjusted so that the VMs may overlap execution within the threshold limit.
377 As the VMs execution overlapping time approaches the threshold limit, a noise is injected by the
378 scheduler to interrupt the transmission through the side channel. The prototype implementation is
379 shown to successfully mitigate the cross-VM side channel attacks with a very small performance
380 overhead. Similarly, in [91], the concept of a VM Police is proposed to prevent side channel
381 attacks. The Police VM is launched by a host and contains software components as anti-attack
382 units. The scheduling of Police VMs is controlled through several parameters such as load,
383 security and performance requirements.
384 A mechanism to avoid data leakage using network covert channels is given in [90]. A tim-
385 ing covert channel uses delays during communication for encoding and decoding information.
386 Similarly, a network covert channel works when a user types some information in a VM. A key-
387 logger then logs the information and leaks it through the network covert channel to attacker. The
388 solution of these covert channels is to define customized rules for communication between VMs
389 which can be implemented by incorporating a firewall based on VMM. Another covert channel
390 uses the table mapping that corresponds to physical and virtual machine frames. The mapping
391 may be modified to communicate with other virtual machines. It can be restricted by dividing
392 the table so that only the corresponding virtual machine can access it.
393 To secure data theft attack from a malicious insider, an analysis to detect access patterns is
394 suggested in [94]. The approach detects anomalies in data access patterns. For an unauthorized
395 access, the user is returned with decoy information which may not be identified by any user other
396 than owner of the data.
397 An architecture with flexible enforcement of security policies is described in [95]. The ar-
398 chitecture proposes a configuration phase and a policy enforcement phase. The configuration
399 phase loads a new VM for a specific web application and the enforcement phase ensures autho-
400 rization of requests from the VMs for end-to-end access control. The architecture establishes
401 secure channels at multiple layers using the given configurations. For a web application, the se-
402 curity policies are downloaded and the browser VM is updated before being loaded. On a URL
403 request, a security label is generated which is then forwarded to the VMM for authorizing the
404 communication as per system security policy and sending it to web server for processing.
12
405 For IaaS environments, a security infrastructure is proposed in [96]. The proposed model
406 contains a secure configuration policy (SCP) to ensure a secure configuration of IaaS compo-
407 nents. Another component called Secure Resource Management Policy (SRMP) manages the
408 access rules for IaaS resources. The third component Security Policy Monitoring & Auditing
409 (SPMA) is able to monitor and track the entire system life cycle. Moreover, the restriction level
410 can be varied depending upon the service provider and requirements.
411 A cloud security architecture for server virtual machines using policy and threat management
412 services is given in [97]. This architecture is a part of Savvi’s general security architecture. The
413 policy management contains various elements including the the identity management, Single-
414 Sign-On (SSO), security configuration, vulnerability management and reporting. Each VM is
415 assigned a unique identity which is then used to monitor for any vulnerabilities throughout the
416 VM lifecycle.
417 The framework Mirage proposed in [53] includes a mechanism for sharing VM images in a
418 secure manner. It contains filters to remove private information or malicious code from the VM
419 image and also contains a mechanism for tracking operations applied to the VM image. After
420 publishing the image, the framework may also be used for scanning and fixing of viruses or ma-
421 licious software. Similarly, a special VM image storage format [54] is proposed to secure images
422 by exploiting semantic information in the images. It makes use of a manifest corresponding to
423 an image and a store to contain image data which may be converted to the original image form.
424 In [55], a repository is incorporated to secure the VM images in a cloud. It uses a monitor to scan
425 images, an authenticator to authenticate the legal users and an auditor to track access to image.
426 A framework for providing life-cycle protection of VM and virtual network called VNSS is
427 provided in [57]. The framework contains a controller and multiple agents as components for
428 securing virtual computing environments. The controller component loads VM configuration
429 and calls an agent to create an instance of the virtual machine. Another agent for generating
430 security policies is then invoked by the controller. Similarly, for VM migration, the controller
431 uses the VM migration agent together with the agents for security context migration and security
432 policy migration. The VM destruction phase is carried out by the controller by destroying the
433 VM instance and removing the security policies. The experimental results show a successful life-
434 cycle implementation with uninterrupted execution and secure migration for FTP applications.
435 For secure migration of VMs, a framework called PALM is described in [59]. The frame-
436 work works for Xen VMM and makes use of different modules for protection during migration.
437 The data protection module performs encryption and decryption of data related to protected pro-
438 cesses. The migration manager controls the overall migration process, whereas other modules
439 manage the transmission of metadata and protect it from various security vulnerabilities. With
440 the PALM framework, there is a small performance degradation in comparison with the live
441 migration by Xen hypervisor.
442 A virtual machine executing on a cloud may be temporarily suspended for maintenance ac-
443 tivities and resumed later on. While suspending it is possible to save the current state of disk,
444 memory and CPU. This feature may be used to perform malicious activities as it becomes pos-
445 sible to perform multiple attempts for login, and then rollback the VM to its previous state.
446 The countermeasures for these attacks work by using the log of VM activities or enforcing the
447 features of suspend/resume operations to work with user input [60].

448 3.3. Storage Based Attacks and Countermeasures

449 Storage services of a cloud make use of data deduplication in order to keep a single copy of
450 data. In [71], different attacks related to data deduplication in clouds providing storage services
13
 Attack Attack Vulnerable
Mechanism Implications Countermeasures
Ref. Category Components
Tracing of Violation of
files/contents data
through data protection, Cloud storage and
[71] A3b [72], [98], [99]
deduplication and Denial-of- network
communication Service (PaaS
covert channel and SaaS)
Violation of
data
[53], [54], [55], [100],
[6] A3a Data scavenging protection Cloud storage
[101], [102]
(IaaS and
SaaS)

Table 3: Comparison of storage based attacks on clouds

451 are described. The first attack makes it possible for the attacker to identify the uploaded files.
452 The second attack allows to determine the contents of a file stored on a cloud server. Similarly,
453 the third attack allows to create a covert channel for malicious activities. The channel can make
454 communication possible between a malicious software and a control server.
455 With elastic clouds, the data scavenging may occur when the resources allocated to a user are
456 re-allocated to another user [6]. Despite a new allocation, the data and storage of previous user
457 may become accessible to the new user. The violation of data protection may therefore occur
458 due to data scavenging.
459 A mechanism for detecting covert channels in clouds using a framework called C 2 Detector
460 is provided in [98]. A covert channel can be used to violate data confidentiality provided by a
461 cloud platform. To cope with the covert channels of CPU load, memory and cache based, an
462 automaton having four states is incorporated. To detect the covert channels, change pattern of
463 shared resources is matched with the Markov model. A match of the pattern implies the trans-
464 fer of confidential information through the covert channel. Similarly, for operation sequences,
465 Bayesian model is incorporated, which takes input from the Markov detector. A deviation from
466 the Bayesian model implies a covert channel to exist in the cloud. The C 2 Detector successfully
467 detects covert channels with a small number of false positives.
468 For securing data during transmission, a mechanism using digitized signatures is described in
469 [99]. The suggested approach performs digital signatures using RSA. A hash function is initially
470 applied to generate a message digest which is subsequently encrypted. The encrypted text can
471 then by decrypted for verification. Similarly, the approach given in [72] proposes a mechanism
472 to share data on a public cloud using deduplication. The approach works in a secure manner
473 by encrypting data and encapsulating rights in a separate file. The decryption of data can be
474 performed only by authorized users.
475 The VM image access control mechanisms [53, 54, 55] discussed in the previous section may
476 also be applied to secure data scavenging.
477 With multiple organizations sharing user information, a federated identity management sys-
478 tem can be incorporated. Leandro et al. [100] present a federated identity based authorization
479 scheme which deploys the Shibboleth authentication and authorization system [101] for manage-
480 ment of identities. It supports Single-Sign-On (SSO) mechanism so that multiple organizations
481 within a federation may share identity information. Consequently, a user is not required to login
482 repeatedly to access resources multiple times. Similarly, Sanchez et al. [102] describe an identity

14
483 management system. Their approach employs the Security Assertion Markup Language (SAML)
484 [103] adapted for dynamic cloud federation. The SAML language uses XML for communicating
485 data required for authentication and authorization between organizations. The proposed model
486 is then used to provide access to cloud resources while retaining the user privacy.

