Call for Paper - December 2017 Edition
IJCA solicits original research papers for the December 2017 Edition. Last date of manuscript submission is November 20, 2017. Read More

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Print
PDF
International Journal of Computer Applications
© 2012 by IJCA Journal
Volume 47 - Number 18
Year of Publication: 2012
Authors:
Rohit Bhadauria
Sugata Sanyal
10.5120/7292-0578

Rohit Bhadauria and Sugata Sanyal. Article: Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques. International Journal of Computer Applications 47(18):47-66, June 2012. Full text available. BibTeX

@article{key:article,
	author = {Rohit Bhadauria and Sugata Sanyal},
	title = {Article: Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques},
	journal = {International Journal of Computer Applications},
	year = {2012},
	volume = {47},
	number = {18},
	pages = {47-66},
	month = {June},
	note = {Full text available}
}

Abstract

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet from lightweight portable devices. This would allow multi-fold increase in the capacity and capabilities of the existing and new software. In a cloud computing environment, the entire data resides over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centres may be located in any part of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and addressed. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be addressed with respect to security and privacy in a cloud computing environment. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders associated with it.

References

  • L. Wang, Gregor Laszewski, Marcel Kunze, Jie Tao, "Cloud Computing: A Perspective Study", New Generation Computing- Advances of Distributed Information Processing, pp. 137-146, vol. 28, no. 2, 2008. DOI: 10. 1007/s00354-008-0081-5
  • R. Maggiani, Communication Consultant, Solari Communication, "Cloud Computing is Changing How we Communicate", 2009 IEEE International Professional Conference, IPCC, pp. 1-4, Waikiki, HI, USA, July 19- 22, 2009. ISBN: 978-1-4244-4357-4.
  • Harold C. Lin, Shivnath Babu, Jeffrey S. Chase, Sujay S. Parekh, "Automated Control in Cloud Computing: Opportunities and Challenges", Proc. of the 1st Workshop on Automated control for data centres and clouds, New York, NY, USA, pp. 13-18, 2009, ISBN: 978-1-60558-585-7.
  • Peter Mell, Timothy Grance, "The NIST Definition of Cloud Computing", Jan, 2011. http://docs. ismgcorp. com/files/external/Draft-SP-800-145_cloud-definition. pdf
  • Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Iacon, "On technical Security Issues in Cloud Computing", Proc. of IEEE International Conference on Cloud Computing (CLOUD-II, 2009), pp. 109-116, India, 2009.
  • B. P. Rimal, Choi Eunmi, I. Lumb, "A Taxonomy and Survey of Cloud Computing Systems", Intl. Joint Conference on INC, IMS and IDC, 2009, pp. 44-51, Seoul, Aug, 2009. DOI: 10. 1109/NCM. 2009. 218
  • Gaoyun Chen, Jun Lu and Jian Huang, Zexu Wu, "SaaAS - The Mobile Agent based Service for Cloud Computing in Internet Environment", Sixth International Conference on Natural Computation, ICNC 2010, pp. 2935-2939, IEEE, Yantai, Shandong, China, 2010. ISBN: 978-1-4244-5958-2.
  • Sangeeta Sen, Rituparna Chaki, "Handling Write Lock Assignment in Cloud Computing Environment", Communications in Computer and Information Science, vol. 245, issue. 7, pp. 221-230, 2011. DOI: 10. 1007/978-3-642-27245-5_27
  • Seny Kamara, Kristin Lauter, "Cryptographic cloud storage", Lecture Notes in Computer Science, Financial Cryptography and Data Security, pp. 136-149, vol. 6054, 2010. DOI: 10. 1007/978-3-642-14992-4_13
  • S. Bhardwaj, L. Jain, and S. Jain, "Cloud computing: A study of infrastructure as a service (IAAS)", International Journal of engineering and information Technology, 2(1):60–63, 2010.
  • R. L. Grossman, "The Case for Cloud Computing", IT Professional, vol. 11(2), pp. 23-27, Mar-April, 2009, ISSN: 1520-9202, INSPEC Accession Number: 10518970, DOI: 10. 1109/MITP. 2009. 40.
