Different Facets of Security in the Cloud
Philogene A. Boampong
Department of Computer Science
Norfolk State University
700 Park Avenue
Norfolk, Virginia 23504
p.a.boampong@spartans.nsu.edu
Keywords: Cloud security, security policy
Abstract
Cloud computing is a long fantasized visualization of
computing as a utility, where data owners can remotely
store and access their data in the cloud anytime and from
anywhere. Using a shared pool of configurable resources,
users can be relieved from the burden of local data storage
and upkeep. The security of cloud computing has always been
an important aspect of quality of service from cloud service
providers. However, cloud computing poses many new
security challenges which have not been well investigated.
This paper provides an analysis of cloud computing, cloud
data storage security, the security risks that involve using
the cloud, security policies, physical security, and software
security pertaining to the cloud. Our research work indicates
that cloud computing combined with a trusted computing
platform can provide some important security services,
including authentication, confidentiality, and integrity.
1. INTRODUCTION
Cloud computing is a software that is hosted centrally in
a shared environment that can be leased. More specifically,
cloud computing is a computing model in which virtualized
resources are provided as a service over the Internet.
The concept incorporates infrastructure as a service (IaaS),
platform as a service (PaaS), and software as a service (SaaS)
as well as Web 2.0 and other recent technology trends
that have the common theme of reliance on the Internet
for satisfying the computing needs of users. IaaS delivers
computer infrastructure – typically a platform virtualization
environment – as a service, along with raw (block) storage
and networking. Rather than purchasing servers, software,
data-center space or network equipment, clients instead buy
those resources as a fully outsourced service. Suppliers
typically bill such services on a utility computing basis;
the amount of resources consumed (and therefore the cost)
will typically reflect the level of activity. PaaS delivers
a computing platform and/or solution stack as a service,
often consuming cloud infrastructure and sustaining cloud
applications. It facilitates deployment of applications without
the cost and complexity of buying and managing the
Luay A. Wahsheh
Department of Computer Science
Norfolk State University
700 Park Avenue
Norfolk, Virginia 23504
law@nsu.edu
underlying hardware and software layers. SaaS delivers
software as a service over the Internet, eliminating the need
to install and run the application on the customer’s own
computers, simplifying maintenance and support.
Cloud computing services usually provide common
business applications online that are accessed from a web
browser. With traditional desktop computing, one would run
copies of software programs on each computer owned. The
documents one would create are stored on the computer
on which they were created. Although documents can be
accessed from other computers on the network, they cannot
be accessed by computers outside the network. The whole
scene is personal computer-centric. With cloud computing,
the software programs one would use are not run from their
personal computer, but are rather stored on servers accessed
via the Internet. If the computer crashes, the software is
still available for others to use. The same thing goes for
the documents anyone would create; they are stored on
a collection of servers accessed via the Internet. Anyone
with permission can not only access the documents, but can
also edit and collaborate on those documents in real time.
Unlike traditional computing, this cloud computing model is
not personal computer-centric, it is document-centric. Which
personal computer that is used to access a document simply
is not important, but that is a simplification.
Customers engaging in cloud computing do not own
the physical infrastructure that hosts the software service.
Instead, they rent usage from a third-party provider. They
consume resources as a service, paying for only the resources
they use or on a subscription basis. Sharing computing power
among multiple customers can reduce costs significantly. A
cloud application often eliminates the need to install and
run the application on the customers own computer, thus
alleviating the burden of software maintenance, ongoing
operation, and support.
2. BACKGROUND OF THE CLOUD
The term “cloud” originates from the telecommunications
world of the 1990’s, when providers began using
Virtual Private Networks (VPNs) services for data
communication [1]. VPNs maintained the same bandwidth as
fixed networks with considerably less cost. These networks
supported dynamic routing, which allowed for a balanced
utilization across the network and an increase in bandwidth
efficiency, and led to the coining of the term “telecom
cloud”. Cloud computing’s premise is very similar in that it
provides a virtual computing environment that is dynamically
allocated to meet user needs [1].
