Data Security in Cloud Computing

advertisement
Data Security in Cloud Computing
Amal AlKadi, Hanouf AlYahya
CIS Department, Prince Sultan University
Riyadh, Saudi Arabia
AmalKadi@gmail.com
Hanouf777@hotmail.com
Abstract- Cloud computing is one of the new trends that a lot
of companies are shifting towards. According to Gartner
researches, cloud computing is one of four trends that will
transform information technology and the way business is
conducted. One of the reasons that limit the expansion of cloud
computing to all business functions is the data security concerns.
This research is about Data Security in Cloud Computing. We
first talk about the definitions of data security and cloud
computing and their importance. We then move to talk about
data security technologies and techniques. After that we start
discussing data security in cloud computing by first addressing
most of the threats that may occur when using could computing.
After seeing all major issues we will talk about all possible
solutions. The last part in the research will be about the security
benefits of cloud computing.
The concerns of data security are increasing due to the
ongoing development of the internet and the ease of data sharing
and communication. Data security is critical in all aspects of our
lives; banking information, personal files and businesses almost
all of those are processed using technologies and through
network communication.
communication. One major reason security concerns are
raising is because companies are conducting core and noncore business functions through other companies.
Index Terms—Cloud computing, Data security.
I. INTRODUCTION
Cloud computing is one of the new trends that a lot of
companies are shifting toward. According to Gartner
researches cloud computing is one of four trends that will
transform information technology and the way business is
conducted [1]. One of the reasons that limit the expansion of
cloud computing to all business functions is the data security
concerns. In this research we will discuss the main aspects of
data security in cloud computing, what made it a hot topic and
what is the cloud provided are offering.
Fig. 1. The data lifecycle [3]
Figure 1 above shows the data lifecycle. Data first goes
through the collection phase, where the risk of losing data or
data being manipulated is moderate. Next it goes to the
relevance phase, next to the classification phase; the risk is
low in both phases. The next phase is handling and storing
data, where there is a high risk of data loss or unprivileged
A. Data Security
access. Then data is transmitted and transported, the risk here
Data security is the practice of keeping data protected is moderate. The next phase is the manipulation, conversion or
from corruption and unauthorized access [2]. It helps with altering of data, this phase has a high risk of losing data. The
insuring privacy and protecting personal data. The concerns of data then goes through release, backup, and retention and then
data security are increasing due to the ongoing development destruction phases, where the risk is moderate. We can
of the internet and the ease of data sharing and communication. conclude that the phases where the data is threatened the most
Data security is critical in all aspects of our lives; banking are the handling and storage, and the manipulation, conversion
information, personal files and businesses. Almost all of those or altering of data.
are processed using technologies and through network
B. Cloud Computing
II. DATA SECURITY TECHNOLOGIES
When talking about cloud computing, what we mean by the
term "cloud" is the Internet; because typically the internet is
represented in network diagrams as clouds. Cloud computing
is hard to define. Before explaining what cloud computing is,
we will start with what enforced it. Time-sharing systems
enabled computer machinery that lacked the capabilities to
work through a main server which is connected to it through
wires [4].Cloud computing provides the same ease of sharing
data and information but through the Internet. Nowadays
major companies such as Google and Microsoft provide this
capability as a service. Gartner defines cloud computing as "a
style of computing in which scalable and elastic IT-enabled
capabilities are delivered as a service to external customers
using Internet technologies" [5]. Another definition of cloud
computing, "a standardized IT capability (services, software,
or infrastructure) delivered via the Internet in a pay-per-use
and self-service way"[6].
To clearly understand the definition of cloud computing we
have to know the service and deployment models of cloud
computing which are Infrastructure-as-Service (IaaS),
Platform-as-a-Service (PaaS), and Software-as-a-Service
(SaaS). IaaS is the delivery of computer infrastructure
components, such as hardware, data storage and other
compute recourses, as a service. PaaS provides a platform that
runs over an infrastructure, it offers a ready to use platform
and it enables users of this platform to develop their own
applications. SaaS provides software that runs over a platform
and infrastructure that is manage by the company offering the
service [7]. Gartner predicts that 30% of new software will be
delivered via SaaS model by the end of this year [8]. With the
development of cloud computing a lot of big companies
provided cloud computing services. Table 1 below, shows
major companies that are providing these three types of
services.[9]
Major cloud computing service providers are; Amazon,
Google, and Microsoft. Later in this research we will discuss
Amazon’s services in details and we will talk about the
security measures they take.