  • Timothy Wood, Prashant Shenoy, Alexandre Gerber, K. K. Ramkrishnan, Jacobus Van der Merwe, "The Case for Enterprise-Ready Virtual Private Clouds", HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing, San Diego, CA, USA, 2009. http://www. usenix. org/event/hotcloud09/tech/full_papers/wood. pdf
  • Hoang T. Dinh, Chonho Lee, Dusit Niyato, Ping Wang, "A Survey of Mobile Cloud Computing: Architecture, Applications and Approaches", Wireless Communications and Mobile Computing, Wiley Journals, Oct 11, 2011. DOI: 10. 1002/wcm. 1203
  • Lizhe Wang, Jie Tao, Kunze M. , Castellanos A. C. , Kramer D. , Karl W. , "Scientific Cloud Computing: Early Definition and Experience", 10th IEEE Int. Conference on High Performance Computing and Communications, pp. 825-830, Dalian, China, Sep. 2008, ISBN: 978-0-7695-3352-0.
  • Shuai Zhang, Shufen Zhang, Xuebin Chen, Xiuzhen Huo, "Cloud Computing Research and Development Trend", Intl. Conference on Future Networks, pp. 93-97, China, 2010. DOI: 10. 1109/ICFN. 2010. 58
  • Aman Bakshi, Yogesh B. Dujodwala, "Securing cloud from DDoS Attacks using Intrusion Detection System in Virtual Machine", ICCSN '10 Proceeding of the 2010 Second International Conference on Communication Software and networks, pp. 260-264, 2010, IEEE Computer Society, USA, 2010. ISBN: 978-0-7695-3961-4.
  • Youseff, L; Butrico, M; Da Silva, D. , "Toward a Unified Ontology of Cloud Computing", Grid Computing Environments Workshop, pp. 1-10, Nov, 2008, Austin, Texas. DOI: 10. 1109/GCE. 2008. 4738443
  • James Governor, "Web 2. 0 Architectures: What Entrepreneurs and Information Architects Need to Know by James Governor", May 15, 2009; O'Reilly; ISBN-13: 978-0596514433.
  • Amy Shuen, "Web 2. 0: A Strategy Guide: Business thinking and strategies behind successful Web 2. 0 implementations", O'Reilly Media; 1st edition; Apr 30, 2008; ISBN-13: 978-0596529963.
  • Sam Murugesan, "Understanding Web 2. 0", IEEE Computer Society, pp. 34-41. July-Aug, 2007. http://91-592-722. wiki. uml. edu/file/view/understanding_web_20. pdf
  • Antero Taivalsaari, "Mashware: The Future of Web Applications", Technical Report, Feb 2009. http://labs. oracle. com/techrep/2009/smli_tr-2009-181. pdf DOI: 10. 1145/1878537. 1878703
  • David Chappel, "A Short Introduction to Cloud Platforms: An Enterprise Oriented View", David Chappel and Associates, August, 2008. [Sponsored by Microsoft Corporation] http://www. davidchappell. com/CloudPlatforms--Chappell. pdf
  • Qi Zhang, Lu Cheng, Raouf Boutaba, "Cloud Computing: State of the art and research challenges", Journal of Internet Services and Applications, pp. 7-18, vol. 1, issue. 1, Feb, 2010. DOI: 10. 1007/s13174-010-0007-6
  • R. Gellman, "Privacy in the clouds: Risks to privacy and confidentiality from cloud computing", The World Privacy Forum, 2009. http://www. worldprivacyforum. org/pdf/WPF_Cloud_Privacy_Report. pdf.
  • Tim Mather, Subra Kumaraswamy, Shahed Latif, "Cloud Security and Privacy: An Enterprise Edition on Risks and Compliance (Theory in Practice)", O'Reilly Media, Sep. 2009; ISBN: 978-0596802769. http://oreilly. com/catalog/9780596802776.
