Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1st International Conference of Recent Trends in Information and Communication Technologies
A Survey on Security Issue and Its Proposed Solutions in Cloud
Environment
Yousra Abdul Alsahib S.aldeen*, Mohammad Abdur Razzaque, Mazleena Saleh
Faculty of computing, Universiti Teknologi Malaysia, Johor Bahru, Malaysia
Abstract
Cloud computing is the new direction in computing and resourcemanagement.
Through Cloud services are delivered using classical network protocols and formats
over the Internet, implicit vulnerabilities existing in these protocols as well as threats
introduced by newer architectures lead to increase security and privacy concerns.
Also, clients’ lack of direct resource control,new security risks are introduced and
whole IT infrastructure is under the control of the cloud provider. So, the clients have
to trust the security protection mechanismsthat the cloud and the service providers
offer. In this paper, firstly, we survey the Cloud computing definitions,
characteristics, and its benefits. Secondly, we survey the vulnerabilities and attacks;
identify relevant solution directives to strengthen security in the Cloud environment.
Keywords: cloud computing, security
1 Introduction
Cloud computing has appeared roughly in the year 2008 as a new distributed
computing paradigm with the purpose of reaching the long dreamed computing as utility, a term first invoked as early as 1965 by Corbató and Vyssotsky .Utility
computing is identified as computational resources efficiently wrapped as services.
Cloud environments combine virtualization techniques in order to provide an
efficient way of dispatching resources on the minute. This allows organizingpay-
per-usebusiness model, meaning that customers get to specifically choose whatever
resources (e.g., CPUs, memory, bandwidth, security policies, platforms, and
hardware load) that are they require, reducing costs by paying only for what is
subscribed to[1]. Although the cloud characteristics are well implicit,the security
state of cloud is yet confusing. In spite of the growth incloud computing, per se
implying that many enterprisesadopted the model, several security issues raise
severe concernsfor some. In fact, major clients might hold back, choosing to keep
infrastructures on-premises rather thanmoving them to outsourced locations. As the sensitive applications and data are moved into the cloud data centers, run on virtual
computing resources in the form of virtual machine. This unique attributes,
however, poses many novel tangible and intangible security and privacy challenges.
It might be difficult to track the security issue in cloud computing environments[2].
This paper focuses on security issue by presenting the attributes of security,
vulnerabilities and attacks in cloud environment as shown in figure.1. It also
classified many papers into four classifications as shown in section 3 including
attributes of security, vulnerabilities and attacks, architecture or framework for
solving security issue, approach for solving security issue and methods for solving
IRICT 2014 Proceeding 12th -14th September, 2014, Universiti Teknologi Malaysia, Johor, Malaysia
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 460
security issue. The rest of the paper is organized as follows: Section 2 discusses
cloud computing definitions, its characteristics and its benefits. A survey on
security issue in the Cloud and their existing solutions are provided in Section 3.
Section 4 introduces conclusion.
2. Cloud computing
Cloud computing is identified by[2] and [3] as an abstraction based on the notion of
pooling physical resources and presenting them as a virtual resource. It can be identified in
other way as a technology largely viewed as the next big step in the development and
deployment of an increasing number of distributed applications [4]. Computer clouds are
typically homogeneous. An entire cloud shares the same security, resource management,
cost and other policies, and last, but not least, it targets enterprise computing. It can
consider as an umbrella term to describe a category of sophisticated on-demand computing
services initially offered by commercial providers, such as Amazon, Google, and
Microsoft, [5]. [6]stated that cloud computing offers infrastructure and computational
services on demand for various customers on shared resources. Services that are offered
range from infrastructure services such as Amazon EC2 (computation) or S3 (storage), over
platform services such as Google App Engine or Microsoft’s database service SQL Azure,
to software services such as outsourced customer relationship management applications by
Salesforce.com.
