Dear Author Here are the proofs of your article. ·You can submit your corrections online, or via e-mail. · For online submission please insert your corrections in the online correction form. Always indicate the line number to which the correction refers. · You can also insert your corrections in the proof PDF and email the annotated PDF. · Remember to note the journal title, manuscript number , and your name when sending your response via e-mail. · Check any questions that have arisen during copy editing or typesetting and insert your answers/corrections. ·Check that the text is complete and that all figures, tables and their legends are included. Also check the accuracy of special characters, equations, and additional files if applicable. Substantial changes in content, e.g., new results, corrected values, title and authorship are not allowed without the approval of the responsible editor. In such a case, please contact us for futher advice. · If we do not receive your corrections within 48 hours, we will send you a reminder. · The final versions of your article will be published around one week after receipt of your corrected proofs.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Dear AuthorHere are the proofs of your article
middotYou can submit your corrections online or via e-mail middot For online submission please insert your corrections in the online correction form Always indicate the line number to which the correction refers
middot You can also insert your corrections in the proof PDF and email the annotated PDF
middot Remember to note the journal title manuscript number and your name when sending your response via e-mail
middot Check any questions that have arisen during copy editing or typesetting and insert your answerscorrections
middotCheck that the text is complete and that all figures tables and their legends are included Also check the accuracy of special characters equations and additional files if applicable Substantial changes in content eg new results corrected values title and authorship are not allowed without the approval of the responsible editor In such a case please contact us for futher advice
middot If we do not receive your corrections within 48 hours we will send you a reminder
middot The final versions of your article will be published around one week after receipt of your corrected proofs
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111httpwwwjournalofcloudcomputingcomcontent1111
RESEARCH Open Access1
A quantitative analysis of current securityconcerns and solutions for cloud computing
2
3
Nelson Gonzalez1 Charles Miers14 Fernando Redıgolo1 Marcos Simplıcio1 Tereza Carvalho1Mats Naslund2 and Makan Pourzandi3
4
5
Abstract6
The development of cloud computing services is speeding up the rate in which the organizations outsource theircomputational services or sell their idle computational resources Even though migrating to the cloud remains atempting trend from a financial perspective there are several other aspects that must be taken into account bycompanies before they decide to do so One of the most important aspect refers to security while some cloudcomputing security issues are inherited from the solutions adopted to create such services many new securityquestions that are particular to these solutions also arise including those related to how the services are organizedand which kind of servicedata can be placed in the cloud Aiming to give a better understanding of this complexscenario in this article we identify and classify the main security concerns and solutions in cloud computing andpropose a taxonomy of security in cloud computing giving an overview of the current status of security in thisemerging technology
7
8
9
10
11
12
13
14
15
16
Introduction17
Security is considered a key requirement for cloud com-18
puting consolidation as a robust and feasible multi-19
purpose solution [1] This viewpoint is shared by many20
distinct groups including academia researchers [23]21
business decision makers [4] and government organi-22
zations [56] The many similarities in these perspec-23
tives indicate a grave concern on crucial security and24
legal obstacles for cloud computing including service25
availability data confidentiality provider lock-in and26
reputation fate sharing [7] These concerns have their27
origin not only on existing problems directly inherited28
from the adopted technologies but are also related to29
new issues derived from the composition of essential30
cloud computing features like scalability resource shar-31
ing and virtualization (eg data leakage and hypervisor32
vulnerabilities) [8] The distinction between these classes33
is more easily identifiable by analyzing the definition of the34
essential cloud computing characteristics proposed by the35
NIST (National Institute of Standards and Technology)36
in [9] which also introduces the SPI model for services37
Correspondence nmimuralarcuspbr1Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo BrazilFull list of author information is available at the end of the article
(SaaS PaaS and IaaS) and deployment (private public 38
community and hybrid) 39
Due to the ever growing interest in cloud computing 40
there is an explicit and constant effort to evaluate the 41
current trends in security for such technology consider- 42
ing both problems already identified and possible solu- 43
tions [10] An authoritative reference in the area is the 44
risk assessment developed by ENISA (European Network 45
and Information Security Agency) [5] Not only does 46
it list risks and vulnerabilities but it also offers a sur- 47
vey of related works and research recommendations A 48
similarly work is the security guidance provided by the 49
Cloud Security Alliance (CSA) [6] which defines security 50
domains congregating specific functional aspects from 51
governance and compliance to virtualization and iden- 52
tity management Both documents present a plethora of 53
security concerns best practices and recommendations 54
regarding all types of services in NISTrsquos SPI model as well 55
as possible problems related to cloud computing encom- 56
passing from data privacy to infrastructural configuration 57
Albeit valuable these studies do not focus on quantifying 58
their observations something important for developing 59
a comprehensive understanding of the challenges still 60
undermining the potential of cloud computing 61
copy 2012 Gonzalez et al licensee Springer This is an Open Access article distributed under the terms of the Creative CommonsAttribution License (httpcreativecommonsorglicensesby20) which permits unrestricted use distribution and reproductionin any medium provided the original work is properly cited
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 2 of 18httpwwwjournalofcloudcomputingcomcontent1111
The main goal of this article is to identify classify62
organize and quantify the main security concerns and63
solutions associated to cloud computing helping in the64
task of pinpointing the concerns that remain unanswered65
Aiming to organize this information into a useful tool66
for comparing relating and classifying already identi-67
fied concerns and solutions as well as future ones we68
also present a taxonomy proposal for cloud comput-69
ing security We focus on issues that are specific to70
cloud computing without losing sight of important issues71
that also exist in other distributed systems This article72
extends our previous work presented in [11] providing an73
enhanced review of the cloud computing security taxon-74
omy previously presented as well as a deeper analysis of75
the related work by discussing the main security frame-76
works currently available in addition we discuss further77
the security aspects related to virtualization in cloud78
computing a fundamental yet still underserved field of79
research80
Cloud computing security81
Key references such as CSArsquos security guidance [6] and82
top threats analysis [12] ENISArsquos security assessment [5]83
and the cloud computing definitions from NIST [9] high-84
light different security issues related to cloud computing85
that require further studies for being appropriately han-86
dled and consequently for enhancing technology accep-87
tance and adoption Emphasis is given to the distinction88
between services in the form of software (SaaS) platform89
(PaaS) and infrastructure (IaaS) which are commonly90
used as the fundamental basis for cloud service classifica-91
tion However no other methods are standardized or even92
employed to organize cloud computing security aspects93
apart from cloud deployment models service types or94
traditional security models95
Aiming to concentrate and organize information related96
to cloud security and to facilitate future studies in this97
section we identify the main problems in the area and98
group them into a model composed of seven categories99
based on the aforementioned references Namely the100
categories are network security interfaces data secu-101
rity virtualization governance compliance and legal102
issues Each category includes several potential security103
problems resulting in a classification with subdivisions104
that highlights the main issues identified in the base105
references106
1 Network security Problems associated with network107
communications and configurations regarding cloud108
computing infrastructures The ideal network109
security solution is to have cloud services as an110
extension of customersrsquo existing internal networks111
[13] adopting the same protection measures and112
security precautions that are locally implemented113
and allowing them to extend local strategies to any 114
remote resource or process [14] 115
(a) Transfer security Distributed architectures 116
massive resource sharing and virtual machine 117
(VM) instances synchronization imply more 118
data in transit in the cloud thus requiring 119
VPN mechanisms for protecting the system 120
against sniffing spoofing man-in-the-middle 121
and side-channel attacks 122
(b) Firewalling Firewalls protect the providerrsquos 123
internal cloud infrastructure against insiders 124
and outsiders [15] They also enable VM 125
isolation fine-grained filtering for addresses 126
and ports prevention of Denial-of-Service 127
(DoS) and detection of external security 128
assessment procedures Efforts for developing 129
consistent firewall and similar security 130
measures specific for cloud environments 131
[1617] reveal the urge for adapting existing 132
solutions for this new computing paradigm 133
(c) Security configuration Configuration of 134
protocols systems and technologies to 135
provide the required levels of security and 136
privacy without compromising performance 137
or efficiency [18] 138
2 Interfaces Concentrates all issues related to user 139
administrative and programming interfaces for using 140
and controlling clouds 141
(a) API Programming interfaces (essential to 142
IaaS and PaaS) for accessing virtualized 143
resources and systems must be protected in 144
order to prevent malicious use [19-23] 145
(b) Administrative interface Enables remote 146
control of resources in an IaaS (VM 147
management) development for PaaS (coding 148
deploying testing) and application tools for 149
SaaS (user access control configurations) 150
(c) User interface End-user interface for 151
exploring provided resources and tools (the 152
service itself) implying the need of adopting 153
measures for securing the environment 154
[24-27] 155
(d) Authentication Mechanisms required to 156
enable access to the cloud [28] Most services 157
rely on regular accounts [202930] 158
consequently being susceptible to a plethora 159
of attacks [31-35] whose consequences are 160
boosted by multi-tenancy and resource 161
sharing 162
3 Data security Protection of data in terms of 163
confidentiality availability and integrity (which can 164
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 3 of 18httpwwwjournalofcloudcomputingcomcontent1111
be applied not only to cloud environments but any165
solution requiring basic security levels) [36]166
(a) Cryptography Most employed practice to167
secure sensitive data [37] thoroughly168
required by industry state and federal169
regulations [38]170
(b) Redundancy Essential to avoid data loss171
Most business models rely on information172
technology for its core functionalities and173
processes [3940] and thus mission-critical174
data integrity and availability must be175
ensured176
(c) Disposal Elementary data disposal177
techniques are insufficient and commonly178
referred as deletion [41]In the cloud the179
complete destruction of data including log180
references and hidden backup registries is an181
important requirement [42]182
4 Virtualization Isolation between VMs hypervisor183
vulnerabilities and other problems associated to the184
use of virtualization technologies [43]185
(a) Isolation Although logically isolated all VMs186
share the same hardware and consequently187
the same resources allowing malicious188
entities to exploit data leaks and cross-VM189
attacks [44] The concept of isolation can also190
be applied to more fine-grained assets such191
as computational resources storage and192
memory193
(b) Hypervisor vulnerabilities The hypervisor is194
the main software component of195
virtualization Even though there are known196
security vulnerabilities for hypervisors197
solutions are still scarce and often198
proprietary demanding further studies to199
harden these security aspects200
(c) Data leakage Exploit hypervisor201
vulnerabilities and lack of isolation controls202
in order to leak data from virtualized203
infrastructures obtaining sensitive customer204
data and affecting confidentiality and205
integrity206
(d) VM identification Lack of controls for207
identifying virtual machines that are being208
used for executing a specific process or for209
storing files210
(e) Cross-VM attacks Includes attempts to211
estimate provider traffic rates in order to212
steal cryptographic keys and increase chances213
of VM placement attacks One example214
consists in overlapping memory and storage215
regions initially dedicated to a single virtual216
machine which also enables other 217
isolation-related attacks 218
5 Governance Issues related to (losing) administrative 219
and security controls in cloud computing solutions 220
[4546] 221
(a) Data control Moving data to the cloud means 222
losing control over redundancy location file 223
systems and other relevant configurations 224
(b) Security control Loss of governance over 225
security mechanisms and policies as terms of 226
use prohibit customer-side vulnerability 227
assessment and penetration tests while 228
insufficient Service Level Agreements (SLA) 229
lead to security gaps 230
(c) Lock-in User potential dependency on a 231
particular service provider due to lack of 232
well-established standards (protocols and 233
data formats) consequently becoming 234