  • Lori M. Kaufman, "Data security in the world of cloud computing", IEEE Security and Privacy Journal, vol. 7, issue. 4, pp. 61-64, July- Aug 2009, ISSN: 1540-7993, INSPEC Accession Number: 10805344, DOI: 10. 1109/MSP. 2009. 87.
  • Md Tanzim Khorshed, A. B. M. Shawkat Ali, Saleh A. Wasimi, "Trust Issues that create threats for Cyber attacks in Cloud Computing", IEEE 17th International Conference on Parallel and Distributed Systems, pp. 900-905, 2011.
  • S. Pearson, "Taking account of privacy when designing cloud computing services", CLOUD '09 Proc. of ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 44-52, IEEE Computer Society Washington, DC, USA, May 2009. ISBN: 978-1-4244-3713-9.
  • George V. Hulme, "NIST formalizes cloud computing definition, issues security and privacy guidance", Feb. 3, 2011 [A common platform enabling security executives to share best security practices and strategic insights]. http://www. csoonline. com/article/661620/nist-formalizes-cloud-computing-definition-issues-security-and-privacy-guidance.
  • Julisch, K. , & Hall, M. , "Security and control in the cloud", Information Security Journal: A Global Perspective, vol. 19, no. 6, pp. 299-309, 2010.
  • Chi-Chun Lo, Chun-Chieh Huang, Joy Ku, "A Cooperative Intrusion Detection System Framework for Cloud Computing Networks", ICPPW '10 Proceedings of the 2010 39th International Conference on Parallel Processing Workshops, IEEE Computer Society, pp. 280-284, Washington DC, USA, 2010. ISBN: 978-0-7695-4157-0.
  • Hamid R. Motahari-Nezhad, Claudio Bartolini, Sven Graupner, Sharad Singhal, Susan Spence, "IT Support Conversation Manager: A Conversation-Centered Approach and Tool for Managing Best Practice IT Processes", Proceedings of the 2010 14th IEEE International Enterprise Distributed Object Computing Conference, pp. 247-256, October 25-29, 2010, ISBN: 978-1-4244-7966-5.
  • L. J. Zhang and Qun Zhou, "CCOA: Cloud Computing Open Architecture", ICWS 2009: IEEE International Conference on Web Services, pp. 607-616. July 2009. DOI: 10. 1109/ICWS. 2009. 144.
  • Wayne Jansen, Timothy Grance, "NIST Guidelines on Security and Privacy in Public Cloud Computing", Draft Special Publication 800-144, 2011. http://csrc. nist. gov/publications/drafts/800-144/Draft- SP-800-144_cloud-computing. pdf.
  • Jon Marler, "Securing the Cloud: Addressing Cloud Computing Security Concerns with Private Cloud", Rackspace Knowledge Centre, March 27, 2011, Article Id: 1638. http://www. rackspace. com/knowledge_center/private-cloud/securing-the-cloud-addressing-cloud-computing-security-concerns-with-private-cloud
  • Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko Yoshihama, "Smash: secure component model for cross-domain mashups on unmodified browsers", Proc. of the 17th International Conference on World Wide Web, ACM, NY, USA, 2008, ISBN: 978-1-60558-085-2, DOI: 10. 1145/1367497. 1367570.
  • Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Petterson, Ariel Rabkin, Ion Stoica, Matei Zaharica, "A View of Cloud Computing", Communications of the ACM, vol. 53, issue. 4, April 2010, USA. DOI: 10. 1145/1721654. 1721672
  • Neal Leavitt, "Is Cloud Computing Really Ready for Prime Time?" Computer, vol. 42, issue. 1, pp. 15-20, IEEE Computer Society, CA, USA, January 2009. ISSN: 0018-9162.
  • Robert Minnear, "Latency: The Achilles Heel of Cloud Computing", March 9, 2011, Cloud Expo: Article, Cloud Computing Journal. http://cloudcomputing. sys- con. com/node/1745523.