The National Institute of Standards and Technology NIST (2009) define Cloud
Computing as having key characteristics, specific delivery models, and deployment
models. Pearson (2009) listed the key characteristics defined by NIST as including the
sharing of resources, and resource pooling technology such as multi-tenancy and
virtualization. Davis et al.(2010) go on to state that the centralized provisioning of services
by a Cloud Service Provider (CSP) reduces the need for IT to maintain internal servers,
software licenses, support staff, and facilities. CSPs in turn can leverage scale to provide
lower costs, improved service levels such as continuous global access, software update and
maintenance, and security services
[2]presented the NIST draft definition goes on to describe these five essential
characteristics that are
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 461
Cloud Computing
Characteristics Service Models Deployment Models
On-Demand Self-Service Software as a Service
(SaaS)
Private Cloud
Broad Network Access Platform as a Service
(PaaS)
Community Cloud
Resource Pooling Infrastructure as a Service
(IaaS)
Public Cloud
Rapid Elasticity Hybrid Cloud
Measured Service
Consequently, cloud computing has become a very attractive computing paradigm which
aims to provide reliable and customized computing environments for widespread Internet
users. It can be consider as the fifth utility, following water, electricity, gas and telephony
grids. So, it is being widely accepted throughout businesses. Although cloud computing has
introduced several benefits to the IT industries, it also brings many particular challenges
which should be taken in our consideration such as security and privacy.
3. Security Challenges in Cloud Computing
This section is classified into four subsections to focus on security issue in cloud
environment and present several papers that searched in this space.
3.1 Security vulnerabilities and attacks in Cloud Computing
The service and data maintenance is provided by cloud providers which leaves the
client/customer unaware of where the processes are running or where the data is stored. In
other word, the client has no control over it,[7]. So that, they presented service level
agreements(SLA’s) of cloud computing including definition of services, performance
management, problem management, customer duties and responsibilities, warranties and remedies, security, disaster recovery and business continuity disaster, termination. A survey
of the different security risks that pose a threat to the cloud is presented by [8], [3] and [9]
such as cross-site scripting [XSS] ,access control weaknesses , network penetration and
packet analysis Session etc.. They also presented the key security elements including data
security, network security, data locality, data integrity, data segregation, data access,
authentication and authorization, tenant, data confidentiality, web application security, data
breaches virtualization vulnerability, availability, backup and identity management and
sign-on process. [10]focused on five aspects availability, confidentiality, data integrity,
control, and audit for security. When using cloud services, it should be focused on an
important security challenges [11] ,[12] and [13] . These challenges are including: resource
location, multi-tenancy issue, authentication and trust of acquired information, system monitoring and logs, cloud standards. They focused on Cloud computing must have central
components of the accountability which are transparency, responsibility, assurance and
remediation. [14]and[15]described storage, virtualization, and networks are the biggest
security concerns in cloud computing. Virtualization which allows multiple users to share a
physical server is one of the major concerns for cloud users. They focused on
understanding what vulnerabilities such as insecure interfaces and APIs Cloud; Data-
related vulnerabilities exist in Cloud Computing etc... They made a relationship between
threats and vulnerabilities to identify what vulnerabilities contribute to the execution of
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 462
these threats and make the system more robust. Some threats of security issues is discussed
by [16], [17] and [18] including failures in providers security, attacks by another customer,
availability and reliability issues, wrapping Attack, flooding Attack that are associated
with the cloud computing and analysed the possible security solutions such as Client Based
Privacy Manager, Mirage Image Management System, and Wrapping Attack Problem,
Flooding Attack Problem. [19] discussed the security threats including Denial of Service (DoS) attacks, Side Channel attacks, Authentication attacks, Man-in-the-middle
cryptographic attacks; Inside-job. They focused in benefits of using digital ID’s. Using
Digital ID’s for the employee in accessing the cloud computing services is the best way to
minimize the unauthorized access, this also on way to address the nonrepudiation issues. A
digital ID, sometimes called a digital certificate, is a file on client computer that identifies
who he is.
