38
Int. J. Electronic Security and Digital Forensics, Vol. 6, No. 1, 2014
Security challenges in the distributed cloud computing Ikechukwu Nwobodo*, Hossein Jahankhani and Aloysius Edoh School of Architecture, Computing and Engineering, University of East London, Dockland Campus, University Way, London, E16 2RD, UK E-mail:
[email protected] E-mail:
[email protected] E-mail:
[email protected] *Corresponding author Abstract: Cloud computing has altered the overall representative picture which distributed computing present in IT environment such as grid and server client computing. Cloud computing has born a new innovative meaning to off-premises and distributed computing. Although cloud computing offers more economical benefits than traditional computing, it undoubtedly introduces an imaginable security challenges to information control, management, access and storage from on-premises to off-premises. This paper focuses on security challenges in distributed cloud, describes cloud computing, models and services. Analysis cloud security challenges and presents discussions on considerable solutions to protect threats against confidentiality, integrity and availability of cloud data. This paper presents an implementation of Private Cloud Computing and evaluates its security features. Keywords: cloud computing; platform as a service; PaaS; software as a service; SaaS; infrastructure as a service; IaaS; V; CIA; threats; vulnerability. Reference to this paper should be made as follows: Nwobodo, I., Jahankhani, H. and Edoh, A. (2014) ‘Security challenges in the distributed cloud computing’, Int. J. Electronic Security and Digital Forensics, Vol. 6, No. 1, pp.38–51. Biographical notes: Ikechukwu Nwobodo is the Director of Typical Systems Ltd. UK and a Senior IT System Associate with Cetec ISC Ltd. UK. He received his MSc in Information Security and Computer Forensics and BSc in Computer Network with Information Security System from the University of East London. His research and publication interest include cloud computing, cloud security challenges and cyber crimes. Hossein Jahankhani obtained his PhD and MSc degrees from the University of London, UK. He is currently a Senior Lecturer at the University of East London in Computing and Secure System and Software Development. He has about 60 publications in various journals, conference preceding and written several books and extensive reports to various government and private research establishments. His current research, is focused on the e-learning, e-government and security where has supervised several PhD students to successfully completed their research work.
Copyright © 2014 Inderscience Enterprises Ltd.
Security challenges in the distributed cloud computing
39
Aloysius Edoh obtained his MPhil in Computer Science from City University, London and PhD degree from the University of East London, UK. He is currently a Computer Lecturer and Programme Leader at the University of East London in Computing and Software Development. He has publications in journals and conference proceedings on software modelling and development using CMAUT – UML. His current research is focused on prediction models, DSS in health information system, evaluation of distributed big data and cloud-based information systems. Also, he has supervised postgraduate research students’ work. This paper is a revised and expanded version of a paper entitled ‘Security challenges in the distributed cloud computing’ presented at 9th ICGS3-13 Conference, Williams College, London, 5 December 2013.
1
Introduction
The cloud computing concept is a new internet-based technology that delivers application, data and storage infrastructure services, heavily relied on advancement of virtualisation technology (VT). The prospect of virtualisation network leads to cloud computing concept that allows end users to access, obtain and share various application, data from services provisioned in cloud anywhere through internet connection without the constraints of underlying hardware or resource requirement, e.g., Amazon web services elastic compute cloud (EC2), Google apps Engine, etc. ENISA (2009) defined cloud computing as an on-demand service model for provision of IT, often based on distributed computing and virtualisation technologies. Tajadod et al. (2012) state that security is critical issues to quality of service, while a new dimensions in data service is being offered by cloud computing, the data handling and storage approach continues to raise security issues for companies intending to invest in cloud. An investigation on cloud security by Ponemon (2011), shows majority of cloud computing providers accepted not having dedicated security staff in charge of overseeing cloud infrastructure, platform or application and further claimed that private cloud providers seems to have a considerable level of confidence in their ability to achieve security goals than hybrid and public cloud providers. Wang and Yan (2010) on how cloud security issues can be solved using a biometric process based on private face recognition mechanism proposes three parts process which include: User part through Paillier encryption algorithm, cloud initialisation through PCA algorithm process and Private matching identification through distance calculation, projection and minimum distance finding process.