  • Daniele Catteddu, Giles Hogben, "Cloud Computing: Benefits, Risks and Recommendations for Information Security", European Network and Information Security Agency (ENISA), Nov, 2009. http://www. enisa. europa. eu/act/application-security/test/act/rm/files/deliverables/cloud-computing-risk-assessment
  • Marios D. Dikaiakos, Dimitrios Katsaros, Pankaj Mehra, George Pallis, Athena Vakali, "Cloud Computing: Distributed Internet Computing for IT and Scientific Research", IEEE Internet Computing Journal, vol. 13, issue. 5, pp. 10-13, September 2009. DOI: 10. 1109/MIC. 2009. 103.
  • Michael Kretzschmar, S Hanigk, "Security management interoperability challenges for collaborative clouds", Systems and Virtualization Management (SVM), 2010, Proceedings of the 4th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud, pp. 43-49, October 25-29, 2010. ISBN: 978-1-4244-9181-0, DOI: 10. 1109/SVM. 2010. 5674744.
  • B. R. Kandukuri, R. V. Paturi and A. Rakshit, "Cloud Security Issues", 2009 IEEE International Conference on Services Computing, Bangalore, India, September 21-25, 2009. In Proceedings of IEEE SCC'2009. pp. 517-520, 2009. ISBN: 978-0-7695-3811-2.
  • Jessica T. , "Connecting Data Centres over Public Networks", IPEXPO. ONLINE, April 20, 2011. http://online. ipexpo. co. uk/2011/04/20/connecting-data-centres-over-public-networks/
  • Cong Wang, Kui Ren, Wenjing Lou, Jin Li, "Towards Publicly Auditable Secure Cloud Storage Services", IEEE Networks, pp. 19-24, vol. 24, issue. 4, July, 2010. DOI: 10. 1109/MNET. 2010. 5510914
  • H. Liang, D. Huang, L. X. Cai, X. Shen and D. Peng, "Resource allocation for security services in mobile cloud computing", in Proc. IEEE INFOCOM'11, Machine-to-Machine Communications and Networking (M2MCN), pp. 191-195, April 10-15, 2011, Shanghai, China.
  • Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, Edgar Weippl, "Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space", Proceedings of the 20th USENIX conference on Security, Berkley, USA, 2011.
  • Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, "Ensuring Data Storage Security in Cloud Computing", 17th International workshop on Quality of Service,2009, IWQoS, Charleston, SC, USA, pp. 1-9, July 13-15, 2009, ISBN: 978-1-4244-3875-4.
  • W. Li, L. Ping, X. Pan, "Use trust management module to achieve effective security mechanisms in cloud environment", 2010 International Conference on Electronics and Information Engineering (ICEIE), Volume: 1, pp. V1-14 - V1-19, 2010. DOI: 10. 1109/ICEIE. 2010. 5559829.
  • R. A. Vasudevan, A. Abraham, S. Sanyal, D. P. Agarwal, "Jigsaw-based secure data transfer over computer networks", Int. Conference on Information Technology: Coding and Computing, pp. 2-6, vol. 1, April, 2004.
  • R. A. Vasudevan, S. Sanyal, "A Novel Multipath Approach to Security in Mobile Ad Hoc Networks (MANETs)", Int. Conference on Computers and Devices for Communication, CODEC'04, Kolkata, India.
  • Jeff Sedayao, Steven Su, Xiaohao Ma, Minghao Jiang and Kai Miao, "A Simple Technique for Securing Data at Rest", Lecture Notes in Computer Science, pp. 553-558, 2009. DOI: 10. 1007/978-3-642-10665-1_51
  • Yogesh L. Simmhan, Beth Plale, Dennis Gannon, "A Survey of Data Provenance Techniques", ACM SIGMOD, vol. 34, issue. 3, Sep, 2005, NY, USA. DOI: 10. 1145/1084805. 1084812
  • P. R. Gallagher, "Guide to Understanding Data Remanence in Automated Information Systems", The Rainbow Books, ch3 and ch. 4, 1991.
