Study on Cloud Computing Security
Author:
Affiliation:

  • Article
  • | |
  • Metrics
  • |
  • Reference [46]
  • |
  • Related [20]
  • |
  • Cited by [76]
  • | |
  • Comments
    Abstract:

    Cloud Computing is the fundamental change happening in the field of Information Technology. It is a representation of a movement towards the intensive, large scale specialization. On the other hand, it brings about not only convenience and efficiency problems, but also great challenges in the field of data security and privacy protection. Currently, security has been regarded as one of the greatest problems in the development of Cloud Computing. This paper describes the great requirements in Cloud Computing, security key technology, standard and regulation etc., and provides a Cloud Computing security framework. This paper argues that the changes in the above aspects will result in a technical revolution in the field of information security.

    Reference
    [1] IBM Blue Cloud Solution (in Chinese). http://www-900.ibm.com/ibm/ideasfromibm/cn/cloud/solutions/index.shtml
    [2] Sun Cloud Architecture Introduction White Paper (in Chinese). http://developers.sun.com.cn/blog/functionalca/resource/sun_ 353cloudcomputing_chinese.pdf
    [3] Barroso LA, Dean J, Holzle U. Web search for a planet: The Google cluster architecture. IEEE Micro, 2003,23(2):22-28 .
    [4] International Telegraph Union (ITU) (in Chinese). http://www.itu.int/en/pages/default.aspx
    [5] Organization for the Advancement of Structured Information Standards (OASIS) (in Chinese). http://www.oasis-open.org/
    [6] Distributed Management Task Force (DMTF) (in Chinese). http://www.dmtf.org/home
    [7] Cloud Security Alliance (in Chinese). http://www.cloudsecurityalliance.org
    [8] Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop—CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7 .
    [9] Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int’l Information Security Conf. Sandton: Springer-Verlag, 2007. 385-396 .
    [10] Goyal V, Pandey A, Sahai A, Waters B. Attribute-Based encryption for fine-grained access control of encrypted data. In: Juels A, Wright RN, Vimercati SDC, eds. Proc. of the 13th ACM Conf. on Computer and Communications Security, CCS 2006. Alexandria: ACM Press, 2006. 89-98 .
    [11] Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334 . [doi: 10.1109/SP.2007.11]
    [12] Chang YC, Mitzenmacher M. Privacy preserving keyword searches on remote encrypted data. In: Ioannidis J, Keromytis AD, Yung M, eds. LNCS 3531. New York: Springer-Verlag, 2005. 442-455 .
    [13] Malek B, Miri A. Combining attribute-based and access systems. In: Muzio JC, Brent RP, eds. Proc. IEEE CSE 2009, 12th IEEE Int’l Conf. on Computational Science and Engineering. IEEE Computer Society, 2009. 305-312 .
    [14] Ostrovsky R, Sahai A, Waters B. Attribute-Based encryption with non-monotonic access structures. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 195-203 .
    [15] Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int’l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyu1/file/SecureComm09_AFKP_ABE.pdf
    [16] Hong C, Zhang M, Feng DG. AB-ACCS: A cryptographic access control scheme for cloud storage. Journal of Computer Research and Development, 2010,47(Supplementary issue I):259-265 (in Chinese with English abstract).
    [17] Boneh D, Franklin M. Identity-Based encryption from the Weil pairing. SIAM Journal on Computing, 2003,32(3):586-615 .
    [18] Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
    [19] Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.
    [20] Goh EJ. Secure indexes. Technical Report, Stanford University, 2003. http://eprint.iacr.org/2003/216/
    [21] Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling data in the cloud: Outsourcing computation without outsourcing control. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 85-90 . [doi: 10.1145/1655008.1655020]
    [22] Song D, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Titsworth FM, ed. Proc. of the IEEE Computer Society Symp. on Research in Security and Privacy. Piscataway: IEEE, 2000. 44-55 .
    [23] Boneh D, Crescenzo G, Ostrovsky R, Persiano G. Public key encryption with keyword search. In: Cachin C, Camenisch J, eds. LNCS 3027. Heidelberg: Springer-Verlag, 2004. 506-522 .
    [24] Gentry C. Fully homomorphic encryption using ideal lattices. In: Mitzenmacher M, ed. Proc. of the 2009 ACM Int’l Symp. on Theory of Computing. New York: Association for Computing Machinery, 2009. 169-178 .
    [25] Juels A, Kaliski B. Pors: Proofs of retrievability for large files. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 584-597 .
