Security issues in cloud computing (User under consideration)

advertisement
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
Security issues in cloud computing
(User under consideration)
Seemab Hameed
CS department
University of Lahore
Abstract: Cloud computing is a term used for resources
using internet to avail technology by organizations. Cloud com-
plus services offered by internet. It is a way of facilitat-
puting has revolutionized the world of IT.
ing its consumers as it provides virtual resources. The
Types of Cloud Models
three layers Offered are SaaS, PaaS and IaaS.IN Cloud
computing not only services are rapidly growing all

Private cloud
over the world but also the security issues are increas-
Private cloud is a setup managed on private networks and
ing day by day. Although world gained many benefits
organizations internal environment. It is more secure than
from it but organizations and users are worried about
other types because only stakeholders can have access to
their confidential data security. In this study, we aimed
it. [51]
to review the related work and identify major security

Public cloud
risks in cloud computing due to which the users linked
Public cloud is a set up managed by a third party, provid-
to it are reluctant to share their confidential data, some
ing facilities by using“ pay as you go” model.[52] It is less
counter measures were discussed which may help ven-
secure than other cloud models.
dors to increase security in a cloud computing system

Hybrid cloud
Hybrid cloud is a “centrally managed setup private Cloud linked
and may facilitate users of cloud computing.
to one or one or more external resources”. [53]
Keywords: Cloud computing, IaaS, PaaS, SaaS.
Introduction
Cloud deployment services

Infrastructure as a service(IaaS)
This is the century of cloud computing. Cloud computing is a
A model in which Infrastructure is used as a service in-
model for delivering services on “pay as you go”. It is a revolu-
stead of purchasing .It is on demand use of virtualized re-
tionary idea for organizations as one can use its hassle free ser-
sources using internet. It facilitates its users by providing
vices by using internet without the overhead of infrastructure,
infrastructure as a service instead of purchasing it. “Ama-
platform and maintenance tasks. “Cloud computing” means us
zon EC2” is example of IaaS.

Platform as a service(PaaS)
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.

A model which provides platform as a service to “reduce
and their countermeasures. In data security, confidentiality,
the cost of platform components management and devel-
privacy and data integrity are discussed in detail. For data
opment of database tools”. “Google App Engine, Windows
confidentiality cryptography technique is proposed in pub-
Azure “are its examples.
lic clouds. [5]To insure privacy some tips like minimum
Software as a service(SaaS)
sharing of personal data, maximizing user control and user
A model which provides software as a service instead of
choice and providing feedback are proposed. Different
developing software and it reduces overall cost. “Google
security threats proposed by “Cloud Security Alliance” are
docs” is its example.
abuse of cloud by using botnets in a public cloud, using
Insecure interfaces ,shared environment causing threading
on others territory and data leakage due to loss of encryp-
All these components of cloud offer great convenience,
tion key or unauthorized access are discussed in this paper
cost reduction, hassle free services and maintenance free
[6]. “Man in the middle attacks”, phishing, spam and “de-
soft wares but due to its shared environment a lot of securi-
nial of service attacks” are some other security threats dis-
ty risks are there for confidential data. This paper aimed to
review papers and exploring different aspects of security
issues as mentioned in those papers.