When the security of data in cloud computing is
investigated, the cloud service provider has to provide some
sort of assurance in service level agreements (SLA) to
convince customers on security issues. The clients have to
be able to trust the provider on the availability as well as
data security. The SLA is the only legal agreement between
the service provider and the client. This means the provider
can gain trust of the client through the SLA, so it has to be
standard [2].
2.1. Cloud Computing Deployment Models
Cloud computing services and technology are deployed
over different types of delivery models based on the
characteristics and purpose. The deployment models include
public (external), private (internal), community, hybrid and
virtual private clouds [3].
2.1.1. Public Clouds
The physical infrastructure is generally owned and
managed by the service provider [4]. The resources, such
as storage and applications, are made available to multiple
consumers by a service provider, via a web application or web
service over the Internet. The resources are therefore located
at an off-site location that is controlled and managed by the
service provider. This type of cloud is typically low-cost or
pay-on-demand and has highly scalable services [3].
2.1.2. Private Clouds
The physical infrastructure may be owned and managed
by the organization or the designated service provider with
an extension of management and security control plans
controlled by the organization [4]. It may be managed
by the organization or a third party and may exist at
an on-site or off-site location. Private cloud services offer
the provider and the user greater control over the cloud
infrastructure, improving security, compliance, resiliency,
and transparency. Private clouds, however, require capital
expenditure, operational expenditure and a highly skilled
Information Technology team [3, 4].
2.1.3. Community Clouds
The physical infrastructure is controlled and shared by
several organizations and support a specific community
that has shared interests, such as mission, policy, security
requirements and compliance considerations. It may be
managed by the organizations or a third party and may
exist at on-site or off-site locations, and the members of
the community share access to the data and applications in
the community cloud. Community cloud users therefore seek
to exploit economies of scale while minimizing the costs
associated with private clouds and the risks associated with
public clouds [3].
2.1.4. Hybrid Clouds
This model of cloud computing is a composition of
two or more clouds (public, private, or community)
that remain unique entities, but are bound together by
standardized or proprietary technology that enables data and
application portability [3, 4]. Applications with less stringent
security, legal, compliance, and service level requirements
can be outsourced to the public cloud, while keeping
business-critical services and data in a secured and controlled
private cloud [3].
2.1.5. Virtual Private Clouds
Another deployment model, described by fewer sources, is
one in which service providers utilize public cloud resources
and infrastructure to create a private or semi-private virtual
cloud (interconnecting to internal resources), usually via
VPN connectivity [3].
2.2. Cloud Computing Service Models
Cloud computing is any hosted service that is delivered
over a network, typically the Internet. Integrated cloud
computing is a whole dynamic computing system and
has its advantages. As mentioned in Section 1, cloud
services are broadly divided into three categories, namely
IaaS (includes the entire infrastructure stack), PaaS (sits on
top of IaaS and adds an additional layer with application
development capabilities and programming languages and
tools), and SaaS (builds upon IaaS and PaaS and
provides a self contained operating environment delivering
presentation, application, and management capabilities) [3].
The advantages to the cloud computing service model will be
discussed further in this section.
2.2.1. Infrastructure as a Service (IaaS)
As stated in Section 1, Infrastructure as a Service is a mode
of providing a computer infrastructure to a company, and this
product is usually in the method of platform virtualization.
Some organizations buy their own server(s) to host the
organization’s website and services [5, 6].
This server solution can be very costly and, typically, the
organization must employ added manpower to preserve it.
The number of requests made to the organization server can
fluctuate, as well as the idle time of the server. If the server has
a high idle percentage, the organization could have acquired
a smaller server. With Infrastructure as a Service, one only
pays for what he or she uses, so even if one has a small
organization or a large one, this would be the perfect package
for an organization.