particularly vulnerable to migrations and 235
service termination 236
6 Compliance Includes requirements related to service 237
availability and audit capabilities [4748] 238
(a) Service Level Agreements (SLA) 239
Mechanisms to ensure the required service 240
availability and the basic security procedures 241
to be adopted [49] 242
(b) Loss of service Service outages are not 243
exclusive to cloud environments but are 244
more serious in this context due to the 245
interconnections between services (eg a 246
SaaS using virtualized infrastructures 247
provided by an IaaS) as shown in many 248
examples [50-52] This leads to the need of 249
strong disaster recovery policies and provider 250
recommendations to implement 251
customer-side redundancy if applicable 252
(c) Audit Allows security and availability 253
assessments to be performed by customers 254
providers and third-party participants 255
Transparent and efficient methodologies are 256
necessary for continuously analyzing service 257
conditions [53] and are usually required by 258
contracts or legal regulations There are 259
solutions being developed to address this 260
problem by offering a transparent API for 261
automated auditing and other useful 262
functionalities [54] 263
(d) Service conformity Related to how 264
contractual obligations and overall service 265
requirements are respected and offered based 266
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 4 of 18httpwwwjournalofcloudcomputingcomcontent1111
on the SLAs predefined and basic service and267
customer needs268
7 Legal issues Aspects related to judicial requirements269
and law such as multiple data locations and privilege270
management271
(a) Data location Customer data held in272
multiple jurisdictions depending on273
geographic location [55] are affected directly274
or indirectly by subpoena law-enforcement275
measures276
(b) E-discovery As a result of a law-enforcement277
measures hardware might be confiscated for278
investigations related to a particular279
customer affecting all customers whose data280
were stored in the same hardware [56-58]281
Data disclosure is critical in this case282
(c) Provider privilege Malicious activities of283
provider insiders are potential threats to284
confidentiality availability and integrity of285
customersrsquo data and processesrsquo information286
[5960]287
(d) legislation Juridical concerns related to new288
concepts introduced by cloud computing289
[61]290
Cloud computing security taxonomy291
The analysis of security concerns in the context of cloud292
computing solutions shows that each issue brings differ-293
ent impacts on distinct assets Aiming to create a security294
model both for studying security aspects in this context295
and for supporting decision making in this section we296
consider the risks and vulnerabilities previously presented297
and arrange them in hierarchical categories thus creating298
a cloud security taxonomy The main structure of the pro-299
posed taxonomy along with its first classification levels300
are depicted in Figure 1F1 301
The three first groups correspond to fundamental (and302
often related) security principles [7] (Chapters 3-8)303
The architecture dimension is subdivided into network304
security interfaces and virtualization issues comprising305
both user and administrative interfaces to access the306
cloud It also comprises security during transferences of 307
data and virtual machines as well as other virtualization 308
related issues such as isolation and cross-VM attacks 309
This organization is depicted in Figure 2 The architec- F2310
ture group allows a clearer division of responsibilities 311
between providers and customers and also an analysis 312
of their security roles depending on the type of service 313
offered (Software Platform or Infrastructure) This sug- 314
gests that the security mechanisms used must be clearly 315
stated before the service is contracted defining which 316
role is responsible for providing firewalling capabilities 317
access control features and technology-specific require- 318
ments (such as those related to virtualization) 319
The compliance dimension introduces responsibilities 320
toward services and providers The former includes SLA 321
concerns loss of service based on outages and chain fail- 322
ures and auditing capabilities as well as transparency and 323
security assessments The latter refers to loss of control 324
over data and security policies and configurations and 325
also lock-in issues resulting from lack of standards migra- 326
tions and service terminations The complete scenario is 327
presented in Figure 3 F3328
The privacy dimension includes data security itself 329
(from sensitive data regulations and data loss to dis- 330
posal and redundancy) and legal issues (related to multiple 331
jurisdictions derived from different locations where data 332
and services are hosted) The expansion of this group is 333
represented in Figure 4 We note that the concerns in this F4334
dimension cover the complete information lifecycle (ie 335
generation use transfer transformation storage archiv- 336
ing and destruction) inside the provider perimeter and in 337
its immediate boundaries (or interfaces) to the users 338
A common point between all groups is the intrinsic con- 339
nection to data and service lifecycles Both privacy and 340
compliance must be ensured through all states of data 341
including application information or customer assets 342
while security in this case is more oriented towards how 343
the underlying elements (eg infrastructural hardware 344
and software) are protected 345
Current status of cloud security 346
A clear perspective of the main security problems regard- 347
ing cloud computing and on how they can be organized 348
Figure 1 Cloud computing security taxonomy Top level overview of the security taxonomy proposed highlighting the three main categoriessecurity related to privacy architecture and compliance
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111httpwwwjournalofcloudcomputingcomcontent1111
RESEARCH Open Access1
A quantitative analysis of current securityconcerns and solutions for cloud computing
2
3
Nelson Gonzalez1 Charles Miers14 Fernando Redıgolo1 Marcos Simplıcio1 Tereza Carvalho1Mats Naslund2 and Makan Pourzandi3
4
5
Abstract6
The development of cloud computing services is speeding up the rate in which the organizations outsource theircomputational services or sell their idle computational resources Even though migrating to the cloud remains atempting trend from a financial perspective there are several other aspects that must be taken into account bycompanies before they decide to do so One of the most important aspect refers to security while some cloudcomputing security issues are inherited from the solutions adopted to create such services many new securityquestions that are particular to these solutions also arise including those related to how the services are organizedand which kind of servicedata can be placed in the cloud Aiming to give a better understanding of this complexscenario in this article we identify and classify the main security concerns and solutions in cloud computing andpropose a taxonomy of security in cloud computing giving an overview of the current status of security in thisemerging technology
7
8
9
10
11
12
13
14
15
16
Introduction17
Security is considered a key requirement for cloud com-18
puting consolidation as a robust and feasible multi-19
purpose solution [1] This viewpoint is shared by many20
distinct groups including academia researchers [23]21
business decision makers [4] and government organi-22
zations [56] The many similarities in these perspec-23
tives indicate a grave concern on crucial security and24
legal obstacles for cloud computing including service25
availability data confidentiality provider lock-in and26
reputation fate sharing [7] These concerns have their27
origin not only on existing problems directly inherited28
from the adopted technologies but are also related to29
new issues derived from the composition of essential30
cloud computing features like scalability resource shar-31
ing and virtualization (eg data leakage and hypervisor32
vulnerabilities) [8] The distinction between these classes33
is more easily identifiable by analyzing the definition of the34
essential cloud computing characteristics proposed by the35
NIST (National Institute of Standards and Technology)36
in [9] which also introduces the SPI model for services37
Correspondence nmimuralarcuspbr1Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo BrazilFull list of author information is available at the end of the article
(SaaS PaaS and IaaS) and deployment (private public 38
community and hybrid) 39
Due to the ever growing interest in cloud computing 40
there is an explicit and constant effort to evaluate the 41
current trends in security for such technology consider- 42
ing both problems already identified and possible solu- 43
tions [10] An authoritative reference in the area is the 44
risk assessment developed by ENISA (European Network 45
and Information Security Agency) [5] Not only does 46
it list risks and vulnerabilities but it also offers a sur- 47
vey of related works and research recommendations A 48
similarly work is the security guidance provided by the 49
Cloud Security Alliance (CSA) [6] which defines security 50
domains congregating specific functional aspects from 51
governance and compliance to virtualization and iden- 52
tity management Both documents present a plethora of 53
security concerns best practices and recommendations 54
regarding all types of services in NISTrsquos SPI model as well 55
as possible problems related to cloud computing encom- 56
passing from data privacy to infrastructural configuration 57
Albeit valuable these studies do not focus on quantifying 58
their observations something important for developing 59
a comprehensive understanding of the challenges still 60
undermining the potential of cloud computing 61
copy 2012 Gonzalez et al licensee Springer This is an Open Access article distributed under the terms of the Creative CommonsAttribution License (httpcreativecommonsorglicensesby20) which permits unrestricted use distribution and reproductionin any medium provided the original work is properly cited
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 2 of 18httpwwwjournalofcloudcomputingcomcontent1111
The main goal of this article is to identify classify62
organize and quantify the main security concerns and63
solutions associated to cloud computing helping in the64
task of pinpointing the concerns that remain unanswered65
Aiming to organize this information into a useful tool66
for comparing relating and classifying already identi-67
fied concerns and solutions as well as future ones we68
also present a taxonomy proposal for cloud comput-69
ing security We focus on issues that are specific to70
cloud computing without losing sight of important issues71
that also exist in other distributed systems This article72
extends our previous work presented in [11] providing an73
enhanced review of the cloud computing security taxon-74
omy previously presented as well as a deeper analysis of75
the related work by discussing the main security frame-76
works currently available in addition we discuss further77
the security aspects related to virtualization in cloud78
computing a fundamental yet still underserved field of79
research80
Cloud computing security81
Key references such as CSArsquos security guidance [6] and82
top threats analysis [12] ENISArsquos security assessment [5]83
and the cloud computing definitions from NIST [9] high-84
light different security issues related to cloud computing85
that require further studies for being appropriately han-86
dled and consequently for enhancing technology accep-87
tance and adoption Emphasis is given to the distinction88
between services in the form of software (SaaS) platform89
(PaaS) and infrastructure (IaaS) which are commonly90
used as the fundamental basis for cloud service classifica-91
tion However no other methods are standardized or even92
employed to organize cloud computing security aspects93
apart from cloud deployment models service types or94
traditional security models95
Aiming to concentrate and organize information related96
to cloud security and to facilitate future studies in this97
section we identify the main problems in the area and98
group them into a model composed of seven categories99
based on the aforementioned references Namely the100
categories are network security interfaces data secu-101
rity virtualization governance compliance and legal102
issues Each category includes several potential security103
problems resulting in a classification with subdivisions104
that highlights the main issues identified in the base105
references106
1 Network security Problems associated with network107
communications and configurations regarding cloud108
computing infrastructures The ideal network109
security solution is to have cloud services as an110
extension of customersrsquo existing internal networks111
[13] adopting the same protection measures and112
security precautions that are locally implemented113
and allowing them to extend local strategies to any 114
remote resource or process [14] 115
(a) Transfer security Distributed architectures 116
massive resource sharing and virtual machine 117
(VM) instances synchronization imply more 118
data in transit in the cloud thus requiring 119
VPN mechanisms for protecting the system 120
against sniffing spoofing man-in-the-middle 121
and side-channel attacks 122
(b) Firewalling Firewalls protect the providerrsquos 123
internal cloud infrastructure against insiders 124
and outsiders [15] They also enable VM 125
isolation fine-grained filtering for addresses 126
and ports prevention of Denial-of-Service 127
(DoS) and detection of external security 128
assessment procedures Efforts for developing 129
consistent firewall and similar security 130
measures specific for cloud environments 131
[1617] reveal the urge for adapting existing 132
solutions for this new computing paradigm 133
(c) Security configuration Configuration of 134
protocols systems and technologies to 135
provide the required levels of security and 136
privacy without compromising performance 137
or efficiency [18] 138
2 Interfaces Concentrates all issues related to user 139
administrative and programming interfaces for using 140
and controlling clouds 141
(a) API Programming interfaces (essential to 142
IaaS and PaaS) for accessing virtualized 143
resources and systems must be protected in 144
order to prevent malicious use [19-23] 145
(b) Administrative interface Enables remote 146
control of resources in an IaaS (VM 147
management) development for PaaS (coding 148
deploying testing) and application tools for 149
SaaS (user access control configurations) 150