3.2 Architecture and framework for solving security issue in Cloud
[20] proposed a novel advanced architecture advanced cloud protection system
(ACPS) for cloud protection that can monitor both guest and middleware integrity. It could protect them from most kinds of attack while remaining fully transparent to the service user
and to the service provider. It has been proven able to locally react to security breaches and
capable of notifying the security management layer of such an events. A model and several
possible architectures for outsourcing data and arbitrary computations that provide
confidentiality, integrity, and verifiability is presented by [21]. Also, they presented
architectures to instantiate their model: The first architecture computes the function within
a tamper-proof hardware token and the second architecture is based on fully homomorphic
encryption. The main technical of their paper is a third architecture that combines the
advantages of the previous architectures and overcomes their respective disadvantages.[22]
proposed a Trusted Third Party, tasked with assuring specific security characteristics within
a cloud environment. The proposed solution called upon cryptography, specifically Public
Key Infrastructure operating in concert with SSO and LDAP, to ensure the authentication, integrity and confidentiality of involved data and communications. Their solution,
presented a horizontal level of service, available to all implicated entities, that realizes a
security mesh, within which essential trust is maintained.[23] discussed the integrity
protection problem in the clouds and designed a novel architecture, Transparent Cloud
Protection System (TCPS) for increased security of cloud resources. The proposed
Transparent Cloud Protection System (TCPS), a middleware whose core is located between
the Kernel and the virtualization layer. It intended to protect the integrity of guest VMs and
of the distributed computing middleware by allowing the host to monitor guest VMs and
infrastructure components. [24]proposed a dynamic migration architecture, leveraging the
dynamic provisioning capability of a cloud, to detect and avoid a new form of DOS attack
in a cloud data center, and verified that such an attack could be carried out in a real cloud data center.. They also proposed a novel available bandwidth estimation tool that works
accurately and reliably in high-speed networks. [25]proposed a secured framework for
cloud computing depending on the security solutions suggested. A secure framework
showed the deployed frame work shows a secured environment in which the clients need to
access the providers ‘network using secured VPN. In this framework the providers check
for user authentication, make sure that the clients approaching them are authorized and
genuine. [26]proposed system protecting personal information by using role-based access
control model and attributed- based access control to limit access. The users of the private
cloud system can access their resources against interference. Therefore, this system can
enhance the security of the cloud and protect access from the unauthorized users, provide
confidentiality, integrity and availability.
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 463
3.3Approach or Prototype for solving security issue in cloud
A new approach to timing channel control is proposed by [27]. They used
provider-enforced deterministic execution instead of resource partitioning to eliminate
timing channels within a shared cloud domain. Provider-enforced determinism prevents
execution timing from affecting the results of a compute task, Experiments with a prototype OS for deterministic cloud computing suggested that such an approach may be practical
and efficient. [28]proposed a novel technique for detecting application DOS attack by
means of a new constraint-based group testing model. Group testing provides short
detection delay and low false positive/negative rate. The motivated by classic GT methods,
three detection algorithms were proposed and a system based on these algorithms was
introduced. Theoretical analysis and preliminary simulation results demonstrated the
outstanding performance of this system in terms of low detection latency and false
positive/negative rate. [29]designed an anonymous authentication and authorization
protocol using anonymous public key certificates along with standard Strong
Authentication and XACML servers. The proposed protocol promises full anonymity and
prevents identity theft by employing anonymous identities. They have kept their framework flexible enough to provide multiple levels of anonymity by using more than just one CA for
issuing anonymous certificates. Their proposed protocol can be integrated with existing
identity management systems and provide anonymity as a cloud service. Fundamental risks
arise from sharing physical infrastructure between mutually distrustful users is argued by
[30]. They presented a number of approaches for mitigating this risk. First, cloud providers
may obfuscate both the internal structure of their services and the placement policy to
complicate an adversary’s attempts to place a VM on the same physical machine as its
target. Second, one may focus on the side-channel vulnerabilities themselves and employ
blinding techniques to minimize the information that can be leaked. They believed such an
option is the only fool proof solution to this problem and thus is likely to be demanded by
customers with strong privacy requirements.[31] presented data protection scheme with
public auditing scheme and some of the unique factors. A public auditing scheme consists of four algorithms: Key Gen, Sig Gen, Gen Proof, and Verify Proof. KeyGen is a key
generation algorithm that is run by the user to setup the scheme. SigGen is used by the user
to generate verification metadata, which may be consisted signatures, or other related
information that will be used for auditing. GenProof is run by the cloud server to generate a
proof of data storage correctness, while Verify Proof is run by the TPA to audit the proof
from the cloud server. [32]focused on two of the layers, i.e., the storage layer and the data
layer. In particular, they discussed a scheme for secure third party publications of
documents in a cloud. They developed a secure cloud consisting of hardware (includes
800TB of data storage on a mechanical disk drive, 2400 GB of memory and several
commodity computers), software (includes Hadoop) and data (includes a semantic web data
repository). Their cloud system contains support efficient storage of encrypted sensitive data, store, manage and query massive amounts of data, support fine-grained access control
and support strong authentication.