2.2.2. Platform as a Service (PaaS)
As the amount of the services that is made accessible in the
cloud rises, it is apparent that a platform has to be developed
to successfully control these services. Platform as a Service
is the delivery of an architecture or framework where cloud
computing services can prosper [6]. This platform not only
runs a place where applications can be stored and deployed,
but also an Integrated Development Environment (IDE) that
supports a complete life cycle for developing applications
that can be made available on the Internet. With PaaS, the
price and difficulty of evaluating, purchasing, organizing,
and managing all of the hardware and software needed to
develop an application are considerably lowered. This is
because the development tools (including IDE, Graphical
User Interface (GUI) Tools, and database connectivity) and
delivery tools (including hosting, metering, and storage) are
made accessible inside the cloud itself. In this context, the
advantage of PaaS is related to the fact that a customer is
not obligated to invest in expensive hardware or software
to develop or make use of the applications offered in the
cloud [6].
2.2.3. Software as a Service (SaaS)
Software as a Service is a method of providing users with
software through the Internet [5, 6]. The combination of using
the Internet together with software services have occurred
for some time, although the term describing this sensation
have been relatively diffuse until recent years. Several of the
most common uses of these services include e-mail clients
(e.g., Hotmail and Gmail), anti-virus scans (e.g., Symantec,
McAfee, and Kaspersky) and word processors (e.g., Google
Docs and Adobe Buzzword). These applications are not
directly a collection of SaaSs, but the services they offer are.
SaaS should not be seen upon as a way of creating software
or its underlying architecture. SaaS is more of a business
model, which institutes a new way of distributing software.
It is about delivering web-based software over the Internet,
where the user runs the application in a browser and only pays
for the use of the software instead of owning it.
3. SECURITY AND RESPONSIBILITIES
Within the cloud computing world, the virtual environment
allows users to access computing power that exceeds that
contained within one’s own physical world. To go into this
virtual environment requires them to transfer data throughout
the cloud. Therefore, several data storage concerns can arise.
Normally, users will not know the exact location of their
data nor the other sources of data collectively stored with
theirs. In order to ensure data confidentiality, integrity, and
availability (CIA), the storage provider must offer capabilities
that, at a minimum, include a tested and trusted encryption
schema to ensure that the shared storage environment protects
all data, stringent access controls to prevent illegal access to
the data, and scheduled data backup and safe storage of the
backup media [1].
Cloud computing security is implicit within these
capabilities, but further vital concerns exists that need
attention. For example, is security exclusively the storage
providers responsibility, or is it also the entity responsibility
that leases the storage for its applications and data?
Additionally, legal issues arise, such as e-discovery,
regulatory compliance (including privacy), and auditing.
The range of these legitimate concerns reflects the array
of interests that are presently using or could use cloud
computing. These concerns and their yet-to-be-determined
answers provide substantial insight into how security plays
a vital role in cloud computing’s continuous growth and
development [7].
4. SECURITY ISSUES IN CLOUD
COMPUTING
There are many security issues surrounding cloud
computing environment including confidentiality, multiple
security policies, dynamic of the services, trust amongst the
entities, and dynamically building trust domains [8].
4.1. Policies
The term policies are high-level requirements that specify
how access is managed and who, under what circumstances,
may access what information. A security policy should fulfill
many purposes. It should protect people and information,
and set the rules for expected behavior by users, system
administrators, management, and security personnel. Security
policies should authorize security managers to monitor,
analyze, and investigate organizations’ computer systems.
The policy should define and authorize the consequences
of violation, define the company consensus baseline stance
on security, help reduce risk and help track compliance
with regulations and legislation. There is a number of
important factors that need to be taken into consideration
when employing a policy for ensuring security between a
cloud hosting provider and a customer [6]. Some of these
important factors like inside threats, access control, and
system portability will be furthered discussed in this section.