487 3.4. Application Based Attacks and Countermeasures

488 Various security challenges faced due to elasticity of clouds are described in [73]. A main
489 challenge is provision for a fine-grained access in a cloud environment. Moreover, an elastic
490 model has to cope with the time and context parameters for restraining various actions. Similarly,
491 the data on a shared architecture may not be secure due to environment access to other users.
492 For steganography attacks, secret data called steganogram can be embedded within normal
493 data exchange which may not be detected by third parties. The secret data may contain malware
494 code which may result in security breach [74].
495 The data protection may be violated due to the protocol vulnerabilities [6]. The protocols
496 being used for access to cloud data and services are described as an insecure entity which may
497 become potential threats for cloud computing.
498 For access to cloud infrastructure, Web Services are used by cloud providers. The vulner-
499 ability of these services for cloud infrastructure is exposed in [10]. The services make use of
500 Simple Object Access Protocol (SOAP) messages for cloud requests. A SOAP message can be
501 manipulated by intercepting it and modifying the request. The SOAP message header contains
502 signatures which are kept unchanged together with Body wsu:Id, while the message body is re-
503 placed with a new bogus request. An invalid request validated by the cloud provider makes the
504 entire cloud vulnerable. This attack can be restricted by validating XML schema which ensures
505 that multiple occurrences with the same Id do not occur. Moreover, the security policy validation
506 mechanism may be improved to counter such attacks.
507 For PaaS environments, a framework to perform side-channel cache-based attacks is given
508 in [76]. The control flow graph of an executable is used to detect memory chunks that are
509 monitored for the attack. Subsequently, an NFA with states corresponding to memory chunks
510 is constructed. The execution of a victim’s application is traced and a malicious instance of the
511 attacker code is co-located with the application. The malicious code can then extract information
512 from the application by making use of cross-site requests. The suggested approach is shown to
513 successfully reveal information regarding a user’s shopping items on a victim website, resetting
514 passwords of users on a website and breaking XML encryption.
515 For securing cloud computing platforms, the antivirus software may be of great significance
516 as it may monitor and hinder any malicious code to impact the cloud. In [47], the architecture of
517 an antivirus CloudAV is described. The antivirus supports in-cloud detection of malicious code
518 by incorporating multiple detection engines. These engines execute in parallel and can analyze
519 the files being transferred. A host agent runs on host systems to send suspicious files to network
520 for analysis. The network service analyzes the code to identify threats. A forensic analysis is also
521 used to track information related to file access and extract the actions performed by malicious
522 code. Using multiple detection engines, detection coverage of the CloudAV antivirus increases
523 significantly and achieves almost 94% of average detection rate.
524 A mechanism incorporating the detection of malware using historical information is de-
525 scribed in [104]. The approach makes use of logs corresponding to writing or creation of ex-
526 ecutable files in the Portable Executable (PE) format. With a lightweight log collector, any
527 changes made to PE files by malware code are captured. The logs are processed by using

15
Attack Attack Vulnerable
Mechanism Implications Countermeasures
Ref. Category Components
Violation of
Fine-grained access data
for application protection,
Insecure APIs and
[73] A4a , A4b development, Denial-of- [47], [104], [105], [75]
shared storage
Storage access for Service (IaaS,
shared architectures PaaS and
SaaS)
Malicious
Steganography manipulation
attack through of data, Cloud network [75], [45], [105], [47],
[74] A4a
network for data Denial-of- and storage [104], [25]
and malicious code Service (IaaS
and SaaS)
Violation of
data
Protocols Network
[6] A4c protection [10], [25]
vulnerabilities Protocols
(IaaS and
SaaS)
Denial-of-
Service,
SOAP message Web Services and
[10] A4c Theft-of- [10], [25]
manipulation protocols
Service (PaaS
and SaaS)
Violation of
Shared cache based data
[76] A4b Shared caches [77], [106], [76]
side channel attack protection
(PaaS)

Table 4: Comparison of application based attacks on clouds

16
528 MapReduce which performs file indexing and relation indexing, to represent the locations and
529 relationships of PE files, respectively. The experimental results show 83% accuracy for detecting
530 malware.
531 A framework for dynamic analysis of malware and suspicious code is given in [105]. The
532 approach effectively utilizes the resources of the cloud as well as the end users or clients who
533 may be victims of malware. It causes the clients to send malware programs to a cloud for analysis
534 on its behalf. The suspicious code is executed on the cloud except the environment independent
535 system calls which are executed on the users’ systems, and their output is then submitted to the
536 cloud. The output of the code is analyzed thoroughly to determine whether there is any malicious
537 activity performed by the suspicious code. This approach works efficiently to detect malware as
538 it mitigates the overhead of executing a large part of the code on the end users’ system and
539 transfers it to a resource rich cloud.
540 For steganography attacks in cloud storage systems, a StegAD scheme is described in [75].
541 The scheme incorporates two algorithms for detecting the affected files and determine the hidden
542 places, respectively. The scheme is shown to successfully work for audio files based attacks on
543 cloud storage. Similarly, for securing web applications and thwarting malware injections through
544 networks, the application firewalls [45] may be incorporated together with intrusion detection
545 systems [25].
546 The timing information leakage using shared resource based attacks may be tackled through a
547 transformation called if-conversion [106]. The suggested approach works for control-flow based
548 side channels in which program execution is traced by finding the path followed during execution
549 of the program. The transformation of code for conditional execution protects against the control
550 flow based side channel attacks. Likewise, a framework to analyze cache based side channel
551 attacks is described in [77]. A binary file and cache parameters are input to the framework
552 for analysis and detection of attacks. The framework uses the parser and iterator components
553 together with abstract domains to analyze the attacks.

554 4. Automated Cloud Protection Using Intrusion Detection and Prevention Systems

555 An Intrusion Detection System (IDS) analyzes the packet header and payload to compare it
556 with any anomalies found in comparison with the normal traffic. This is in contrast to a firewall
557 which filters the network traffic by examining the packet headers flowing through the network
558 ports. For anomalous traffic, an IDS attempts to identify the pattern against common threats,
559 and alerts the network administrator. An Intrusion Prevention System (IPS) works just like an
560 IDS, however it may also reject the packets or terminate the connection. Since the backbone
561 of a cloud based platform is usually a high-speed network, it must be protected by a fully auto-
562 mated intrusion detection/prevention system. A network intrusion detection/prevention system
563 (NIDS/NIPS) attempts to secure all computer systems in a network, whereas a host-based in-
564 trusion detection/prevention system (HIDS/HIPS) attempts to secure a single host. A highly
565 scalable intrusion detection system is able to provide support for efficient utilization of modern
566 high performance architectures.
567 Two different types of detection models have been incorporated in intrusion detection sys-
568 tems: Statistical or Signature-based [25]. The statistical model maintains profiles regarding
569 users, hosts, applications and connection (ports, devices and protocols). It then compares current
570 activity with the attributes of the profile for any anomalies. In contrast, a signature-based model
571 compares the traffic against a collection of signatures or threat patterns.

17
572 Table 5 provides a comparative analysis of the main intrusion detection/prevention systems in
573 terms of category, intrusion detection model, main components, technical complexity, scalability
574 and open source support parameters.

575 4.1. ACARM-ng

576 The Alert Correlation, Assessment and Reaction Module - next generation system [107, 108]
577 is able to generate alerts and correlate them. For intrusion detection, it can work for networks
578 as well as for individual hosts. It gets input in Intrusion Detection Message Exchange Format
579 (IDMEF) [46], a standard format for communicating with IDS. Its architecture makes use of
580 filters (for joining and correlating attacks), triggers (for reactions to attacks) and a database (for
581 storing alerts and state of the application.

582 4.2. Suricata

583 The Suricata intrusion prevention system [48] is a rule based engine that supports intrusion
584 detection and prevention by monitoring network traffic. It generates alerts for the system admin-
585 istrator if any suspicious activity is performed in the network. On high performance architectures,
586 it can scale efficiently by exploiting multi-threading feature on multiple processors or cores. Its
587 detection system can identify protocols thereby making it easy for users to obtain security based
588 on protocols instead of ports.

589 4.3. OSSEC

590 The Open Source SECurity intrusion prevention system [27, 109] monitors the network for
591 individual hosts. Its implementation uses several daemons to perform specialized tasks such as
592 forwarding logs to servers, analyzing logs and generating alerts. It uses a central manager (to
593 retrieve information from syslog), agents and databases to generate alerts on a real-time basis.
594 The manager stores the rules and the configuration parameters together with the system logs and
595 events.

596 4.4. Snort

597 Snort [26] is a network intrusion prevention system which provides support of packet sniffing
598 and packet logging modes in addition to analysis in NIDS mode. Through packet sniffing, the
599 packet stream is captured and displayed to the user, whereas through packet logging, the packets
600 may be stored on a backup storage device. To generate alerts, it uses the components of packet
601 sniffer, pre-processor, detection engine and logger. The packet logging may speed up using fast
602 mode which makes the logger write logs efficiently in binary form.

603 4.5. NIDES

604 The Next Generation Intrusion Detection Expert System (NIDES) [110] executes on a host
605 to analyze user activities on a collection of target computers. It is able to perform real-time
606 monitoring for suspicious behaviors. It uses analyzers for statistical and rule-based analyses
607 to detect unusual behavior and match with known intrusion types. Subsequently, the alerts are
608 reported to relevant users. The NIDES system also includes a resolver to filter the alarms for
609 security officer and an archiver to store alerts together with analysis results.

18
610 4.6. eXpert-BSM
611 The eXpert-BSM software [111] is a host-based intrusion detection system which uses a
612 knowledge base to detect intrusions and generate alarms on a Sun-Solaris based system. It per-
613 forms an analysis of audit trails by making of use of inference engine and knowledge base rules.
614 Its expert system can monitor the system for suspicious network activities and traffic flowing
615 through the user-configured ports.

616 4.7. Fail2ban

617 The Fail2ban software [112] uses log files and detects patterns which may correspond to
618 intrusion efforts. After identifying the break-in attempts, it may add rule to firewall and generate
619 an alarm for the system administrator. It uses a server component to listen to ports, a client
620 component to send commands to server and a jail component to represent combination of filters
621 and actions. Corresponding to a filter, one or more actions such as adding firewall rule, getting
622 information of attacker and sending alert to administrator may be performed.

