[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
survey

The State of Public Infrastructure-as-a-Service Cloud Security

Published: 26 June 2015 Publication History

Abstract

The public Infrastructure-as-a-Service (IaaS) cloud industry has reached a critical mass in the past few years, with many cloud service providers fielding competing services. Despite the competition, we find some of the security mechanisms offered by the services to be similar, indicating that the cloud industry has established a number of “best-practices,” while other security mechanisms vary widely, indicating that there is also still room for innovation and experimentation. We investigate these differences and possible underlying reasons for it. We also contrast the security mechanisms offered by public IaaS cloud offerings and with security mechanisms proposed by academia over the same period. Finally, we speculate on how industry and academia might work together to solve the pressing security problems in public IaaS clouds going forward.

References

[1]
Amazon AWS. 2013. Amazon Web Services Risk and Compliance. https://media.amazonwebservices.com/AWS_Risk_and_Compliance_Whitepaper.pdf, Last accessed: June 2015.
[2]
Amazon AWS. 2014. Amazon Web Services Overview of Security Processes. https://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf, Last accessed: June 2015.
[3]
Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy.
[4]
Michael Armbrust, Armando Fox, Rean Griffith, Anthony Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, et al. 2010. A view of cloud computing. Communications of the ACM 53, 4, 50--58.
[5]
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Osama Khan, Lea Kissner, Zachary Peterson, and Dawn Song. 2011. Remote data checking using provable data possession. ACM Transactions on Information and System Security (TISSEC) 14, 1, 12.
[6]
Giuseppe Ateniese, Randal Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary Peterson, and Dawn Song. 2007. Provable data possession at untrusted stores. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 598--609.
[7]
Giuseppe Ateniese, Roberto Di Pietro, Luigi V. Mancini, and Gene Tsudik. 2008. Scalable and efficient provable data possession. In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SECURECOMM’08).
[8]
Amittai Aviram, Sen Hu, Bryan Ford, and Ramakrishna Gummadi. 2010. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 103--108.
[9]
Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, Xiaolan Zhang, and Nathan C. Skalsky. 2010. HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). 38--49.
[10]
Yossi Azar, Seny Kamara, Ishai Menache, Mariana Raykova, and Bruce Shepard. 2014. Co-location-resistant clouds. In Proceedings of the 2014 ACM Workshop on Cloud Computing Security (CCSW’14). 9--20.
[11]
Adam Barker, Blesson Varghese, Jonathan Stuart Ward, and Ian Sommerville. 2014. Academic cloud computing research: Five pitfalls and five opportunities. In Proceedings of the 6th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’14).
[12]
Andrew Baumann, Marcus Peinado, and Galen Hunt. 2014. Shielding applications from an untrusted cloud with Haven. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (OSDI’14). 267--283.
[13]
Karyn Benson, Rafael Dowsley, and Hovav Shacham. 2011. Do you know where your cloud files are? In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 73--82.
[14]
Daniel Bernstein. 2005. Cache-timing attacks on AES. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf, Last accessed: April 2015.
[15]
Alysson Neves Bessani, Miguel P. Correia, Bruno Quaresma, Fernando André, and Paulo Sousa. 2011. DepSky: Dependable and secure storage in a cloud-of-clouds. In Proceedings of the 2011 European Conference on Computer Systems (EuroSys’11). 31--46.
[16]
Erik-Oliver Blass, Travis Mayberry, Guevara Noubir, and Kaan Onarlioglu. 2014. Toward robust hidden volumes using write-only oblivious RAM. In Proceedings of the 21th ACM Conference on Computer and Communications Security (CCS’14). 203--214.
[17]
Kevin Bowers, Marten van Dijk, Ari Juels, Alina Oprea, and Ronald Rivest. 2011. How to tell if your cloud files are vulnerable to drive crashes. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 501--514.
[18]
Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009a. HAIL: A high-availability and integrity layer for cloud storage. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 187--198.
[19]
Kevin D. Bowers, Ari Juels, and Alina Oprea. 2009b. Proofs of retrievability: Theory and implementation. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 43--54.
[20]
Sven Bugiel, Stefan Nürnberger, Thomas Pöppelmann, Ahmad-Reza Sadeghi, and Thomas Schneider. 2011. AmazonIA: When elasticity snaps back. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 389--400.
[21]
Shakeel Butt, H. Andrés Lagar-Cavilla, Abhinav Srivastava, and Vinod Ganapathy. 2012. Self-service cloud computing. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 253--264.
[22]