 4.1.1. Inside Threats out of business, the customers should be able to easily and
Even with the most advanced firewalls and computer inexpensively transfer these services to another provider or
security available, an organization computer system may bring it back in house.
still be vulnerable to inside threats. If an organization
employees cannot be trusted, neither can one’s overall
security. It is important for any company to maintain a good 4.2. Software Security
sense of supervision and management (governance). External Software security is a vital aspect in cloud computing
customers may store data sensitive to their business at service since software is programs written and developed by different
providers cloud hosting site. If any of the employees manage people with various ideas. With some of this software being
to misuse this data, the cloud computing company will build given for free, security is not a major focus. Free software is
a bad reputation regarding the level of security offered and usually open source software, so a developer or a hacker can
certainly lose current and future customers [6]. access the code and find bugs. One consequence of this is that
users always should run the latest version of their programs
and services [6].
4.1.2. Access Control
On the path to making vital changes in software security,
The term access control refers to any mechanism by which
one must first agree that software security is not security
a system allows or denies the right to access some data,
software [10]. This is an understated point often lost on
or execute some action. Cloud computing offers services
development people who tend to focus more on functionality.
that may or will be critical for its users and therefore
Understandably, there are security functions in the world, and
need to exhibit a high level of availability at all times.
most modern software includes security features, but adding
What is just as important is to keep the data stored at
features such as secure sockets layer (for cryptographically
cloud hosting sites accessible only to the users who own
protecting communications) does not present a complete
the data. Even though an external customer would most
solution to the security problem. Software security is a
likely want the data to be available for its users only, it is
system-wide issue that takes into account both security
inevitable that the system administrators controlling the cloud
mechanisms (such as access control) and design for
hosting sites have access as well. Creating and maintaining a
security (such as robust design that makes software attacks
solid confidence between provider and customer is of great
difficult). Sometimes these overlap, but often they do not.
importance, in the same way a cloud computing provider
For example, security is an emergent property of a software
needs to be able to trust the system administrators working
system. A security concern is more likely to arise because
for them. Authentication and authorization through the use of
of a problem in a standard-issue part of the system (say, the
roles and password-protecting is probably the most common
interface to the database module) than in some given security
way to maintain access control when using web-browsers
feature. This is a significant reason why software security
to access cloud computing sites [6]. A more efficient way
must be part of a full lifecycle approach [10]. Just as one
to ensure adequate security is to facilitate an additional
cannot test quality into a piece of software, one cannot spray
authentication factor outside of the browser (in addition
paint security features onto a design and expect it to become
to username/password). This is essentially multi-factor
secure. Focus should be placed more on software security
authentication, but available options today are rather limited
from the ground up.
when considering requirements of scalability and usability.
Figure 1 specifies one set of the best practices and shows
An example of this put into use is BankID, which has
how software practitioners can apply them to various software
been developed by the banks in Norway for use by
artifacts. Although the artifacts are laid out according
private persons, authorities and companies [6]. BankID is
to a traditional waterfall model in this illustration, most
an electronic identification and service that offers secure
organizations follow an iterative approach today, which
electronic identification and signatures on the Internet.
means that best practices will be cycled through more than
once as the software evolves [10].
4.1.3. System Portability
A major important future concern for cloud computing
customers is cloud service provider lock in [9]. There is 4.3. Physical Security
currently no cloud computing standards for elements To maintain a decent level of software and physical
and processes such as Application Programming security, it is extremely important to have a strong physical
Interfaces (APIs), the storage of server images for security in place. Without having a strong physical security
disaster recovery, and data import and export. If an individual plan intact, an organization’s hardware components may be
or an organization is not completely satisfied with a particular attacked by people or natural disasters, regardless of the level
cloud computing service provider or if the provider goes on internal software and policy security in place.
 Security External Static Penetration
requirements review analysis testing denial of service (DoS) attacks, since everyone can connect to
Abuse
(tools) the cloud [9]. Cloud computing providers are very susceptible
Risk Risk-based Risk
cases analysis security tests analysis Security
breaks
to these types of attacks, as they can shut down services they
offer to their consumers.
One way to DDoS a server is by using packet flooding
Requirements Design Test Code Test Field attacks. A simple way to defeat this type of attack is
and use cases plans results feedback
to check whether the source internet protocol-address is
Figure 1. Software security best practices applied to various invalid. Another protection that firewalls should offer is
software artifacts [10] reverse firewall. This is used to prevent an attacker to create
a connection from a virtual private server to an external
server [6].