2
Cloud computing model and services
The most clearer and comprehensive expression of cloud model and definition was made by NIST (2013), where cloud was described as a model of convenient using efficient resource computing pointing out on four deployment model such as: private, public, hybrid and community cloud as shown in Figure 1 and cloud services as: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).
40
I. Nwobodo et al.
Figure 1
Taxonomy of cloud computing (see online version for colours)
2.1 Cloud computing model Public cloud is defined as a cloud infrastructure used to providing services to various categories of customers through the internet by third party provider (Bhadauria et al., 2011). Private cloud is a cloud infrastructure made available only to internal staff or specific customers and operated or managed by third party providers or the organisation itself (Bhadauria et al., 2011). Hybrid cloud is composition or combination of two or more cloud deployment types, connected in such a format that allows data transfer between those models without affecting them (Zhang and Zhang, 2012). Community cloud is a cloud model notably used for providing shared infrastructure by many organisations and is managed by third party or organisation itself (Kulkarni et al., 2012).
2.1.1 Cloud computing services SaaS is a process whereby complete application are hosted on the internet and offered on demand as a service (Dillon et al., 2010). PaaS is used to provide a complete platform of computer, including application development, design hosting and testing to users in their local machines, i.e., Facebook, Google AppEngine (Zhang and Zhang, 2012). IaaS is a cloud service that enables organisation or individuals to remotely access computing resources such as storage, network and processing and charged by pay per use, e.g., Terremark Enterprise cloud, Amazon EC2 and S3, Rackspace Cloud, Microsoft (Bouayad el al., 2010).
3
Security challenges in distributed cloud
A comprehensive survey conducted on the security responsibility of cloud shows majority of cloud computing providers does not anticipate the security of their services as advantage to their competiveness, view cloud security as their most critical responsibilities. The survey is able to discover that only 10% or less of overall operational resources is allocated to security by providers (Ponemon, 2011). Therefore, security issues remain the setback to the adoption of cloud up to date.
Security challenges in the distributed cloud computing
41
3.1 Insider and malicious outsider attack The issue of insider threats is a known fact that exists within an enterprise setup according to IDC survey. Undoubtedly, cloud consumers are more exposed to such threat in view of the fact that cloud is based on multi-tenant model, under a single management domain of providers. The cloud subscribers lack transparency into provider’s process of storing data in multi-location, hiring practices or standard adopted by them and third party. However, this situation can arise to third party vendors of cloud tapping sensitive data for the purpose of selling to competitors of victim enterprise or security exposure like corporate espionage, malicious insiders or casual hacker and this can be prevented as detailed in Section 4.2 (Behl, 2011). The outsider threat remains one of the concerning security issues to organisation because it entails, openly releasing confidential information or defacing an organisation. This has been a persistent problem as cloud has more interfaces compared with the tradition network. Attackers leverages the easy accessibility to their advantage by exploiting weaknesses of cloud API, connection (logical or media channel) breaking or tapping in or at worst case through social engineering. However, this can be mitigated by IDS and IPS, firewalls, ACLs, AAA system or introducing standards for OS level antivirus for cloud customers (Behl, 2011).
3.2 Service disruption Service disruption or service hijacking has become a credible challenge to cloud infrastructure attacks such as phishing, software vulnerabilities exploitation and fraud remains at a record level. Compromised enterprise login credentials can be used to engage in eavesdropping. Attacks as sessions replay or redirection of enterprise clients to illegitimate sites, DoS or DDoS leveraging auto diallers or bot-net can be launched with impunity to exhibit high level of damages to organisational information resource. Attacker’s soft targets ranges from machines connected to internet, extensions and IP addresses which are exposed via public internet tools such as: WHOIS (Behl, 2011). However, this can be avoided by taking necessary security measure according to proposal, intrusion detection system for DoS and DDoS which can detect the attack by using cumulative algorithm (Rajasekar et al., 2010).
3.3 Multi tenancy issues Cloud computing were architecturally designed with an important primary objectives as a shared computational resources, typically residing logically or physically at providers premises to serve multiple users meant users within cloud can access or share same infrastructural cloud resources. The multi tenancy deployment approach by cloud providers is formal de facto standard for realisation of efficient resource utilisation and minimal cost. User’s perspectives are understood to rely on the need for enough resources to scale consumption in real time, although cloud model seems to be meeting these demands through deliveries of elastic and multi-tenancy solution. However, this has serious security risk like information exploitation VM to VM attacks. Therefore, the multi-tenancy security issues can be prevented by implementing strict isolation of tenant data, API calls, isolation of fabric controllers, hypervisors, VMs, Root OS, VLAN,
42
I. Nwobodo et al.
Customer Access as pointed out in Section 4 (Tianfield, 2012; Behl, 2011; Behl and Behl, 2012).