Body
cussed. From cloud location point of view, it was discussed that users private data on some others storage space
may cause severe damage. “Data combination and commingling” storing multiple data at same place can cause
virus attacks and hack attacks. Different data security chal-
[1] In this paper, different security challenges are dis-
lenges like “MITM, reused IP addresses, and sniffer at-
cussed that cloud computing users are facing. Different
tacks” are also discussed from network point of view that
cloud models are discussed with respect to security and
can cause serious data hack threats. At the end some coun-
private cloud is declared as a secure model and user‟s se-
ter measures are proposed to all these threats. The strength
curity issues can be minimized using this model but it
of their study is that they have discussed data security
works in a limited scenario. Public clouds are presented as
challenges and their counter measures W.R.T network,
a less secure model. [2] “Cloud Security Alliance (CSA)”
cloud location and generally. The deep study is helpful to
states that organizations are interested in using cloud but
handle these challenges. The limitation of work
security is required.[3] The other security issues that are
security tool or mechanism is proposed. [Vahid Ashktorab
discussed and pose threats to user‟s data are phishing, us-
& Seyed Reza Taghizadeh, 2012]
is no
er‟s data loss and botnet. In addition to that, it is also discussed that hackers may use cloud for arranging botnet as
[7]In this paper, it is discussed that cloud computing has
it provides cheaper services. These threats are viewed as
changed the computing and provided its customers hassle
major factors of hindrance of cloud and it needs techniques
free services all around the world but along with a lot of
and security models to tackle these challenges. The
security issues. [8] In cloud computing main concern is to
strength of this paper is that different cloud security chal-
handle security issues and provide hassle free services and
lenges are discussed in detail. The limitation of their work
comfort to users.[9]Depending upon the service delivery
is that no mechanism is given to tackle with the challenges
models different security challenges are pointed out
and no security tool is proposed. [Kuyoro S. O et al, 2011]
through survey. [10] Public clouds offers multifarious security challenges due to highly interfering environment as
[4] In this paper, the researcher has highlighted the benefits of cloud computing along with major security threats
compared to private cloud so one should adopt private
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
cloud unless public cloud is really needed.[11] Mash up
[17] In this paper cloud computing architecture is de-
also offers security issues as it collects and manages data
scribed in detail. SaaS, PaaS, IaaS are described with real
from multiple web sources so a security model is also dis-
world service providers. Different cloud service models
cussed to secure mash up applications. SaaS uses web 2.0
are discussed. [18] Private cloud is considered safer in
as a key technology to avoid installation and maintenance
terms of different security issues. In private cloud there is
tasks but the security issues are increasing day by day in
no need to have additional regulations and legal concerns.
this environment [12, 13 and 14]. In web 2.0 different at-
Public cloud is not a better choice when high security and
tacks like “SQL injection attacks”, “Cross Site Scripting
confidentiality is concerned due to its shared environment.
(XSS) attacks”, “MITM attacks “are discussed. To avoid
[19] Hybrid cloud is combination of two or more clouds
MITM attacks different encryption techniques like “Dsniff,
with responsibilities shared between cloud service provider
Cain, Ettercap, Wsniff, Air jack etc.” are discussed in
and concerned companies. In Cloud security architecture
[15].In this paper , “Network level security, Application
different layers are such as “user layer, service provider
level security, data storage security” are the different levels
layer, virtualization layer and data center layer” must en-
at which security challenges are discussed. “DNS AT-
sure security by “authentication, data transmission securi-
TACKS, SNIFFER ATTACKS, ISSUE OF REUSED IP
ty, virtual machine security and server security respective-
ADDRSESSES” are different threats discussed at network
ly”. Key security challenges discussed in this paper are
level. “DENIAL OF SERVICE ATTACKS, COOKIE
“Access to Servers & Applications, Data Transmission
POISONING and SECURITY CONCERNS WITH THE
,Virtual Machine Security ,Network Security ,Data Securi-
HYPERVISOR” are some of the challenges discussed at
ty ,Data Privacy , Data Integrity, Data Location, Data
application level. Privacy, confidentiality, Data loss, data
Availability, Data Segregation , Security Policy and Com-
leakage, hacking, malicious code inserted in databases by
pliance , Patch management”.[20] discussed that access to
using known domains are some known threats to data stor-
server should be regulated by cloud using according to the
age and data loss. [16]To solve different security issues
security policy of company using cloud in order to avoid
some tips are discussed: Use of encryption techniques in a
unauthorized access.[21] “Lightweight directory” in small
shared environment, less interaction of service providers to
organization and “single sign on” in large organization is
user data, data back up to avoid data loss, use of “pub-
used to manage users to ensure authorized access. “Data
lished API” to tackle identity management issues. Differ-
loss, encryption, MITM attacks to hack data, virtual ma-
ent countermeasures and strategies like “URL FILTER-
chine security management” are some basic, of reused IP
ING, MULTILAYERSECURITY, ENCRYPTION, AC-
address”. Sniffer attack actually captures packets and non-
CESS TO DATA BY PASSING CODES, PUBLIC AND
encrypted data can be hacked. An algorithm to tackle
PRIVATE KEY ENCRPTION,” are presented to handle
sniffer attack is discussed in [22].”Encryption, HTTP,
the above mentioned challenges at different levels. Com-
SSH, single sign on and regular audit of security policies”
parative analysis of different strategies is also presented.
is discussed as countermeasures to above problems. In
The strength of paper is very detailed and comprehensive
addition to all these issues some new research issues are
study of cloud computing issues at different levels. Com-
also discussed in paper. The strength of their work is that
parative study of different strategies, their benefits and
different security issues are discussed. The drawback is
limitations discussed is the best feature. [Rohit Bhadauria
that Countermeasures are not discussed in detail. [Rabi
et al].