4.3.1. Backups
Backups are very essential and critical to any organization.
Any organization that is using the cloud would be totally 5. RISKS IN CLOUD COMPUTING
unwise to solely rely on the cloud service providers to keep Even though there are many reasons for moving to a
a backup of critical data. It is critical that any company or cloud based solution, cloud computing is not without its
individual keep an offline backup of all their critical data risks. A complete and full understanding of the mitigation of
and files. Even though, a majority of cloud providers offer security risks represents an important step towards securing
geographic redundancy on data on the Internet to enable high cloud environments and harnessing the benefits of cloud
availability, one still has to be prepared for the unexpected [6]. computing [3].
The results from interviews (as shown in Table 1) show that
information security was rated by 97.5% of the respondents
4.3.2. Server Locations to be the most critical risk area for the implementation of
There are multiple factors that must be considered when cloud computing and virtualization standards, policies, and
it comes to the physical security of machines. The room controls [3]. Rated second most critical risk area was disaster
that physically stores the machines should provide adequate recovery/business continuity planning with a score of 66.7%.
amount of space depending on the number of servers to be Policies, controls, and standards for operations management,
protected. This room should be isolated from other rooms and change management, third-party/service level management,
it should have anti-static finishing on the floors. There should interface management, and regulations and legislations were
not be any windows for security, sound, and environmental rated as being “somewhat important” for the mitigation of
reasons [6]. risks and in comparison to information security and disaster
This room should be properly grounded and use racks recovery.
with seismic bracings. To avoid the servers and machines
overheating, a fire suppression system should be installed, as Table 1. Cloud computing and virtualization critical risk
well as a cooling system. Every entrance to this space should areas [3]
the control of management and prone to vulnerabilities.
be properly secured and alarmed where needed. This space
Hosting application and data in shared infrastructures increase
Risk Area Critical Somewhat Not so
important important
not only would need security for illegal access, but would
the potential of unauthorised access and raise concerns such as
Information security 91.7% 8.3% 0.0%
also need to have
privacy, alarms
identity related to the
management, functioning of
authentication, the air
compliance,
Operations management 41.7% 58.3% 0.0%
conditioning system [6]. There should bility
alsoofbe data, encryption,
an emergency Change management 41.7% 8.3%
50.0%
network security and physical security. Apart from the security
or backup power in place, and a separate emergency power Disaster recovery/ business 66.7% 33.3% 0.0%
risks, other concerns include SLA and third-party (service continuity planning
shutdown for this room would highly be recommended.
provider) management, vendor lock-in, quality of service, Third-party/ service level 41.7% 41.7% 16.7%
vendor viability, data and application management and control, management
workload management, performance, change control, Interface management 8.3% 50.0% 41.7%
4.3.3. Firewall
availability of service, the lack of monitoring and management Regulations and legislation 33.3% 41.7% 25.0%
All cloud computing service providers should provide a
complete firewall solution to their clients [9]. If the firewall As shown in Figure 2, the biggest cloud computing
is not constructed, managed and updated, then it will be at concern is security [3]. With applications and data being
risk [11]. This is the case for AmazonA’s Elastic Compute hosted by a service provider, data is no longer under the
Cloud (EC2) [6, 9]. A required inbound firewall is configured control of management and prone to vulnerabilities. Hosting
to default deny mode and a consumer must explicitly open a application and data in shared infrastructures increase
port to allow incoming traffic. This traffic may be controlled the potential of unauthorized access and raise concerns
by protocol, by service port, and by internet protocol address. such as privacy, identity management, authentication,
One of the utmost important tasks of a firewall is to compliance, confidentiality, and integrity, availability of
safeguard against distributed denial of service (DDoS) and data, encryption, network security and physical security.