TABLE I
EXAMPLES OF MAJOR CLOUD COMPUTING SERVICE PROVIDERS
Offering
Amazon

Google



Microsoft



Core offering includes the AWS
infrastructure related to servers, storage
and bandwidth, and databases
For creating and running web services
Supports only Python and java
Also provides SaaS–related productivity
application.
Operating system with a set of developer
service.
Allows the building of new cloud
application and the enhancement of
existing application for the could.
Platform for Microsoft application
development.
Focus
Area
SMB
focus
SMB
focus
Enterprise
/SMB
focus
To understand data security, we need to explain security
basics. Data security key pillars are: authentication, access
control, and auditing.
A. Authentication
Authentication is verifying that the person who requested
an access to the information is who he claims to be. It is a
process of proving identity. Authentication is a major security
measure for cloud computing service providers and users. It is
important for service providers to insure that the technologies
of authentication are accurate. Authentication is categorized
into three categories; authentication by what you have, what
you know, and what you are. The main techniques used in
authentication are: username and password, tokens, biometrics,
certificates, and Kerberos. Username and password is the most
common user technique. A token is a security device that has
a permission of access embedded in the token itself. Biometric
is using the person’s own characteristics for authentication.
Certificates link a specific person to a key, they are issued by
certification authority (CA). The digital certificate helps the
receiver to verify the identity of the sender. Kerberos is an
authentication system developed by Massachusetts Institute of
Technology (MIT) and it is used to verify the identity of the
users. Kerberos uses encryption and authentication for
security [10].
B. Access control
After authentication and making sure that the user is who
he claims to be, the next step is access control; which is
restricting the user from access all information, and limiting
his access to only material which the user has permission to
access. Assigning rights to groups is more efficient than
assigning them to specific users. Thus, users should be
assigned to groups and then getting the same privileges for all
the group members. A list of permissions can be assigned to a
group or a user, it can be; Full Control, Modify, Read, Write,
List Folder Contents, Read and Execute. The models to
determine the access control types are; Mandatory Access
Control (MAC), Role-Based Access Control (RBAC),
Discretionary Access Control (DAC). In Mandatory Access
Control the user has no privileges of giving permissions to
other users with regards to an object or file. This model is the
most restricted. In Role-Based Access Control the permission
is assigned to a position or a role, where the person in a
specific position can distribute permission to access objects
under his control. In Discretionary Access Control any user
can adjust the permissions of all other users. This model is the
least restricted [10].
C. Audit
The last pillar of data security is auditing. Information
security configurations should be audited to ensure that the
access controls are in place. Some of the auditing techniques
are; logging and system scanning. Logging is keeping record
of the activities performed by users and the time at which it
occurred. The information recorded in the logging is useful
when it’s compared with the access control list (ACL). An
access control list saves all users and the permissions they
have. Performing checking will allow us to find unauthorized
access and if a user has permission that he should not have.
The logging is performed automatically in most cases. The
second technique in auditing is system scanning. System
scanning checks the permissions assigned to a user or a role,
whereas logging keeps track of actions performed by users in
the system and when it was performed [10].
Amazon’s Elastic Computer Cloud EC2. They used one
virtual machine as a target, and another as an attacker, and
then they tried planting malicious virtual machines at the same
server, and they succeed. However, Amazon said they have
solved this problem, but no details were shared. Radu Sion, a
computer scientist at the State University of New York said
"If you don't have everybody using the cloud, you can't have a
cheap service. But when you have everybody using the clouds,
you have all these security issues that you have to solve
suddenly."[12]
Thus, costumers usually demand transparency and detailed
information of the security measures of the vendors.