  • Larry Dignan (Editor in Chief- ZDNet), "Epsilon Data Breach: What's the value of an email address", IT Security Blogs, Tech Republic, April 5, 2011. http://www. techrepublic. com/blog/security/epsilon-data-breach-whats-the-value-of-an-email-address/5307
  • Farzad Sabahi, "Secure Virtualization for Cloud Environment Using Hypervisor-based Technology", Int. Journal of Machine Learning and Computing, pp. 39-45, vol. 2, no. 1, February, 2012.
  • David Goldman, "Why Amazon's Cloud Titanic Went Down", CNNMoney, April, 2011. http://money. cnn. com/2011/04/22/technology/amazon_ec2_cloud_outage/index. htm
  • Rory Smith (SOC Analyst), "The Use of Legitimate Channels to distribute malicious software to Users", Security Samurai, Aug. 2, 2011. http://www. thesecuritysamurai. com/2011/08/02/the-use-of-legitimate-channels-to-distribute-malicious-software-to-users-by-rory-smith-soc-analyst/
  • Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, "Hey, you get off my cloud: Exploring information leakage in third party compute clouds", CCS'09, Proceedings of the 16th ACM conference. On Computer and Communications Security, pp. 199-212, ACM New York, NY, USA, 2009. ISBN: 978-1-60558-894-0.
  • Michael Krigsman, "MediaMax/The Linkup: When the Cloud fails", IT Project Failures, News and Blogs, ZDNet, August, 2008. http://www. zdnet. com/blog/projectfailures/mediamax-the-linkup-when-the-cloud-fails/999
  • K. Hwang, S Kulkarni and Y. Hu, "Cloud security with virtualized defence and Reputation-based Trust management", Proceedings of 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (security in cloud computing), pp. 621-628, Chengdu, China, December, 2009. ISBN: 978-0-7695-3929-4.
  • Ryan K. L. Ko, Bu Sung Lee and Siani Pearson, "Towards Achieving Accountability, Auditability and Trust in Cloud Computing", Communications in Computer and Information Science, Vol. 193(4), pp. 432-444, 2011. DOI: 10. 1007/978-3-642-22726-4_45
  • S. Subashini, V. Kavitha, "A survey on security issues in service delivery models of cloud computing", Journal of Network and Computer Applications, Vol. 34(1), pp 1–11, Academic Press Ltd. , UK, 2011, ISSN: 1084-8045.
  • "Amazon Web Services: Overview of Security Processes", Whitepaper, May, 2011. http://d36cz9buwru1tt. cloudfront. net/pdf/AWS_Security_Whitepaper. pdf
  • Pradnyesh Rane, "Securing SaaS Applications: A Cloud Security Perspective for Application Providers", Information Security Management Handbook, Vol. 5, 2010. http://www. infosectoday. com/Articles/Securing_SaaS_Applications. htm
  • Ruixuan Li, Li Nie, Xiaopu Ma, Meng Dong, Wei Wang, "SMEF: An Entropy Based Security Framework for Cloud-Oriented Service Mashup", Int. Conf on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 304-311, Nov, 2011. DOI: 10. 1109/TrustCom. 2011. 41
  • Adam A Noureddine, Meledath Damodaran, "Security in Web 2. 0 Application Development", iiWAS '08, Proc. of the 10th International Conference on Information Integration and Web-based Applications & Services, pp. 681-685, 2008, ISBN: 978-1-60558-349-5, DOI: 10. 1145/1497308. 1497443.
  • Justin Clarke; SQL Injection Attacks and Defense; Syngress 2009; ISBN-13: 978-159749424.
  • A. Liu, Y. Yuan, A Stavrou, "SQLProb: A Proxy-based Architecture towards Preventing SQL Injection Attacks", SAC March 8-12, 2009, Honolulu, Hawaii, U. S. A.
  • P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, "Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis", Proceedings of the Network and Distributed System Security Symposium (NDSS'07), February, 2007.
  • D. Gollmann, "Securing Web Applications", Information Security Technical Report, vol. 13, issue. 1, 2008, Elsevier Advanced Technology Publications Oxford, UK, DOI: 10. 1016/j. istr. 2008. 02. 002.