Bo Chen and Reza Curtmola. 2013. Towards self-repairing replication-based storage systems using untrusted clouds. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy. 377--388.
[23]
Bo Chen, Reza Curtmola, Giuseppe Ateniese, and Randal Burns. 2010a. Remote data checking for network coding-based distributed storage systems. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 31--42.
[24]
Li Chen and Kai Chen. 2014. BitBill: Scalable, robust, verifiable peer-to-peer billing for cloud computing. In Proceedings of the USENIX Workshop on Hot Topics in Cloud Computing. 20.
[25]
Yanpei Chen, Vern Paxson, and Randy Katz. 2010b. What’s New about Cloud Computing Security. Technical Report UCB/EECS-2010-5. Dept. Electrical Eng. and Comput. Sciences, University of California.
[26]
Cloud Security Alliance. 2011. Security guidance for critical areas of focus in cloud computing v3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, Last accessed: June 2015.
[27]
Patrick Colp, Mihir Nanavati, Jun Zhu, William Aiello, George Coker, Tim Deegan, Peter Loscocco, and Andrew Warfield. 2011. Breaking up is hard to do: Security and functionality in a commodity hypervisor. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 189--202.
[28]
Reza Curtmola, Osama Khan, and Randal Burns. 2008a. Robust remote data checking. In Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. 63--68.
[29]
Reza Curtmola, Osama Khan, Randal Burns, and Giuseppe Ateniese. 2008b. MR-PDP: Multiple-replica provable data possession. In Proceedings of the 28th International Conference on Distributed Computing Systems. 411--420.
[30]
Jonathan Dautrich, Emil Stefanov, and Elaine Shi. 2014. Burst ORAM: Minimizing ORAM response times for bursty access patterns. In Proceedings of the 23rd USENIX Security Symposium. 749--764.
[31]
Chris Erway, Alptekin Küpçü, Charalampos Papamanthou, and Roberto Tamassia. 2009. Dynamic provable data possession. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 213--222.
[32]
Jonathan I. Ezor. 2010. Busting Blocks: Revisiting 47 USC Sec. 230 to address the lack of effective legal recourse for wrongful inclusion in spam filters. Richmond Journal of Law and Technology 17, 1.
[33]
Benjamin Farley, Ari Juels, Venkatanathan Varadarajan, Thomas Ristenpart, Kevin Bowers, and Michael Swift. 2012. More for your money: Exploiting performance heterogeneity in public clouds. In Proceedings of the 3rd ACM Symposium on Cloud Computing. 20:1--20:14.
[34]
Ariel J. Feldman, William P. Zeller, Michael J. Freedman, and Edward W. Felten. 2010. SPORC: Group collaboration using untrusted cloud resources. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10).
[35]
Gartner. 2013. Magic Quadrant for Cloud Infrastructure as a Service. Retrieved form http://www.gartner.com/technology/reprints.do?id=1-1IMDMZ5&ct==130819&st==sb, Last accessed: June 2015.
[36]
Craig Gentry. 2009. A Fully Homomorphic Encryption Scheme. Ph.D. Dissertation. Stanford University.
[37]
Phillipa Gill, Yashar Ganjali, Bernard Wong, and David Lie. 2010. Dude, where’s that IP?: Circumventing measurement-based IP geolocation. In Proceedings of the 19th USENIX Security Symposium. 16--32.
[38]
Robert P. Goldberg. 1974. Survey of virtual machine research. IEEE Computer Magazine 7, 6 (June 1974), 35--45.
[39]
Oded Goldreich and Rafail Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM 43, 3 (May 1996), 431--473.
[40]
Google. 2012. Google’s approach to IT security: A Google white paper. https://static.googleusercontent.com/media/www.google.com/en/US/work/pdf/whygoogle/google-common-security-whitepaper.pdf.
[41]
Andreas Haeberlen, Paarijaat Aditya, Rodrigo Rodrigues, and Peter Druschel. 2010. Accountable virtual machines. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 119--134.
[42]
Shai Halevi, Danny Harnik, Benny Pinkas, and Alexandra Shulman-Peleg. 2011. Proofs of ownership in remote storage systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 491--500.
[43]
Eran Hammer-Lahav, David Recordon, and Dick Hardt. 2012. The OAuth 2.0 authorization protocol. IETF Q51214 Draft v2.22. https://tools.ietf.org/html/draft-ietf-oauth-v2-22, Last accessed: June 2015.
[44]
Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Carlos Rozas, Vinay Phegade, and Juan del Cuvillo. 2013. Using innovative instructions to create trustworthy software solutions. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 11:1--11:1.
[45]
International Organization for Standardization. 2014. Information security management systems. ISO/IEC 27000:2014.
[46]
Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’12).
[47]
Robert Jellinek, Yan Zhai, Thomas Ristenpart, and Michael Swift. 2014. A day late and a dollar short: The case for research on cloud billing systems. In The USENIX Workshop on Hot Topics in Cloud Computing. 21.
[48]
Ari Juels and Burton S. Kaliski Jr. 2007. PORs: Proofs of retrievability for large files. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS’07). 584--597.
[49]
Ari Juels and Alina Oprea. 2013. New approaches to security and availability for cloud data. Communications of the ACM 56, 2 (Feb. 2013), 64--73.