Costumers are mostly concerned about these major security
threats; Unknown risk profile, Malicious insiders, Shared
technology issues, Data loss and leakage, Insecure interfaces
and APIs, Account or service hijacking, and Abuse use of
cloud computing.
A. Insecure Interfaces and APIs
III. DATA SECURITY IN CLOUD COMPUTING
The first major threat that we are discussing is insecure
interfaces and APIs. The interface and API are the most
important part of the cloud. Having non-secure one will
jeopardize the integrity and confidentiality of the data. This
threat puts all of the three cloud computing service models in
risk. Since all activates done by the user goes through the
interface, it’s crucial to have a secure one. It’s hard for
companies moving to the cloud to identify whether the
interface they are using to get to the cloud and the data stored
there is secure. Some suggestion for perspective cloud
computing costumers is to analyze the security model of the
interface used; they should insure strong authentication and
access control, in addition to encryption. [13]
B. Malicious Insiders
Fig. 2. The main issues on cloud computing.
The above graph shows that the number one concern about
cloud services is security; since the business’s critical
information is exposed to a third-party which worries the
businesses of the information’s vulnerability to be attacked.
[11]
Since cloud computing is offered as a service, which raises
a lot of questions to be answered with regards to data security.
Costumers moving to the cloud have a lot of concerns when it
comes to handing over control to a third-party; especially
sensitive data of the company and its customers. Computer
security researches found out that when two programs running
at the same time on the same operating system an attacker can
steal data by using eavesdropping program. One research
raised concerns about having the same problem when two
virtual machines are running on the same server. What
confirmed this security issues was a research done by three
computer scientists at the University of California in San
Diego, and one at MIT. This research was done by hiring two
virtual machines at the same server, which was offered from
A second threat is malicious insiders, which threatens all
three models of cloud computing. This threat is well-know to
organizations. With the introduction of cloud computing, this
threat has been amplified. Companies moving their data to the
cloud providers may not reveal how access to their physical
and non-physical assets is being granted, and how they
monitor the employees. The level of impact depends on the
level of access granted to employees, so, for the consumer of
cloud services, they should know how the providers are
detecting and protecting their data from malicious insider
threat. One way a company can ensure that malicious insider
threat is almost eliminated is by specifying human resources
requirements as part of the legal contracts. As well, a
company can require transparency in the overall information
security and management practices. [13]
C. Shared Technology Issues
A third example of threats is shared technology issues,
which was the issue in the previous discussed research. This
threatens the infrastructure as a service model only (IaaS).
This problem occurs because the underlying physical
components that form the infrastructure were not designed to
offer isolation for multi-tenant architecture. Sharing the CPU
and the cache threatens the security of the data. In theory,
customers should not be able to access any other tenant’s
information or network. A cloud provider should conduct
vulnerability scanning and configuration audits to protect
customers. [13]
D. Data Loss or Leakage
Another threat is data loss or leakage. Due to the
architectural and operational characteristics of the cloud
environment, data loss and leakage are increasing.
Unauthorized people should not be granted access to the data
to insure that none will be deleted or altered intentionally in
anyway. For a service provider, data loss or leakage can have
a destructive impact on their reputation and name. In addition,
loss of some sensitive data might affect the providers legally
and financially. Providers should backup the data and have a
solid plan to overcome this kind of threats. This threat affects
all the three cloud computing models. [13]
G. Account or Service Hijacking
This threat, which is “account or service hijacking”, is not
a new threat; as it has existed since the begging of the
evolution of using computers. Since users usually use the
same password for all different kinds of services; their
passwords are more vulnerable to these kinds of attacks.
Hijacking someone’s account could offer the chance of
eavesdropping on others’ activities. Account hijacking
jeopardizes the integrity and the availability of data. Cloud
service providers should monitor the activities so that they can
detect any illegal or suspicious activity. In addition to
emphasizing the importance of keeping everyone’s user safe
and top secret. [13]
Table 2 below, shows each threat and which models does
it effect.