3.4 Loss of control When an organisation takes their services or data storage to the cloud, they lose the control and awareness since this can be stored anywhere in cloud. Meanwhile, these become a serious security issue from user’s perspective as they lost control and awareness of any security mechanism in place to safeguard their data (Behl, 2011). However, this issue can be mitigated through SLA and both parties can agree on industrial accepted security strategy.
3.5 Privacy Information and data privacy continues to be one of the major issues in cloud computing. Personal information regulation is known to vary across countries including legislative restriction on privacy (Kulkarni et al., 2012). Therefore, storage of customer’s data across multiple locations in the cloud especially state boundaries has presented serious legal challenges towards privacy and increasing risk of confidentiality (Behl, 2011; Zhou et al., 2010; Tianfiel, 2012). There have been a lot of cloud privacy problems such as: in 2007 customers list was leaked as result of a Salesforce.com employee who felt victims to phishing attack and similar incidence occurred March 2009 where a brutal flaw was found in Google’s Doc that inadvertently shares user’s docs (Bhardwaj and Kumar, 2011). However, to militate against the risk of privacy, genuine authentication and authorisation mechanism or multi level of access can be used as discussed in Section 4.1.
3.6 Multi location Multi-location process of storing cloud computing data poses a real time security risk to organisations. The risk ranges from accidental occurrences leading to the third party going out of business or they may decide to seize cloud data in event of a dispute for long time pending resolution. This can affect enterprises as loss of business and may result in total collapse. Moreover, this can bring legal nightmare to organisation in event of data compromise overseas where inter state laws on information misuse differs or legal jurisdiction does not allow extradition of culprit. However, the problem can be avoided or reduced if providers can be more transparent to customers on their storage agreement with third party vendors.
3.7 Legal issues A lot of enterprise face challenges of understanding where their data are hosted and locations of data storage in cloud automatically affect the choices of law to be applied to the data. Such data can be personal, medical, trade secret, military contract enterprise performance (Zhou et al., 2010). If for example the data is residing in third party provider in china and Chinese law gives Chinese Government unfettered access to all data stored in its territory, accessing that information automatically raises issues of privacy breaches and loss of confidentiality. However, this issue can be avoided if proper legal agreement regarding storage location is enshrined in SLA.
Security challenges in the distributed cloud computing
43
3.8 Denial of service and distributed denial of service This attack is common in network security where access to computer resources by legitimate users is impaired by SYN flood, ICMP, Smurf, flood attack and UDP. This is conducted by raising CPU task, causing the slowdown or crashing of system, resulting to loss of availability (Rajasekar et al., 2010). As reported by John (2012), a hacking suspect of Russia origin was arrested in Cyprus in connection to series of DoS and DDoS attacks against Amazon, Priceline.com, eBay and also accused of conspiring with associates to using compromised botnet PCs to launch DoS against Amazon in 2008. Austin (2009) states DDoS was launched against cloud-based services: Amazon, WalMart and several online shopping websites preventing access to them on December 2009 resulting in loss of millions of dollars and business reputations. However, Rajasekar et al. (2010) in a proposal states, this attack can be detected using IDS via cumulative sum algorithm.
3.9 Virtual machine rootkit The most essential aspect of cloud computing is virtualisation, where OS, Software with every related components are packaged in such a way that it is hardware independent. This is possible by multiplexing the system with a privileged small kernel known generally as hypervisor. The latest type of malware called Virtual Machine-Based Rootkit (VMBR), which is same as hypervisor installed typically underneath layer of OS and hoist OS to VM. Detecting VMBR state is quite difficult by the software that is running on the OS. Other rootkits that uses this technique are Subvert and Vitrol. VMBR enable other malicious services or software to run on it protected by the OS. Detecting VMBR means proper control on the layer beneath it with the assistant of a bootable media or secure hardware (Rajasekar et al., 2010).