Prasad Padhy et al, 2011]
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
[23] In this paper, different Security threats are highlight-
crosoft Share Point Services and Microsoft Dynamics
ed and categorized as “trust, architecture, identity man-
CRM”. Some consider cloud only hype while others con-
agement, software isolation, data protection, and availabil-
sider it great phenomena for IT Professionals to work with
ity”. SaaS, IaaS, PaaS are discussed. Security challenges
[32]. Some security disadvantages discussed in this paper
discussed at different architecture levels are “attack surfac-
are “data location, Investigation, data segregation, long
es, virtual networks protection, client side protection, serv-
term viability and recovery. This paper also discussed se-
er side protection and access management”. [24, 25,
curity issues in virtualization. [33]Virtualization is of two
26]Client side protection requires user and websites securi-
types named as “full virtualization and Para virtualiza-
ty. User security can be implemented easily than web
tion”. Different vulnerabilities in virtualization are dis-
browser as different plug-ins and website extensions in-
cussed. [34] Vulnerabilities in Microsoft server may cause
crease the risk of attack. User identity management must
access of one guest operator to other guest operator and the
include privileges and access to a resource besides authen-
host also to run code. At the end current research of these
tication. Data protection challenges include data Isolation,
cloud service providers about user views is presented. [35]
data sanitization and data location S. [27] Encryption can
IBMs survey concluded that 77% of the people consider
be usually done on data stored in an isolated database in-
cloud threat for security, 50% are concerned about data
stead of shared database. So according to nature of data,
breach. [36] “Microsoft survey reveals 39% of SMB‟s to
accurate security management solution is needed. [28, 29]
pay for cloud services within three years.” The strength of
Data location is also a major issue faced by an organiza-
work is survey based services inquiry by different cloud
tion in cloud. This paper discusses different issues under
providers. The drawback is that security issues are not
different categories but solution to these problems is not
mentioned in detail. [Vikas Kumar et al, 2012]
discussed in detail. No security model or tool is implemented to address these issues. [Wayne A. Jansen, NIST,
[37] The paper gives a detailed description of almost all
2011]
the old and new security issues in cloud computing. The
security is main concern of “researchers [38, 39] business
[30]In this paper, huge advantage of cloud computing has
decision makers [40] and government organizations [41]”.
been discussed. The benefits of cloud deployment models
In this paper different security issues have been cited from
and services are described along with key security issues.
“CSA‟s security guidance [42] and top threats analysis
A survey has been done in order to investigate different
[43], ENISA‟s security assessment [41] and the cloud
security techniques to tackle security issues in cloud com-
computing definitions from NIST [44]”. According to
puting. Amazon, Google and Microsoft cloud service pro-
above mentioned references the paper includes different
vider has been selected to carry out survey. Amazon pro-
categories of security threats. Network security includes
vides following services: “Elastic Compute Cloud (EC2),
“transfer security, fire walls and security configurations.”
Simple Storage Service (S3) and Simple Queue Service
Interfaces include “user interface, authentication, Adminis-
(SQS)”. These are difficult to use as it uses command line
trative interface and API.” Data security problems include
and Linux user can operate it easily [31].Google does not
“cryptography, redundancy and disposal.” Similarly virtu-
allow write file feature to ensure security. Google provides
alization. Compliance and different legal issues have been
debugging features. Microsoft also provides services to
discussed. In paper security taxonomy is categorized as
“manage user identities, workflows and synchronization of
“architecture, compliance and privacy” which are further
data. Microsoft SQL, Microsoft NET, Live Services, Mi-
explained in detail via a tree like diagram. Different securi-
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
ty issues and security solutions are discussed. Current sta-
is a practical model.” The strength of their work is practi-
tus of security is discussed with reference to different enti-
cal solution. The drawback of the study is that it is not
ties like “ENISA, CSA and NIST”. [45] ENISA is respon-
suitable for large cloud environments.
sible for managing “network and information security in
[50] This paper is a concise analysis of data protection and
Europe.” [46]CSA is an agency run by corporations, busi-
privacy
based
on
data
life
cycle
ness persons and other stakeholders. [47]NIST has published cloud computing security taxonomy. At the end
above mentioned organizations security frame work has
been discussed. The strength of paper is that all old and
recent security issues have been discussed and categorized.