(c) User interface End-user interface for 151
exploring provided resources and tools (the 152
service itself) implying the need of adopting 153
measures for securing the environment 154
[24-27] 155
(d) Authentication Mechanisms required to 156
enable access to the cloud [28] Most services 157
rely on regular accounts [202930] 158
consequently being susceptible to a plethora 159
of attacks [31-35] whose consequences are 160
boosted by multi-tenancy and resource 161
sharing 162
3 Data security Protection of data in terms of 163
confidentiality availability and integrity (which can 164
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 3 of 18httpwwwjournalofcloudcomputingcomcontent1111
be applied not only to cloud environments but any165
solution requiring basic security levels) [36]166
(a) Cryptography Most employed practice to167
secure sensitive data [37] thoroughly168
required by industry state and federal169
regulations [38]170
(b) Redundancy Essential to avoid data loss171
Most business models rely on information172
technology for its core functionalities and173
processes [3940] and thus mission-critical174
data integrity and availability must be175
ensured176
(c) Disposal Elementary data disposal177
techniques are insufficient and commonly178
referred as deletion [41]In the cloud the179
complete destruction of data including log180
references and hidden backup registries is an181
important requirement [42]182
4 Virtualization Isolation between VMs hypervisor183
vulnerabilities and other problems associated to the184
use of virtualization technologies [43]185
(a) Isolation Although logically isolated all VMs186
share the same hardware and consequently187
the same resources allowing malicious188
entities to exploit data leaks and cross-VM189
attacks [44] The concept of isolation can also190
be applied to more fine-grained assets such191
as computational resources storage and192
memory193
(b) Hypervisor vulnerabilities The hypervisor is194
the main software component of195
virtualization Even though there are known196
security vulnerabilities for hypervisors197
solutions are still scarce and often198
proprietary demanding further studies to199
harden these security aspects200
(c) Data leakage Exploit hypervisor201
vulnerabilities and lack of isolation controls202
in order to leak data from virtualized203
infrastructures obtaining sensitive customer204
data and affecting confidentiality and205
integrity206
(d) VM identification Lack of controls for207
identifying virtual machines that are being208
used for executing a specific process or for209
storing files210
(e) Cross-VM attacks Includes attempts to211
estimate provider traffic rates in order to212
steal cryptographic keys and increase chances213
of VM placement attacks One example214
consists in overlapping memory and storage215
regions initially dedicated to a single virtual216
machine which also enables other 217
isolation-related attacks 218
5 Governance Issues related to (losing) administrative 219
and security controls in cloud computing solutions 220
[4546] 221
(a) Data control Moving data to the cloud means 222
losing control over redundancy location file 223
systems and other relevant configurations 224
(b) Security control Loss of governance over 225
security mechanisms and policies as terms of 226
use prohibit customer-side vulnerability 227
assessment and penetration tests while 228
insufficient Service Level Agreements (SLA) 229
lead to security gaps 230
(c) Lock-in User potential dependency on a 231
particular service provider due to lack of 232
well-established standards (protocols and 233
data formats) consequently becoming 234
particularly vulnerable to migrations and 235
service termination 236
6 Compliance Includes requirements related to service 237
availability and audit capabilities [4748] 238
(a) Service Level Agreements (SLA) 239
Mechanisms to ensure the required service 240
availability and the basic security procedures 241
to be adopted [49] 242
(b) Loss of service Service outages are not 243
exclusive to cloud environments but are 244
more serious in this context due to the 245
interconnections between services (eg a 246
SaaS using virtualized infrastructures 247
provided by an IaaS) as shown in many 248
examples [50-52] This leads to the need of 249
strong disaster recovery policies and provider 250
recommendations to implement 251
customer-side redundancy if applicable 252
(c) Audit Allows security and availability 253
assessments to be performed by customers 254
providers and third-party participants 255
Transparent and efficient methodologies are 256
necessary for continuously analyzing service 257
conditions [53] and are usually required by 258
contracts or legal regulations There are 259
solutions being developed to address this 260
problem by offering a transparent API for 261
automated auditing and other useful 262
functionalities [54] 263
(d) Service conformity Related to how 264
contractual obligations and overall service 265
requirements are respected and offered based 266
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 4 of 18httpwwwjournalofcloudcomputingcomcontent1111
on the SLAs predefined and basic service and267
customer needs268
7 Legal issues Aspects related to judicial requirements269
and law such as multiple data locations and privilege270
management271
(a) Data location Customer data held in272
multiple jurisdictions depending on273
geographic location [55] are affected directly274
or indirectly by subpoena law-enforcement275
measures276
(b) E-discovery As a result of a law-enforcement277
measures hardware might be confiscated for278
investigations related to a particular279
customer affecting all customers whose data280
were stored in the same hardware [56-58]281
Data disclosure is critical in this case282
(c) Provider privilege Malicious activities of283
provider insiders are potential threats to284
confidentiality availability and integrity of285
customersrsquo data and processesrsquo information286
[5960]287
(d) legislation Juridical concerns related to new288
concepts introduced by cloud computing289
[61]290
Cloud computing security taxonomy291
The analysis of security concerns in the context of cloud292
computing solutions shows that each issue brings differ-293
ent impacts on distinct assets Aiming to create a security294
model both for studying security aspects in this context295
and for supporting decision making in this section we296
consider the risks and vulnerabilities previously presented297
and arrange them in hierarchical categories thus creating298
a cloud security taxonomy The main structure of the pro-299
posed taxonomy along with its first classification levels300
are depicted in Figure 1F1 301
The three first groups correspond to fundamental (and302
often related) security principles [7] (Chapters 3-8)303
The architecture dimension is subdivided into network304
security interfaces and virtualization issues comprising305
both user and administrative interfaces to access the306
cloud It also comprises security during transferences of 307
data and virtual machines as well as other virtualization 308
related issues such as isolation and cross-VM attacks 309
This organization is depicted in Figure 2 The architec- F2310
ture group allows a clearer division of responsibilities 311
between providers and customers and also an analysis 312
of their security roles depending on the type of service 313
offered (Software Platform or Infrastructure) This sug- 314
gests that the security mechanisms used must be clearly 315
stated before the service is contracted defining which 316
role is responsible for providing firewalling capabilities 317
access control features and technology-specific require- 318
ments (such as those related to virtualization) 319
The compliance dimension introduces responsibilities 320
toward services and providers The former includes SLA 321
concerns loss of service based on outages and chain fail- 322
ures and auditing capabilities as well as transparency and 323
security assessments The latter refers to loss of control 324
over data and security policies and configurations and 325
also lock-in issues resulting from lack of standards migra- 326
tions and service terminations The complete scenario is 327
presented in Figure 3 F3328
The privacy dimension includes data security itself 329
(from sensitive data regulations and data loss to dis- 330
posal and redundancy) and legal issues (related to multiple 331
jurisdictions derived from different locations where data 332
and services are hosted) The expansion of this group is 333
represented in Figure 4 We note that the concerns in this F4334
dimension cover the complete information lifecycle (ie 335
generation use transfer transformation storage archiv- 336
ing and destruction) inside the provider perimeter and in 337
its immediate boundaries (or interfaces) to the users 338
A common point between all groups is the intrinsic con- 339
nection to data and service lifecycles Both privacy and 340
compliance must be ensured through all states of data 341
including application information or customer assets 342
while security in this case is more oriented towards how 343
the underlying elements (eg infrastructural hardware 344
and software) are protected 345
Current status of cloud security 346
A clear perspective of the main security problems regard- 347
ing cloud computing and on how they can be organized 348
Figure 1 Cloud computing security taxonomy Top level overview of the security taxonomy proposed highlighting the three main categoriessecurity related to privacy architecture and compliance
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 2 of 18httpwwwjournalofcloudcomputingcomcontent1111
The main goal of this article is to identify classify62
organize and quantify the main security concerns and63
solutions associated to cloud computing helping in the64
task of pinpointing the concerns that remain unanswered65
Aiming to organize this information into a useful tool66
for comparing relating and classifying already identi-67
fied concerns and solutions as well as future ones we68
also present a taxonomy proposal for cloud comput-69
ing security We focus on issues that are specific to70
cloud computing without losing sight of important issues71
that also exist in other distributed systems This article72
extends our previous work presented in [11] providing an73
enhanced review of the cloud computing security taxon-74
omy previously presented as well as a deeper analysis of75
the related work by discussing the main security frame-76
works currently available in addition we discuss further77
the security aspects related to virtualization in cloud78
computing a fundamental yet still underserved field of79
research80
Cloud computing security81
Key references such as CSArsquos security guidance [6] and82
top threats analysis [12] ENISArsquos security assessment [5]83
and the cloud computing definitions from NIST [9] high-84
light different security issues related to cloud computing85
that require further studies for being appropriately han-86
dled and consequently for enhancing technology accep-87
tance and adoption Emphasis is given to the distinction88
between services in the form of software (SaaS) platform89
(PaaS) and infrastructure (IaaS) which are commonly90
used as the fundamental basis for cloud service classifica-91
tion However no other methods are standardized or even92
employed to organize cloud computing security aspects93
apart from cloud deployment models service types or94
traditional security models95
Aiming to concentrate and organize information related96
to cloud security and to facilitate future studies in this97
section we identify the main problems in the area and98
group them into a model composed of seven categories99
based on the aforementioned references Namely the100
categories are network security interfaces data secu-101
rity virtualization governance compliance and legal102
issues Each category includes several potential security103
problems resulting in a classification with subdivisions104
that highlights the main issues identified in the base105
references106
1 Network security Problems associated with network107
communications and configurations regarding cloud108
computing infrastructures The ideal network109
security solution is to have cloud services as an110
extension of customersrsquo existing internal networks111
[13] adopting the same protection measures and112
security precautions that are locally implemented113
and allowing them to extend local strategies to any 114
remote resource or process [14] 115
(a) Transfer security Distributed architectures 116
massive resource sharing and virtual machine 117
(VM) instances synchronization imply more 118
data in transit in the cloud thus requiring 119
VPN mechanisms for protecting the system 120
against sniffing spoofing man-in-the-middle 121
and side-channel attacks 122
(b) Firewalling Firewalls protect the providerrsquos 123
internal cloud infrastructure against insiders 124
and outsiders [15] They also enable VM 125
isolation fine-grained filtering for addresses 126
and ports prevention of Denial-of-Service 127
(DoS) and detection of external security 128
assessment procedures Efforts for developing 129
consistent firewall and similar security 130
measures specific for cloud environments 131
[1617] reveal the urge for adapting existing 132
solutions for this new computing paradigm 133
(c) Security configuration Configuration of 134
protocols systems and technologies to 135
provide the required levels of security and 136
privacy without compromising performance 137
or efficiency [18] 138
2 Interfaces Concentrates all issues related to user 139
administrative and programming interfaces for using 140
and controlling clouds 141
(a) API Programming interfaces (essential to 142
IaaS and PaaS) for accessing virtualized 143
resources and systems must be protected in 144
order to prevent malicious use [19-23] 145
(b) Administrative interface Enables remote 146
control of resources in an IaaS (VM 147
management) development for PaaS (coding 148
deploying testing) and application tools for 149
SaaS (user access control configurations) 150
(c) User interface End-user interface for 151
exploring provided resources and tools (the 152
service itself) implying the need of adopting 153
measures for securing the environment 154
[24-27] 155
(d) Authentication Mechanisms required to 156
enable access to the cloud [28] Most services 157
rely on regular accounts [202930] 158
consequently being susceptible to a plethora 159
of attacks [31-35] whose consequences are 160
boosted by multi-tenancy and resource 161
sharing 162
3 Data security Protection of data in terms of 163
confidentiality availability and integrity (which can 164
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 3 of 18httpwwwjournalofcloudcomputingcomcontent1111
be applied not only to cloud environments but any165