3.10 Cross site scripting The cross site scripting (XSS) can be used to exploit vulnerability that exist in a website by injection in client machine some malicious codes. User credential can be impersonated by an attacker via introduction of his own script to engage in malicious activities such as craft phishing or session hi-jacking (Rajasekar et al., 2010). According to Dan (2010), XSS attack was successfully launched on Amazon by exploiting vulnerabilities on its wireless to steal ID sessions of customers. According to Custantin (2011), explained findings of researchers from University of Bochum Germany demonstrated how they exploited known vulnerability in Amazon using XSS to hijack sessions in AWS, gaining unfretted access to all customer data. They reiterated how many cloud platforms are vulnerable to such attack which can result to confidentiality, integrity and privacy loss. This could be mitigated using various network monitoring techniques and access control mechanism such as IPS and IDS.
44
I. Nwobodo et al.
3.11 XML wrapping The major technology for implementation Service Oriented Architecture is web service also for platform independent services and interoperability. The underlying mark up language used intermediary for client and server communication is Extensible Markup Language. XML signature enables origin authentication and unauthorised modification for XML specific documents (Rajasekar et al., 2010). Researchers in University of Bochum Germany demonstrated account hijacking attack carried out on Amazon using XML rewriting or signature wrapping technique which they believe affected other providers (Custantin, 2011). XML remains a serious threat to confidentiality, integrity and privacy of cloud data. This can be mitigated using XML validation schema or security message validation for SOAP.
4
Discussion on cloud security solutions
The Federal Information Security Management Act (FISMA) of USA, list the three security objective of a meaningful information and information system as Confidentiality, Availability and Integrity.
4.1 Confidentiality Identity and Access Management components comprises of Authorisation, Authentication and Auditing of access to cloud services. As explained earlier on Section 3.6, the cloud providers should provision security controls, i.e., IDS, IPS, multifactor authentication and virtual private networks (VPN).These features are vital for confidentiality and ensures rightly authenticated entities are allowed access to cloud resources (Kulkarni et al., 2012; Tajadod et al., 2012). Isolation helps minimise data interaction by ensuring containers are kept physically or logically separated. Isolation of hypervisors critical layers, guest VMs, OS roots, VLANs, controllers, customer access helps prevent malicious activities that may result to loss of data confidentiality. The encryption mechanism helps ensure confidentiality and integrity of data are not falsified, disclosed or modified on transit. Mostly, cloud data is virtually not encrypted in processing time. An Advance encryption homomorphism scheme permits processing of data without being decrypted can be introduced (Kulkarni et al., 2012; Tajadod et al., 2012). The Multifactor Authentication feature can be critical layer of security within cloud for better control mechanism. Users can be required to provide a single use six digit code in conjunction with user name and password. This will help avoid loss of confidentiality and integrity of data in cloud as discussed in Section 3.2 (Tajadod et al., 2012).
4.2 Integrity Integrity is a key aspect of information security. A greater visibility can be offered through integrity mechanism in determining what and who may have carried out potentially, information alteration. The atomicity, consistency, isolation and durability (ACID) property of data stored in cloud should be implemented across
Security challenges in the distributed cloud computing
45
all cloud delivery model (Tianfield, 2012). These approaches helps militate against insider attack as explained earlier in Section 3.1. MACs based on hash cryptographic function are popularly known as HMACs. The purpose of MAC is to ensure source of both a message and its integrity is authenticated without any additional mechanism used. This can help ensure integrity and verification of user data stored in the cloud. Cryptographic storage service techniques helps eradicate cloud integrity concerns.
4.3 Availability Availability in cloud computing is a critical requirement in information security and part of SLA document should be dedicated to cover all aspect of cloud service. Most cases can be temporarily or permanently affected and loss can be completely or partially as reiterated on Section 3 earlier where access was completely impaired as result of security challenges such as DoS, DDoS, outages of equipments, natural disaster. Architectural and application level changes can be made to add scalability and availability. There are need to adopt multitier architecture approach, supported by application instances of load-balanced farm, running from good numbers of servers, which could be resilience to software or hardware failure including DoS attacks, is required to be setup on ground to mitigate issues of availability.