“ENISA, CSA and NIST” proposed security frame work is
discussed in detail. Taxonomy of current security issues
has been discussed in detail. The drawback of study is that
no tool is proposed for implementing security. [Gonzalez
et al, 2012]
[48] In this paper, different security challenges are discussed with respect to cloud user and cloud service provider. From cloud service users point of view, data security
issues discussed are data leakage, data loss and loss of
encryption key. As remote connection are used in cloud
computing and passwords are reused, if someone accesses
your credentials can cause serious damage to data and may
provide false information to your customers. They also
service provider‟s point of view, it is discussed that due to
shared environment and APIs being non-protected can
[50] Fig 1 their proposed data life cycle
They have discussed the problems at all stages of their
proposed data life cycle. “Data ownership, private data
storage, availability, authentication, encryption of confidential data, key management in encryption, data integrity,
back up, data leakage, data restoration” are the key threats
discussed. They have cited various security solutions of
different researchers at the end.
The strength of their work is that they have proposed a
data life cycle and discussed the problems during this life
cycle. Limitation of work is the security threats are not
discussed in detail. [Deyan Chen & Hong Zhao, 2012]
cause unauthorized access to user data and severe damage.
The strength of their work is that they have discussed secu-
Conclusion
rity challenges from user and service provider‟s point of
Cloud computing environment is the best choice for small
view. The limitation of work is that no tool or security
and large organizations. All organizations want to adopt its
measures are proposed. [Kangchan Lee, 2012]
services. Cloud computing has huge advantages but with
[49] In this paper benefits of cloud computing has been
some severe threats of security. Due to these security
discussed along with increased security threats in cloud
threats Organizations are reluctant to use cloud. Organiza-
computing. End user is concerned about data security and
tions have confidential data and due to shared environment
availability. In cloud system users are also concerned
in cloud data hacking, manipulation, malicious attacks and
about the data access mechanism in cloud computing .To
data loss are severe security concerns. Cloud computing is
handle the problem of data security; they have proposed
a revolutionary concept in IT field. This paper includes
the idea of a system which will capture information
key security threats and their countermeasures after review
movement in cloud. A case study is used to implement the
of different research papers. The need of the hour is that
proposed system. “They have claimed that proposed model
design algorithms and mechanism to tackle these security
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
algorithms. So, organizations may use Cloud services feeling safe and secure.
References
[1] Kuyoro S. O, Ibikunle F, Awodele O. “Cloud Computing Security
[14]. Adam A Noureddine, Meledath Damodaran, “Security in Web 2.0
Application Development,” iiWAS '08, Proc.of the 10th International
Conference on Information Integration and Web-based Applications &
Services, pp. 681685, 2008, ISBN: 978-1-60558-349-5, DOI: 10.1145/1497308.1497443.
Issues and Challenges” International Journal of Computer Networks
(IJCN), Volume (3): Issue (5): 2011
[2] M. A. Morsy, J. Grundy and Müller I. “An Analysis of the Cloud
Computing Security Problem” In PROC APSEC 2010 Cloud Workshop.
2010.
[3] S. Ramgovind, M. M. Eloff, E. Smith. “The Management of Security
in Cloud Computing” In PROC 2010 IEEE International Conference on
Cloud Computing 2010.
[4] Vahid Ashktorab2, Seyed Reza Taghizadeh1“Security Threats and
Countermeasures in Cloud Computing” Volume (1), Issue (2): October
2012.www.ijaiem.orgEmail: editor@ijaiem.org, editorijaiem@gmail.com
[5] Siani Pearson. Taking Account of Privacy when Designing Cloud
Computing Services. CLOUD '09: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages
44-52. May 2009
[6] S. Ghemawat, H. Gobioff, and S. Leung, “The Google file system,” in
Proceedings of the 19th Symposium on Operating Systems Principles
(OSDI‟2003), 2003, pp. 29–43.
[7]Rohit Bhadauria, Rituparna Chaki, Nabendu Chaki and Sugata Sanyal
“A Survey on Security Issues in Cloud Computing”
[8]. “Security Consideration for Cloud Ready Data-Centers,” Juniper
Networks, Oct. 2009.
http://www.juniper.net/us/en/local/pdf/whitepapers/2000332-en.pdf.