623 4.8. Prelude-OSS

624 The Prelude-OSS intrusion detection system [113] is an open source version of the Prelude
625 software to provide support of security event management. The open source version works for
626 small organizations to provide the basic functionality of intrusion detection. It makes use of
627 several modules for accessing database, receiving and storing events, correlating alerts and log
628 management. The intrusion events occurring in a network are displayed through a graphical
629 interface.

630 4.9. Sagan

631 The Sagan software [114] can perform a real-time analysis of intrusion events. For better
632 scalability, it has a multi-threaded architecture for event and log analysis. It provides support
633 of detecting and managing intrusion events in a standard manner which makes it compatible for
634 correlating log events with other intrusion detection systems. The events and alerts may also
635 be written to a database. Moreover, it uses diverse output formats for event detection, firewall
636 support and real-time alert management.

637 4.10. Samhain

638 The Samhain intrusion detection system [115] is a host-based IDS which may perform file
639 integrity checking, port scanning and log analysis. With a client/server based architecture, it uses
640 the components of integrity checker, log server and a web-based console. It also provides support
641 for central logging and storage in database. Its web-based console allows to view client/server
642 activities and analysis reports.

643 4.11. Bro-IDS

644 The Bro network analyzing framework [116] can be used to detect intrusions through real-
645 time monitoring. It contains an interpreter to execute policy scripts, an event engine to manage
646 events and libpcap [117] to monitor packet streams. The event engine obtains packet stream and
647 ensures that the packets are well-formed. Similarly, a checksum on IP headers is also performed.
648 An invalid packet is then discarded and an event is triggered to communicate the problem. The
649 interpreter executes the event handlers, generates new event notifications and logs data to disk.
19
 Cate- Technical Scalabil- Open
Framework Detection Model Major Components
gory Complexity ity Source
profile-based model to
ACARM-ng correlation daemon,
IDS, IPS support NIDS, NIPS, Medium Low Yes
[107, 108] database engine
HIDS and HIPS
Network Intrusion
Signature-based model to detection, prevention and
Suricata [48] IDS, IPS Medium High Yes
support NIDS and NIPS monitoring engines,
analyzer and logger
Signature-based model
OSSEC file integrity and log
IDS, IPS and profile-based model to High Low Yes
[27, 109] checkers
support HIDS and HIPS
Signature-based model packet sniffer,
Snort [26] IDS, IPS and profile-based model to pre-processor, detection Medium Medium Yes
support NIDS and NIPS engine and logger
Signature-based and
Analyzer, resolver and
NIDES [110] IDS profile-based model to High Low No
archiver
support NIDS
Inference engine,
eXpert-BSM Profile-based model to
IDS knowledge base and High Low No
[111] support NIDS
analyzer
Fail2ban Profile-based model to
IDS, IPS Client, Server and Jails Low High Yes
[112] support NIDS and NIPS
Prelude-OSS Profile-based model to Manager, correlator and
IDS Low Low Yes
[113] support NIDS log file manager
Profile-based model to
Sagan [114] IDS Event and log analyzer Medium High Yes
support NIDS
Samhain Profile-based model to Integrity checker, log
IDS Medium High Yes
[115] support HIDS server and console
Bro-IDS Profile-based model to Script interpreter and
IDS, IPS High Low Yes
[116] support NIDS event engine

Table 5: Comparison of major intrusion detection/prevention systems

20
650 5. Securing Cloud Execution Environment Through Trusted Cloud Computing

651 Trusted cloud computing enables the cloud service providers to ensure a secure and con-
652 fidential execution environment while maintaining integrity of its data and computations. In
653 this section, we analyze various contributions aimed at securing cloud computing environment
654 through trusted computing. Table 6 provides a parametric comparison of research contributions
655 aimed at trusted computing based security for cloud computing platforms. The comparison is
656 performed in terms of mechanism, major components, cloud layers, automation level and en-
657 cryption/certificates used in the approach.
658 For trusted computing, a field-programmable gate array (FPGA) can be deployed to securely
659 identify a computation implemented in the logic fabric [118]. A symmetric encryption key is
660 stored on FPGA memory. The FPGA can then be installed in a cloud server. A trusted author-
661 ity in the cloud can encrypt and sign applications with the keys of FPGAs. Consequently, the
662 application can process data in a secure manner.
663 A trust overlay network suggested in [119] uses distributed hash tables to provide support
664 of intrusion detection and prevention to DDoS attacks. A distributed security mechanism is
665 incorporated while making use of cloud resources. A data object in the cloud environment is
666 protected by using data coloring based watermarking. Different security levels are represented
667 by data colors whose characteristics are known only to owners and can not be detected by cloud
668 providers or other users without having known the characteristics.
669 A trust management module is deployed for establishing secure communication between
670 cloud users and cloud providers [120]. The approach uses a trust integrator for maintaining trust
671 between service providers and between users and service providers. The trust integrator works
672 by discovering service providers, negotiating parameters and generating groups for services. To
673 accomplish the task, the service integrator contains different modules to support security, trust
674 and service management. For diverse policies of service providers and identity management,
675 an ontology based heterogeneity management module is proposed together with a user-centric
676 identity management mechanism.
677 To secure runtime environment of a cloud, a watermark based approach [121] is suggested.
678 Different algorithms of watermark have been incorporated to secure Java programs. Moreover,
679 for execution of the watermarked Java programs, the JVM is also customized to recognize and
680 extract watermarks. For securing watermark recognition, the watermark is concealed in the JVM.
681 Upon a mismatch, the watermark may not be extracted for the Java program being executed on
682 the cloud. Consequently, the program terminates with an error message that is subsequently
683 communicated to the cloud provider to restrict execution of such Java program. The proposed
684 approach results in secure execution of Java programs on cloud platforms.
685 A mechanism for developing a trusted third-party is described in [122]. The trusted third-
686 party ensures a secure communication and transactions b/w two parties [123]. The suggested
687 solution implements confidentiality through IPSEC and SSL for communication b/w machines.
688 The authentication process includes usage of digital signatures together with Single-Sign-On
689 (SSO) and Lightweight Directory Access Protocol (LDAP) which is used to access information
690 regarding users and resources on a network. Moreover, security domains are created to make fed-
691 erated clouds which represent clouds communicating through standard interfaces. For privacy of
692 data, hybrid cryptography employing both symmetric and asymmetric encryption mechanisms is
693 proposed. Similarly, an attribute based authorization using certificates is proposed to be imple-
694 mented for a trusted third-party.
695 An integrity model for management of different parameters of virtual machines is presented
21
696 in [124]. The prototype model is implemented using the Xen hypervisor. It uses the concept
697 of Trusted Platform Module (TPM) [125] to work for virtual machines. The module works for
698 the enforcement of security policies and guarantee compliance while attaching new devices to
699 virtual machines. It stores a log of system history in terms of policies and configurations. The
700 attestation and sealing/unsealing mechanisms are then implemented to enforce access restriction.
701 Consequently, the security policy may not be modified for unauthorized usage.
702 A collaborative model to support trusted cloud computing using firewalls is given in [126].
703 The model works for environments where cloud service providers have diverse policies. The
704 model is organized into nodes and the collection of nodes called domains. A trust table is de-
705 ployed in the model to maintain trust values corresponding to nodes. Upon a user request, the
706 domain agents send the message to the neighborhood agents to communicate with the firewall. A
707 digital signature is required by the cloud service provider for initial connection before allocating
708 resources to users. The trust values are updated dynamically based on the history of transactions.
709 A trusted cloud computing environment for IaaS model using a 2-level hierarchy is given in
710 [127]. The environment incorporates a third-party auditor to verify the trustworthiness of cloud
711 service providers. The cloud platform is attested through a policy based attestation model. To
712 check conformance of the cloud service provider, the proposed model requires security parame-
713 ters to be agreed upon through the service level agreement (SLA).
714 A trusted computing platform (TCP) can be integrated into a cloud environment for trusted
715 cloud computing [128]. A TCP is based on TPM and may be used for authentication and role
716 based access. A user logs on to a cloud using TCP and obtains a trusted certificate from the
717 cloud. For secure communication, the client uses the certificate and information regarding the
718 role. Moreover, the data security is ensured using the keys generated with TPM.
719 For clouds and grids, a trust management system is proposed in [129]. The suggested model
720 calculates trust values using different evaluators corresponding to security, feedback and rep-
721 utation parameters. The security evaluator uses the authentication and authorization types for
722 assigning different trust values. The feedback evaluator obtains input from the user to assign
723 trust values. Similarly, the reputation evaluator takes into consideration the capability of cloud
724 or grid based system in terms of its resources. A trust manager then accumulates the trust values
725 which is then communicated to other components for execution of the user request.
726 A trusted cloud computing model based on SLA is proposed in [130]. The proposed archi-
727 tecture uses SLA agent for defining SLA metrics, selecting cloud service providers and moni-
728 toring the business activities. The trust management model takes input from the cloud service
729 providers, users and SLA agents to rank the cloud providers for selection. Moreover, a directory
730 of cloud services is suggested to store information regarding cloud providers and their services.
731 The mechanism of trust establishment requires the cloud services to be advertised, followed by
732 the selection of cloud providers. The SLA agreement is communicated to the user requesting the
733 resources. Further communication with the cloud provider takes place if the user agrees to the
734 SLA agreement.