Apart from the security risks, other concerns include
SLA and third-party (service provider) management, vendor
lock-in, quality of service, vendor viability, data and
application management and control, workload management,
performance, change control, availability of service, the
lack of monitoring and management tools, transparency,
compliance with laws and regulations, portability, disaster
recovery, virtualization risks, lack of standards and auditing,
unproven nature of cloud computing, and uncontrolled viable
costs [3].
Security
Third party vendors (service providers)
Management and control
Laws and regulations (compliance)
Portability and interoperability
Disaster recovery
Virtualization risks
Lack of standards and auditing
Maturity of technology
Uncontrolled viable costs
Lowest occurrence
0 5 10
Figure 2. Cloud computing risks [3]
The findings for both Table 1 and Figure 1 confirm
the importance of ensuring that the cloud environment
is adequately protected and secure. Creating controls to
overcome the security issues are henceforth a vital step
toward protecting the cloud environment.
6. MAIN PROBLEMS
COMPUTING
Security problems that may exist in the cloud are so high,
that even the whole IT industry has undergone a revolution;
however, it is not perfect [1]. Existing security technology
still cannot solve some of the problems associated with cloud
security, there are so many security characteristics of the
cloud it is difficult to give fully display. Security policy is
needed to ensure healthy and stable development of cloud
computing.
6.1. Data Security, Data Loss, and Leakage
Cloud computing efforts to control the security of the data
is not precisely better, API access control and key generation,
storage and management deficiencies may result in data
leakage, and also may lack the necessary data destruction
policy [1].
Service providers and enterprises provide different
privileges to safeguard the security of data and prevent data
leakage. Companies should have full control permissions and
restrictions on the cloud service provider permission. Data on
the network for the cloud processing needs to be protected
during transmission by using Secure Socket Layer (SSL),
Point to Point Tunneling Protocol (PPTP) or VPN, and so on,
to ensure data security, to prevent data loss and leakage [5].
6.2. Share Technical Flaws
In the cloud, simple configuration errors can cause serious
impact, because many of the cloud computing environments
share the same virtual server configuration. It is necessary
for the implementation of network and server configuration
SLA to ensure the timely installation of fixes and the
implementation of best practices [1].
6.3. Weak Authentication Mechanisms
There are various authentication mechanisms in cloud
computing, in particular, single sign-on. Security certification
available through single sign-on authentication, mandatory
user authentication, agents, co-certification, resources,
certification, certification between different security domains
or a combination of different authentication methods,
Highest occurrence
many of which the user is forced through a combination of
15 20 25 30 35
user authentication and single point of user authentication
methods to allow the user to enter the cloud application
authentication, users simply log into the Web application
first, which can effectively prevent users using their services
from disclosing their password to third parties.
6.4. Unsafe Application Programming
Interface
WITH CLOUD The development of applications and enterprises needs
cloud computing as a new platform, rather than outsourcing
to other organizations. In the application life cycle, users
must deploy a rigorous review process; developers can use
certain criteria to deal with authentication, access control, and
encryption [1].
6.5. Not Correctly Using Cloud Computing
Hackers may progress faster than the technical staff.
Hackers often attack to quickly deploy new technology to
navigate the cloud [1].
Cloud computing has features like upload various files
of all type, synchronized access to stored and shared files,
work together and share files with everyone, hierarchical
and tag-based file grouping, authorization supervision,
end-to-end protection, data protection and organization,
online reinstallation of removed files. However these new
enhancement for application at online access will bring
other compatibility struggle amid Web-based applications
and browsers [10]. There can be a situation when the same
servers are used for processing of data and storing the
same data. A major concern for users in using the cloud is
unawareness of data location [9]. The cloud providers do not
usually disclose that information.
7. STRATEGIES TO MITIGATE CLOUD
COMPUTING SECURITY RISKS
For data privacy to be effective, information that is allowed
in the cloud should be identified and classified properly.