[9]S. Subashini, V. Kavitha, “A survey on security issues in service delivery models of cloud computing”; Journal of Network and Computer
Applications, Vol. 34(1), pp. 1–11, Academic Press Ltd., UK, 2011,
ISSN: 1084-8045.
[10] Jon Marler, “Securing the Cloud: Addressing Cloud Computing
Security Concerns with Private Cloud, “Rackspace Knowledge Centre,
March 27, 2011, Article Id: 1638.
http://www.rackspace.com/knowledge_center/private-cloud/securing-thecloud-addressing-cloud-computingsecurity-concerns-with-private-cloud.
[11]. Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh
Chari, Sachiko Yoshihama, “Smash: secure component model for crossdomain mashups on unmodified browsers,” Proc. of the 17th International
Conference on World Wide Web, ACM, NY, USA, 2008, ISBN: 978-160558-085-2.
[12]. Pradnyesh Rane, “Securing SaaS Applications: A Cloud Security
Perspective for Application Providers,”Information Systems Security,
2010.
http://www.infosectoday.com/Articles/Securing_SaaS_Applications.htm.
[13]. Mashups, SaaS and Cloud Computing: Evolutions and Revolutions
in the Integration Landscape.
http://www.redcad.org/summerschool09/slides/Bentallah_CTDS09_Mash
ups%20and%20SaaS.pdf.
[15]. Jonathan Katz, “Efficient Cryptographic Protocols Preventing Man
in the Middle Attacks,” Doctoral Dissertation submitted at Columbia
University, 2002, ISBN: 0-493-50927-5.
http://www.cs.ucla.edu/~rafail/STUDENTS/katz-thesis.pdf
[16]Lori M. Kaufman, “Data security in the world of cloud computing,”
IEEE Security and Privacy Journal, vol. 7, issue. 4, pp. 61-64, July- Aug
2009, ISSN: 1540-7993.
, Suresh
[17] Rabi Prasad Padhy, Manas Ranjan Patra
Chandra Satapathy:
“Cloud Computing: Security Issues and Research Challenges” IRACST International Journal of Computer Science and Information Technology
& Security (IJCSITS) Vol. 1, No. 2, December 2011
[18] B. R. Kandukuri, R. Paturi V, A. Rakshit, “Cloud Security
Issues”, In Proceedings of IEEE International Conference
on Services Computing, pp. 517-520, 2009.
[19] Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Iacon,
“On technical Security Issues in Cloud Computing,”
Proc. of IEEE International Conference on Cloud Computing
(CLOUD-II, 2009), pp. 109-116, India, 2009
[20]K. Hwang, S Kulkarni and Y. Hu, “Cloud security with
Virtualized defence and Reputation-based Trust management,” Proceedings of 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (security in cloud computing), pp. 621628,
Chengdu, China, December, 2009. ISBN: 978-0-7695- 3929 -4.
[21] R. Gellman, “Privacy in the clouds: Risks to privacy and
Confidentiality from cloud computing,” The World Privacy Forum, 2009.
http://www.worldprivacyforum.org/pdf/WPF_Cloud_ Privcy_Report.pdf.
[22]. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P.Sai Kiran
“Research Issues in Cloud Computing “ Global Journal of Computer
Science and Technology, Volume 11, Issue 11, July 2011.
[23]Wayne A. Jansen, ―Cloud hooks: Security and Privacy Issues in
Cloud Computing, 44th Hawaii International Conference on System
Sciences 2011.
[24]S. M. Kerner, Mozilla Confirms Security Threat from
Malicious Firefox Add-Ons, eSecurity Planet, February 5,2010,
http://www.esecurityplanet.com/news/article.php/3863331/MozillaConfirms-Security-Threat-From-Malicious-Firefox-Add-Ons.htm [35] S.
King ET
[25] N. Provos et al., the Ghost in the Browser: Analysis of
Web-based Malware, Hot Topics in Understanding Botnets
(HotBots), April 10, 2007, Cambridge, MA
[26] N. Provos, M. A. Rajab, P. Mavrommatis, Cybercrime
2.0: When the Cloud Turns Dark, Communications of the
ACM, April 2009
[27] S. Pearson, Taking Account of Privacy when Designing
Cloud Computing Services, ICSE Workshop on Software
Engineering Challenges of Cloud Computing, May 23, 2009,
Proceedings of the 2nd International Conference on Engineering & Emerging Technologies (ICEET), Superior
University, Lahore, PK, 26-27 March, 2015.