solution requiring basic security levels) [36]166
(a) Cryptography Most employed practice to167
secure sensitive data [37] thoroughly168
required by industry state and federal169
regulations [38]170
(b) Redundancy Essential to avoid data loss171
Most business models rely on information172
technology for its core functionalities and173
processes [3940] and thus mission-critical174
data integrity and availability must be175
ensured176
(c) Disposal Elementary data disposal177
techniques are insufficient and commonly178
referred as deletion [41]In the cloud the179
complete destruction of data including log180
references and hidden backup registries is an181
important requirement [42]182
4 Virtualization Isolation between VMs hypervisor183
vulnerabilities and other problems associated to the184
use of virtualization technologies [43]185
(a) Isolation Although logically isolated all VMs186
share the same hardware and consequently187
the same resources allowing malicious188
entities to exploit data leaks and cross-VM189
attacks [44] The concept of isolation can also190
be applied to more fine-grained assets such191
as computational resources storage and192
memory193
(b) Hypervisor vulnerabilities The hypervisor is194
the main software component of195
virtualization Even though there are known196
security vulnerabilities for hypervisors197
solutions are still scarce and often198
proprietary demanding further studies to199
harden these security aspects200
(c) Data leakage Exploit hypervisor201
vulnerabilities and lack of isolation controls202
in order to leak data from virtualized203
infrastructures obtaining sensitive customer204
data and affecting confidentiality and205
integrity206
(d) VM identification Lack of controls for207
identifying virtual machines that are being208
used for executing a specific process or for209
storing files210
(e) Cross-VM attacks Includes attempts to211
estimate provider traffic rates in order to212
steal cryptographic keys and increase chances213
of VM placement attacks One example214
consists in overlapping memory and storage215
regions initially dedicated to a single virtual216
machine which also enables other 217
isolation-related attacks 218
5 Governance Issues related to (losing) administrative 219
and security controls in cloud computing solutions 220
[4546] 221
(a) Data control Moving data to the cloud means 222
losing control over redundancy location file 223
systems and other relevant configurations 224
(b) Security control Loss of governance over 225
security mechanisms and policies as terms of 226
use prohibit customer-side vulnerability 227
assessment and penetration tests while 228
insufficient Service Level Agreements (SLA) 229
lead to security gaps 230
(c) Lock-in User potential dependency on a 231
particular service provider due to lack of 232
well-established standards (protocols and 233
data formats) consequently becoming 234
particularly vulnerable to migrations and 235
service termination 236
6 Compliance Includes requirements related to service 237
availability and audit capabilities [4748] 238
(a) Service Level Agreements (SLA) 239
Mechanisms to ensure the required service 240
availability and the basic security procedures 241
to be adopted [49] 242
(b) Loss of service Service outages are not 243
exclusive to cloud environments but are 244
more serious in this context due to the 245
interconnections between services (eg a 246
SaaS using virtualized infrastructures 247
provided by an IaaS) as shown in many 248
examples [50-52] This leads to the need of 249
strong disaster recovery policies and provider 250
recommendations to implement 251
customer-side redundancy if applicable 252
(c) Audit Allows security and availability 253
assessments to be performed by customers 254
providers and third-party participants 255
Transparent and efficient methodologies are 256
necessary for continuously analyzing service 257
conditions [53] and are usually required by 258
contracts or legal regulations There are 259
solutions being developed to address this 260
problem by offering a transparent API for 261
automated auditing and other useful 262
functionalities [54] 263
(d) Service conformity Related to how 264
contractual obligations and overall service 265
requirements are respected and offered based 266
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 4 of 18httpwwwjournalofcloudcomputingcomcontent1111
on the SLAs predefined and basic service and267
customer needs268
7 Legal issues Aspects related to judicial requirements269
and law such as multiple data locations and privilege270
management271
(a) Data location Customer data held in272
multiple jurisdictions depending on273
geographic location [55] are affected directly274
or indirectly by subpoena law-enforcement275
measures276
(b) E-discovery As a result of a law-enforcement277
measures hardware might be confiscated for278
investigations related to a particular279
customer affecting all customers whose data280
were stored in the same hardware [56-58]281
Data disclosure is critical in this case282
(c) Provider privilege Malicious activities of283
provider insiders are potential threats to284
confidentiality availability and integrity of285
customersrsquo data and processesrsquo information286
[5960]287
(d) legislation Juridical concerns related to new288
concepts introduced by cloud computing289
[61]290
Cloud computing security taxonomy291
The analysis of security concerns in the context of cloud292
computing solutions shows that each issue brings differ-293
ent impacts on distinct assets Aiming to create a security294
model both for studying security aspects in this context295
and for supporting decision making in this section we296
consider the risks and vulnerabilities previously presented297
and arrange them in hierarchical categories thus creating298
a cloud security taxonomy The main structure of the pro-299
posed taxonomy along with its first classification levels300
are depicted in Figure 1F1 301
The three first groups correspond to fundamental (and302
often related) security principles [7] (Chapters 3-8)303
The architecture dimension is subdivided into network304
security interfaces and virtualization issues comprising305
both user and administrative interfaces to access the306
cloud It also comprises security during transferences of 307
data and virtual machines as well as other virtualization 308
related issues such as isolation and cross-VM attacks 309
This organization is depicted in Figure 2 The architec- F2310
ture group allows a clearer division of responsibilities 311
between providers and customers and also an analysis 312
of their security roles depending on the type of service 313
offered (Software Platform or Infrastructure) This sug- 314
gests that the security mechanisms used must be clearly 315
stated before the service is contracted defining which 316
role is responsible for providing firewalling capabilities 317
access control features and technology-specific require- 318
ments (such as those related to virtualization) 319
The compliance dimension introduces responsibilities 320
toward services and providers The former includes SLA 321
concerns loss of service based on outages and chain fail- 322
ures and auditing capabilities as well as transparency and 323
security assessments The latter refers to loss of control 324
over data and security policies and configurations and 325
also lock-in issues resulting from lack of standards migra- 326
tions and service terminations The complete scenario is 327
presented in Figure 3 F3328
The privacy dimension includes data security itself 329
(from sensitive data regulations and data loss to dis- 330
posal and redundancy) and legal issues (related to multiple 331
jurisdictions derived from different locations where data 332
and services are hosted) The expansion of this group is 333
represented in Figure 4 We note that the concerns in this F4334
dimension cover the complete information lifecycle (ie 335
generation use transfer transformation storage archiv- 336
ing and destruction) inside the provider perimeter and in 337
its immediate boundaries (or interfaces) to the users 338
A common point between all groups is the intrinsic con- 339
nection to data and service lifecycles Both privacy and 340
compliance must be ensured through all states of data 341
including application information or customer assets 342
while security in this case is more oriented towards how 343
the underlying elements (eg infrastructural hardware 344
and software) are protected 345
Current status of cloud security 346
A clear perspective of the main security problems regard- 347
ing cloud computing and on how they can be organized 348
Figure 1 Cloud computing security taxonomy Top level overview of the security taxonomy proposed highlighting the three main categoriessecurity related to privacy architecture and compliance
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 3 of 18httpwwwjournalofcloudcomputingcomcontent1111
be applied not only to cloud environments but any165
solution requiring basic security levels) [36]166
(a) Cryptography Most employed practice to167
secure sensitive data [37] thoroughly168
required by industry state and federal169
regulations [38]170
(b) Redundancy Essential to avoid data loss171
Most business models rely on information172
technology for its core functionalities and173
processes [3940] and thus mission-critical174
data integrity and availability must be175
ensured176
(c) Disposal Elementary data disposal177
techniques are insufficient and commonly178
referred as deletion [41]In the cloud the179
complete destruction of data including log180
references and hidden backup registries is an181
important requirement [42]182
4 Virtualization Isolation between VMs hypervisor183
vulnerabilities and other problems associated to the184
use of virtualization technologies [43]185
(a) Isolation Although logically isolated all VMs186
share the same hardware and consequently187
the same resources allowing malicious188
entities to exploit data leaks and cross-VM189
attacks [44] The concept of isolation can also190
be applied to more fine-grained assets such191
as computational resources storage and192
memory193
(b) Hypervisor vulnerabilities The hypervisor is194
the main software component of195
virtualization Even though there are known196
security vulnerabilities for hypervisors197
solutions are still scarce and often198
proprietary demanding further studies to199
harden these security aspects200
(c) Data leakage Exploit hypervisor201
vulnerabilities and lack of isolation controls202
in order to leak data from virtualized203
infrastructures obtaining sensitive customer204
data and affecting confidentiality and205
integrity206
(d) VM identification Lack of controls for207
identifying virtual machines that are being208
used for executing a specific process or for209
storing files210
(e) Cross-VM attacks Includes attempts to211
estimate provider traffic rates in order to212
steal cryptographic keys and increase chances213
of VM placement attacks One example214
consists in overlapping memory and storage215
regions initially dedicated to a single virtual216
machine which also enables other 217
isolation-related attacks 218
5 Governance Issues related to (losing) administrative 219
and security controls in cloud computing solutions 220
[4546] 221
(a) Data control Moving data to the cloud means 222
losing control over redundancy location file 223
systems and other relevant configurations 224
(b) Security control Loss of governance over 225
security mechanisms and policies as terms of 226
use prohibit customer-side vulnerability 227
assessment and penetration tests while 228
insufficient Service Level Agreements (SLA) 229
lead to security gaps 230
(c) Lock-in User potential dependency on a 231
particular service provider due to lack of 232
well-established standards (protocols and 233
data formats) consequently becoming 234
particularly vulnerable to migrations and 235
service termination 236
6 Compliance Includes requirements related to service 237
availability and audit capabilities [4748] 238
(a) Service Level Agreements (SLA) 239
Mechanisms to ensure the required service 240
availability and the basic security procedures 241
to be adopted [49] 242
(b) Loss of service Service outages are not 243
exclusive to cloud environments but are 244
more serious in this context due to the 245
interconnections between services (eg a 246
SaaS using virtualized infrastructures 247
provided by an IaaS) as shown in many 248
examples [50-52] This leads to the need of 249
strong disaster recovery policies and provider 250
recommendations to implement 251
customer-side redundancy if applicable 252
(c) Audit Allows security and availability 253
assessments to be performed by customers 254
providers and third-party participants 255
Transparent and efficient methodologies are 256
necessary for continuously analyzing service 257
conditions [53] and are usually required by 258
contracts or legal regulations There are 259
solutions being developed to address this 260
problem by offering a transparent API for 261
automated auditing and other useful 262
functionalities [54] 263
(d) Service conformity Related to how 264
contractual obligations and overall service 265
requirements are respected and offered based 266
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 4 of 18httpwwwjournalofcloudcomputingcomcontent1111
on the SLAs predefined and basic service and267
customer needs268
7 Legal issues Aspects related to judicial requirements269
and law such as multiple data locations and privilege270
management271
(a) Data location Customer data held in272
multiple jurisdictions depending on273
geographic location [55] are affected directly274
or indirectly by subpoena law-enforcement275
measures276
(b) E-discovery As a result of a law-enforcement277
measures hardware might be confiscated for278
investigations related to a particular279
customer affecting all customers whose data280
were stored in the same hardware [56-58]281
Data disclosure is critical in this case282
(c) Provider privilege Malicious activities of283
provider insiders are potential threats to284
confidentiality availability and integrity of285
customersrsquo data and processesrsquo information286
[5960]287
(d) legislation Juridical concerns related to new288
concepts introduced by cloud computing289
[61]290
Cloud computing security taxonomy291
The analysis of security concerns in the context of cloud292
computing solutions shows that each issue brings differ-293
ent impacts on distinct assets Aiming to create a security294
model both for studying security aspects in this context295
and for supporting decision making in this section we296
consider the risks and vulnerabilities previously presented297
and arrange them in hierarchical categories thus creating298
a cloud security taxonomy The main structure of the pro-299