TABLE 2
EXAMPLES OF THE THREATS THAT MIGHT THREATEN THE CLOUD COMPUTING
MODELS
Threats
Insecure Interfaces and APIs
Malicious Insiders
Shared Technology Issues
Data Loss or Leakage
Unknown Risk Profile
Abuse Use of Cloud Computing
Account or Service Hijacking
IaaS
PaaS
SaaS
E. Unknown Risk Profile
The next threat that we will be discussing is unknown risk
profile. Companies are driven by the advertisement of the
service providers showing all the benefits of moving to the
cloud; like hardware reduction, maintenance and licensing. On
the other hand, they miss the downside of using the cloud. A
company who’s making long term decision needs to address
all the potential risks. The service provider should inform
customers of all possible risks or otherwise this may include
serious threats. Potential customers should ask for disclosure
of applicable logs, data, and infrastructure details. [13]
F. Abuse Use of Cloud Computing
Our next threat is about the abuse use of cloud computing.
Since cloud computing providers try to promote for their
services by offering a free trial period for their customers; in
which the customers only need a valid credit card to register
for the service. These users can easily abuse the service by
spamming and implementing malicious codes. At first, the
abuse of cloud computing was limited to the IaaS model, but
nowadays, PaaS model is affected as well. For service
providers to prevent these kinds of activates, they should have
a strict registration process. In addition to monitoring public
blacklists for their own network blocks. [13]
IV. DATA SECURITY SOLUTIONS
Due to the threats discussed above, researches came up
with some solutions and some ideas to be implemented. One
of the solutions provided was by Amazon web service.
Another idea was suggested by a group from Microsoft.
Amazon has introduced a private cloud that offered more
security because of the demand of Amazon’s customers to
have a more enhanced level of security in the cloud service. In
addition, the group from Microsoft suggested a way to prevent
what happened in the case of the researchers from San Diego
and MIT by monitoring the use of the shared cache memory
by a virtual machine which is operation on the same server.
A. Encryption
Major cloud computing security solutions are based
on encryption. The most secure ways nowadays is getting the
encrypted data from the cloud to a secure location, decrypting
it, then use it and work with, and at last, return the data
encrypted again back to the cloud. Another possibility which
is less secure, is keeping the information in the cloud
unencrypted. Craug Gentry, a cryptography researcher at
IBM “The general theme of cloud computing is that you want
Fig. 3. Traditional page table updates vs. new page table updates in HyperSafe
Fig. 4. Traditional indirect call vs. new indirect call in HyperSafe
to be able to outsource all kinds of functionality but you don’t
want to give away your privacy—and you need very versatile
cryptography to do that,”. Encryption techniques used
nowadays need to be more advanced to suit the cloud
computing environment. [12] IBM researcher called Craig
Gentry have founded a solution for analysing data in the
cloud without having to decrypted which years ago was
considered impossible. The solution was called “privacy
homomorphism," or "fully homomorphic encryption”.[14]
privacy homomorphism is defined as “ a form
of encryption where a specific algebraic operation is
performed on the plaintext and another (possibly different)
algebraic operation is performed on the cipher text[15]”
B. Virtualization solution
To solve the problem of virtualization, a research called
“HyperSafe: A Lightweight Approach to Provide Lifetime
Hypervisor Control-Flow Integrity” by Zhi Wang and Xuxian
Jiang, presented HyperSafe. When people first started using
virtual machines, they assumed that they were safe and the
hypervisor (virtual machine monitor VMM) is secure. A study
by the National Vulnerability Database showed that in the last
three years, there were 26 security vulnerabilities. These
contemporary hypervisors where the security vulnerabilities
occurred (Xen and VMware) had a large complex code base.
HyperSafe is developed to solve this problem by using two
techniques. “The first technique locks down write-protected
memory pages and prevents them from being manipulated at
runtime, thus effectively protecting the hypervisor’s code
integrity; The second key technique converts the control data
into pointer indexes by introducing one layer of indirection
and thus expands protection to include control-flow
enforcement”.[16]
C. Private clouds
Private cloud is a stack of network servers and storage
hardware used for one single customer. The first benefit is
providing security; where you have your own dedicated data
center, that is not available for anyone but you, exclusively
provided for you from the service provider. The second
benefit is flexibility; with the option of changing the specific
features of the cloud to meet your changing needs. With that
level of flexibility, some challenges raised, such as, the level
of complexity used in building these private clouds. [17]
Private cloud is considered a solution to two of the major
threats which are hacking and denial of service attacks (DOS).