3.4Methods for solving security issue in Cloud
To store and access the data securely from the cloud storage, [33] is proposed a
method that allows user. They exploited the technique of elliptic curve cryptography
encryption to protect data files and proposed model has two parts in the cloud storage
server, Private data section and Shared data section to achieve secure, storage and access on
outsource data in the cloud. Their method ensure the security and privacy of data stored on
cloud. [34]identified five common types of attacks, which are Denial of service attack,
Cross virtual machine side-channel attack, malicious insider’s attack, Attacks targeting shared memory, and Phishing attack. These are the top threats for the real world cloud
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 464
implementation. To develop a procedure for the automatic identification of these attacks,
they generated a database from their experience by including number of packets sent,
number of packets received, number of packets lost, number of open ports, difference in
VM file size, network usage, CPU usage, and number of failed administrative log-on
attempts. The tables1, 2, 3 and 4 are illustrated all studies that searched in this field.
Table 1 illustrated the studies that analysis of security issue
References Survey and analysis of
security issue
Advantages and disadvantages
Kandukuri et al. (2009) and
Srinivasamurthy et al.
Emphasized on various
security threats in cloud
computing also the
existing methods and
presented security issues
that have to be included
in SLA (service level
agreement)
Adv. They identify reason of
cloud security issue is that the
client has no control over it and
also identify the SLA (service
level agreement)
Subashini et al.2011, Bisong,
2011 and Kulkarni et al (2012)
Presented a survey of the
different security risks
that pose a threat to the
cloud such as cross-site
scripting [XSS] ,access
control weaknesses.
Adv. focused on an important
security challenges when using
cloud services.
Zhou etal.(2010) Investigated several
Cloud Computing system
providers about their
concerns on security and
privacy issues.
Adv. they determined the focused
on five aspects availability,
confidentiality, data integrity,
control, and audit for security.
Rong et al.(2013) ,
Mahmood(2011) and (Manager,
2013)
Focused on an important
security challenges when
using cloud services,
explained privacy issues
of cloud computing
,concluded on the
benefits as well as
applications of cloud
computing, identified
method of dynamically
routing data.
Adv. they provide reader security
and privacy challenges when
using cloud computing and at the
same time benefits of using it.
Hashizume et al(2013) and S.
Kumar et al (2013)
Discussed what
vulnerabilities exist in
Cloud Computing and
focused on Virtualization
and different types of
Adv. They presented the benefits
of virtualization and its effect on
security cloud.
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 465
Table 2 is illustrated the studies including architecture and framework for solving security issue
References Architecture and framework Advantages and
disadvantages
Lombardi et al. (2011) Proposed a novel advanced
architecture Advanced Cloud
Protection System (ACPS) for
cloud protection that can
monitor both guest and
middleware integrity.