posed taxonomy along with its first classification levels300
are depicted in Figure 1F1 301
The three first groups correspond to fundamental (and302
often related) security principles [7] (Chapters 3-8)303
The architecture dimension is subdivided into network304
security interfaces and virtualization issues comprising305
both user and administrative interfaces to access the306
cloud It also comprises security during transferences of 307
data and virtual machines as well as other virtualization 308
related issues such as isolation and cross-VM attacks 309
This organization is depicted in Figure 2 The architec- F2310
ture group allows a clearer division of responsibilities 311
between providers and customers and also an analysis 312
of their security roles depending on the type of service 313
offered (Software Platform or Infrastructure) This sug- 314
gests that the security mechanisms used must be clearly 315
stated before the service is contracted defining which 316
role is responsible for providing firewalling capabilities 317
access control features and technology-specific require- 318
ments (such as those related to virtualization) 319
The compliance dimension introduces responsibilities 320
toward services and providers The former includes SLA 321
concerns loss of service based on outages and chain fail- 322
ures and auditing capabilities as well as transparency and 323
security assessments The latter refers to loss of control 324
over data and security policies and configurations and 325
also lock-in issues resulting from lack of standards migra- 326
tions and service terminations The complete scenario is 327
presented in Figure 3 F3328
The privacy dimension includes data security itself 329
(from sensitive data regulations and data loss to dis- 330
posal and redundancy) and legal issues (related to multiple 331
jurisdictions derived from different locations where data 332
and services are hosted) The expansion of this group is 333
represented in Figure 4 We note that the concerns in this F4334
dimension cover the complete information lifecycle (ie 335
generation use transfer transformation storage archiv- 336
ing and destruction) inside the provider perimeter and in 337
its immediate boundaries (or interfaces) to the users 338
A common point between all groups is the intrinsic con- 339
nection to data and service lifecycles Both privacy and 340
compliance must be ensured through all states of data 341
including application information or customer assets 342
while security in this case is more oriented towards how 343
the underlying elements (eg infrastructural hardware 344
and software) are protected 345
Current status of cloud security 346
A clear perspective of the main security problems regard- 347
ing cloud computing and on how they can be organized 348
Figure 1 Cloud computing security taxonomy Top level overview of the security taxonomy proposed highlighting the three main categoriessecurity related to privacy architecture and compliance
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 4 of 18httpwwwjournalofcloudcomputingcomcontent1111
on the SLAs predefined and basic service and267
customer needs268
7 Legal issues Aspects related to judicial requirements269
and law such as multiple data locations and privilege270
management271
(a) Data location Customer data held in272
multiple jurisdictions depending on273
geographic location [55] are affected directly274
or indirectly by subpoena law-enforcement275
measures276
(b) E-discovery As a result of a law-enforcement277
measures hardware might be confiscated for278
investigations related to a particular279
customer affecting all customers whose data280
were stored in the same hardware [56-58]281
Data disclosure is critical in this case282
(c) Provider privilege Malicious activities of283
provider insiders are potential threats to284
confidentiality availability and integrity of285
customersrsquo data and processesrsquo information286
[5960]287
(d) legislation Juridical concerns related to new288
concepts introduced by cloud computing289
[61]290
Cloud computing security taxonomy291
The analysis of security concerns in the context of cloud292
computing solutions shows that each issue brings differ-293
ent impacts on distinct assets Aiming to create a security294
model both for studying security aspects in this context295
and for supporting decision making in this section we296
consider the risks and vulnerabilities previously presented297
and arrange them in hierarchical categories thus creating298
a cloud security taxonomy The main structure of the pro-299
posed taxonomy along with its first classification levels300
are depicted in Figure 1F1 301
The three first groups correspond to fundamental (and302
often related) security principles [7] (Chapters 3-8)303
The architecture dimension is subdivided into network304
security interfaces and virtualization issues comprising305
both user and administrative interfaces to access the306
cloud It also comprises security during transferences of 307
data and virtual machines as well as other virtualization 308
related issues such as isolation and cross-VM attacks 309
This organization is depicted in Figure 2 The architec- F2310
ture group allows a clearer division of responsibilities 311
between providers and customers and also an analysis 312
of their security roles depending on the type of service 313
offered (Software Platform or Infrastructure) This sug- 314
gests that the security mechanisms used must be clearly 315
stated before the service is contracted defining which 316
role is responsible for providing firewalling capabilities 317
access control features and technology-specific require- 318
ments (such as those related to virtualization) 319
The compliance dimension introduces responsibilities 320
toward services and providers The former includes SLA 321
concerns loss of service based on outages and chain fail- 322
ures and auditing capabilities as well as transparency and 323
security assessments The latter refers to loss of control 324
over data and security policies and configurations and 325
also lock-in issues resulting from lack of standards migra- 326
tions and service terminations The complete scenario is 327
presented in Figure 3 F3328
The privacy dimension includes data security itself 329
(from sensitive data regulations and data loss to dis- 330
posal and redundancy) and legal issues (related to multiple 331
jurisdictions derived from different locations where data 332
and services are hosted) The expansion of this group is 333
represented in Figure 4 We note that the concerns in this F4334
dimension cover the complete information lifecycle (ie 335
generation use transfer transformation storage archiv- 336
ing and destruction) inside the provider perimeter and in 337
its immediate boundaries (or interfaces) to the users 338
A common point between all groups is the intrinsic con- 339
nection to data and service lifecycles Both privacy and 340
compliance must be ensured through all states of data 341
including application information or customer assets 342
while security in this case is more oriented towards how 343
the underlying elements (eg infrastructural hardware 344
and software) are protected 345
Current status of cloud security 346
A clear perspective of the main security problems regard- 347
ing cloud computing and on how they can be organized 348
Figure 1 Cloud computing security taxonomy Top level overview of the security taxonomy proposed highlighting the three main categoriessecurity related to privacy architecture and compliance
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 5 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 2 Security taxonomy - architecture Details from architecture category which is divided in network host application data (security andstorage) security management and identity and access controls ndash all these elements are directly connected to the infrastructure and architectureadopted to implement or use a cloud solution
to ease decision making is the primary step for having349
a comprehensive overview of the current status of cloud350
security In this section we analyze industry and academia351
viewpoints focusing on strategic study areas that need352
to be further developed This study is based on more353
than two hundred different references including white354
papers technical reports scientific papers and other rele-355
vant publications They were analyzed in terms of security356
problems and solutions by evaluating the number of cita- 357
tions for each case We used a quantitative approach to 358
identify the amount of references related to each category 359
of concerns or solutions Our goal is not to determine 360
if the presented solutions completely solve an identified 361
concern since most of the referenced authors agree that 362
this is an involved task Nonetheless we identify the num- 363
ber of references dealing with each concern providing 364
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 6 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 3 Security taxonomy - compliance Details from compliance category divided in lifecycle controls and governance risk and othercompliance related issues (such as continuous improvement policies)
Figure 4 Security taxonomy - privacy Details from privacy category initially divided in concerns and principles Concerns are related to thecomplete data lifecycle from generation use and transfer to transformation storage archival and destruction Principles are guidelines related toprivacy in the cloud
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 7 of 18httpwwwjournalofcloudcomputingcomcontent1111
some useful insight on which are the concerns that have365
received more attention from the research community366
and which have not been so extensively analyzed Some367
observations about the analysis method368
1 The references consulted came from different369
research segments including academia370
organizations and companies Due to the articlersquos371
length limitations we did not include all the372
consulted references in the References section In the373
following we present some of the main sources of374
consultation375
(a) Academia conference papers and journals376
published by IEEE ACM Springer377
Webscience and Scipress378
(b) Organizations reports white papers and379
interviews from SANS Institute CSA NIST380
ENISA Gartner Group KVMorg381
OpenGrid OpenStack and OpenNebula382
(c) Companies white papers manuals383
interviews and web content from384
ERICSSON IBM XEROX Cisco VMWare385
XEN CITRIX EMC Microsoft and386
Salesforce387
2 Each reference was analyzed aiming to identify all the388
mentioned concerns covered and solutions provided389
Therefore one reference can produce more than one 390
entry on each specified category 391
3 Some security perspectives were not covered in this 392
paper as each securityconcern category can be 393
sub-divided in finer-grained aspects such as 394
authentication integrity network communications 395
etc 396
We present the security concerns and solutions using 397
pie charts in order to show the representativeness of each 398
categorygroup in the total amount of references identi- 399
fied The comparison between areas is presented using 400
radar graphs to identify how many solutions address each 401
concern categorygroup 402
Security concerns 403
The results obtained for the number of citations on secu- 404
rity issues is shown in Figure 5 The three major problems F5405
identified in these references are legal issues compliance 406
and loss of control over data These legal- and governance- 407
related concerns are followed by the first technical issue 408
isolation with 7 of citations The least cited problems 409
are related to security configuration concerns loss of ser- 410
vice (albeit this is also related to compliance which is a 411
major problem) firewalling and interfaces 412
Grouping the concerns using the categories presented 413
in section ldquoCloud computing securityrdquo leads to the 414
Figure 5 Security problems Pie chart for security concerns
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 8 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 6 Security problems with grouped categories Pie chart for security concerns with grouped categories (seven altogether legal issuescompliance governance virtualization data security interfaces and network security)
Figure 7 Security solutions with grouped categories Pie chart for solutions with grouped categories showing a clear lack for virtualizationsecurity mechanisms in comparison to its importance in terms of concerns citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 9 of 18httpwwwjournalofcloudcomputingcomcontent1111
construction of Figure 6 This figure shows that legal andF6 415
governance issues represent a clear majority with 73 of416
concern citations showing a deep consideration of legal417
issues such as data location and e-discovery or gover-418
nance ones like loss of control over security and data The419
technical issue more intensively evaluated (12) is virtual-420
ization followed by data security interfaces and network421
security422
Virtualization is one of the main novelties employed by423
cloud computing in terms of technologies employed con-424
sidering virtual infrastructures scalability and resource425
sharing and its related problems represent the first major426
technical concern427
Security solutions428
When analyzing citations for solutions we used the same429
approach described in the beginning of this section The430
results are presented in Figure 7 which shows the percent-F7 431
age of solutions in each category defined in section ldquoCloud432
computing securityrdquo and also in Figure 8 which highlightsF8 433
the contribution of each individual sub-category434
When we compare Figures 6 and 7 it is easy to observe435
that the number of citations covering security problems436
related to legal issues compliance and governance is high437
(respectively 24 22 and 17) however the same also 438
happens when we consider the number of references 439
proposing solutions for those issues (which represent 440
respectively 29 27 and 14 of the total number of 441
citations) In other words these concerns are higly rele- 442
vant but a large number solutions are already available for 443
tackling them 444
The situation is completely different when we analyze 445
technical aspects such as virtualization isolation and data 446
leakage Indeed virtualization amounts for 12 of prob- 447
lem references and only 3 for solutions Isolation is a 448
perfect example of such discrepancy as the number of 449
citations for such problems represents 7 in Figure 5 450
while solutions correspond to only 1 of the graph from 451
Figure 8 We note that for this specific issue special care 452
has been taken when assessing the most popular virtual 453
machine solution providers (eg XEN VMWARE and 454