To solve the problem of hacking, private cloud restricts access
to administrators only, and allows the business to have access
control over their environment. The other threat is denial of
service attacks on other customers that share the same
infrastructure. Private clouds allow you to have your own
infrastructure not sharing it with any other person, which
eliminates any threat of DOS.[18]
The private cloud helps with disaster recovery plan since it
allows for isolating the resources if any hardware failure
occurs. Another benefit is that you can connect your private
cloud to your dedicated environment.
Private cloud is specially fitted for companies that have
very specific security resources or data requirement.[19]
The figure below shows a comparison between private
clouds and other types of clouds.[20]
unless you get an X.509 certificate, and a key to authorize the
change.
The next and the last level is the signed API calls. All API
functions are signed by the customer’s Amazon Secret Access
Key. Amazon recommends that all API calls are encrypted
using SSL. A second measure of security is Instance Isolation.
“Different instances running on the same physical machine are
isolated from each other via the Xen hypervisor. Amazon is
active in the Xen community, which ensures awareness of the
latest developments. In addition, the AWS firewall resides
within the hypervisor layer, between the physical network
interface and the instance's virtual interface. All packets must
pass through this layer, thus an instance’s neighbors have no
more access to that instance than any other host on the
Internet and can be treated as if they are on separate physical
hosts. The physical RAM is separated using similar
mechanisms. AWS recommends that customers further protect
their data using appropriate means. One common solution is to
run an encrypted file system on top of the virtualized disk
device.”[22]
Fig 5. Features of private cloud in comparison to other types of clouds
V. AMAZON WEB SERVICES
Amazon provides a lot of services related to cloud
computing. Amazon web services offer a variety of services.
They have computing services; like Amazon Elastic Compute
Cloud, Amazon private cloud and Amazon Simple Storage
Service.
Fig 6. Illustration of the Instance Isolation measure
A. Amazon Elastic Compute Cloud
Amazon Elastic Compute Cloud (EC2). “EC2 is a web
service that provides resizable compute capacity”.[21].EC2
provides multiple levels of security to its customers; starting
with security in the host and the guest operating systems,
firewalls, and signed API calls. In the level of host operating
system; only administrators from Amazon who are granted the
privilege using strong authentication can access the system
and manage the cloud. All accesses in this level are logged
and audited.
The second level; the guest operating system, customers
have full control over the virtual instances; accounts, services,
and applications. Amazon web servers (AWS) have no access
to the customers’ instances.
The next level is firewalls, where all configurations of the
firewall are set to “deny” mode in default. The customer has
the choice of changing the mode whenever needed, and can
configure the firewall to treat different classes of instances in
different set of rules. The security measure here is that the
firewall configurations cannot be manipulated by the guest OS
B. Amazon Virtual Private Cloud
Another package of services provided from Amazon are
networking services; such as Amazon Virtual Private Cloud
(VPC), they enable companies to connect their infrastructure
with a set of isolated AWC resources using virtual private
network (VPN) connection. Amazon VPC is integrated with
Amazon EC2. Figure 7 below illustrates the architecture of
Amazon VPC.[22]
Fig 7. Illustration of Amazon VPC setting
C. Amazon Simple Storage Service
Another service that Amazon provides is; Amazon Simple
Storage Service (S3), which gives customers the capability of
storing their own data on Amazon premises. Customers using
this service are mostly concerned whether someone with
unauthorized access would be able to access their data. What
Amazon did, to eliminate these concerns, is two security
measures; data management, and access logging.
In data management, to secure the data, they use data
encryption and physical security. When a customer deletes an
object from Amazon S3, the link of the object will be deleted.
After the deletion of the link, there will be no remote access to
the deleted object. To insure availability of data, Amazon S3
objects are stored redundantly on multiple devices across
Amazon’s S3 region. They also provide versioning, which can
be used to distinguish, retrieve, and restore every version of
each object stored in Amazon S3 packets. With versioning
customer can recover all versions when an application fail.