Adv. It has been proven
able to locally react to
security breaches and
capable of notifying the
security management layer
of such an events.
Sadeghi et al. (2010) Combined a trusted hardware
token (e.g., a cryptographic
coprocessor or provided by the
customer) with Secure Function
Evaluation (SFE) to compute
arbitrary functions on secret
(encrypted) data where the
computation leaks no
information and is verifiable.
Adv. The main technical of
their paper is a third
architecture that combines
the advantages of the
previous architectures and
overcomes their respective
disadvantages.
Zissis et al. (2012) Proposed solution called upon
cryptography, specifically
Public Key Infrastructure
operating in concert with SSO
and LDAP, to ensure the
authentication, integrity and
confidentiality of involved data
and communications.
Adv. ensures the
authentication, integrity
and confidentiality of
involved data and
communications.
Dis adv. It is difficult getting
trusted third party.
Virtualization.
Nirmala, (2013), Challa, (2012)
and Chhikara(2013)
Focused on providing
solutions such as Client
Based Privacy Manager,
Mirage Image
Management System,
and Wrapping Attack
Problem, Flooding
Attack Problem to all
these issues.
Adv. Presented providing
solutions to all these issues.
Seunghwan et al(2012) Using Digital ID’s for the
employee in accessing the
cloud computing services
Adv. Presented the importance of
authentication method when
accessing cloud computing.
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 466
Lombardi et al.(2010) Transparent Cloud Protection
System (TCPS), a middleware
whose core is located between
the Kernel and the
virtualization layer.
Adv. It intended to protect
the integrity of guest VMs
and of the distributed
computing
H. Liu, n.d. Proposed and evaluated a new
mechanism
for applications to dynamically
relocate to a different
infrastructure when the desired
Quality of Service (QoS) could
not be met.
Adv. They detect and avoid
a new form of DOS attack
in a cloud data center, and
verified that such an attack
could be carried out in a
real cloud data center
Mathew (2012) proposed a secured framework
for cloud computing depending
on the security solutions
suggested. A secure framework
showed the x deployed frame
work shows a secured
environment in which the
clients need to access the
providers ‘network using
secured VPN.
Adv. In this framework the
providers check for user
authentication, make sure
that the clients approaching
them are authorized and
genuine.
Mon et al.(2011) Proposed system protecting
personal information by using
role-based access control model
and attributed- based access
control to limit access.
Adv. this system can
enhance the security of the
cloud and protect access
from the unauthorized
users, provide
confidentiality, integrity
and availability.
Table 3 is illustrated the studies including approaches for solving security issue
References Approach Advantages and disadvantages
Aviram n.d.. A new approach to timing
channel control
Adv. Experiments with a
prototype OS for
deterministic cloud
computing suggested that
such an approach may be
practical and efficient
Varma n.d. Proposed a novel technique for
detecting application DOS attack
by means of a new constraint-
Adv. Theoretical analysis and
preliminary simulation results
demonstrated the outstanding
performance of this system in
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 467
based group testing model. terms of low detection latency
and false positive/negative
rate.
Khalid et al.2013 Designed an anonymous
authentication and authorization
protocol using anonymous public
key certificates along with
standard Strong Authentication
and XACML servers.
Adv. Their proposed protocol
can be integrated with
existing identity management
systems and provide
anonymity as a cloud service.
Ristenpart et al.(2009) Fundamental risks arise from
sharing physical infrastructure
between mutually distrustful
users are argued They presented
a number of approaches for
mitigating this risk.
Dis adv. This option is the
only fool proof solution to this
problem
Gowrigolla et al. (2010) Presented a data protection
scheme with public auditing
scheme.
Adv. Provide auditing scheme
by authentication access.
Hamlen, et al (2010) Focused on two of the layers, i.e.,
the storage layer and the data
layer.
Adv. Their cloud system
contains support efficient
storage of encrypted sensitive
data, store, manage and query
massive amounts of data,
support fine-grained access
control and support strong
authentication.