KVM) aiming to verify their concerns and available solu- 455
tions A conclusion that can be drawn from this situation 456
is that such concerns are also significant but yet little is 457
available in terms of solutions This indicates the need of 458
evaluating potential areas still to be developed in order 459
to provide better security conditions when migrating data 460
and processes in the cloud 461
Figure 8 Security solutions Pie chart for solutions citations
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 10 of 18httpwwwjournalofcloudcomputingcomcontent1111
Comparison462
The differences between problem and solution citations463
presented in the previous sections can be observed in464
Figure 9F9 465
Axis values correspond to the number of citations found466
among the references studied Blue areas represent con-467
cern citations and lighter red indicates solutions while468
darker red shows where those areas overlap In other469
words light red areas are problems with more citations470
for solutions than problems ndash they might be meaningful471
problems but there are many solutions already addressing472
them ndash while blue areas represent potential subjects that473
have received little attention so far indicating the need for474
further studies475
Figure 9 clearly shows the lack of development regard-476
ing data control mechanisms hypervisor vulnerabilities477
assessment and isolation solutions for virtualized envi-478
ronments On the other hand areas such as legal con-479
cerns SLAs compliance and audit policies have a quite480
satisfactory coverage The results for grouped categories481
(presented in section 4) are depicted in Figure 10F10 482
Figure 10 shows that virtualization problems represent483
an area that requires studies for addressing issues such as484
isolation data leakage and cross-VM attacks on the other485
hand areas such as compliance and network security486
encompass concerns for which there are already a con-487
siderable number of solutions or that are not considered488
highly relevant489
Finally Considering virtualization as key element for490
future studies Figure 11 presents a comparison focus-F11 491
ing on five virtualization-related problems isolation (of492
computational resources such as memory and storage493
capabilities) hypervisor vulnerabilities data leakage 494
cross-VM attacks and VM identification The contrast 495
related to isolation and cross-VM attacks is more evident 496
than for the other issues However the number of solution 497
citations for all issues is notably low if compared to any 498
other security concern reaffirming the need for further 499
researches in those areas 500
Related work 501
An abundant number of related works and publications 502
exist in the literature emphasizing the importance and 503
demand of security solutions for cloud computing How- 504
ever we did not identify any full taxonomy that addresses 505
directly the security aspects related to cloud comput- 506
ing We only identified some simplified models that 507
were developed to cover specific security aspects such as 508
authentication We were able to recognize two main types 509
of works (1) security frameworks which aim to aggregate 510
information about security and also to offer sets of best 511
practices and guidelines when using cloud solutions and 512
(2) publications that identify future trends and propose 513
solutions or areas of interest for research Each category 514
and corresponding references are further analyzed in the 515
following subsections 516
Security frameworks 517
Security frameworks concentrate information on security 518
and privacy aiming to provide a compilation of risks vul- 519
nerabilities and best practices to avoid or mitigate them 520
There are several entities that are constantly publishing 521
material related to cloud computing security including 522
ENISA CSA NIST CPNI (Centre for the Protection of 523
Figure 9 Comparison between citations Radar chart comparing citations related to concerns and solutions showing the disparities for eachsecurity category adopted
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 11 of 18httpwwwjournalofcloudcomputingcomcontent1111
Figure 10 Comparison between citations with grouped categories Radar chart grouping the categories showing the difference betweencitations about concerns and solutions regarding each category
National Infrastructure from UK government) and ISACA524
(the Information Systems Audit and Control Association)525
In this paper we focus on the first three entities which526
by themselves provide a quite comprehensive overview of527
issues and solutions and thus allowing a broad under-528
standing of the current status of cloud security529
ENISA530
ENISA is an agency responsible for achieving high and531
effective level of network and information security within532
the European Union [62] In the context of cloud comput-533
ing they published an extensive study covering benefits534
and risks related to its use [5] In this study the security 535
risks are divided in four categories 536
bull Policy and organizational issues related to 537
governance compliance and reputation 538bull Technical issues derived from technologies used to 539
implement cloud services and infrastructures such as 540
isolation data leakage and interception denial of 541
service attacks encryption and disposal 542bull Legal risks regarding jurisdictions subpoena and 543
e-discovery 544
Figure 11 Comparison for virtualization Radar chart only for virtualization issues
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 12 of 18httpwwwjournalofcloudcomputingcomcontent1111
bull Not cloud specific other risks that are not unique to545
cloud environments such as network management546
privilege escalation and logging547
As a top recommendation for security in cloud com-548
puting ENISA suggests that providers must ensure some549
security practices to customers and also a clear contract to550
avoid legal problems Key points to be developed include551
breach reporting better logging mechanisms and engi-552
neering of large scale computer systems which encom-553
pass the isolation of virtual machines resources and554
information Their analysis is based not only on what is555
currently observed but also on what can be improved556
through the adoption of existing best practices or by557
means of solutions that are already used in non-cloud558
environments This article aims at taking one step fur-559
ther by transforming these observations into numbers ndash a560
quantitative approach561
CSA562
CSA is an organization led by a coalition of industry563
practitioners corporations associations and other stake-564
holders [63] such as Dell HP and eBay One of its main565
goals is to promote the adoption of best practices for566
providing security within cloud computing environments567
Three CSA documents are analyzed in this paper ndash the568
security guidance [6] the top threats in cloud computing569
[12] and the Trusted Cloud Initiative (TCI) architecture570
[64] ndash as they comprise most of the concepts and guide-571
lines researched and published by CSA572
The latest CSA security guidance (version 30 [65])573
denotes multi-tenancy as the essential cloud characteristic574
while virtualization can be avoided when implementing575
cloud infrastructures ndash multi-tenancy only implies the576
use of shared resources by multiple consumers possibly577
from different organizations or with different objectives578
They discuss that even if virtualization-related issues579
can be circumvented segmentation and isolated policies580
for addressing proper management and privacy are still581
required The document also establishes thirteen security582
domains583
1 Governance and risk management ability to measure584
the risk introduced by adopting cloud computing585
solutions such as legal issues protection of sensitive586
data and their relation to international boundaries587
2 Legal issues disclosure laws shared infrastructures588
and interference between different users589
3 Compliance and audit the relationship between590
cloud computing and internal security policies591
4 Information management and data security592
identification and control of stored data loss of593
physical control of data and related policies to594
minimize risks and possible damages595
5 Portability and interoperability ability to change 596
providers services or bringing back data to local 597
premises without major impacts 598
6 Traditional security business continuity and disaster 599
recovery the influence of cloud solutions on 600
traditional processes applied for addressing security 601
needs 602
7 Data center operations analyzing architecture and 603
operations from data centers and identifying 604
essential characteristics for ensuring stability 605
8 Incident response notification and remediation 606
policies for handling incidents 607
9 Application security aims to identify the possible 608
security issues raised from migrating a specific 609
solution to the cloud and which platform (among SPI 610
model) is more adequate 611
10 Encryption and key management how higher 612
scalability via infrastructure sharing affects 613
encryption and other mechanisms used for 614
protecting resources and data 615
11 Identity and access management enabling 616
authentication for cloud solutions while maintaining 617
security levels and availability for customers and 618
organizations 619
12 Virtualization risks related to multi-tenancy 620
isolation virtual machine co-residence and 621
hypervisor vulnerabilities all introduced by 622
virtualization technologies 623
13 Security as a service third party security 624
mechanisms delegating security responsibilities to a 625
trusted third party provider 626
CSA also published a document focusing on identify- 627
ing top threats aiming to aid risk management strategies 628
when cloud solutions are adopted [12] As a complete 629
list of threats and pertinent issues is countless the doc- 630
ument targets those that are specific or intensified by 631
fundamental characteristics of the cloud such as shared 632
infrastructures and greater flexibility As a result seven 633
threats were selected 634
1 Abuse and nefarious used of cloud computing while 635
providing flexible and powerful resources and tools 636
IaaS and PaaS solutions also unveil critical 637
exploitation possibilities built on anonymity This 638
leads to abuse and misuse of the provided 639
infrastructure for conducting distributed denial of 640
service attacks hosting malicious data controlling 641
botnets or sending spam 642
2 Insecure application programming interfaces cloud 643
services provide APIs for management storage 644
virtual machine allocation and other service-specific 645
operations The interfaces provided must implement 646
security methods to identify authenticate and protect 647
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 13 of 18httpwwwjournalofcloudcomputingcomcontent1111
against accidental or malicious use which can648
introduce additional complexities to the system such649
as the need for third-party authorities and services650
3 Malicious insiders although not specific to cloud651
computing its effects are amplified by the652
concentration and interaction of services and653
management domains654
4 Shared technology vulnerabilities scalability655
provided by cloud solutions are based on hardware656
and software components which are not originally657
designed to provide isolation Even though658
hypervisors offer an extra granularity layer they still659
exhibit flaws which are exploited for privilege660
escalation661
5 Data loss and leakage insufficient controls662
concerning user access and data security (including663
privacy and integrity) as well as disposal and even664
legal issues665
6 Account service and traffic hijacking phishing and666
related frauds are not a novelty to computing667
security However not only an attacker is able to668
manipulate data and transactions but also to use669
stolen credentials to perform other attacks that670
compromise customer and provider reputation671
7 Unknown risk profile delegation of control over data672
and infrastructure allows companies to better673
concentrate on their core business possibly674
maximizing profit and efficiency On the other hand675
the consequent loss of governance leads to obscurity676
[66] information about other customers sharing the677
same infrastructure or regarding patching and678
updating policies is limited This situation creates679
uncertainty concerning the exact risk levels that are680
inherent to the cloud solution681
It is interesting to notice the choice for cloud-specific682
issues as it allows the identification of central points683
for further development Moreover this compilation of684
threats is closely related to CSA security guidance com-685
posing a solid framework for security and risk analysis686
assessments while providing recommendations and best687
practices to achieve acceptable security levels688
Another approach adopted by CSA for organizing infor-689
mation related to cloud security and governance is the690
TCI Reference Architecture Model [64] This document691
focuses on defining guidelines for enabling trust in the692
cloud while establishing open standards and capabilities693
for all cloud-based operations The architecture defines694
different organization levels by combining frameworks695
like the SPI model ISO 27002 COBIT PCI SOX and696
architectures such as SABSA TOGAF ITIL and Jeri-697
cho A wide range of aspects are then covered SABSA698
defines business operation support services such as com-699
pliance data governance operational risk management700
human resources security security monitoring services 701
legal services and internal investigations TOGAF defines 702
the types of services covered (presentation application 703
information and infrastructure ITIL is used for informa- 704
tion technology operation and support from IT oper- 705
ation to service delivery support and management of 706
incidents changes and resources finally Jericho cov- 707
ers security and risk management including information 708
security management authorization threat and vulnera- 709
bility management policies and standards The result is a 710
tri-dimensional relationship between cloud delivery trust 711
and operation that aims to be easily consumed and applied 712
in a security-oriented design 713
NIST 714
NIST has recently published a taxonomy for security in 715
cloud computing [67] that is comparable to the taxonomy 716
introduced in section ldquoCloud computing security taxon- 717
omyrdquo This taxonomyrsquos first level encompass typical roles 718
in the cloud environment cloud service provider respon- 719
sible for making the service itself available cloud service 720
consumer who uses the service and maintains a business 721