Amazon S3 packets are configured to keep logs of access
to them and their objects. These access logs contain
information about the request type, and the requested resource,
and the requester IP, plus the time and date of the request. Log
records are combined periodically into log files.[22]
VI. SECURITY BENEFITS OF CLOUD
security needs a few more years to be solid. A lot of
researches have been conducted to introduce new ways of
securing the clouds and the data. Most researches are not yet
implemented, but, hopefully, in the next few years we will
find these technologies implemented, and used to its full
potential. And as technology is evolving, more risks might
threat the business. However, many researches are working on
improving these issues as it progress.
REFERENCES
[1] "Gartner Identifies Four Converging Trends That Will Change the Face
of IT and Business." Technology Research & Business Leader Insight |
Gartner. Gartner, 15 Nov. 2010. Web. 11 Dec. 2010.
<http://www.gartner.com/it/page.jsp?id=1470115>.
[2] "What Is Data Security?" Spam – Antivirus - Identity Theft - Scams and
Fraud: STOP IT. Web. 30 Nov. 2010. <http://www.spamlaws.com/datasecurity.html>.
[3] Data Lifycycle. Digital image. Web. 9 Jan. 2011.
<http://cloudsecurityalliance.googlegroups.com/web/Datalifecycle.pdf?g
da=_lh7REMAAACJG7iKeUOOFamAbEkryLW2jHbjBu1NcoXB7Khi
xHtQlfvV_T_OFibCcYqzBc7w-eMytiJHdGYYcPi_09pl8N7FWLveOaWjzbYnpnkpmxcWg>.
[4] Hayes, Brian. "Cloud Computing | July 2008." Communications of the
ACM. Web. 28 Nov. 2010.
<http://cacm.acm.org/magazines/2008/7/5368-cloud-computing/fulltext>.
[5] STAMFORD, CONN. "Gartner Highlights Five Attributes of Cloud
Computing." Technology Research & Business Leader Insight | Gartner.
23 June 2009. Web. 11 Dec. 2010.
<http://www.gartner.com/it/page.jsp?id=1035013>.
[6] Staten, James. "Cloud Computing for the Enterprise." Forrester.
Forrester Research, 3 Feb. 2009. Web. 9 Dec. 2010.
<http://www.forrester.com/imagesV2/uplmisc/CloudComputingWebinar
SlideDeck.pdf>.
[7] Wilshusen, By Gregory. "Information Security: Federal ..." Google
Books.
DIANE
Publishing.
Web.
28
Nov.
2010.
<http://books.google.com/books?id=DtZSSxhPZPQC&pg=PA15&dq=cl
oud
computing&hl=en&ei=tpzvTJL0F9P4waJwtjdBA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CCk
Q6AEwAA&safe=active#v=onepage&q&f=false>.
[8] Rittinghouse, John W., and James F. Ransome. "• Cloud Computing:
Implementation, Management, and Security." Klc Consulting. CRC
Press.
Web.
29
Nov.
2010.
<http://www.klcconsulting.net/security_resources/cloud/Cloud_Computi
ng_Book-Implementation-Management-Security-2010.pdf>.
The benefit of scale is considered one of the major security
benefits of the cloud. Since most cloud providers operate in
multiple locations by default, this will increase the
independency from failure and provide a level of disaster
recovery. In addition, when using the service from a cloud
computing provider, you get a list of benefits with it; such as
hiring specialists to deal with security threats. Plus, it is easier
for the service providers to insure that the system is secure
from hackers and bugs.
Another benefit of the cloud is having protection from
distributed denial of service (DDOS). When having a large
cloud provider like Amazon, it is hard to overload their [9] Latif, Shahed, Subra Kumaraswamy, and Tim Mather. "Cloud Security
system because of its size, so, as a result, customers of such
and Privacy: An ... - Google." Google Books. Web. 28 Nov. 2010.
companies get protected from these attacks.
<http://books.google.com/books?id=BHazecOuDLYC&printsec=frontco
ver&hl=ar&safe=active#v=onepage&q&f=false>.