Table 4 is illustrated the studies including methods for solving security issue
References Methods Advantages and
disadvantages
A. Kumar et al(2012) Exploited the technique of elliptic
curve cryptography encryption to
protect data files and proposed model
has two parts in the cloud storage
server.
Adv. Their method
ensure the security
and privacy of data
stored on cloud an
approach may be
practical and
efficient
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 468
Khorshed et al. (2012) Generated a database from their
experience by including number of
packets sent, number of packets
received, number of packets lost,
number of open ports, difference in
VM file size, network usage, CPU
usage, and number of failed
administrative log-on attempts.
Adv. Detecting
Denial of service
attack, Cross virtual
machine side-
channel attack,
malicious insider’s
attack, Attacks
targeting shared
memory, and
Phishing attack.
Dis adv. Could not
detect all attacks
4 Conclusion and analysis
Cloud computing can introduce several business benefits to organizations. However, there
are many challenges related to security and privacy in the Cloud environment. Therefore,
the governments across the globe must standardize some of the privacy and security
requirements. Through developing this field, it is expected to see more robust methods to
cope with the stringent requirements of cloud environments. Till then, customers could not
be fully experience the cloud computing technology and cloud security issues must be
resolved. Many researches have proved that security should be a top priority. All these
previous architecture approaches, methods should be improved to get a strong secure cloud.
This paper surveyed various vulnerabilities, threats, attacks, and also existing solutions to
address security issues at different layers of the Cloud. This paper can help the cloud
service providers and the end-users to find the weakness in the previous methods and
improve them for building strong cloud security.
References
1. Fernandes, D. a. B., Soares, L. F. B., Gomes, J. V., Freire, M. M., &Inácio, P.
R. M. (2013). Security issues in cloud environments: a survey. International
Journal of Information Security, 13(2), 113–170. doi:10.1007/s10207-013-
0208-7
2. Williams, M. I. (n.d.). New Tool for s Busi ness A Quick Start Guide to Cloud
ComputinG.
3. Bisong, A. (2011). A N OVERVIEW OF THE S ECURITY C ONCERNS IN,
3(1), 30–45.
4. Marinescu, D. C. (2012). Cloud Computing : Theory and Practice ∗ , 1–404.
5. Mathew, A. (2012). SECURITY AND PRIVACY ISSUES OF CLOUD
COMPUTING ;,2(4).No Title. (n.d.).
6. Sadeghi, A., Schneider, T., Winandy, M., & Horst, G. (2010). Token-Based
Cloud Computing, 2, 417–429.
7. Srinivasamurthy, S., Wayne, F., & Liu, D. Q. (n.d.). Survey on Cloud
Computing Security.
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 469
8. Subashini, S., &Kavitha, V. (2011). Journal of Network and Computer
Applications A survey on security issues in service delivery models of cloud
computing. Journal of Network and Computer Applications, 34(1), 1–11.
doi:10.1016/j.jnca.2010.07.006
9. Kulkarni, G., Gambhir, J., Patil, T., &Dongare, A. (2012). A security aspects in
cloud computing. 2012 IEEE International Conference on Computer Science
and Automation Engineering, 547–550. doi:10.1109/ICSESS.2012.6269525
10. Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010). Security and
Privacy in Cloud Computing: A Survey. 2010 Sixth International Conference
on Semantics, Knowledge and Grids, 105–112. doi:10.1109/SKG.2010.19
11. Rong, C., Nguyen, S. T., &Jaatun, M. G. (2013). Beyond lightning: A survey
on security challenges in cloud computing. Computers & Electrical
Engineering, 39(1), 47–54. doi:10.1016/j.compeleceng.2012.04.015
12. Mahmood, Z. (2011). Data Location and Security Issues in Cloud Computing.
2011 International Conference on Emerging Intelligent Data and Web
Technologies, 49–54. doi:10.1109/EIDWT.2011.16
13. Manager, S. (2013). Security Issues And Resource Planning In Cloud
Computing 1, 2(2).
14. Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B.
(2013). An analysis of security issues for cloud computing. Journal of Internet
Services and Applications, 4(1), 5.doi:10.1186/1869-0238-4-5
15. Kumar, S., Pal, S., Kumar, A., & Ali, J. (2013). Virtualization , The Great
Thing and Issues in Cloud Computing, 338–341.
16. Nirmala, V. (2013). Data Confidential lity and Integrity Verif fication using
User Aut thenticator scheme in cloud c, 0–4.
17. Challa, K. A. (2012). Cloud Computing Security Issues with Possible
Solutions, 8491, 340–344.
18. Chhikara, S. (2013). Analyzing Security Solutions in Cloud Computing,
68(25), 17–21.
19. Seunghwan, J., Gelogo, Y. E., & Park, B. (2012). Next Generation Cloud
Computing Issues and Solutions, 5(1), 63–70.
20. Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud
computing. Journal of Network and Computer Applications, 34(4), 1113–1122.
doi:10.1016/j.jnca.2010.06.008
21. Sadeghi, A., Schneider, T., Winandy, M., & Horst, G. (2010). Token-Based
Cloud Computing, 2, 417–429.
22. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues.
Future Generation Computer Systems, 28(3), 583–592.
doi:10.1016/j.future.2010.12.006
23. Lombardi, F., & Di Pietro, R. (2011). Secure virtualization for cloud
computing. Journal of Network and Computer Applications, 34(4), 1113–1122.
doi:10.1016/j.jnca.2010.06.008
24. Liu, H. (n.d.). A New Form of DOS Attack in a Cloud, 65–75.
25. Mathew, A. (2012). SECURITY AND PRIVACY ISSUES OF CLOUD
COMPUTING ;, 2(4).
26. Mon, E. E., & Naing, T. T. (2011). The privacy-aware access control system
using attribute-and role-based access control in private cloud. 2011 4th IEEE
International Conference on Broadband Network and Multimedia echnology,
447–451. doi:10.1109/ICBNMT.2011.6155974
27. Aviram, A., Hu, S., & Ford, B. (n.d.). Determinating Timing Channels in
Compute Clouds.
Yousra Abdul Alsahib S.aldeen et. al. /IRICT (2014) 459-470 470
28. Varma, P. R. K., & Krishna, D. S. (n.d.). Application Denial of Service Attacks
Detection using Group Testing Based Approach, 2(2), 167–171.
29. Khalid, U., Ghafoor, A., Irum, M., & Shibli, M. A. (2013). Cloud Based Secure
and Privacy Enhanced Authentication & Authorization Protocol. Procedia
Computer Science, 22, 680–688. doi:10.1016/j.procs.2013.09.149
30. Ristenpart, T., Tromer, E., & Savage, S. (2009). Hey , You , Get Off of My
Cloud : Exploring Information Leakage in Third-Party Compute Clouds.
31. Gowrigolla, B., Sivaji, S., & Masillamani, M. R. (2010). Design and auditing
of Cloud computing security. 2010 Fifth International Conference on
Information and Automation for Sustainability, 292–297.
doi:10.1109/ICIAFS.2010.5715676
32. Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2010). Security
Issues for Cloud Computing. International Journal of Information Security and
Privacy, 4(2), 36–48. doi:10.4018/jisp.2010040103
33. Kumar, A., Lee, B. G., Lee, H., & Kumari, A. (2012). Secure storage and
access of data in cloud computing. 2012 International Conference on ICT
Convergence (ICTC), 336–339. doi:10.1109/ICTC.2012.6386854
34. Khorshed, M. T., Ali, a. B. M. S., & Wasimi, S. a. (2012). A survey on gaps,
threat remediation challenges and some thoughts for proactive attack detection
in cloud computing. Future Generation Computer Systems, 28(6), 833–851.
doi:10.1016/j.future.2012.01.006