735 6. Regulating Cloud Security Compliance Issues

736 Various regulatory bodies have defined rules and regulations to ensure security of data and al-
737 lowing disclosure under permissible circumstances. The rules defined by these regulatory bodies
738 encompass a wide range of applications and practices as detailed below.

22
 Automa-
Refer- Major Cloud Encryp-
Mechanism tion
ence Components Layer tion/Certificates
Level
Trusted Authority,
[118] TPM on FPGA SaaS High RSA, SHA, AES
TPM and FPGA
Role-based access
using Trusted IaaS,
Trusted Platform
Computing Platform PaaS Generic with X.509
[128] Support Service Low
(TCP) integration with and certificates
with TPM
Trusted Platform SaaS
Support Service (TSS)
Distributed hash table
IaaS,
based overlay networks Trust overlay
PaaS RSA and
[119] for protecting objects network and hash Low
and watermarking
using data coloring and tables
SaaS
watermarking
Discovery of services, Service integrator IaaS,
Role-based access, trust having modules for PaaS
[120] Low Generic
and identity security, trust and and
management service management SaaS
Watermark
Watermarking Java
embedder, JVM
program, Recognition
[121] generator and SaaS High Watermark-based
and extraction of
deployment
watermark by JVM
modules
A trusted platform
using trusted VMM to
TPM, Trusted
securely execute guest
[58] VMM and IaaS Low Generic
VMs and attest the
Coordinator
cloud infrastructure
providers
Compartment,
Security policies for Generic for VM
Integrity and Secure
[124] virtual machines using IaaS High image and Network
virtual device
TPM configuration
managers
Certificate, data, IaaS,
Trusted third-party
authentication, PaaS IPSEC, SSL, SSO
[122] using IPSEC, SSL, Low
LDAP and database and and LDAP
SSO and LDAP
servers SaaS
Designing SLA
parameters, selecting SLA agent and
[130] SaaS Low SLA-based
cloud service provider services directory
and monitoring
Multi-tenancy trusted Third-party auditor,
[127] IaaS High Generic
computing environment TPM and SLA
Collaborative trust
model using trust
Trust domains and
[126] domains, trust tables IaaS Medium Generic
trust tables
and historical data to
compute trust values
Trust model using
Kerberos and
security, feedback and Resource broker
[129] IaaS Medium PERMIS based
reputation evaluators to and evaluators
authentication
find trust values

Table 6: Comparison of trusted computing based cloud computing security

23
739 6.1. Common Criteria Compliance
740 Common Criteria [131] has become a global standard for evaluation of security products.
741 It makes use of protection profiles which specify security requirements in an implementation
742 independent manner. It assigns different Evaluation Assurance Levels (EALs) ranging from
743 EAL1 to EAL7 to represent different grades of security assurance. The cloud related products
744 are also evaluated and certified if they comply with the security requirements. For instance, the
745 VMWare ESXi, vCloud Networking & Security [132], Citrix Xen Server [133], z/VM [134] and
746 the KVM hypervisor [135] all are Common Criteria certified.

747 6.2. Trusted Computing Compliance

748 The Trusted Computing Group is a non-profit group of companies formed for promoting trust
749 and security in computing platforms [136]. The group has developed a Trusted Platform Module
750 (TPM) specification to support trusted computing. Using TPM, the cryptographic information
751 is stored on hardware to protect it from software based attacks. The cloud based servers can
752 be easily secured by using a TPM [137]. Moreover, the encryption and authentication standards
753 developed by TCG are implemented for securing data storage and data communication on a cloud
754 platform, respectively.

755 6.3. Privacy Acts Compliance

756 Governmental organizations as well as private institutions or individual customers may store
757 their data or public data on clouds. The privacy and confidentiality of data needs to be ensured
758 by cloud service providers due to legal implications as mentioned in different governmental rules
759 and statutes.

760 6.3.1. Privacy of Health Related Information

761 The Health Insurance Portability and Accountability Act (HIPAA) [29] describes a set of
762 privacy rules to provide support of confidentiality and security of health related information. In
763 addition to protecting data during transmission, the personal health information must be pro-
764 tected while being maintained in any form. Even it requires the data to be protected against
765 threats and malicious software. Moreover, the data backup and disaster recovery plans need to
766 be implemented. The information disclosure without obtaining a patient’s consent is allowed
767 only when mandated by law. Several cloud storage providers including the CareCloud [138],
768 FireHost [139], Symform [140] and Carbonite [141] claim to be HIPAA compliant by ensuring
769 implementation of its standards.

770 6.3.2. Privacy of Electronic Data

771 The Electronic Communications Privacy Act (ECPA) [28] describes rules and restrictions
772 regarding protection during transmission of electronic data. It encompasses rules for access to
773 private data in stored form as well as interception of data during communication. An unautho-
774 rized access is prohibited if data is stored on third-party storage devices, however ECPA allows
775 official access to data without informing the owner thereby reducing the confidence of customers
776 on cloud providers. A coalition called Digital 4th is currently working to recommend modifica-
777 tion to ECPA for making it more appropriate for the cloud computing platforms [142].

24
778 6.3.3. Privacy of Financial Data
779 The Fair Credit Reporting Act (FCRA) [143] describes rules for privacy of user credit infor-
780 mation. For a credit reporting agency storing credit data of customers on a cloud, it becomes
781 compulsory to ensure its security through FCRA compliance. Similarly, some safeguard rules
782 are described in the Gramm-Leach-Bliley (GLB) Act [144] for financial bureaus to ensure confi-
783 dentiality of data. The financial institutions are required to only select the service providers who
784 are able to implement the safeguard rules.

785 7. Cloud Security Issues in the Future

786 Together with the growth of cloud services, the cloud vulnerability incidents have been on
787 the rise. The IBM statistics [145] show that for an organization on average, the number of cyber
788 security attacks has reached up to 1400 per week. The conventional brute-force, vulnerability
789 scan, web application and malware/botnet attacks have been reported to dominate in year 2014
790 [146]. With the increasing number of attacks, the number of research contributions describing
791 countermeasures to ensure cloud security has also increased significantly. Figure 3 presents a
792 year-wise trend with the number of research papers citing the term ’cloud security’ (Term and
793 Keyword search retrieved from the ACM Digital Library).

Figure 3: Cloud Security Contributions

794 Despite the countermeasures being suggested in research, many issues seem to pose chal-
795 lenge for securing cloud in the future.

796 7.1. Trusted Execution Environment

797 A cloud service provider must ensure a trusted environment for its clients. The code and
798 data stored on the cloud storage should only be accessible to authentic relevant users. In this
799 regard, trusted execution technologies provide a reliable way to verify the integrity of the system
800 [147, 148]. Since the integrity of a system may span hypervisor as well as the applications,
801 management software and security policies, any compromise to their integrity may be identified
802 and necessary measures may be taken to protect the system subsequently.

25
803 7.2. Protocol Vulnerabilities
804 To access data and services on clouds, the protocols defined for communication have proved
805 to be vulnerable to various attacks. For instance, the SOAP message can be manipulated to target
806 cloud platform services and violate data protection [84, 10]. Similarly, the insecure interfaces
807 and APIs used to interact with cloud systems have been reported to be the top threat [11]. It
808 is therefore necessary to mitigate the vulnerability of already existing protocols. Consequently,
809 either a secure implementation of these protocols is required or a strong encryption mechanism
810 needs to be incorporated to improve the security [84, 149].

811 7.3. Federated Identity Interoperability

812 The identity and access management provides support of controlling users’ access to shared
813 cloud resources through individual user identities. A federated identity management makes mul-
814 tiple organizations share the identities to support Single-Sign-On mechanism [100, 101, 102].
815 As the federated identity model continues to evolve, the diversity of protocols, conformance
816 requirements and architectures makes it complicated for deployment among multiple organiza-
817 tions [150]. The open source identity stack based implementations [151] may be beneficial for
818 addressing interoperability issues.

819 7.4. Open Standards Compliance

820 Despite having identified common threats and vulnerabilities in cloud systems, the require-
821 ment for the minimum security needs to be leveraged by defining open standards. Although cur-
822 rently various virtualization products comply with the common criteria standards, the compliance
823 of cloud security from different perspectives such as services, deployment and interoperability is
824 still undefined [132, 133, 152].