  • Ter Louw, M; Venkatakrishnan, V. N. ; "BluePrint: Robust Prevention of Cross-Site scripting attacks for existing browsers", 30th IEEE Symposium on Security and Privacy, pp. 331-346, May, 2009. DOI: 10. 1109/SP. 2009. 33
  • Jonathan Katz, "Efficient Cryptographic Protocols Preventing Man in the Middle Attacks", Doctoral Dissertation submitted at Columbia University, 2002, ISBN: 0-493-50927-5. http://www. cs. ucla. edu/~rafail/STUDENTS/katz-thesis. pdf /
  • Eric Ogren, "Whitelists SaaS modify traditional security, tackle flaws", Sep. 17, 2009. [Eric Ogren is the founder and principal security analyst at Ogren Group] http://searchsecurity. techtarget. com/news/column/0,294698,sid14_gci1368647,00. html/
  • Gurdev Singh, Amit Sharma, Manpreet Singh Lehal, "Security Apprehensions in Different Regions of Cloud Captious Grounds", International Journal of Network Security & Its Applications (IJNSA), Vol. 3, No. 4, July 2011.
  • Char Sample, Senior Scientist, BBN Technologies, Diana Kelley, Partner, Security Curve, "Cloud computing security: Routing and DNS security threats". http://searchsecurity. techtarget. com/tip/0,289483,sid14_gci1359155_mem1, 00. html/
  • Zouheir Trabelsi, Hamza Rahmani, Kamel Kaouech, Mounir Frikha, "Malicious Sniffing System Detection Platform", Proceedings of the 2004 International Symposium on Applications and the Internet (SAINT'04), pp. 201-207, 2004, ISBN: 0-7695-2068-5.
  • Josh Karlin, Stephanie Forrest, Jennifer Rexford, "Autonomous Security for Autonomous Systems", Proc. of Complex Computer and Communication Networks; vol. 52, issue. 15, pp. 2908- 2923, Oct. 2008, Elsevier North-Holland, Inc. New York, NY, USA.
  • Scalable Security Solutions, Check Point Open Performance Architecture, Quad-Core Intel Xeon Processors, "Delivering Application-Level Security at Data Centre Performance Levels", Intel Corporation, Whitepaper, 2008. http://download. intel. com/netcomms/technologies/security/320923. pdf
  • Shengmei Luo, Zhaoji Lin, Xiaohua Chen, Zhuolin Yang, Jianyong Chen, "Virtualization security for cloud computing services", Int. Conf on Cloud and Service Computing, pp. 174-179, Dec, 2011. DOI: 10. 1109/CSC. 2011. 6138516
  • Shantanu Pal, Sunirmal Khatua, Nabendu Chaki, Sugata Sanyal, "A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security", Annals of Faculty Engineering Hunedoara International Journal of Engineering (Archived copy), scheduled for publication in vol. 10, issue 1, January 2012. ISSN: 1584-2665.
  • Jenni Susan Reuben, "A Survey on Virtual Machine Security", Seminar of Network Security, Helsinki University of Technology, 2007. http://www. tml. tkk. fi/Publications/C/25/papers/Reuben_final. pdf?q=attacks-on-virtual-machine-emulators
  • Flavio Lombardi, Roberto Di Pietro, "Secure Virtualization for Cloud Computing", Journal of Network and Computer Applications, vol. 34, issue 4, pp. 1113- 1122, July 2011, Academic Press Ltd. London, UK.
  • Hanqian Wu, Yi Ding, Winer, C. , Li Yao, "Network Security for Virtual Machines in Cloud Computing", 5th Int'l Conference on Computer Sciences and Convergence Information Technology, pp. 18-21, Seoul, Nov. 30-Dec. 2, 2010. ISBN: 978-1-4244-8567-3.
  • K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, "Intrusion detection techniques for Grid and Cloud Computing Environment", IT Professional, IEEE Computer Society, vol. 12, issue 4, pp. 38-43, 2010. DOI: 10. 1109/MITP. 2009. 89.