One more benefit is the chance for standardization and
collaboration. Since the servers are owned by the service [10] Ciampa, Mark D. Security Guide to Network Security Fundamentals.
2nd ed. Boston, MA: Thomson/Course Technology, 2005. Print.
providers, there is a greater chance of using the same set of [11] Gens, Frank. "IT Cloud Services User Survey, Pt.2: Top Benefits &
hardware, which will eventually lead to the standardization
Challenges." IDC EXchange. 02 Oct. 2008. Web. 14 Dec. 2010.
<http://blogs.idc.com/ie/?p=210>.
and collaboration for improving security services for the
[12] Talbot, David. "Security in the Ether." Smith College. Feb. 2009. Web.
users.[23]
VII.
CONCLUSION
29
Nov.
2010.
<http://cs.smith.edu/dftwiki/images/0/02/SecurityInTheEther.pdf>.
[13] "Top Threats to Cloud Computing V1.0." Cloud Security Alliance (CSA)
- Security Best Practices for Cloud Computing. Cloud Security Alliance,
Mar.
2010.
Web.
29
Nov.
2010.
<http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf>.
[14] Cohen, Reuven. "IBM Researcher Solves In-Cloud Data Encryption
Whenever a new technology is introduced, a great benefit
comes along with it; just like cloud computing. Meanwhile,
[15]
potential risks are attached to it as well. Cloud computing
Puzzle." Cloud
Computing
Journal.
Web.
14
Jan.
2011.
<http://cloudcomputing.sys-con.com/node/1015761>.
"Homomorphic Encryption." Wikipedia, the Free Encyclopedia. Web. 14 Jan.
2011. <http://en.wikipedia.org/wiki/Privacy_homomorphism>.
[16] Wang, Zhi, and Xuxian Jiang. "HyperSafe: A Lightweight Approach to
Provide Lifetime Hypervisor Control-Flow Integrity." North Carolina
State
University.
Web.
9
Jan.
2011.
<http://www4.ncsu.edu/~zwang15/files/oakland10.pdf>.
[17] "What Are the Benefits of Private Cloud Computing for Businesses? »
Welcome to Privatecloud.com." Privatecloud.com. 28 July 2010. Web. 09 Jan.
2011.
<http://www.privatecloud.com/2010/08/06/what-are-the-benefits-ofprivate-cloud-computing-for-businesses/?fbid=jUhoEh0OcQD>.
Chen,
Yanpei, Vern Paxson, and Randy H. Katz. "What’s New About Cloud
Computing Security?" Electrical Engineering and Computer Sciences
University of California at Berkeley. Jan. 2010. Web. 29 Nov. 2010.
<http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.pdf>.
[18] Marler, Jon. "Securing the Cloud: Addressing Cloud Computing Security
Concerns with Private Cloud." 25 May 2010. Web. 09 Jan. 2011.
<http://www.rackspace.com/hosting_knowledge/private-cloud/securingthe-cloud-addressing-cloud-computing-security-concerns-with-privatecloud/>.
[19] Private Cloud 101 Video - Who's a Good Fit for Private Cloud? Perf.
RackspaceHosting.YouTube. 17 Nov. 2009. Web. 09 Jan. 2011.
<http://www.youtube.com/watch?v=1RbEbo8UyCE&feature=related>.
[20] "Cloud Computing Risk Assessment — ENISA." Securing Europe's
Information Society. ENISA, 20 Nov. 2009. Web. 09 Jan. 2011.
<http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computingrisk-assessment>.
[21] Sns, Using Amazon. "What Is AWS?" Amazon Web Services. Web. 11
Jan. 2011. <http://aws.amazon.com/what-is-aws/>.
[22] "Amazon Web Services: Overview of Security Processes." AmazonAWS.
Aug.
2010.
Web.
11
Jan.
2011.
<http://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper.pd
f>.
[23] "The Security Benefits of Cloud Computing | CloudTweaks.com - The
Cloud Computing Community." Cloud Computing Social Community CloudTweaks.com. 15 Aug. 2010. Web. 11 Jan. 2011.
<http://www.cloudtweaks.com/2010/08/the-security-benefits-of-cloudcomputing/>.
Download