5
Prototype of private cloud computing
Private cloud is a model that use dedicated computing resources of an organisation and is quite similar to public cloud in terms of characteristics such as self service, pay by use delivery, resource pooling, and elasticity in standardised way with extra control and available customisation through dedicated resources (Microsoft, 2012). A private cloud computing environment will be implemented in this section using Microsoft Private Cloud solution: Windows Server 2012 with Hyper-V Server 3.0.
5.1 Platform architecture The implementation started by designing platform architecture which comprises physical and virtual computers as displayed in Figure 2 and the structure is as follows: •
one physical computer, running W. Server 2012 Data centre, named IKE1 with Hyper-V Server role setup, configured as Ike.com domain member
•
one DC running W. Server 2012 Data centre DC01, on Hyper-V in IKE1
•
one client computer running W. 8 named Client1, running in Hyper-V IKE1.
The first task was identifying, assembling, configuration of various components required such as: Sony Vaio laptop with VT capability used as Host machine, Toshiba laptop to access cloud services, setting up internet connection using ADSL router, Windows Server 2012 Datacentre x64 with Hyper-V Server 2012, Windows 8 professional.
46 Figure 2
I. Nwobodo et al. Platform architecture (see online version for colours)
5.2 Hyper-V overview The Hyper-V server role enable users create and manage computing virtualised environment by utilising VT built in W. 2012 Server with Hyper-V. Installing the role ensures full component installation of required management tools such as: Hyper-V VM Management tools, Windows Hypervisors, virtualisation VMI provider, VM bus, virtual infrastructure driver and the virtualisation service provider (VSP), this enables users reduce cost, consolidate workloads, improve server utilisation.
5.3 Platform setup The first task was to enable VT on IKE1 via system BIOS, Install W. Server 2012 and Initial Server Configuration, Install Hyper-V Role, Configure virtual Switch Lab on Hyper-V named Lab vEthernet Adapter used for external network connections, Rename Host PC to IKE1 and Creation of VM on Hyper-V named DC01 used as domain controller (DC) as shown in Figure 3. The next task was mainly used to configure DC01 by installing W. Server 2012 on DC01 VM and renaming the Server DC01 used as DC ike.com. The next step was to install active directory (AD) and domain name server (DNS) on DC01, then promote the Server as DC. User1 account was created on DC01 via AD and User1 was added to Domain Admins and Enterprise Admins group. The wireless feature disabled by default on IKE1 was enabled. The dynamic host configuration protocol (DHCP) Server was installed, External Virtual Switch TCP/IPv4 was automatically populated with IP Address 192.168.137.1 as expected. Next step was to configure DC01 Network via TCP/IPv4 property by setting IP Address as 192.168.137.100, subnet mask 255.255.255.0 and default gateway 192.168.137.1. DNS forwarding was configured to be available on any WI-FI the laptop is connected by setting forwarder to use public DNS as Google with IP Address 208.67.222.222. The virtual Switch TCP/IPv4 IP was set as 192.168.137.1, subnet mask 255.255.255.0, default gateway 192.168.137.1, DNS
Security challenges in the distributed cloud computing
47
192.168.137.100. The DHCP scope was configured by naming the scope as Lab, IP Address range: 192.168.137.10 to 192.168.137.50 resulting up to 10 to 50 addresses, router gateway was set to 192.168.137.1 and DNS was given as 192.168.137.100. This next stage was used to prepare client environment by creating VM named client1 on Hyper-V, install W. 8 OS on Client1, and create computer account named client1 on DC01 and join Client1 computer to Ike.com domain. This was followed by using ipconfig via command line to view network configuration and obtain IP addresses of each computer within the domain. The IP addresses were then used from IKE1, DC01, Client1 to ping each computers and external network Google.com and the result was successful. Figure 3
Virtual machine DC01 (see online version for colours)
5.4 Virtual desktop infrastructure VDI The VDI is a Microsoft service solution that allows users access seamlessly their full fidelity and rich windows running environment in data centre from any devices across internet. Typical VDI deployment ranges from session-based, desktop-based, personal VMs, pooled VMs and these can be implemented in this platform. The VDI deployment implemented on this platform is session-based desktop which has the capability to allow user’s access session collection and published Remote Application programs positioned in the platform via the internet. Advantages of implementing session based desktop in comparison to traditional VDI is fair share which ensured no individual VMs hijacked system resources, i.e., CPU, network bandwidth and disk I/O. This guarantees every user gets balanced consistency experience without over provisioning and user profile disk ensure ability of user personalisation based deployment (Gillani, 2012). The task for setting up session based desktop deployment was started by login to IKE1 with User1 credentials. Navigate to Hyper-V manager via Server manager to start DC01. Navigate back to IKE1 Server Manager, click Add Role and Features button to launch the wizard, Next select Session based desktop deployment as Installation type, next three windows was used to select Remote connection broker, Web Access and Session host servers as IKE1 server. Next view summary and tick box to select system restart, by clicking Deploy Button resumes deployment. Installation completed