  • Ian Rathie, "An Approach to Application Security", SANS Security Essentials White Paper, SANS Institute. http://www. sans. org/reading_room/whitepapers/application/approach-application-security_16
  • Ruiping Lua and Kin Choong Yow, "Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network", IEEE Network, vol. 25, no. 4, pp. 28-33, July-August, 2011.
  • Nathan Mcfeters, "Recent CNN Distributed Denial of Service (DDoS) Attack Explained", ZDNet, April, 2008. http://www. zdnet. com/blog/security/recent-cnn-distributed-denial-of-service-ddos-attack-explained/1054
  • Claudio Mazzariello, Roberto Bifulco and Roberto Canonico, "Integrating a Network IDS into an Open Source Cloud Computing Environment", Sixth International Conference on Information Assurance and Security, USA, pp. 265-270, Aug. 23-25, 2010. DOI: 10. 1109/ISIAS. 2010. 5604069.
  • D. Nurmi, R. Wolski, C. Grzegorczyk, G. Obertelli, S. Soman, L. Youseff, and D. Zagorodnov, "The Eucalyptus open-source cloud-computing system", in Proceedings of the 9th IEEE/ACM International Symposium on Cluster Computing and the Grid (CCGRID '09), pp. 124–131, 2009.
  • John E. Dunn, "Spammers break Hotmail's CAPTCHA yet again", Tech-world, Feb. 16, 2009. http://news. techworld. com/security/110908/spammers-break-hotmails-captcha-yet-again/
  • Albert B Jeng, Chien Chen Tseng, Der-Feng Tseng, Jiunn-Chin Wang, "A Study of CAPTCHA and its Application to User Authentication", Proc. Of 2nd Intl. Conference on Computational Collective Intelligence: Technologies and Applications, 2010. ISBN: 3-642-16731-4 978-3-642-16731-7
  • Cui, JingSong; Wang, LiJing; Mei, JingTing; Zhang, Da; Wang, Xia; Peng, Yang; Zhang, WuZhou; "CAPTCHA design based on moving object recognition problem", Intl. Conference on Information Sciences and Interaction Sciences, pp. 158-162, June, 2010, China. DOI: 10. 1109/ICICIS. 2010. 5534730
  • V. Kumar, M. Singh, A. Abraham, S. Sanyal, "CompChall: addressing password guessing attacks", Int. Conference on Information Technology: Coding and Computing, pp. 739-744, vol. 1, April, 2005.
  • Kellep Charles, "Google's Gmail Hacked by China Again", SecurityOrb, The Information Security knowledge-Base Website, June 2, 2011. http://securityorb. com/2011/06/googles-gmail-hacked-by-china-again/
  • Ningning Zhu, Tzi-cker Chiueh, "Portable and Efficient Continuous Data Protection for Network File Servers", Intl. Conference on Dependable Systems and Networks, pp. 687-697, Edinburg, June, 2007. DOI: 10. 1109/DSN. 2007. 74
  • A. Verma and S. Kaushal, "Cloud Computing Security Issues and Challenges: A Survey", Proceedings of Advances in Computing and Communications, Vol. 193, pp. 445-454, 2011. DOI: 10. 1007/978-3-642-22726-4_46
  • P. Sharma, S. K. Sood, and S. Kaur, "Security Issues in Cloud Computing", Proceedings of High Performance Architecture and Grid Computing, Vol. 169, pp. 36-45, 2011. DOI: 10. 1007/978-3-642-22577-2_5
  • Sudharsan Sundararajan, Hari Narayanan, Vipin Pavithran, Kaladhar Vorungati, Krishnashree Achuthan, "Preventing Insider attacks in the Cloud", Communications in Computer and Information Science, vol. 190, issue. 5, pp. 488-500, 2011. DOI: 10. 1007/978-3-642-22709-7_48
  • Thomas W. Shinder, "Security Issues in Cloud Deployment models", TechNet Articles, Wiki, Microsoft, Aug, 2011. http://social. technet. microsoft. com/wiki/contents/articles/security-issues-in-cloud-deployment-models. aspx
  • E. Mathisen, "Security Challenges and Solutions in Cloud Computing", Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies (DEST), pp. 208-212, June, 2011, ISBN: 978-1-4577-0871-8, DOI: 10. 1109/DEST. 2011. 5936627.