[50]
Charlie Kaufman and Ramanathan Venkatapathy. 2010. Windows Azure™security overview, version 1.01. http://go.microsoft.com/?linkid=9740388, Last accessed: June 2015.
[51]
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. 2010. NoHype: Virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th International Symposium on Computer Architecture (ISCA’10). 350--361.
[52]
Beom Heyn Kim, Wei Huang, and David Lie. 2012a. Unity: Secure and durable personal cloud storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 31--36.
[53]
Beom Heyn Kim and David Lie. 2015. Caelus: Verifying the consistency of cloud services with battery-powered devices. In Proceedings of the 2015 IEEE Symposium on Security and Privacy.
[54]
Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012b. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium. 11.
[55]
Ang Li, Xiaowei Yang, Srikanth Kandula, and Ming Zhang. 2010. CloudCmp: Comparing public cloud providers. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC’10). 1--14.
[56]
Jinyuan Li, Maxwell Krohn, David Mazières, and Dennis Shasha. 2004. Secure untrusted data repository (SUNDR). In Proceedings of the 6th Symposium on Operating Systems Design and Implementation (OSDI’04).
[57]
Bartosz Lipinski, Wojciech Mazurczyk, and Krzysztof Szczypiorski. 2014. Improving hard disk contention-based covert channel in cloud computing. In Proceedings of the 2014 IEEE Security and Privacy Workshops. 100--107.
[58]
Prince Mahajan, Srinath T. V. Setty, Sangmin Lee, Allen Clement, Lorenzo Alvisi, Michael Dahlin, and Michael Walfish. 2010. Depot: Cloud storage with minimal trust. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI’10). 1--12.
[59]
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. 2008. Flicker: An execution infrastructure for TCB minimization. In Proceedings of the 3rd European Conference on Computer Systems (EuroSys’08). 315--328.
[60]
Frank Mckeen, Ilya Alexandrovich, Alex Berenzon, Carlos Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy. 10:1--10:1.
[61]
Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham. 2012. Are AES x86 cache timing attacks still feasible? In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 19--24.
[62]
Derek Gordon Murray, Grzegorz Milos, and Steven Hand. 2008. Improving Xen security through disaggregation. In Proceedings of the 4th International Conference on Virtual Execution Environments (VEE’08). 151--160.
[63]
Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf, Last accessed: June 2015.
[64]
Bryan Parno, Craig Gentry, Jon Howell, and Mariana Raykova. 2013. Pinocchio: Nearly practical verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 238--252.
[65]
Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, and Huseyin Ulusoy. 2014. Preventing cryptographic key leakage in cloud virtual machines. In Proceedings of the 23rd USENIX Security Symposium. 703--718.
[66]
Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang. 2011. Enabling security in cloud storage SLAs with CloudProof. In Proceedings of the 2011 Annual Usenix Technical Conference. 355--368.
[67]
Krishna P. N. Puttaswamy, Christopher Kruegel, and Ben Y. Zhao. 2011. Silverline: Toward data confidentiality in storage-intensive cloud applications. In Proceedings of the 2nd ACM Symposium on Cloud Computing. 10:1--10:13.
[68]
Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). 77--84.
[69]
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). 199--212.
[70]
Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues. 2009. Towards trusted cloud computing. In Proceedings of the 1st USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’09).
[71]
Nuno Santos, Rodrigo Rodrigues, Krishna P. Gummadi, and Stefan Saroiu. 2012. Policy-sealed data: A new abstraction for building trusted cloud services. In Proceedings of the 21st USENIX Security Symposium.
[72]
Joshua Schiffman, Thomas Moyer, Hayawardh Vijayakumar, Trent Jaeger, and Patrick McDaniel. 2010. Seeding clouds with trust anchors. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 43--46.
[73]
Bruce Schneier. 1999. DVD Encryption Broken. Retrieved from https://www.schneier.com/essay-193.html, Last accessed date: June 2015.
[74]
Hovav Shacham and Brent Waters. 2008. Compact proofs of retrievability. In Advances in Cryptology-ASIACRYPT 2008. Springer, 90--107.
[75]
Elaine Shi, Emil Stefanov, and Charalampos Papamanthou. 2013. Practical dynamic proofs of retrievability. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 325--336.
[76]
Alexander Shraer, Christian Cachin, Asaf Cidon, Idit Keidar, Yan Michalevsky, and Dani Shaket. 2010. Venus: Verification for untrusted cloud storage. In Proceedings of the 2010 ACM Workshop on Cloud Computing Security (CCSW’10). 19--30.
[77]
Rishi Sinha, Christos Papadopoulos, and John Heidemann. 2007. Internet Packet Size Distributions: Some Observations. Technical Report ISI-TR-2007-643. USC/Information Sciences Institute.
[78]
