http://www.parkjonghyuk.net/lecture/2015-1st-lecture/networksecurity/Paper2.pdf

Security in cloud computing

Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies (SOA, virtualization, Web 2.0); it also inherits their security issues, which we discuss here, identifying the main vulnerabilities in this kind of systems and the most important threats found in the literature related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and threats with possible solutions.

/pdf/an-analysis-of-security-issues-for-cloud-computing-1apnvpc3ez.pdf

An analysis of security issues for cloud computing

https://pureadmin.qub.ac.uk/ws/files/134629726/paper_v2.pdf

Next generation cloud computing

The landscape of cloud computing has significantly changed over the last decade. Not only have more providers and service offerings crowded the space, but also cloud infrastructure that was traditionally limited to single provider data centers is now evolving. In this paper, we firstly discuss the changing cloud infrastructure and consider the use of infrastructure from multiple providers and the benefit of decentralising computing away from data centers. These trends have resulted in the need for a variety of new computing architectures that will be offered by future cloud infrastructure. These architectures are anticipated to impact areas, such as connecting people and devices, data-intensive computing, the service space and self-learning systems. Finally, we lay out a roadmap of challenges that will need to be addressed for realising the potential of next generation cloud systems.

Next Generation Cloud Computing: New Trends and Research Directions

A survey on cloud computing security

Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.

https://link.springer.com/content/pdf/10.1007%2Fs00766-014-0218-7.pdf

Building a security reference architecture for cloud systems

Cloud computing is a new computing model that allows providers to deliver services on demand by means of virtualization. One of the main concerns in cloud computing is security. In particular, the authors describe some attacks in the form of misuse patterns, where a misuse pattern describes how an attack is performed from the point of view of the attacker. Specially, they describe three misuse patterns: Resource Usage Monitoring Inference, Malicious Virtual Machine Creation, and Malicious Virtual Machine Migration Process. DOI: 10.4018/978-1-4666-2125-1.ch003

Three Misuse Patterns for Cloud Computing

Cloud Computing is a new computing structure that allows providers to deliver services on demand by means of virtualization. We are studying some security attacks in cloud computing by describing them in the form of misuse patterns. A misuse pattern describes how an information misuse is performed from the point of view of the attacker. It defines the environment where the attack is performed, how the attack is performed, countermeasures to stop it, and how to find forensic information to trace the attack once it happens. We are building a catalog of misuse patterns and we present here two of them: Resource Usage Monitoring (complete) and Malicious Virtual Machine Creation (partially). We discuss also the value of having such a catalog.

Keiko Hashizume

Papers

An analysis of security issues for cloud computing

Building a security reference architecture for cloud systems

Three Misuse Patterns for Cloud Computing

Misuse patterns for cloud computing

Misuse patterns for cloud computing