825 8. Conclusion

826 Cloud computing offers services for consumers through effective utilization of shared re-
827 sources. Despite its effectiveness for cloud service providers as well as for the cloud users, its
828 prevalence is hindered by various security issues. This paper presents a comprehensive survey of
829 the issues and research contributions aiming at cloud security. These issues encompass security
830 of data and services on cloud platforms. We categorize security threats and perform a compara-
831 tive analysis of security issues and the countermeasures suggested in the literature to cope with
832 these issues.
833 We also survey the main intrusion detection and prevention systems and analyze their effec-
834 tiveness in terms of working mechanism, components and scalability. Moreover, a comparative
835 analysis of the contributions made for trusted cloud computing is also presented. We also ana-
836 lyze a large number of standard Acts and regulations required for compliance by the cloud service
837 providers. In the perspective of future challenges, we discuss the main issues related to cloud
838 security and their possible solutions in terms of the trusted execution, protocol vulnerabilities,
839 federated identity interoperability and open standards compliance.
840 [1] R. Buyya, J. Broberg, A. M. Goscinski, Cloud Computing Principles and Paradigms, Wiley Publishing, 2011.
841 [2] Z. Sanaei, S. Abolfazli, A. Gani, R. Buyya, Heterogeneity in mobile cloud computing: Taxonomy and open chal-
842 lenges, Communications Surveys Tutorials, IEEE 16 (1) (2014) 369–392. doi:10.1109/SURV.2013.050113.00090.
843 [3] K. Kumar, J. Liu, Y.-H. Lu, B. Bhargava, A survey of computation offloading for mobile systems, Mob. Netw.
844 Appl. 18 (1) (2013) 129–140.