    [26] Ateniese G, Burns R, Curtmola R. Provable data possession at untrusted stores. In: Ning P, Vimercati SDC, Syverson PF, eds. Proc. of the 2007 ACM Conf. on Computer and Communications Security, CCS 2007. Alexandria: ACM Press, 2007. 598-609 .
    [27] Di Pietro R, Mancini LV, Ateniese G. Scalable and efficient provable data possession. In: Levi A, ed. Proc. of the 4th Int’l Conf. on Security and Privacy in Communication Netowrks. Turkey: ACM DL, 2008. http://eprint.iacr.org/2008/114.pdf [doi: 10.1145/ 1460877.1460889]
    [28] Zeng K. Publicly verifiable remote data integrity. In: Chen LQ, Ryan MD, Wang GL, eds. LNCS 5308. Birmingham: Springer-Verlag, 2008. 419-434 .
    [29] Yun A, Shi C, Kim Y. On protecting integrity and confidentiality of cryptographic file system for outsourced storage. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 67-76 .
    [30] Schwarz T, Ethan SJ, Miller L. Store, forget, and check: Using algebraic signatures to check remotely administered storage. In: Proc. of the 26th IEEE Int’l Conf. on Distributed Computing Systems. IEEE Press, 2006. 12-12 . [doi: 10.1109/ICDCS.2006.80]
    [31] Wang Q, Wang C, Li J, Ren K, Lou W. Enabling public verifiability and data dynamics for storage security in cloud computing. In: Backes M, Ning P, eds. LNCS 5789. Heidelberg: Springer-Verlag, 2009. 355-370 .
    [32] Roy I, Ramadan HE, Setty STV, Kilzer A, Shmatikov V, Witchel E. Airavat: Security and privacy for MapReduce. In: Castro M, eds. Proc. of the 7th Usenix Symp. on Networked Systems Design and Implementation. San Jose: USENIX Association, 2010. 297-312 .
    [33] Bowers KD, Juels A, Oprea A. Proofs of retrievability: Theory and implementation. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 43-54 . [doi: 10.1145/1655008.1655015]
    [34] Muntés-Mulero V, Nin J. Privacy and anonymization for very large datasets. In: Chen P, ed. Proc of the ACM 18th Int’l Conf. on Information and Knowledge Management, CIKM 2009. New York: Association for Computing Machinery, 2009. 2117-2118 . [doi: 10.1145/1645953.1646333]
    [35] Raykova M, Vo B, Bellovin SM, Malkin T. Secure anonymous database search. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 115-126 . [doi: 10.1145/1655008.1655025]
    [36] Elangop S, Dusseauaetal A. Deploying virtual machines as sandboxes for the grid. In: Karp B, ed. USENIX Association Proc. of the 2nd Workshop on Real, Large Distributed Systems. San Francisco, 2005. 7-12 .
    [37] Raj H, Nathuji R, Singh A, England P. Resource management for isolation enhanced cloud services. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 77-84 . [doi: 10.1145/1655008.1655019]
    [38] Wei J, Zhang X, Ammons G, Bala V, Ning P. Managing security of virtual machine images in a cloud environment. In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York: Association for Computing Machinery, 2009. 91-96 . [doi: 10.1145/ 1655008.1655021]
    [39] Gong L, Qian XL. The complexity and composability of secure interoperation. In: Proc. of the ’94 IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society, 1994. 190-200 .
    [40] Gong L, Qian XL. Computational issues in secure interoperation. IEEE Trans. on Software and Engineering, 1996,22(1):43-52 . [doi: 10.1109/32.481533]
    [41] Bonatti P, Vimercati SC, Samarati P. An algebra for composing access control policies. ACM Trans. on Information and System Security, 2002,5(1):1-35 . [doi: 10.1145/504909.504910]
    [42] Wijesekera D, Jajodia S. A propositional policy algebra for access control. ACM Trans. on Information and System Security, 2003, 6(2):286-325 . [doi: 10.1145/762476.762481]
    [43] Agarwal S, Sprick B. Access control for semantic Web services. In: Proc. of the IEEE Int’l Conf. on Web Services. 2004. 770-773 .
    [44] Shafiq B, Joshi JBD, Bertino E, GhafoorA. Secure interoperation in a multidomain environment employing RBAC policies. IEEE Trans. on Knowledge and Data Engineering, 2005,17(11):1557-1577 . [doi: 10.1109/TKDE.2005.185]
    [45] Santos N, Gummadi KP, Rodrigues R. Towards trusted cloud computing. In: Sahu S, ed, USENIX Association Proc. of the Workshop on Hot Topics in Cloud Computing 2009. San Diego, 2009. http://www.usenix.org/events/hotcloud09/tech/full_papers/ santos.pdf
    [46] Sadeghi AR, Schneider T, Winandy M. Token-Based cloud computing: Secure outsourcing of data and arbitrary computations with lower latency. In: Proc. of the 3rd Int’l Conf. on Trust and Trustworthy Computing. Berlin: Springer-Verlag, 2010. 417-429 .
    Comments
    Comments
    分享到微博
    Submit
Get Citation

冯登国,张敏,张妍,徐震.云计算安全研究.软件学报,2011,22(1):71-83

Copy
Share
Article Metrics
  • Abstract:30442
  • PDF: 60912
  • HTML: 0
  • Cited by: 0
History
  • Received:August 26,2010
  • Revised:November 03,2010
You are the first2044705Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063