Vancouver, Canada
[45]ENISA (2011) About ENISA. http://www.enisa.europa.eu/aboutenisa
[28]B. R. Kandukuri, R. Paturi V, A. Rakshit, Cloud
Security Issues, IEEE International Conference on Services
Computing, Bangalore, India, September 21-25, 2009
[46]. CSA (2011) About. https://cloudsecurityalliance.org/about/
[29] S. Overby, How to Negotiate a Better Cloud Computing
Contract, CIO, April 21, 2010,
http://www.cio.com/article/591629/How_to_Negotiate_a_Better_Cloud_
Computing_Contract
[30] Vikas Kumar, Swetha, M.S, Muneshwara M. S, Prof NPrakash S:
CLOUD COMPUTING: TOWARDS CASE STUDY OF DATA SECURITY MECHANISM ISSN No: 2250-3536 Volume 2, Issue 4, July 2012
1 International Journal of Advanced Technology & Engineering Research
(IJATER)
[31]http://www.aws.amazon.com/
[32]http://www.code.google.com/appengine
[33]http://www.robertwrose.com/vita/rose_virtualization
[34]http://www.microsoft.com/technet/security/bulletin/
[35] http://www.microsoft.com/
[36] http://www.securitysquared.com/-29 Oct, 2010 by
Sharon J.Watson
[37] Nelson Gonzalez1*, Charles Miers1,4, Fernando Red´ıgolo1, Marcos
Simpl´ıcio1, Tereza Carvalho1,Mats N¨aslund2 and Makan Pourzandi3:
A quantitative analysis of current security concerns and solutions for
cloud computing Gonzalez et al. Journal of Cloud Computing: Advances,
Systems and Applications 2012, 1:11
http://www.journalofcloudcomputing.com/content/1/1/11
[38] Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A,
Lee G,
Patterson DA, Rabkin A, Stoica I, Zaharia M (2009) Above the Clouds:
http://www.journalofcloudcomputing.com/content/1/1/11
A Berkeley View of Cloud Computing. Technical Report
UCB/EECS-2009-28, University of California at Berkeley,
eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.html
[39]Rimal BP, Choi E, Lumb I (2009) A Taxonomy and, Survey of Cloud
Computing Systems. In: Fifth International Joint Conference on INC,
IMS
And IDC, NCM ‟09, CPS. pp. 44–51
[40]. Shankland S (2009) HP‟s Hurd dings cloud computing, IBM.
CNET News
[41] Catteddu D, Hogben G (2009) Benefits, risks and recommendations
for
Information security. Tech. rep., European Network and Information
Security
Agency,
enisa.europa.eu/act/rm/files/deliverables/cloudcomputingRisk-assessment
[42] CSA (2009) Security Guidance for Critical Areas of Focus in Cloud
Computing. Tech. rep., Cloud Security Alliance
[43]Hubbard D, Jr LJH, Sutton M (2010) Top Threats to Cloud Computing.
Tech. rep., Cloud Security Alliance. cloudsecurityalliance.org/research/
projects/top-threats-to-cloud-computing
[44] Mell P, Grance T (2009) the NIST Definition of Cloud Computing.
Technical Report 15, National Institute of Standards and Technology,
www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf
[47] NIST (2011) NIST Cloud Computing Reference Architecture: SP
500-292.
http://collaborate.nist.gov/twiki-cloud-computing/pub/
CloudComputing/ReferenceArchitectureTaxonomy/NIST SP 500-292 090611. Pdf
[48] Kangchan Lee: Security Threats in Cloud Computing Environments”
International Journal of Security and Its Applications Vol. 6, No. 4,
October, 2012
[49] R. La„Quata Sumter, ―Cloud Computing: Security Risk Classification”
ACMSE 2010, Oxford, USA
[50]Deyan Chen andHong Zhao: Data Security and Privacy Protection
Issues in
Cloud Computing” 2012 International Conference on Computer Science
and Electronics Engineering
[51] S. Arnold (2009, Jul.). “Cloud computing and the issue of privacy.”
KM World, pp14-22.Available: www.kmworld.com [Aug. 19, 2009].
[52] A Platform Computing Whitepaper. “Enterprise Cloud Computing:
Transforming IT.”Platform Computing, pp6, 2010.
[53] Global Netoptex Incorporated. “Demystifying the cloud. Important
opportunities, crucial choices.” pp4-14.
Available: http://www.gni.com [Dec. 13, 2009].
Download