26
845 [4] R. McMillan, Hackers find a home in amazon ec2’s cloud (2009).
846 URL http://www.computerworld.com/article/2521744/security0/hackers-find-a-home-in-
847 amazon-s-ec2-cloud.html
848 [5] InfoSecurity, Google cloud platform used for botnet control (2009).
849 URL http://www.infosecurity-magazine.com/news/google-cloud-platform-used-for-botnet-
850 control/
851 [6] B. Grobauer, T. Walloschek, E. Stocker, Understanding cloud computing vulnerabilities, Security Privacy, IEEE
852 9 (2) (2011) 50–57.
853 [7] F. Liu, L. Ren, H. Bai, Mitigating cross-vm side channel attack on multiple tenants cloud platform, Journal of
854 Computers 9 (4).
855 [8] Y. Zhang, A. Juels, M. K. Reiter, T. Ristenpart, Cross-vm side channels and their use to extract private keys, in:
856 Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ’12, ACM, New
857 York, NY, USA, 2012, pp. 305–316. doi:10.1145/2382196.2382230.
858 URL http://doi.acm.org/10.1145/2382196.2382230
859 [9] F. Zhou, M. Goel, P. Desnoyers, R. Sundaram, Scheduler vulnerabilities and coordinated attacks in cloud comput-
860 ing, in: Network Computing and Applications (NCA), 2011 10th IEEE International Symposium on, 2011, pp.
861 123–130. doi:10.1109/NCA.2011.24.
862 [10] N. Gruschka, L. Iacono, Vulnerable cloud: Soap message security validation revisited, in: Web Services, 2009.
863 ICWS 2009. IEEE International Conference on, 2009, pp. 625–631. doi:10.1109/ICWS.2009.70.
864 [11] R. Ko, S. G. Lee, V. Rajan, Cloud computing vulnerability incidents: A statistical overview (March 2013).
865 URL https://cloudsecurityalliance.org/download/cloud-computing-vulnerability-incidents
866 -a-statistical-overview/
867 [12] Symantec, 2015 internet security threat report (April 2015).
868 URL http://www.symantec.com/security response/publications/threatreport.jsp
869 [13] W. Lin, D. Lee, Traceback attacks in cloud – pebbletrace botnet, in: Distributed Computing Systems Workshops
870 (ICDCSW), 2012 32nd International Conference on, 2012, pp. 417–426. doi:10.1109/ICDCSW.2012.61.
871 [14] K. Kourai, T. Azumi, S. Chiba, A self-protection mechanism against stepping-stone attacks for iaas clouds,
872 in: Ubiquitous Intelligence Computing and 9th International Conference on Autonomic Trusted Computing
873 (UIC/ATC), 2012 9th International Conference on, 2012, pp. 539–546. doi:10.1109/UIC-ATC.2012.139.
874 [15] H. Wu, Y. Ding, C. Winer, L. Yao, Network security for virtual machine in cloud computing, in: Computer
875 Sciences and Convergence Information Technology (ICCIT), 2010 5th International Conference on, 2010, pp.
876 18–21. doi:10.1109/ICCIT.2010.5711022.
877 [16] W. Ashford, Cyber criminals turn their attention to cloud service credentials (2015).
878 URL http://www.computerweekly.com/news/2240241940/Cyber-criminals-turn-their-attention
879 -to-cloud-service-credentials
880 [17] T. Ristenpart, E. Tromer, H. Shacham, S. Savage, Hey, you, get off of my cloud: Exploring information leakage
881 in third-party compute clouds, in: Proceedings of the 16th ACM Conference on Computer and Communications
882 Security, CCS ’09, ACM, New York, NY, USA, 2009, pp. 199–212. doi:10.1145/1653662.1653687.
883 URL http://doi.acm.org/10.1145/1653662.1653687
884 [18] C. Wang, Q. Wang, K. Ren, W. Lou, Ensuring data storage security in cloud computing, in: Quality of Service,
885 2009. IWQoS. 17th International Workshop on, 2009, pp. 1–9. doi:10.1109/IWQoS.2009.5201385.
886 [19] J. J. Wylie, M. Bakkaloglu, V. Pandurangan, M. W. Bigrigg, S. Oguz, K. Tew, C. Williams, G. R. Ganger, P. K.
887 Khosla, Selecting the right data distribution scheme for a survivable storage system, in: CMU-CS-01-120, 2001,
888 pp. 1–23.
889 [20] A. Aviram, S. Hu, B. Ford, R. Gummadi, Determinating timing channels in compute clouds, in: Proceedings of
890 the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW ’10, ACM, New York, NY, USA,
891 2010, pp. 103–108.
892 [21] H. Hlavacs, T. Treutner, J.-P. Gelas, L. Lefevre, A.-C. Orgerie, Energy consumption side-channel attack at virtual
893 machines in a cloud, in: Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International
894 Conference on, 2011, pp. 605–612. doi:10.1109/DASC.2011.110.
895 [22] M. Godfrey, M. Zulkernine, A server-side solution to cache-based side-channel attacks in the cloud,
896 in: Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on, 2013, pp. 163–170.
897 doi:10.1109/CLOUD.2013.21.
898 [23] D. A. Osvik, A. Shamir, E. Tromer, Cache attacks and countermeasures: The case of aes, in: Proceedings of the
899 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, Springer-Verlag,
900 Berlin, Heidelberg, 2006, pp. 1–20.
901 [24] D. Riquet, G. Grimaud, M. Hauspie, Large-scale coordinated attacks: Impact on the cloud security, in: Innovative
902 Mobile and Internet Services in Ubiquitous Computing (IMIS), 2012 Sixth International Conference on, 2012,
903 pp. 558–563. doi:10.1109/IMIS.2012.76.
27
904 [25] K. A. Scarfone, P. M. Mell, Sp 800-94. guide to intrusion detection and prevention systems (idps), Tech. rep.,
905 Gaithersburg, MD, United States (2007).
906 [26] M. Roesch, Snort user manual 2.9.7 (October 2014).
907 URL https://www.snort.org/documents/1
908 [27] A. Hay, D. Cid, R. Bary, S. Northcutt, in: {OSSEC} Host-Based Intrusion Detection Guide, Syngress, Burlington,
909 2008, pp. 247 – 249.
910 [28] DHS, Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. 2510-22. (2013).
911 URL https://it.ojp.gov/default.aspx?area=privacy&page=1285
912 [29] U. D. of Health & Human Services, Health Information Policy (2007).
913 URL http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
914 [30] I. M. Khalil, A. Khreishah, M. Azeem, Cloud computing security: A survey, Computers 3 (2014) 1–35.
915 [31] K. Hashizume, D. Rosado, E. Fernndez-Medina, E. Fernandez, An analysis of security issues for cloud computing,
916 Journal of Internet Services and Applications 4 (1). doi:10.1186/1869-0238-4-5.
917 [32] V. Ashktorab, S. R. Taghizadeh, Security threats and countermeasures in cloud computing, International Journal
918 of Application on Innovation in Engineering & Management 1 (2012) 234–245.
919 [33] M. Shankarwar, A. Pawar, Security and privacy in cloud computing: A survey, in: Proceedings of the 3rd Inter-
920 national Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014, Vol. 328 of
921 Advances in Intelligent Systems and Computing, Springer International Publishing, 2015, pp. 1–11.
922 [34] S. Subashini, V. Kavitha, A survey on security issues in service delivery models of cloud computing, Journal of
923 Network and Computer Applications 34 (1) (2011) 1 – 11.
924 [35] N. Gruschka, M. Jensen, Attack surfaces: A taxonomy for attacks on cloud services, in: Cloud Computing
925 (CLOUD), 2010 IEEE 3rd International Conference on, 2010, pp. 276–279. doi:10.1109/CLOUD.2010.23.
926 [36] A. Bisong, S. M. Rahman, An overview of the security concerns in enterprise cloud computing, International
927 Journal of Network Security & Its Applications 3 (1) (2011) 30–45.
928 [37] M. T. Khorshed, A. S. Ali, S. A. Wasimi, A survey on gaps, threat remediation challenges and some thoughts for
929 proactive attack detection in cloud computing, Future Gener. Comput. Syst. 28 (6) (2012) 833–851.
930 [38] S. Srinivasamurthy, D. Q. Liu, A. V. Vasilakos, N. Xiong, Cloud computing security: A survey, Parallel & Cloud
931 Computing 2 (4) (2013) 126–153.
932 [39] C. S. Alliance, Top threats to cloud computing v1.0, 2010, pp. 1–14.
933 [40] M. Zhou, R. Zhang, W. Xie, W. Qian, A. Zhou, Security and privacy in cloud computing: A survey, in: Semantics
934 Knowledge and Grid (SKG), 2010 Sixth International Conference on, 2010, pp. 105–112.
935 [41] F. Shahzad, State-of-the-art survey on cloud computing security challenges, approaches and solutions, Procedia
936 Computer Science 37 (0) (2014) 357 – 362, the 5th International Conference on Emerging Ubiquitous Systems
937 and Pervasive Networks (EUSPN-2014)/ The 4th International Conference on Current and Future Trends of In-
938 formation and Communication Technologies in Healthcare (ICTH 2014)/ Affiliated Workshops.
939 [42] K. Curran, S. Carlin, Cloud computing security, Int. J. Ambient Comput. Intell. 3 (1) (2011) 14–19.
940 [43] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, M. Rajarajan, A survey of intrusion detection techniques in
941 cloud, Journal of Network and Computer Applications 36 (1) (2013) 42 – 57.
942 [44] O. Popovic, Z. Jovanovic, N. Jovanovic, R. Popovic, A comparison and security analysis of the cloud computing
943 software platforms, in: Telecommunication in Modern Satellite Cable and Broadcasting Services (TELSIKS),
944 2011 10th International Conference on, Vol. 2, 2011, pp. 632–634.
945 [45] OWASP, Web application firewall (2015).
946 URL https://www.owasp.org/index.php/Web Application Firewall
947 [46] H. Debar, D. Curry, B. Feinstein, The intrusion detection message exchange format (idmef) (2007).
948 URL https://www.ietf.org/rfc/rfc4765.txt
949 [47] J. Oberheide, E. Cooke, F. Jahanian, Cloudav: N-version antivirus in the network cloud, in: Proceedings of the
950 17th Conference on Security Symposium, SS’08, USENIX Association, Berkeley, CA, USA, 2008, pp. 91–106.
951 [48] OISF, Suricata user guide (2015).
952 URL https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata
953 User Guide
954 [49] S. Tandon, S. SB, V. Agrawal, Cache-based side-channel attack on aes in cloud computing environment, Interna-
955 tional Journal of Engineering Research & Technology 3 (10) (2014) 1080–1084.
956 [50] Z. Wang, R. B. Lee, New cache designs for thwarting software cache-based side channel attacks, SIGARCH
957 Comput. Archit. News 35 (2) (2007) 494–505.
958 [51] M. A. Morsy, J. Grundy, I. Muller, An analysis of the cloud computing security problem, in: In Proceedings of
959 APSEC 2010 Cloud Workshop, Sydney, Australia, 2010, pp. 1–6.
960 [52] T. Garfinkel, M. Rosenblum, When virtual is harder than real: Security challenges in virtual machine based
961 computing environments, in: Proceedings of the 10th Conference on Hot Topics in Operating Systems - Volume
962 10, HOTOS’05, USENIX Association, Berkeley, CA, USA, 2005, pp. 20–20.
28
 963 URL http://dl.acm.org/citation.cfm?id=1251123.1251143
964 [53] J. Wei, X. Zhang, G. Ammons, V. Bala, P. Ning, Managing security of virtual machine images in a cloud environ-
965 ment, in: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, ACM, New York,
966 NY, USA, 2009, pp. 91–96.
967 [54] D. Reimer, A. Thomas, G. Ammons, T. Mummert, B. Alpern, V. Bala, Opening black boxes: Using semantic
968 information to combat virtual machine image sprawl, in: Proceedings of the Fourth ACM SIGPLAN/SIGOPS
969 International Conference on Virtual Execution Environments, VEE ’08, ACM, New York, NY, USA, 2008, pp.
970 111–120.
971 [55] E. B. Fernandez, R. Monge, K. Hashizume, Two patterns for cloud computing: Secure virtual machine image
972 repository and cloud policy management point, in: Proceedings of the 20th Conference on Pattern Languages of
973 Programs, PLoP ’13, The Hillside Group, USA, 2013, pp. 15:1–15:11.
974 [56] J. Oberheide, E. Cooke, F. Jahanian, Empirical exploitation of live virtual machine migration (Feb 2008).
975 [57] G. Xiaopeng, W. Sumei, C. Xianqin, Vnss: A network security sandbox for virtual computing environment, in:
976 Information Computing and Telecommunications (YC-ICT), 2010 IEEE Youth Conference on, 2010, pp. 395–
977 398. doi:10.1109/YCICT.2010.5713128.
978 [58] N. Santos, K. P. Gummadi, R. Rodrigues, Towards trusted cloud computing, in: Proceedings of the 2009 Confer-
979 ence on Hot Topics in Cloud Computing, HotCloud’09, USENIX Association, Berkeley, CA, USA, 2009.
980 URL http://dl.acm.org/citation.cfm?id=1855533.1855536
981 [59] F. Zhang, Y. Huang, H. Wang, H. Chen, B. Zang, Palm: Security preserving vm live migration for systems with
982 vmm-enforced protection, in: Trusted Infrastructure Technologies Conference, 2008. APTC ’08. Third Asia-
983 Pacific, 2008, pp. 9–18. doi:10.1109/APTC.2008.15.
984 [60] J. Szefer, R. B. Lee, Architectural support for hypervisor-secure virtualization, SIGARCH Comput. Archit. News
985 40 (1) (2012) 437–450.
986 [61] H. Rong, M. Xian, H. Wang, J. Shi, Time-stealer: A stealthy threat for virtualization scheduler and its counter-
987 measures, in: S. Qing, J. Zhou, D. Liu (Eds.), Information and Communications Security, Vol. 8233 of Lecture
988 Notes in Computer Science, Springer International Publishing, 2013, pp. 100–112.