Ronald Smith and G. Scott Knight. 2008. Predictable design of network-based covert communication systems. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. 311--321.
[79]
Emil Stefanov and Elaine Shi. 2013. ObliviStore: High performance oblivious cloud storage. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 253--267.
[80]
Emil Stefanov, Elaine Shi, and Dawn Song. 2012a. Towards practical oblivious RAM. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS).
[81]
Emil Stefanov, Marten van Dijk, Ari Juels, and Alina Oprea. 2012b. Iris: A scalable cloud file system with efficient integrity checks. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC’12). 229--238.
[82]
Emil Stefanov, Marten van Dijk, Elaine Shi, Christopher Fletcher, Ling Ren, Xiangyao Yu, and Srinivas Devadas. 2013. Path ORAM: An extremely simple oblivious RAM protocol. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 299--310.
[83]
San-Tsai Sun and Konstantin Beznosov. 2012. The devil is in the (implementation) details: An empirical analysis of oauth SSO systems. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 378--390.
[84]
Jakub Szefer and Ruby Lee. 2012. Architectural support for hypervisor-secure virtualization. In Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’12). 437--450.
[85]
Hassan Takabi, James B. D. Joshi, and Gail-Joon Ahn. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 6, 24--31.
[86]
Douglas Terry, Vijayan Prabhakaran, Ramakrishna Kotla, Mahesh Balakrishnan, Marcos Aguilera, and Hussam Abu-Libdeh. 2013. Consistency-based service level agreements for cloud storage. In Proceedings of the 24rd ACM Symposium on Operating Systems Principles (SOSP’13). 309--324.
[87]
The Trusted Computing Group. 2013. Homepage. Retrieved from https://www.trustedcomputinggroup.org, Last accessed: June 2015.
[88]
Marten van Dijk, Ari Juels, Alina Oprea, Ronald L. Rivest, Emil Stefanov, and Nikos Triandopoulos. 2012. Hourglass schemes: How to prove that cloud files are encrypted. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 265--280.
[89]
Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M. Swift. 2012. Resource-freeing attacks: Improve your cloud performance (at your neighbor’s expense). In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 281--292.
[90]
Venkatanathan Varadarajan, Thomas Ristenpart, and Michael Swift. 2014. Scheduler-based defenses against cross-VM side-channels. In Proceedings of the 23rd USENIX Security Symposium. 687--702.
[91]
Bhanu C. Vattikonda, Sambit Das, and Hovav Shacham. 2011. Eliminating fine grained timers in Xen. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 41--46.
[92]
Victor Vu, Srinath Setty, Andrew Blumberg, and Michael Walfish. 2013. A hybrid architecture for interactive verifiable computation. In Proceedings of the 2013 IEEE Symposium on Security and Privacy. 223--237.
[93]
Gaven J. Watson, Reihaneh Safavi-Naini, Mohsen Alimomeni, Michael E. Locasto, and Shivaramakrishnan Narayan. 2012. LoSt: Location based storage. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW). 59--70.
[94]
Jinpeng Wei, Xiaolan Zhang, Glenn Ammons, Vasanth Bala, and Peng Ning. 2009. Managing security of virtual machine images in a cloud environment. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW’09). ACM, 91--96.
[95]
Peter Williams and Radu Sion. 2012. Single round access privacy on outsourced storage. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 293--304.
[96]
Peter Williams, Radu Sion, and Alin Tomescu. 2012. PrivateFS: A parallel oblivious file system. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS’12). 977--988.
[97]
Chiachih Wu, Zhi Wang, and Xuxian Jiang. 2013. Taming hosted hypervisors with (mostly) deprivileged execution. In Proceedings of the 20th Symposium on Network and Distributed System Security (NDSS’13).
[98]
Zhenyu Wu, Zhang Xu, and Haining Wang. 2012. Whispers in the hyper-space: High-speed covert channel attacks in the cloud. In Proceedings of the 21st USENIX Security Symposium.
[99]
Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 2011 ACM Workshop on Cloud Computing Security (CCSW’11). 29--40.
[100]
Kan Yang, Xiaohua Jia, and Kui Ren. 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 523--528.
[101]
Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium. 719--732.
[102]
Fengzhe Zhang, Jin Chen, Haibo Chen, and Binyu Zang. 2011a. CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP’11). 203--216.
[103]
Kehuan Zhang, Xiaoyong Zhou, Yangyi Chen, XiaoFeng Wang, and Yaoping Ruan. 2011. Sedic: Privacy-aware data intensive computing on hybrid clouds. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). 515--526.
[104]
Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011b. HomeAlone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy. 313--328.
[105]
Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 2012 ACM Workshop on Cloud Computing Security (CCSW’12). 305--316.
[106]
Yinqian Zhang and Michael K. Reiter. 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS’13). 827--838.