relationship with the provider cloud carrier which pro- 722
vides communication interfaces between providers and 723
consumers cloud broker that manages use performance 724
and delivery of services and intermediates negotiations 725
between providers and consumers and cloud auditor 726
which performs assessment of services operations and 727
security Each role is associated to their respective activ- 728
ities and decomposed on their components and subcom- 729
ponents The clearest difference from our taxonomy is the 730
hierarchy adopted as our proposal primarily focuses on 731
security principles in its higher level perspective while 732
the cloud roles are explored in deeper levels The con- 733
cepts presented here extend NISTrsquos initial definition for 734
cloud computing [9] incorporating a division of roles and 735
responsibilities that can be directly applied to security 736
assessments On the other hand NISTrsquos taxonomy incor- 737
porates concepts such as deployment models service 738
types and activities related to cloud management (porta- 739
bility interoperability provisioning) most of them largely 740
employed in publications related to cloud computing ndash 741
including this one 742
Frameworks summary 743
Tables 1 and 2 summarize the information about each T1T2
744
framework 745
Books papers and other publications 746
Rimal Choi and Lumb [3] present a cloud taxonomy 747
created from the perspective of the academia developers 748
and researchers instead of the usual point of view related 749
to vendors Whilst they do provide definitions and con- 750
cepts such as cloud architecture (based on SPI model) 751
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 14 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 1 Summary of CSA security frameworks t11
t12Framework Objectives Structure and comments
t13CSA Guidance
bull Recommendations for reducing risksbull No restrictions regarding specific
solutions or service typesbull Guidelines not necessarily applicable
for all deployment modelsbull Provide initial structure to divide efforts
for researches
bull One architectural domainbull Governance domains risk management legal concerns compliance
auditing information management interoperability and portabilitybull Operational domains traditional and business security disaster recovery
data center operations encryption application security identificationauthorization virtualization security outsourcing
bull Emphasis on the fact that cloud is not bound to virtualization technologiesthough cloud services heavily depend on virtualized infrastructures toprovide flexibility and scalability
t14CSA Top Threats
bull Provide context for risk managementdecisions and strategies
bull Focus on issues which are unique orhighly influenced by cloud computingcharacteristics
bull Seven main threats
ndash Abuse and malicious use of cloud resourcesndash Insecure APIsndash Malicious insidersndash Shared technology vulnerabilitiesndash Data loss and leakagendash Hijacking of accounts services and trafficndash Unknown risk profile (security obscurity)
bull Summarizes information on top threats and provide examples remediationguidelines impact caused and which service types (based on SPI model)are affected
t15CSA Architecture
bull Enable trust in the cloud based onwell-known standards and certificationsallied to security frameworks and otheropen references
bull Use widely adopted frameworks inorder to achieve standardization ofpolicies and best practices based onalready accepted security principles
bull Four sets of frameworks (security NIST SPI IT audit and legislative) and fourarchitectural domains (SABSA business architecture ITIL for servicesmanagement Jericho for security and TOGAF for IT reference)
bull Tridimensional structure based on premises of cloud delivery trust andoperations
bull Concentrates a plethora of concepts and information related to servicesoperation and security
Table summarizing information related to CSA security frameworks (guidance top threats and TCI architecture) t16
virtualization management service types fault tolerance752
policies and security no further studies are developed753
focusing on cloud specific security aspects This charac-754
teristic is also observed in other cloud taxonomies [68-70]755
whose efforts converge to the definition of service models756
and types rather than to more technical aspects such as757
security privacy or compliance concerns ndash which are the758
focus of this paper759
In [7] Mather Kumaraswamy and Latif discuss the760
current status of cloud security and what is predicted761
for the future The result is a compilation of security-762
related subjects to be developed in topics like infras-763
tructure data security and storage identity and access764
management security management privacy audit and765
compliance They also explore the unquestionable urge for766
more transparency regarding which party (customer or767
cloud provider) provides each security capability as well768
as the need for standardization and for the creation of769
legal agreements reflecting operational SLAs Other issues770
discussed are the inadequate encryption and key manage- 771
ment capabilities currently offered as well as the need for 772
multi-entity key management 773
Many publications also state the need for better security 774
mechanisms for cloud environments Doelitzscher et al 775
[71] emphasize security as a major research area in cloud 776
computing They also highlight the lack of flexibility of 777
classic intrusion detection mechanisms to handle virtual- 778
ized environments suggesting the use of special security 779
audit tools associated to business flow modeling through 780
security SLAs In addition they identify abuse of cloud 781
resources lack of security monitoring in cloud infrastruc- 782
ture and defective isolation of shared resources as focal 783
points to be managed Their analysis of top security con- 784
cerns is also based on publications from CSA ENISA and 785
others but after a quick evaluation of issues their focus 786
switch to their security auditing solution without offer- 787
ing a deeper quantitative compilation of security risks and 788
areas of concern 789
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 15 of 18httpwwwjournalofcloudcomputingcomcontent1111
Table 2 Summary of ENISA and NIST security frameworks t21
t22Framework Objectives Structure and comments
t23ENISA Report
bull Study on benefits and risks whenadopting cloud solutions for businessoperations
bull Provide information for securityassessments and decision making
bull Three main categories of cloud specific risks (policy and organizationaltechnical legal) plus one extra category for not specific ones
bull Offers basic guidelines and best practices for avoiding or mitigating theireffects
bull Presents recommendations for further studies related to trust building(certifications metrics and transparency) large scale data protection(privacy integrity incident handling and regulations) and technicalaspects (isolation portability and resilience)
bull Highlights the duality of scalability (fast flexible and accessible resourcesversus concentrations of data attracting attackers and also providinginfrastructure for aiding their operations)
bull Extensive study on risks considering their impact and probability
t24NIST Taxonomy
bull Define what cloud services shouldprovide rather than how to design andimplement solutions
bull Ease the understanding of cloudinternal operations and mechanisms
bull Taxonomy levels
ndash First level cloud roles (service provider consumer cloud brokercloud carrier and cloud auditor)
ndash Second level activities performed by each role (cloudmanagement service deployment cloud access and serviceconsumption)
ndash Third and following levels elements which compose each activity(deployment models service types and auditing elements)
bull Based on publication SP 500-292 highlighting the importance of securityprivacy and levels of confidence and trust to increase technologyacceptance
bull Concentrates many useful concepts such as models for deploying orclassifying services
Table summarizing information on ENISA and NIST security frameworks t25
Associations such as the Enterprise Strategy Group790
[72] emphasize the need for hypervisor security shrink-791
ing hypervisor footprints defining the security perimeter792
virtualization and linking security and VM provision-793
ing for better resource management Aiming to address794
these requirements they suggest the use of increased795
automation for security controls VM identity manage-796
ment (built on top of Public Key Infrastructure and Open797
Virtualization Format) and data encryption (tightly con-798
nected to state-of-art key management practices) Wallom799
et al [73] emphasize the need of guaranteeing virtual800
machinesrsquo trustworthiness (regarding origin and identity)801
to perform security-critical computations and to han-802
dle sensitive data therefore presenting a solution which803
integrates Trusted Computing technologies and avail-804
able cloud infrastructures Dabrowski and Mills [74] used805
simulation to demonstrate virtual machine leakage and806
resource exhaustion scenarios leading to degraded per-807
formance and crashes they also propose the addition808
of orphan controls to enable the virtualized cloud envi-809
ronment to offer higher availability levels while keeping810
overhead costs under control Ristenpart et al [44] also811
explore virtual machine exploitation focusing on informa-812
tion leakage specially sensitive data at rest or in transit813
Finally Chadwick and Casenove [75] describe a security 814
API for federated access to cloud resources and authority 815
delegation while setting fine-grained controls and guar- 816
anteeing the required levels of assurance inside cloud 817
environments These publications highlight the need of 818
security improvements related to virtual machines and 819
virtualization techniques concern that this paper demon- 820
strates to be valid and urgent 821
Discussion 822
Considering the points raised in the previous section a 823
straightforward conclusion is that cloud security includes 824
old and well-known issues ndash such as network and other 825
infrastructural vulnerabilities user access authentication 826
and privacy ndash and also novel concerns derived from 827
new technologies adopted to offer the adequate resources 828
(mainly virtualized ones) services and auxiliary tools 829
These problems are summarized by isolation and hypervi- 830
sor vulnerabilities (the main technical concerns according 831
to the studies and graphics presented) data location and 832
e-discovery (legal aspects) and loss of governance over 833
data security and even decision making (in which the 834
cloud must be strategically and financially considered as a 835
decisive factor) 836
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 16 of 18httpwwwjournalofcloudcomputingcomcontent1111
Another point observed is that even though adopt-837
ing a cloud service or provider may be easy migrating838
to another is not [76] After moving local data and pro-839
cesses to the cloud the lack of standards for protocols840
and formats directly affects attempts to migrate to a dif-841
ferent provider even if this is motivated by legitimate rea-842
sons such as non-fulfillment of SLAs outages or provider843
bankruptcy [77] Consequently the first choice must be844
carefully made as SLAs are not perfect and services845
outages happen at the same pace that resource sharing846
multi-tenancy and scalability are not fail proof After a847
decision is made future migrations between services can848
be extremely onerous in terms of time and costs most849
likely this task will require an extensive work for bring-850
ing all data and resources to a local infrastructure before851
redeploying them into the cloud852
Finally the analysis of current trends for cloud comput-853
ing reveals that there is a considerable number of well-854
studied security concerns for which plenty solutions and855
best practices have been developed such as those related856
to legal and administrative concerns On the other hand857
many issues still require further research effort especially858
those related to secure virtualization859
Considerations and future work860
Security is a crucial aspect for providing a reliable envi-861
ronment and then enable the use of applications in the862
cloud and for moving data and business processes to863
virtualized infrastructures Many of the security issues864
identified are observed in other computing environments865
authentication network security and legal requirements866
for example are not a novelty However the impact of867
such issues is intensified in cloud computing due to868
characteristics such as multi-tenancy and resource shar-869
ing since actions from a single customer can affect all870
other users that inevitably share the same resources and871
interfaces On the other hand efficient and secure vir-872
tualization represents a new challenge in such a context873
with high distribution of complex services and web-874
based applications thus requiring more sophisticated875
approaches At the same time our quantitative analysis876
indicates that virtualization remains an underserved area877
regarding the number of solutions provided to identified878
concerns879
It is strategic to develop new mechanisms that pro-880
vide the required security level by isolating virtual881
machines and the associated resources while following882
best practices in terms of legal regulations and compli-883
ance to SLAs Among other requirements such solutions884
should employ virtual machine identification provide885
an adequate separation of dedicated resources com-886
bined with a constant observation of shared ones and887
examine any attempt of exploiting cross-VM and data888
leakage889
A secure cloud computing environment depends on 890
several security solutions working harmoniously together 891
However in our studies we did not identify any security 892
solutions provider owning the facilities necessary to get 893
high levels of security conformity for clouds Thus cloud 894
providers need to orchestrate harmonize security solu- 895
tions from different places in order to achieve the desired 896
security level 897
In order to verify these conclusions in practice we 898
deployed testbeds using OpenNebula (based on KVM and 899
XEN) and analyzed its security aspects we also analyzed 900
virtualized servers based on VMWARE using our testbed 901
networks This investigation lead to a wide research of 902
PaaS solutions and allowed us to verify that most of them 903
use virtual machines based on virtualization technolo- 904
gies such as VMWARE XEN and KVM which often lack 905
security aspects We also learned that Amazon changed 906
the XEN source code in order to include security fea- 907