989 [62] E. Stefanov, E. Shi, Oblivistore: High performance oblivious cloud storage, in: Security and Privacy (SP), 2013
990 IEEE Symposium on, 2013, pp. 253–267. doi:10.1109/SP.2013.25.
991 [63] M. Li, S. Yu, K. Ren, W. Lou, Y. Hou, Toward privacy-assured and searchable cloud data storage services,
992 Network, IEEE 27 (4) (2013) 56–62. doi:10.1109/MNET.2013.6574666.
993 [64] T. Jung, X.-Y. Li, Z. Wan, M. Wan, Privacy preserving cloud data access with multi-authorities, in: INFOCOM,
994 2013 Proceedings IEEE, 2013, pp. 2625–2633. doi:10.1109/INFCOM.2013.6567070.
995 [65] C. S. Alliance, Secaas implementation guidance, category 7: Security information and event management, 2012,
996 pp. 1–33.
997 [66] W. A. Jansen, Cloud hooks: Security and privacy issues in cloud computing, in: Proceedings of the 2011 44th
998 Hawaii International Conference on System Sciences, HICSS ’11, IEEE Computer Society, Washington, DC,
999 USA, 2011, pp. 1–10.
1000 [67] L. Ertaul, S. Singhal, G. Saldamli, Security challenges in cloud computing, in: Proceedings of the 2010 Interna-
1001 tional Conference on Security& Management, SAM 2010, July 12-15, 2010, Las Vegas Nevada, USA, 2 Volumes,
1002 2010, pp. 36–42.
1003 [68] J. Sen, Security and privacy issues in cloud computing, CoRR abs/1303.4814.
1004 URL http://arxiv.org/abs/1303.4814
1005 [69] M. Townsend, Managing a security program in a cloud computing environment, in: 2009 Information Secu-
1006 rity Curriculum Development Conference, InfoSecCD ’09, ACM, New York, NY, USA, 2009, pp. 128–133.
1007 doi:10.1145/1940976.1941001.
1008 URL http://doi.acm.org/10.1145/1940976.1941001
1009 [70] AWS, Amazon web services: Overview of security processes, 2014, pp. 1–68.
1010 [71] D. Harnik, B. Pinkas, A. Shulman-Peleg, Side channels in cloud services: Deduplication in cloud storage, Security
1011 Privacy, IEEE 8 (6) (2010) 40–47. doi:10.1109/MSP.2010.187.
1012 [72] N. Kaaniche, M. Laurent, A secure client side deduplication scheme in cloud storage environments, in:
1013 New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, 2014, pp. 1–7.
1014 doi:10.1109/NTMS.2014.6814002.
1015 [73] D. Owens, Securing elasticity in the cloud, Queue 8 (5) (2010) 10:10–10:16.
1016 [74] W. Mazurczyk, K. Szczypiorski, Is cloud computing steganography-proof?, in: Multimedia Informa-
1017 tion Networking and Security (MINES), 2011 Third International Conference on, 2011, pp. 441–442.
1018 doi:10.1109/MINES.2011.95.
1019 [75] B. Liu, E. Xu, J. Wang, Z. Wei, L. Xu, B. Zhao, J. Su, Thwarting audio steganography attacks in cloud stor-
1020 age systems, in: Cloud and Service Computing (CSC), 2011 International Conference on, 2011, pp. 259–265.
1021 doi:10.1109/CSC.2011.6138530.
29
1022 [76] Y. Zhang, A. Juels, M. K. Reiter, T. Ristenpart, Cross-tenant side-channel attacks in paas clouds, in: Proceedings
1023 of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, ACM, New York,
1024 NY, USA, 2014, pp. 990–1003. doi:10.1145/2660267.2660356.
1025 URL http://doi.acm.org/10.1145/2660267.2660356
1026 [77] G. Doychev, D. Feld, B. Köpf, L. Mauborgne, J. Reineke, CacheAudit: A tool for the static analysis of cache
1027 side channels, in: Proceedings of the 22Nd USENIX Conference on Security, SEC’13, USENIX Association,
1028 Berkeley, CA, USA, 2013, pp. 431–446.
1029 [78] U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with rsa encryption algorithm to enhance
1030 the data security of cloud in cloud computing, in: Parallel Distributed and Grid Computing (PDGC), 2010 1st
1031 International Conference on, 2010, pp. 211–216. doi:10.1109/PDGC.2010.5679895.
1032 [79] M. Tebaa, S. El Hajji, A. El Ghazi, Homomorphic encryption method applied to cloud computing, in: Network
1033 Security and Systems (JNS2), 2012 National Days of, 2012, pp. 86–89. doi:10.1109/JNS2.2012.6249248.
1034 [80] S. Xiao, W. Gong, Mobility can help: Protect user identity with dynamic credential, in: Mobile Data Management
1035 (MDM), 2010 Eleventh International Conference on, 2010, pp. 378–380.
1036 [81] J. R. V. Winkler, Securing the Cloud: Cloud Computer Security Techniques and Tactics, Syngress Publishing,
1037 2011.
1038 [82] OWASP, Vulnerability scanning tools - owasp (2015).
1039 URL https://www.owasp.org/index.php/Category:Vulnerability
1040 [83] E. Fong, V. Okun, Web application scanners: Definitions and functions, in: Proceedings of the 40th Annual Hawaii
1041 International Conference on System Sciences, HICSS ’07, IEEE Computer Society, Washington, DC, USA, 2007,
1042 pp. 280b–.
1043 [84] T. Karnwal, T. Sivakumar, G. Aghila, A comber approach to protect cloud computing against xml ddos and http
1044 ddos attack, in: Electrical, Electronics and Computer Science (SCEECS), 2012 IEEE Students’ Conference on,
1045 2012, pp. 1–5. doi:10.1109/SCEECS.2012.6184829.
1046 [85] F. Rocha, M. Correia, Lucy in the sky without diamonds: Stealing confidential data in the cloud, in: Proceedings
1047 of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSNW
1048 ’11, IEEE Computer Society, Washington, DC, USA, 2011, pp. 129–134. doi:10.1109/DSNW.2011.5958798.
1049 URL http://dx.doi.org/10.1109/DSNW.2011.5958798
1050 [86] A. Vasudevan, J. M. McCune, N. Qu, L. Van Doorn, A. Perrig, Requirements for an integrity-protected hypervisor
1051 on the x86 hardware virtualized architecture, in: Proceedings of the 3rd International Conference on Trust and
1052 Trustworthy Computing, TRUST’10, Springer-Verlag, Berlin, Heidelberg, 2010, pp. 141–165.
1053 URL http://dl.acm.org/citation.cfm?id=1875652.1875663
1054 [87] T. Elgamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inf.
1055 Theor. 31 (4) (2006) 469–472.
1056 [88] A. Jasti, P. Shah, R. Nagaraj, R. Pendse, Security in multi-tenancy cloud, in: Security Technology (ICCST), 2010
1057 IEEE International Carnahan Conference on, 2010, pp. 35–41. doi:10.1109/CCST.2010.5678682.
1058 [89] K. Hashizume, N. Yoshioka, E. B. Fernandez, Misuse patterns for cloud computing, in: Proceedings of the 2Nd
1059 Asian Conference on Pattern Languages of Programs, AsianPLoP ’11, ACM, New York, NY, USA, 2011, pp.
1060 12:1–12:6. doi:10.1145/2524629.2524644.
1061 URL http://doi.acm.org/10.1145/2524629.2524644
1062 [90] P. Ranjith, C. Priya, K. Shalini, On covert channels between virtual machines, Journal in Computer Virology 8 (3)
1063 (2012) 85–97. doi:10.1007/s11416-012-0168-x.
1064 [91] T.-A. Su, A mechanism to prevent side channel attacks in cloud computing environments, in: 2013 World
1065 Congress in Computer Science, Computer Engineering and Applied Computing, 2013.
1066 [92] Z. Wang, X. Jiang, Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity, in:
1067 Security and Privacy (SP), 2010 IEEE Symposium on, 2010, pp. 380–395. doi:10.1109/SP.2010.30.
1068 [93] D. G. Murray, G. Milos, S. Hand, Improving xen security through disaggregation, in: Proceedings of the Fourth
1069 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE ’08, ACM, New
1070 York, NY, USA, 2008, pp. 151–160. doi:10.1145/1346256.1346278.
1071 URL http://doi.acm.org/10.1145/1346256.1346278
1072 [94] S. Stolfo, M. Salem, A. Keromytis, Fog computing: Mitigating insider data theft attacks in the cloud, in: Security
1073 and Privacy Workshops (SPW), 2012 IEEE Symposium on, 2012, pp. 125–128.
1074 [95] S. Rueda, Y. Sreenivasan, T. Jaeger, Flexible security configuration for virtual machines, in: Proceedings of the
1075 2Nd ACM Workshop on Computer Security Architectures, CSAW ’08, ACM, New York, NY, USA, 2008, pp.
1076 35–44. doi:10.1145/1456508.1456515.
1077 URL http://doi.acm.org/10.1145/1456508.1456515
1078 [96] W. Dawoud, I. Takouna, C. Meinel, Infrastructure as a service security: Challenges and solutions, in: Informatics
1079 and Systems (INFOS), 2010 The 7th International Conference on, 2010, pp. 1–8.
1080 [97] K. Owens, Securing virtual compute infrastructure in the cloud, in: White Paper: Cloud Computing, Savvis, 2009,
30
1081 pp. 1–13.
1082 [98] J. Wu, L. Ding, Y. Wu, N. Min-Allah, S. U. Khan, Y. Wang, C2 detector: a covert channel detection framework in
1083 cloud computing, Security and Communication Networks 7 (3) (2014) 544–557.
1084 [99] U. Somani, K. Lakhani, M. Mundra, Implementing digital signature with rsa encryption algorithm to enhance
1085 the data security of cloud in cloud computing, in: Parallel Distributed and Grid Computing (PDGC), 2010 1st
1086 International Conference on, 2010, pp. 211–216. doi:10.1109/PDGC.2010.5679895.
1087 [100] M. A. P. Leandro, T. J. Nascimento, D. R. dos Santos, C. M. Westphall, C. B. Westphall, Multi-tenancy autho-
1088 rization system with federated identity for cloud-based environments using shibboleth, in: In Proceedings of the
1089 Eleventh International Conference on Networks, 2012, pp. 88–95.
1090 [101] D. Chadwick, Federated identity management, in: A. Aldini, G. Barthe, R. Gorrieri (Eds.), Foundations of Secu-
1091 rity Analysis and Design V, Vol. 5705 of Lecture Notes in Computer Science, Springer Berlin Heidelberg, 2009,
1092 pp. 96–120.
1093 [102] R. Sanchez, F. Almenares, P. Arias, D. Diaz-Sanchez, A. Marin, Enhancing privacy and dynamic federation in
1094 idm for consumer cloud computing, Consumer Electronics, IEEE Transactions on 58 (1) (2012) 95–103.
1095 [103] N. Ragouzis, J. Hughes, R. Philpott, E. Maler, P. Madsen, T. Scavo, Security assertion markup language (saml)
1096 v2.0 technical overview (March 2008).
1097 URL http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-
1098 2.0-cd-02.pdf
1099 [104] S.-T. Liu, Y.-M. Chen, Retrospective detection of malware attacks by cloud computing, in: Cyber-Enabled Dis-
1100 tributed Computing and Knowledge Discovery (CyberC), 2010 International Conference on, 2010, pp. 510–517.
1101 doi:10.1109/CyberC.2010.99.
1102 [105] L. Martignoni, R. Paleari, D. Bruschi, A framework for behavior-based malware analysis in the cloud, in: Pro-
1103 ceedings of the 5th International Conference on Information Systems Security, ICISS ’09, Springer-Verlag, Berlin,
1104 Heidelberg, 2009, pp. 178–192.
1105 [106] B. Coppens, I. Verbauwhede, K. De Bosschere, B. De Sutter, Practical mitigations for timing-based side-channel
1106 attacks on modern x86 processors, in: Security and Privacy, 2009 30th IEEE Symposium on, 2009, pp. 45–60.
1107 [107] Acarm-ng: Next generation correlation framework, in: M. Bubak, T. Szepieniec, K. Wiatr (Eds.), Building a
1108 National Distributed e-InfrastructurePL-Grid, Vol. 7136 of Lecture Notes in Computer Science, Springer Berlin
1109 Heidelberg, 2012, pp. 114–127.
1110 [108] WCSS, Acarmng user manual (2010).
1111 URL http://www.acarm.wcss.wroc.pl/index.php?n=Acarmng.Doc
1112 [109] OSSEC, Ossec: How it works (2015).
1113 URL http://www.ossec.net/?page id=169
1114 [110] D. Anderson, T. Frivold, A. Tamaru, A. Valdes, Next generation intrusion detection expert system (nides), software
1115 users manual (May 1995).
1116 [111] U. Lindqvist, P. A. Porras, expert-bsm: A host-based intrusion detection solution for sun solaris., in: Proceedings
1117 of 17th Annual Computer Security Applications Conference, IEEE Computer Society, 2001, pp. 240–251.
1118 [112] C. Jaquier, Fail2ban manual 0.8 (2013).
1119 URL http://www.fail2ban.org/wiki/index.php/MANUAL 0 8
1120 [113] CS, Prelude oss (2015).
1121 URL http://www.prelude-siem.com/index.php/uk/products/87-products/98-prelude-oss-en
1122 [114] Sagan, The sagan log analysis engine (2015).
1123 URL http://sagan.quadrantsec.com/
1124 [115] Samhain, The samhain file integrity / host-based intrusion detection system (2006).
1125 URL http://www.la-samhna.de/samhain/
1126 [116] V. Paxson, Bro: A system for detecting network intruders in real-time, Comput. Netw. 31 (23-24) (1999) 2435–
1127 2463.
1128 [117] Tcpdump, Tcpdump & libpcap (2015).
1129 URL http://www.tcpdump.org/
1130 [118] FPGAs for Trusted Cloud Computing, IEEE, 2012.
1131 URL http://research.microsoft.com/apps/pubs/default.aspx?id=170502
1132 [119] K. Hwang, D. Li, Trusted cloud computing with secure resources and data coloring, Internet Computing, IEEE
1133 14 (5) (2010) 14–22. doi:10.1109/MIC.2010.86.
1134 [120] H. Takabi, J. Joshi, G.-J. Ahn, Securecloud: Towards a comprehensive security framework for cloud computing
1135 environments, in: Computer Software and Applications Conference Workshops (COMPSACW), 2010 IEEE 34th
1136 Annual, 2010, pp. 393–398. doi:10.1109/COMPSACW.2010.74.
1137 [121] J. Fu, C. Wang, Z. Yu, J. Wang, J.-G. Sun, A watermark-aware trusted running environment for software clouds,
1138 in: ChinaGrid Conference (ChinaGrid), 2010 Fifth Annual, 2010, pp. 144–151. doi:10.1109/ChinaGrid.2010.15.