48
I. Nwobodo et al.
successfully and Figure 4 shows Remote Desktop Services link added on IKE1 Server Manager. Figure 4
Remote desktop services added to server manager on IKE1 (see online version for colours)
Figure 5 shows Remote Desktop Services window with three vital buttons such as overview, servers and collections. Overview shows entire Session deployment, Server displays all servers for deployment and collection shows entire collections. Figure 5
Session deployment window (see online version for colours)
5.5 Creation of session collection The creation resumed by navigating to collection window via server manager and Remote desktop on IKE1. Next right click Task button to select Create Session Collection from drop down menu to wizard, next was click on before we begin window, collection Name was given as Session Positioning. IKE1 server was chosen for RD Session Host. Users were left as default for all Ike.com access to the session. User profile disk was left to create later. At summary window, create button was clicked to resume creation which was successful as displayed in Figure 6. According to the property of new collection session as displayed in Figure 6, General page is used to change name, add description or
Security challenges in the distributed cloud computing
49
show session application to users. User Group is used to specify or filter user group, session, and security, load balancing, client and user profile disk used for each specific task. Figure 6
Session positioning property (see online version for colours)
The final task was Publishing Application which involves navigating to session collection property window, under RemoteApp programs click to select from the drop down menu Publish RemoteApp Programs, it launches wizard that goes to each of the participating servers and got all the available programmes for publishing. When all required application is selected by clicking the check box next to it, then clicking Publish button, it will go straight off to each session servers and makes all selected application available to customers or users.
6
Evaluate security features in private cloud
Survey by IDC 2013 shows 75% of respondents pointed security issues as major problem militating movement to cloud. The multi-tenant security and isolation feature in Windows Server 2012 Hyper-V used for implementation in Section 5 ensures Server virtualisation provides a complete isolated network layer of data centre via programmatically extensible, managed capabilities and this is not fully supported in Server 2008 R2 Hyper-V that was earlier used for same implementation. DHCP Guard feature in Server 2012 Hyper-V is used as guard DHCP for dropping server messages from unauthorised VM that pretend as DHCP server and this feature was not supported in Server 2008 R2 Hyper-V. Router Guard feature in Server 2012 Hyper-V is for router protection by dropping all redirection router messages and advertisements from any unauthorised VM within the platform that pretends to act as routers and this feature was not supported in Server 2008 R2 Hyper-V. The Extensible Monitoring feature in Sever 2012 Hyper-V is used for multiple filtering and monitoring extensions at the outlet and entrance areas of Hyper-V extensible switch and this was not supported in Server 2008 R2 Hyper-V. Platform Virtualisation Security in Server 2012 Hyper-V implements microkernel hypervisor and this has full isolation boundary between partitions. This helps prevent
50
I. Nwobodo et al.
tenants from maliciously interfering to others, thereby protecting the CIA of customer data.
7
Conclusions
The cloud computing initiative can help organisation accomplish a lot while paying less in the longer terms, overlapping the physical boundaries between users and IT Infrastructure as a result of openness of data, information access relying on real time trust between customers and cloud providers, extensive alarming security threats must be averted in order to realise fully the benefits of cloud computing. The fact remains that security compromise of cloud components can be both disastrous to the customers and extremely defacing to providers. The outcome of this research will help enlighten users on concern and preventive mechanism for cloud security. Recommendation is in area of users negotiating an SLA that will give them the opportunity to choose where their data can be stored, understanding and through inductions from providers on security mechanisms they implement. Perceptive of legal jurisdiction to data access at the location their data are stored in cloud.