tures but unfortunately the modified code is not publicly 908
available and there appears to be no article detailing the 909
changes introduced Given these limitations a deeper 910
study on current security solutions to manage cloud com- 911
puting virtual machines inside the cloud providers should 912
be a focus of future work in the area We are also working 913
on a testbed based on OpenStack for researches related 914
to identity and credentials management in the cloud envi- 915
ronment This work should address basic needs for better 916
security mechanisms in virtualized and distributed archi- 917
tectures guiding other future researches in the security 918
area 919
Competing interests 920The authors declare that they have no competing interests 921
Authorrsquos contributions 922NG carried out the security research including the prospecting for information 923and references categorization results analysis taxonomy creation and analysis 924of related work CM participated in the drafting of the manuscript as well as in 925the analysis of references creation of the taxonomy and revisions of the text 926MS FR MN and MP participated in the critical and technical revisions of the 927paper including the final one also helping with the details for preparing the 928paper to be published TC coordinated the project related to the paper and 929also gave the final approval of the version to be published All authors read 930and approved the final manuscript 931
Acknowledgements 932This work was supported by the Innovation Center Ericsson 933Telecomunicacoes SA Brazil 934
Author details 9351Escola Politecnica at the University of Sao Paulo (EPUSP) Sao Paulo Brazil 9362Ericsson Research Stockholm Sweden 3Ericsson Research Ville Mont-Royal 937Canada 4State University of Santa Catarina Joinville Brazil 938
Received 30 January 2012 Accepted 5 June 2012 939Published 12 July 2012 940
References 9411 IDC (2009) Cloud Computing 2010 ndash An IDC Update 942
slidesharenetJorFigOrcloud-computing-2010-an-idc-update 9432 Armbrust M Fox A Griffith R Joseph AD Katz RH Konwinski A Lee G 944
Patterson DA Rabkin A Stoica I Zaharia M (2009) Above the Clouds 945
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 17 of 18httpwwwjournalofcloudcomputingcomcontent1111
A Berkeley View of Cloud Computing Technical Report946UCBEECS-2009-28 University of California at Berkeley947eecsberkeleyeduPubsTechRpts2009EECS-2009-28html948
3 Rimal BP Choi E Lumb I (2009) A Taxonomy and Survey of Cloud949Computing Systems In Fifth International Joint Conference on INC IMS950and IDC NCM rsquo09 CPS pp 44ndash51951
4 Shankland S (2009) HPrsquos Hurd dings cloud computing IBM952CNET News953
5 Catteddu D Hogben G (2009) Benefits risks and recommendations for954information security Tech rep European Network and Information955Security Agency enisaeuropaeuactrmfilesdeliverablescloud-956computing-risk-assessment957
6 CSA (2009) Security Guidance for Critical Areas of Focus in Cloud958Computing Tech rep Cloud Security Alliance959
7 Mather T Kumaraswamy S (2009) Cloud Security and privacy An960Enterprise Perspective on Risks and Compliance 1st edition OrsquoReilly961Media962
8 Chen Y Paxson V Katz RH (2010) Whatrsquos New About Cloud Computing963Security Technical Report UCBEECS-2010-5 University of California at964Berkeley eecsberkeleyeduPubsTechRpts2010EECS-2010-5html965
9 Mell P Grance T (2009) The NIST Definition of Cloud Computing966Technical Report 15 National Institute of Standards and Technology967wwwnistgovitlclouduploadcloud-def-v15pdf968
10 Ibrahim AS Hamlyn-Harris J Grundy J (2010) Emerging Security969Challenges of Cloud Virtual Infrastructure In Proceedings of APSEC 2010970Cloud Workshop APSEC rsquo10971
11 Gonzalez N Miers C Redıgolo F Carvalho T Simplıcio M Naslund M972Pourzandi M (2011) A quantitative analysis of current security concerns973and solutions for cloud computing In Proceedings of 3rd IEEE974CloudCom AthensGreece IEEE Computer Society975
12 Hubbard D Jr LJH Sutton M (2010) Top Threats to Cloud Computing976Tech rep Cloud Security Alliance cloudsecurityallianceorgresearch977projectstop-threats-to-cloud-computing978
13 Tompkins D (2009) Security for Cloud-based Enterprise Applications979httpblogdtorgindexphp200902security-for-cloud-based-980enterprise-applications981
14 Jensen M Schwenk J Gruschka N Iacono LL (2009) On Technical Security982Issues in Cloud Computing In IEEE Internation Conference on Cloud983Computing pp 109ndash116984
15 TrendMicro (2010) Cloud Computing Security - Making Virtual Machines985Cloud-Ready Trend Micro White Paper986
16 Genovese S (2009) Akamai Introduces Cloud-Based Firewall http987cloudcomputingsys-concomnode1219023988
17 Hulme GV (2011) CloudPassage aims to ease cloud server security989management httpwwwcsoonlinecomarticle658121cloudpassage-990aims-to-ease-cloud-server-security-management991
18 Oleshchuk VA Koslashien GM (2011) Security and Privacy in the Cloud - A992Long-Term View In 2nd International Conference on Wireless993Communications Vehicular Technology Information Theory and994Aerospace and Electronic Systems Technology (Wireless VITAE) WIRELESS995VITAE rsquo11 pp 1ndash5 httpdxdoiorg101109WIRELESSVITAE20115940876996
19 Google (2011) Google App Engine codegooglecomappengine99720 Google (2011) Google Query Language (GQL)998
codegooglecomintlenappenginedocspythonoverviewhtml99921 StackOverflow (2011) Does using non-SQL databases obviate the need1000
for guarding against SQL injection1001stackoverflowcomquestions1823536does-using-non-sql-databases-1002obvia1003te-the-need-for-guarding-against-sql-injection1004
22 Rose J (2011) Cloudy with a chance of zero day wwwowasporgimages1005112Cloudy with a chance of 0 day Jon Rose-Tom Leaveypdf1006
23 Balkan A (2011) Why Google App Engine is broken and what Google1007must do to fix it aralbalkancom15041008
24 Salesforce (2011) Salesforce Security Statement1009salesforcecomcompanyprivacysecurityjsp1010
25 Espiner T (2007) Salesforce tight-lipped after phishing attack1011zdnetcouknewssecurity-threats20071107salesforce-tight-lipped-a1012fter-phishing-attack-392906161013
26 Yee A (2007) Implications of Salesforce Phishing Incident1014ebizqnetblogssecurity insider200711-implications of salesforc1015e phiphp1016
27 Salesforce (2011) Security Implementation Guide 1017loginsalesforcecomhelpdocensalesforce security impl guidepdf 1018
28 Li H Dai Y Tian L Yang H (2009) Identity-Based Authentication for Cloud 1019Computing In Proceedings of the 1st International Conference on Cloud 1020Computing CloudCom rsquo09 1021
29 Amazon (2011) Elastic Compute Cloud (EC2) awsamazoncomec2 102230 Kaufman C Venkatapathy R (2010) Windows Azure Security Overview 1023
gomicrosoftcomlinkid=9740388 [August] 102431 McMillan R (2010) Google Attack Part of Widespread Spying Effort 1025
PCWorld 102632 Mills E (2010) Behind the China attacks on Google CNET News 102733 Arrington M (2010) Google Defends Against Large Scale Chinese Cyber 1028
Attack May Cease Chinese Operations TechCrunch 102934 Bosch J (2009) Google Accounts Attacked by Phishing Scam BrickHouse 1030
Security Blog 103135 Telegraph T (2009) Facebook Users Targeted By Phishing Attack The 1032
Telegraph 103336 Pearson S (2009) Taking account of privacy when designing cloud 1034
computing services In Proceedings of the 2009 ICSE Workshop on 1035Software Engineering Challenges of Cloud Computing CLOUD rsquo09 1036
37 Musthaler L (2009) Cost-effective data encryption in the cloud Network 1037World 1038
38 Yan L Rong C Zhao G (2009) Strengthen Cloud Computing Security with 1039Federal Identity Management Using Hierarchical Identity-Based 1040Cryptography In Proceedings of the 1st International Conference on 1041Cloud Computing CloudCom rsquo09 1042
39 Tech C (2010) Examining Redundancy in the Data Center Powered by the 1043Cloud and Disaster Recovery Consonus Tech 1044
40 Lyle M (2011) Redundancy in Data Storage Define the Cloud 104541 Dorion P (2010) Data destruction services When data deletion is not 1046
enough SearchDataBackupcom 104742 Mogull R (2009) Cloud Data Security Archive and Delete (Rough Cut) 1048
securosiscomblogcloud-data-security-archive-and-delete-rough-cut 104943 Messmer E (2011) Gartner New security demands arising for 1050
virtualization cloud computing httpwwwnetworkworldcomnews 10512011062311-security-summithtml 1052
44 Ristenpart T Tromer E Shacham H Savage S (2009) Hey you get off of 1053my cloud exploring information leakage in third-party compute clouds 1054In Proceedings of the 16th ACM conference on Computer and 1055communications security CCS rsquo09 New York NY USA ACM pp 199ndash212 1056doiacmorg10114516536621653687 1057
45 Chow R Golle P Jakobsson M Shi E Staddon J Masuoka R Molina J 1058(2009) Controlling data in the cloud outsourcing computation without 1059outsourcing control In Proceedings of the 2009 ACM workshop on 1060Cloud computing security CCSW rsquo09 New York NY USA ACM pp 85ndash90 1061httpdoiacmorg10114516550081655020 1062
46 Sadeghi AR Schneider T Winandy M (2010) Token-Based Cloud 1063Computing - Secure Outsourcing of Data and Arbitrary Computations 1064with Lower Latency In Proceedings of the 3rd international conference 1065on Trust and trustworthy computing TRUST rsquo10 1066
47 Brandic I Dustdar S Anstett T Schumm D Leymann F (2010) Compliant 1067Cloud Computing (C3) Architecture and Language Support for 1068User-driven Compliance Management in Clouds In 2010 IEEE 3rd 1069International Conference on Cloud Computing pp 244ndash251 httpdx 1070doiorg101109CLOUD201042 1071
48 Brodkin J (2008) Gartner Seven cloud computing security risks http 1072wwwinfoworldcomdsecurity-centralgartner-seven-cloud- 1073computing-security-risks-853 1074
49 Kandukuri BR Paturi R Rakshit A (2009) Cloud Security Issues In 1075Proceedings of the 2009 IEEE International Conference on Services 1076Computing SCC rsquo09 1077
50 Winterford B (2011) Amazon EC2 suffers huge outage httpwwwcrn 1078comauNews255586amazon-ec2-suffers-huge-outageaspx 1079
51 Clarke G (2011) Microsoft BPOS cloud outage burns Exchange converts 1080httpwwwtheregistercouk20110513 1081
52 Shankland S (2011) Amazon cloud outage derails Reddit Quora 108253 Young E (2009) Cloud Computing - The role of internal audit 108354 CloudAudit (2011) A6 - The automated audit assertion assessment and 1084
assurance API httpcloudauditorg 108555 Anand N (2010) The legal issues around cloud computing httpwww 1086
labnolorginternetcloud-computing-legal-issues14120 1087
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
UNCO
RREC
TED
PRO
OF
Gonzalez et al Journal of Cloud Computing Advances Systems and Applications 2012 111 Page 18 of 18httpwwwjournalofcloudcomputingcomcontent1111
56 Hunter S (2011) Ascending to the cloud creates negligible e-discovery1088risk httpediscoveryquarlescom201107articlesinformation-1089technologyascending-to-the-cloud-creates-negligible-ediscovery-risk1090
57 Sharon D Nelson JWS (2011) Virtualization and Cloud Computing1091benefits and e-discovery implications httpwwwslawca201107191092virtualization-and-cloud-computing-benefits-and-e-discovery-1093implications1094
58 Bentley L (2009) E-discovery in the cloud presents promise and problems1095httpwwwitbusinessedgecomcmcommunityfeaturesinterviews1096bloge-discovery-in-the-cloud-presents-promise-and-problemscs=1097316981098
59 Zierick J (2011) The special case of privileged users in the sloud http1099blogbeyondtrustcombid63894The-Special-Case-of-Privileged-Users-1100in-the-Cloud1101
60 Dinoor S (2010) Got Privilege Ten Steps to Securing a Cloud-Based1102Enterprise httpcloudcomputingsys-concomnode15716491103
61 Pavolotsky J (2010) Top five legal issues for the cloud httpwwwforbes1104com20100412cloud-computing-enterprise-technology-cio-network-1105legalhtml1106
62 ENISA (2011) About ENISA httpwwwenisaeuropaeuabout-enisa110763 CSA (2011) About httpscloudsecurityallianceorgabout110864 CSA (2011) CSA TCI Reference Architecture httpscloudsecurityalliance1109
orgwp-contentuploads201111TCI-Reference-Architecture-11pdf111065 CSA (2011) Security Guidance for Critical Areas of Focus in Cloud1111
Computing V30 Tech rep Cloud Security Alliance [Httpwww1112cloudsecurityallianceorgguidancecsaguidev30pdf]1113
66 Ramireddy S Chakraborthy R Raghu TS Rao HR (2010) Privacy and1114Security Practices in the Arena of Cloud Computing - A Research in1115Progress In AMCIS 2010 Proceedings AMCIS rsquo10 httpaiselaisnetorg1116amcis20105741117
67 NIST (2011) NIST Cloud Computing Reference Architecture SP 500-2921118httpcollaboratenistgovtwiki-cloud-computingpub1119CloudComputingReferenceArchitectureTaxonomyNIST SP 500-292 -1120090611pdf1121
68 Youseff L Butrico M Silva DD (2008) Toward a Unified Ontology of Cloud1122Computing In Grid Computing Environments Workshop 2008 GCE rsquo081123pp 10 1 httpdxdoiorg101109GCE200847384431124
69 Johnston S (2008) Sam Johnston taxonomy the 6 layer cloud computing1125stack httpsamjnet200809taxonomy-6-layer-cloud-computing-1126stackhtml]1127
70 Linthicum D (2009) Defining the cloud computing framework http1128cloudcomputingsys-concomnode8115191129
71 Doelitzscher F Reich C Knahl M Clarke N (2011) An autonomous agent1130based incident detection system for cloud environments In Third IEEE1131International Conference on Cloud Computing Technology and Science1132CloudCom 2011 CPS pp 197ndash204 httpdxdoiorg101109CloudCom11332011351134
72 Oltsik J (2010) Information security virtualization and the journey to the1135cloud Tech rep Cloud Security Alliance1136
73 Wallom D Turilli M Taylor G Hargreaves N Martin A Raun A McMoran A1137(2011) myTrustedCloud Trusted Cloud Infrastructure for Security-critical1138Computation and Data Managment In Third IEEE International1139Conference on Cloud Computing Technology and Science CloudCom11402011 CPS pp 247ndash2541141
74 Dabrowski C Mills K (2011) VM Leakage and Orphan Control in1142Open-Source Clouds In Third IEEE International Conference on Cloud1143Computing Technology and Science CloudCom 2011 CPS pp 554ndash5591144
75 Chadwick DW Casenove M (2011) Security APIs for My Private Cloud In1145Third IEEE International Conference on Cloud Computing Technology1146and Science CloudCom 2011 CPS pp 792ndash7981147
76 Claybrook B (2011) How providers affect cloud application migration1148httpsearchcloudcomputingtechtargetcomtutorialHow-providers-1149affect-cloud-application-migration1150
77 CSA (2011) Interoperability and portability1151
doi1011862192-113X-1-11Cite this article as Gonzalez et al A quantitative analysis of current securityconcerns and solutions for cloud computing Journal of Cloud ComputingAdvances Systems and Applications 2012 111
Submit your manuscript to a journal and benefi t from
7 Convenient online submission
7 Rigorous peer review
7 Immediate publication on acceptance
7 Open access articles freely available online
7 High visibility within the fi eld
7 Retaining the copyright to your article
Submit your next manuscript at 7 springeropencom
Related Documents