31
1139 [122] D. Zissis, D. Lekkas, Addressing cloud computing security issues, Future Generation Computer Systems 28 (3)
1140 (2012) 583 – 592.
1141 [123] S. Castell, Code of practice and management guidelines for trusted third party services, INFOSEC Project Report
1142 S2101/02.
1143 [124] B. Jansen, H.-G. V. Ramasamy, M. Schunter, Policy enforcement and compliance proofs for xen virtual machines,
1144 in: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environ-
1145 ments, VEE ’08, ACM, New York, NY, USA, 2008, pp. 101–110. doi:10.1145/1346256.1346271.
1146 URL http://doi.acm.org/10.1145/1346256.1346271
1147 [125] TrustedComputingGroup, Tpm main specification (2011).
1148 URL http://www.trustedcomputinggroup.org/resources/tpm main specification
1149 [126] Z. Yang, L. Qiao, C. Liu, C. Yang, G. Wan, A collaborative trust model of firewall-through based on cloud
1150 computing, in: Computer Supported Cooperative Work in Design (CSCWD), 2010 14th International Conference
1151 on, 2010, pp. 329–334. doi:10.1109/CSCWD.2010.5471954.
1152 [127] X.-Y. Li, L.-T. Zhou, Y. Shi, Y. Guo, A trusted computing environment model in cloud architecture, in: Ma-
1153 chine Learning and Cybernetics (ICMLC), 2010 International Conference on, Vol. 6, 2010, pp. 2843–2848.
1154 doi:10.1109/ICMLC.2010.5580769.
1155 [128] Z. Shen, L. Li, F. Yan, X. Wu, Cloud computing system based on trusted computing platform, in: Intelligent
1156 Computation Technology and Automation (ICICTA), 2010 International Conference on, Vol. 1, 2010, pp. 942–
1157 945. doi:10.1109/ICICTA.2010.724.
1158 [129] P. Manuel, S. Thamarai Selvi, M.-E. Barr, Trust management system for grid and cloud resources,
1159 in: Advanced Computing, 2009. ICAC 2009. First International Conference on, 2009, pp. 176–181.
1160 doi:10.1109/ICADVC.2009.5378187.
1161 [130] M. Alhamad, T. Dillon, E. Chang, Sla-based trust model for cloud computing, in: Network-Based Information
1162 Systems (NBiS), 2010 13th International Conference on, 2010, pp. 321–324. doi:10.1109/NBiS.2010.67.
1163 [131] CC-Portal, Common Criteria: Protection Profiles (2015).
1164 URL http://www.commoncriteriaportal.org/rss/pps.xml
1165 [132] VMWare, VMWare Certifications - Common Criteria Security Certification (2015).
1166 URL https://www.vmware.com/security/certifications/common-criteria
1167 [133] CESG, Certification Report No. CRP270 - Citrix Xen Server 6.0.2 Platinum Edition (2012).
1168 URL www.commoncriteriaportal.org/files/epfiles/XenApp7-STv1-0.pdf
1169 [134] IBM-Inc., IBM System z: Linux on System z- Solutions - Security Certification (2015).
1170 URL http://www-03.ibm.com/systems/z/os/linux/solutions/security certification.html
1171 [135] RedHat-Inc., Red Hat and IBM Achieve Top Security Certification for KVM Hypervisor on Red Hat Enterprise
1172 Linux and IBM Servers (2015).
1173 URL http://www.redhat.com/en/about/press-releases/Red-Hat-and-IBM-Achieve-Top-
1174 Security-Certification-for-KVM-Hypervisor-on-Red-Hat-Enterprise-Linux-and-IBM-Servers
1175 [136] TCG, Trusted Computing Group (2015).
1176 URL http://www.trustedcomputinggroup.org/
1177 [137] TCG, Cloud Computing and Security: A Natural Match (2015).
1178 URL http://www.trustedcomputinggroup.org/
1179 [138] CareCloud, HIPAA-Compliant Cloud Storage – Cloud Security and Data Control for Medical Enterprises (2015).
1180 URL http://www.carecloud.com/hipaa-compliant-cloud-storage/
1181 [139] FireHost, True ePHI Protection in the Secure Cloud (2015).
1182 URL https://www.firehost.com/company/contact
1183 [140] Symform, Achieving HIPAA Compliant Cloud Backup (2014).
1184 URL http://www.symform.com/hipaa-compliance/
1185 [141] Carbonite, Carbonite Supports HIPAA Compliance (2015).
1186 URL http://www.carbonite.com/online-backup/business/hipaa-compliance-encrypted-backup
1187 [142] D. 4th Coalition, A Summary of the Electronic Communications Privacy Act (ECPA) (2015).
1188 URL http://www.digital4th.org/the-problem/
1189 [143] FTC, Fair Credit Reporting Act (2015).
1190 URL https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/
1191 fair-credit-reporting-act
1192 [144] GPO, Gramm-Leach-Bliley Act (2015).
1193 URL http://legislink.org/us/stat-113-1338
1194 [145] IBM, The 2013 ibm cyber security intelligence index (April 2014).
1195 URL http://www-935.ibm.com/services/us/en/security/infographic/cybersecurityindex.html
1196 [146] AlertLogic, Cloud security report: Research on the evolving state of cloud security (May 2014).
1197 URL https://www.alertlogic.com/resources/cloud-security-report/
32
1198 [147] W. Futral, J. Greene, Intel Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacen-
1199 ters, 1st Edition, Apress, Berkely, CA, USA, 2013.
1200 [148] Intel, Building trust and compliance in the cloud with intel trusted execution technology (October 2013).
1201 URL www.hytrust.com/sites/.../cloud-computing-txt-xeon-twse-whitepaper.pdf
1202 [149] L. Mearian, No, your data isn’t secure in the cloud (August 2013).
1203 URL http://www.computerworld.com/article/2483552/cloud-security/no--your-data-isn-t-
1204 secure-in-the-cloud.html
1205 [150] E. Maler, D. Reed, The venn of identity: Options and issues in federated identity management, IEEE Security and
1206 Privacy 6 (2) (2008) 16–23.
1207 [151] M. Craig, L. Frost, M. Jang, A. Egloff, Openidm release notes version 3.1.0 (2014).
1208 URL http://docs.forgerock.org/en/openidm/3.1.0/OpenIDM-3.1.0-Release-Notes.pdf
1209 [152] G. Lewis, Role of standards in cloud-computing interoperability, in: System Sciences (HICSS), 2013 46th Hawaii
1210 International Conference on, 2013, pp. 1652–1661. doi:10.1109/HICSS.2013.470.

33