Cited By

View all
  • (2024)Empowering Cloud Computing With Network Acceleration: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337753126:4(2729-2768)Online publication date: Dec-2025
  • (2024)IoT data security in outsourced databases: A survey of verifiable databaseHeliyon10.1016/j.heliyon.2024.e2811710:7(e28117)Online publication date: Apr-2024
  • (2023)Security Best Practices: A Critical Analysis Using IoT as a Case StudyACM Transactions on Privacy and Security10.1145/356339226:2(1-30)Online publication date: 13-Mar-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Computing Surveys
ACM Computing Surveys  Volume 47, Issue 4
July 2015
573 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2775083
  • Editor:
  • Sartaj Sahni
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2015
Accepted: 01 April 2015
Revised: 01 April 2015
Received: 01 May 2014
Published in CSUR Volume 47, Issue 4

Permissions

Request permissions for this article.

Check for updates

Author Tag

  1. Public Infrastructure-as-a-Service Cloud

Qualifiers

  • Survey
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)113
  • Downloads (Last 6 weeks)18
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Empowering Cloud Computing With Network Acceleration: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337753126:4(2729-2768)Online publication date: Dec-2025
  • (2024)IoT data security in outsourced databases: A survey of verifiable databaseHeliyon10.1016/j.heliyon.2024.e2811710:7(e28117)Online publication date: Apr-2024
  • (2023)Security Best Practices: A Critical Analysis Using IoT as a Case StudyACM Transactions on Privacy and Security10.1145/356339226:2(1-30)Online publication date: 13-Mar-2023
  • (2023)Blockchain-Assisted Verifiable and Secure Remote Sensing Image Retrieval in Cloud EnvironmentIEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing10.1109/JSTARS.2022.323189016(1378-1389)Online publication date: 2023
  • (2023)Service-Centric Architectures in Cloud Security: An In-Depth Analysis2023 International Conference on Advances in Computation, Communication and Information Technology (ICAICCIT)10.1109/ICAICCIT60255.2023.10465904(917-922)Online publication date: 23-Nov-2023
  • (2023)A review of security issues and solutions for precision health in Internet-of-Medical-Things systemsSecurity and Safety10.1051/sands/20220102(2022010)Online publication date: 31-Jan-2023
  • (2022)Public Key Cryptography’s Impact on Society: How Diffie and Hellman Changed the WorldDemocratizing Cryptography10.1145/3549993.3549997(19-56)Online publication date: 24-Aug-2022
  • (2022)Privacy-Preserving Publicly Verifiable DatabasesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303296119:3(1639-1654)Online publication date: 1-May-2022
  • (2022)FEDARGOS-V1: A Monitoring Architecture for Federated Cloud Computing InfrastructuresIEEE Access10.1109/ACCESS.2022.323162210(133557-133573)Online publication date: 2022
  • (2022)Cloud computing securityComputers and Security10.1016/j.cose.2021.102580114:COnline publication date: 1-Mar-2022
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media