  • Alessandro Perilli, Claudio Criscione, "Securing the Private Cloud", Article on Secure Networks, Virtualization. info. http://virtualization. info/en/security/privatecloud. pdf
  • Sato, H; Kanai, A; Tanimoto, S; "A Cloud Trust Model in a Security Aware Cloud", Intl. Symposium on Applications and the Internet (SAINT), pp. 121-124, July, 2010, Seoul.
  • Ayu Tiwari, Sudip Sanyal, Ajith Abraham, Svein Johan Knapskog, Sugata Sanyal, "A Multi-Factor Security Protocol for Wireless Payment – Secure Web Authentication Using Mobile Devices", IADIS, International Conference Applied Computing, pp. 160-167, 2007.
  • Tao Peng, Christopher Leckie, Kotagiri RamMohanRao, "Survey of Network Based Defense Mechanisms Countering the DoS and DDoS Problems", ACM Computing Surveys, vol. 39, no. 1, April, 2007. DOI: 10. 1145/1216370. 1216373
  • Qishi Wu, Sajjan Shiva, Sankardas Roy, Charles Ellis, Vivek Datla, "On Modelling and Simulation of game-theory based defense mechanisms against DoS and DDoS attacks", Proceedings of 2010 Spring Simulation Multiconference, NY, USA, 0032010. DOI: 10. 1145/1878537. 1878703
  • Amitav Chakravartty, Serena Software, "Serena Service Manager Security in the Cloud". http://www. serena. com/docs/repository/products/service-manager/Serena-Service-Manager-Security-in-the-Cloud. pdf
  • Security and Privacy policies of sales-force. com, "Secure, Private and Trustworthy: Enterprise Cloud Computing with Force. com". http://www. salesforce. com/assets/pdf/misc/WP_Forcedotcom-Security. pdf http://trust. salesforce. com/trust/security/best_practices/ http://trust. salesforce. com/trust/privacy/tools/
  • Soumyendu Das, Subhendu Das, Bijoy Bandopadhyay, Sugata Sanyal, "Steganography and Staganalysis: Different Approaches", Int. Journal of Computers, Information Technology and Engineering (IJCITAE), vol. 2, no. 1, June, 2008.
  • Richard Chow, Philippe Golle, Markus Jakobsson, Elaine Shi, Jessicca Staddon, Ryusuke Masuoka, Jesus Molina, "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control", Proc. of the ACM Workshop on Cloud Computing Security, pp. 85-90, USA, November, 2009. ISBN: 978-1-60558-784-4.
  • Jason Nikolai, "Detecting Unauthorized Usage in a Cloud using Tenant Profiles". http://www. homepages. dsu. edu/malladis/teach/717/Papers/nikolai. pdf
  • Craig Balding, "GoGrid Security Breach", cloudsecurity. org, March 30, 2011. http://cloudsecurity. org/blog/2011/03/30/gogrid-security-breach. html
  • Czaroma Roman, "Sony Data Breach Highlights Importance of Cloud Security", Cloud Times, May 9, 2011. http://cloudtimes. org/sony-data-breach-highlights-importance-of-cloud-security/
  • Hiroshi Wada, Alan Fekete, Liang Zhao, Kevin Lee, Anna Liu, "Data Consistency Properties and the Trade-offs in Commercial Cloud Storages : The Consumers' Perspective", Proc. of the 5th Biennial Conference on Innovative Data Systems Research (CIDR '2011), Asilomar, CA, January 2011.
  • J. Weinman, "The Future of Cloud Computing", IEEE Technology Time Machine Symposium on Technologies Beyond 2020 (TTM), pp. 1-2, June, 2011. DOI: 10. 1109/TTM. 2011. 6005157