Cloud service providers should prove to customers the
effectiveness of data privacy controls. The cloud service
providers security and information personnel should have
adequate knowledge and skills to prevent, detect, and react
to security breaches in a timely manner. Third party audits
should be performed on a regular basis to monitor the cloud
service providers’ compliance to agreed terms, to ensure
adherence to standards, procedures, and policies, and to
ensure that no major changes occurred to any of these
standards, procedures, or policies [3].
For availability of data and services, data must be available
and data back-up and recovery schemes for the cloud must
be in place and effective to prevent data loss, unwanted
data overwrite, or destruction. Cloud service providers should
have adequate back-up and data replication policies and
should keep auditable proof of the adequacy of restore
procedures including accurate, complete, and timely recovery
of data.
For data integrity, responsibilities for efficient patch
management should be clearly defined. Patch management
policies and procedures should be implemented. Consider
virtual patching and automated patch management services.
All changes in the cloud environment should be managed to
minimize the likelihood of disruption, unauthorized changes,
or errors.
8. CONCLUSION
Cloud computing predictions for growth indicate
substantial developments for and implementations of
cloud computing services. The United States government
projects that between 2010 and 2015, its spending on cloud
computing will be at approximately a 40-percent compound
annual growth rate and will pass $7 billion by 2015 [1].
In order to make cloud environments more secure and
robust, proper controls, mitigating security risks should be
enforced. In this research work, we provided an analysis
of cloud computing security risks and various strategies
to mitigate these risks. Cloud computing providers must
propose a privacy-preserving audit system for data security
in cloud computing. Another purpose of this analysis is to
present the fundamentals of cloud computing models such
as the public, private, and hybrid clouds. We believe that
data storage security in cloud computing is an area full of
challenges and of vital importance. Cloud computing is still
in its beginning now, and many research complications are
yet to be recognized.
REFERENCES
[1] Kaufman, L. M., 2009, “Data Security in the World of
Cloud Computing”, Security & Privacy, 7(4):61–64.
[2] Kandukuri, B. R., V. R. Paturi, and A. Rakshit,
2009, “Cloud Security Issues”, In Proceedings of the
IEEE International Conference on Services Computing,
pp. 517–520.
[3] Carroll, M., A. van de Merwe, and P. Kotzé,
2011, “Secure Cloud Computing: Benefits, Risks and
Controls”, In Proceedings of the Information Security
South Africa, pp. 1–9.
[4] Gowrigolla, B., S. Sivaji, and M. R. Masillamani, 2010,
“Design and Auditing of Cloud Computing Security”,
In Proceedings of the International Conference
on Information and Automation for Sustainability,
pp. 292–297.
[5] Lv, H. and Y. Hu, 2011, “Analysis and Research
about Cloud Computing Security Protect Policy”,
In Proceedings of the International Conference on
Intelligence Science and Information Engineering,
pp. 214–216.
[6] Mathisen, E., 2011, “Security Challenges and Solutions
in Cloud Computing”, In Proceedings of the IEEE
International Conference on Digital Ecosystems and
Technologies, pp. 208–212.
[7] Wang, C., Q. Wang, K. Ren, and W. Lou, 2010,
“Privacy-Preserving Public Auditing for Data Storage
Security in Cloud Computing”, In Proceedings of the
IEEE INFOCOM, pp. 1–9.
[8] Shen, Z. and Q. Tong, 2010, “The Security of
Cloud Computing System Enabled by Trusted
Computing Technology”, In Proceedings of the
International Conference on Signal Processing Systems,
pp. V2-11–V2-15.
[9] Begum, S. and M. K. Khan, 2011, “Potential of
Cloud Computing Architecture”, In Proceedings of
the International Conference on Information and
Communication Technologies, pp. 1–5.
[10] McGraw, G., 2004, “Software Security”, Security &
Privacy, 2(2):80–83.
[11] Li, H.-C., P.-H. Liang, J.-M. Yang, and S.-J. Chen,
2010, “Analysis on Cloud-Based Security Vulnerability
Assessment”, In Proceedings of the IEEE International
Conference on E-Business Engineering, pp. 490–494.