References Austin, M. (2009) DDoS Attack Scrooges Amazon and Others [online] http://www.Theregister.co.uk/2009/12/24/ddos_attack_ultradns_december_09 (accessed 28 March 2013). Behl, A. (2011) ‘Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation’, World Congress on Information and Communication Technologies (WICT), pp.217–222. Behl, A. and Behl, K. (2012) ‘An analysis of cloud computing security issues’, World Congress on Information and Communication Technologies (WICT), pp.109–114. Bhadauria, R. et al. (2011) ‘A survey on security issues in cloud computing’ [online] http://arxiv.org/ftp/arxiv/papers/1109/1109.5388.pdf (accessed 15 March 2013). Bhardwaj, A. and Kumar, V. (2011) ‘Cloud security assessment and identity management’, 14th International Conference on Computer and Information Technology (ICCIT), pp.387–392. Bouayad, A., Blilat, A., Mejhed, N.H., Ghazi, M.E. (2010) ‘Cloud computing: security challenges’, Information Science and Technology (CIST), pp.179–181. Custantin, L. (2011) Researchers Demo Cloud Security Issue with Amazon AWS Attack [online] http://www.networkworld.com/news/2011/ 102611-researchers-demo-cloud-security-issue-252403.html (accessed 17 March 2013). Dan, G. (2010) ‘Amazon purges account hijacking threat from site’ [online] http://www.ca.com/~/media/Files/IndustryResearch/ security-of-cloud-computing-providers-final-april-2011.pdf (accessed 30 March 2013). Dillon, T., Wu, C. and Chang, E. (2010) ‘Cloud computing issues and challenges’, 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp.27–33. ENISA (2009) Cloud Computing Risk Assessment [online] http://www.enisa.europa.eu/activities/risk-management/files/deliverables/ cloud-computing-risk-assessment (accessed 24 February 2013). Gillani, O. (2012) ‘Microsoft remote desktop session hosting’ [online] http://www.youtube.com/watch?v=2QkJsJFdTN4 (accessed 30 March 2013).
Security challenges in the distributed cloud computing
51
John, L. (2012) ‘Amazon.com hacking suspect ‘cuffed in Cyprus’ [online] http://www.Theregister.co.uk/2012/07/23/amazon_hack_suspect_cyprus_arrest (accessed 25 March 2013). Kulkarni, G., Gambhir, J., Patil, T. and Dongare, A. (2012) ‘A security aspects in cloud computing’, IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS), pp.547–550. Microsoft (2012) Microsoft Private Cloud, a Comparative Look at Functionality, Benefits, and Economics [online] https://www.google.co.uk/ ?gws_rd=cr&ei=w3fAUo3QBKLO0AXXIDQDg#q=microsoft+private+cloud+a+comparative +look+at+functionality+benefits+and+economics (accessed 20 March 2013). NIST (2013) NIST Cloud Computing Standards Roadmap [online] http://www.boulder.nist.gov/ itl/cloud/upload/NIST_SP-500-291_Version-2_2013_June18_FINAL.pdf (accessed 30 July 2013). Ponemon (2011) Security of Cloud Computing Providers Study [online] http://www.ca.com/~/media/Files/IndustryResearch/ security-of-cloud-Computing-providers-final-april-2011.pdf (accessed 18 February 2013). Rajasekar, N. et al. (2013) Exploitation of Vulnerabilities in Cloud Storage [online] http://www.thinkmind.org/index.php?view=article&articleid=cloud_computing_2010_5_30_5 0067 (accessed 20 March 2013). Tajadod, G., Batten, L. and Govinda, K. (2012) ‘Microsoft and Amazon: a comparison of approaches to cloud security’, International conference on Cloud Computing and Science (cloudCom), pp.539–544. Tianfield, H. (2012) ‘Security issues in cloud computing’, IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp.1082–1089. Wang, C. and Yan, H. (2010) ‘Study of cloud computing security based on private face recognition’, International Conference on Computational Intelligence and Software Engineering (CISE), pp.1–5. Zhang, Y. and Zhang, Y. (2012) ‘Cloud computing and cloud security challenges’, International Symposium on Information Technology in Medicine and Education (ITME), Vol. 2, pp.1084–10088. Zhou, M., Zhang, R., Xie, W., Qian, W. and Zhou, A. (2010) ‘Security and privacy in cloud computing a survey’, International Conference on Semantics Knowledge and Grid (SKG), pp.105–112.
